Work Package 5

The work package 5 addresses standards and procedures for safety, security and data protection. This work will contribute to OCTAVE’s exploitation planning in WP2 by ensuring that privacy requirements are addressed as early as possible within the development and integration cycle, i.e. privacy-by-design. The central goal is to manage OCTAVE’s compliance with all appropriate regulations and technical standards related to user data protection. Where appropriate, OCTAVE will adopt standard, secure formats for the exchange of biometric data and authentication requests/responses, such as the recently defined OpenID Connect standard.


  • To survey the EU legislation in effect concerning collection, storage, and manipulation of personal data and issue a set of the key points as input for the technical development of TBAS to comply with.
  • To survey standards, procedures, and technologies for the collection, transmission, storage and processing of personal data and issue a set of recommendations for the technical development of TBAS.
  • To verify that the approach taken by the project for the development of TBAS regarding the collection, storage, and processing of personal data complies with applicable EU legislation and established standards and procedures.
  • To assess applicability of existing legislation and established standards and procedures to the TBAS platform.


The work of WP5 concerns the sensitive aspects related to the secure and safe collection, transmission, storage and processing of personal data. Initially the existing legal framework for the manipulation of personal data is surveyed as it will form the context for all developments of the TBAS platform. To this end applicable EU legislation and member state specializations will be surveyed and documented. In addition to the legal framework, the technical framework for the development of the TBAS platform will be defined. Existing standards, procedures, best practices, as well as applicable technologies will be surveyed and documented as well. Both the legal and the technical framework will form the security context in which the development of the TBAS platform will take place. WP5 will also provide its input related to the security aspects for the collection, transmission and manipulation of personal data during the development and implementation of the TBAS platform. To this end it will monitor compliance of the platform with the documented legal and technical framework and will implement the functionalities related to the secure manipulation of personal data. Finally, WP5 will provide an assessment and feedback for the applicability of the legal and technical frameworks in which the TBAS platform will be developed.


Project practices in data protection have been established

Prudential approach: Treat biometric data as sensitive

Privacy by Design principles have been embedded in the TBAS design:

  • Pseudonymisation and anonymisation
  • Each stakeholder in the TBAS maintains only “chokes” of user sensitive data, relevant for its service

Standards of good practices have been adopted:

  • Ensure confidentiality, integrity, availability and resilience of processing systems and services
  • Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

The regulatory framework on data protection has been applied to the project context

The EU Legislation taken into account, specifically:

  • DPD 95/46/EC
  • E-privacy Directive 2002/58
  • Data Retention Directive 2006/24/EC
  • General Data Protection Regulation

National legislations implementing the above, have been considered for each of the countries where at least one OCTAVE Partner is based.


This document reports on the developments of the Trusted Biometric Authentication Service (TBAS) and also provides feedback that pertains to ...
The purpose of this document is to provide a record of the monitoring activities that take place in the context ...
The main purpose of this document is to provide a useful description of the safety and security standards, procedures and ...
The goal of OCTAVE is the delivery of a safe remote access control platform called TBAS (Trusted Biometric Authentication Service) ...


Sofoklis Efremidis

WP5 Leader

Prof. Sofoklis Efremidis (male) received his undergraduate Diploma from the Department of Electrical Engineering, National Technical University of Athens, and his M.Sc. and Ph.D. degrees from the Department of Computer Science (minor Mathematics), Cornell University, U.S.A. His academic research work focused on theoretical aspects of programming languages and systems, program transformations, semantics of programming languages, programming logics and formal verification of program correctness, methodologies for program development, and embedding of attribute grammars into high level functional programming languages. His dissertation was on program transformations for an experimental extendible programming language that was developed at Cornell University. In October 1996 he joined INTRACOM S.A., while from February 1999 to September 2003 he was responsible of the company’s representation office in Brussels. He has worked in various European research projects in the areas of software technologies, focusing on modelling techniques, methodologies, middleware technologies, and system architectures. Since September 2003 he is a faculty of Athens Information Technology where he works in the area of software systems and technologies, distributed and dependable systems, and semantic web services. He is the author of several scientific papers that appeared in journals and conferences.