Providing citizens with access to governmental services online via secure authentication through setting up eID schemes. UL explains the what, why and how.
While the benefit of setting up an eID scheme is clear (reducing cost and increasing efficiency), there are still some concerns when setting up an eID scheme:
Security of eID scheme: some schemes do not make use of hardware security resulting in a low authentication assurance level.
Privacy of eID scheme: some schemes do not take the citizen’s privacy into account as much as should be.
Citizens want to access governmental services online. This needs to happen in a secure manner. As the world is becoming more connected and more and more services are offered online, governments need to think about how to authenticate their citizens online. eID schemes are set up to do exactly this. Once citizens can properly be authenticated digitally, online services for which someone needs to identify themselves can be made available (think of applying for permits, benefits, changing an address, tax declarations, etc.). Offering services online saves the government money as they need fewer counter and fewer people to man these counters.
Many governments make use of an eID scheme yet implementations differ. Some use publicly issued eID only (e.g. an eID that is issued by the government itself). Others use privately issued eIDs (an eID issued by a private party, e.g. a bank). And then there are some that utilize a combination of an eID with a physical identity document. The new eIDAS regulation provides the possibility to register an eID scheme for cross-border use.
Keep in mind the following when setting up an eID scheme:
- Enable use of scheme in both public and private sector to enhance use
- Upgrade to better security
- Upgrade to new authentication means, i.e. eID in mobile device so it is more user-friendly enhancing use
- Upgrade to more privacy-friendly scheme so users trust it more
- Implementing nodes to support cross-border use of eID schemes
Online business is rapidly evolving. Electronic identity solutions (eID solutions) allow for secure transactions with respect to confidentiality, integrity, authenticity and non-repudiation in the online business. Solutions based on username-password exist on a large scale but are fraud sensitive.
Secure electronic identification and authentication are a relatively new and fast-growing and technical area. In the case of diverse stakeholders and responsibilities in the ecosystem, the involvement of stakeholders in the early stage of the project is a challenging but crucial to implement a successful eID solution.
Developing and implementing new eID solutions requires knowledge and overview in order to ensure a secure and trustworthy solution that fits the specific situation of the customer. Apart from that, there are other issues holding organizations and governments back from implementing eID solutions. The industry is fragmentized with the lack of clarity around standards. There is uncertainty about the trustworthiness of organizations to handle and secure critical information. And large scale projects are being experienced as costly, time-consuming and risky.
How does UL help?
- We guide governments with their strategy on eID implementation.
- We advise about security and privacy and support in the tender and/or implementation process.
- We advise about how the eID can be placed on a mobile device and support in the tender and/or implementation process.
- We advise and support in realizing cross-border acceptance.