http://www.gemalto.com/govt/documents/national-identity-schemes
Firstly, the national identity scheme indicates the roles of the sovereign state with regard to digital identity:
Is the state a regulator?
An issuer of sovereign identities or the digital derivatives of these identities?
What are its responsibilities within the chosen ecosystem in terms of organization, data and applications, and infrastructure?
Next, the national identity scheme establishes the underlying principles and operating methods of the digital identity ecosystem. It describes the main systems and flows linked to the use of digital identities to access services, authenticate users, and exchange and verify data linked to the service requested.
Where necessary, it provides useful details on the approved identity types and trust levels supported by the ID ecosystem. For example, commercial or transactional uses for identity may have functionalities distinct from those associated with authentication in the public domain.
It is clear that the deployment of digital identities under different national frameworks represents a dual challenge for nations, which must manage their sovereignty in the digital space while improving services to companies and citizens, in other words the framework for market interactions, and ultimately the healthy operation of the economy.
Yet reconciling market demands and sovereignty is no simple task. It requires constructive negotiation between their respective objectives.
A good example is provided by the European Union. Here, national identity schemes must be viewed in terms of both the actions of individual states, and the implementation of the eIDAS regulation (which may indicate future convergence), as well as the objectives of the European Digital Single Market and European Digital Agenda 2020 strategies.
In the end, these actions surrounding digital identity demonstrate a desire to rekindle economic growth through the more effective use of digital services, and build a single digital space of trust, offering a high level of security, interoperability and data protection.
2. Worldwide digital transactions are booming
The number of
G2C digital
transactions is
said to grow
30% by 2020
Digitization
3. Citizens expect to exercise
choice and control over
their data when accessing digital
services
They also expect a convenient
and trusted digital journey.
Privacy - Convenience
5. Your National Identity Card is issued by
your government, it makes you unique and enables
the recognition and distinction from others.
to confer right and duties.
Multiple Digital identities
a SIM card,
e -mail addresses,
aliases on the Internet
profiles on social networks,
IP addresses,
bank account ..
to communicate, make business…
A person is a citizen, an employee, a friend…
Identity is a set of attributes
Identity
6. Digital identity
is a cornerstone of
digital transformational for citizens,
businesses and public administrations
To declare a birth
To obtain access to your bank account
To establish ownership
To establish who has control
And more globally to reap the digital dividends
Identity
8. Identity
Provider
Certify Citizens identity
Service Providers – Online Services
Delegates authentication of an
individual to the Identity provider.
Identity Providers are responsible for :
- authenticating individuals
- (and/or) Federate Services
- (and/or) Verify Identity
- (and/or) Manage Identity
on behalf of the relying party.
Relying party
Identity
Attributes
•Reduce fraud
•Increase usage
•Reduce cost
•Trust
•Convenience
•Privacy
Identity provider a key role in Digital ecosystem
Citizens access securely & easily online services
9. Digital Identity providers landscape
Private sector driven Public sector driven
1
Model 1 - Self asserted open digital identity
frameworks
Authentication
Singapore
Norway
Sweden
Nigeria
Model 2 - Hybrid models based on multi-identity
federated frameworks across identity providers
2
Federated Identity
3Belgium
Estonia
Oman
Netherlands Pakistan
Kenya
Model 3 – Multi-channels infrastructure digital identity
based on national eID schemes
National Digital Identity schemes
Identity Validation on eID state
Model 4 - Other hybrid models / e.g. based on
verified attributes exchange
US
UK
Australia
4
Open ID with attribute exchange
Verified Attributes exchange
10. Eesti in Estonia
Multi channels infrastructure digital identity
based on national eID schemesModel 3
Fedict in Belgium
12. Building Block: e-Services and State
Portal
Many private and more than 700 e-services available
Foundation: 1991 as Parliamentary Republic
Population: 1.3 millions
Territory: 45 227 km²
Capital: Tallinn
Language: Estonian
EU membership: since 2004
Currency: Euro
BIP: 15.973 billion EUR
1 212 178 Active Cards
Digital ID is available on electronic
ID card (eID) as well as mobile
phones (MobileID).
13. Key Metrics
One of most developed digital societies in the world leader in e-Government
Electronic ID card introduced already back in 2002
More than 90% of inhabitants possess electronic ID card
Mobile-ID is „government-managed“ e-Identity.
12 mio transactions e-ID per month Inc. ~1.5 mio Mobile-ID transactions
Number of transactions per month: [Public Online taxes Once a year / Private Mobile banking 2 times/week]
25 for each eID user
38 for each Mobile-ID user
99% of bank transfers are digital
98% of medicines are prescribed electronically
95% of tax declarations are filled digitally
85% of students, teachers and parents are using ane-school system
14. Key success factors
Almost all public services online with no alternative
First country to make internet voting available in national elections - and to allow m-voting
2011 elections: 25% of votes submitted electronically
99% of banking transactions and more than 94% of all tax returns online.
Very connected country with high broadband coverage and over 1100 free WiFi areas
Computer Security 2009 & XRoad strategy:
Co-operation program between private and public sector
Aimed for safe information society in general
Reader distribution Available at retail stores, Sold by banks or Giveaways in campaigns
Every citizen clearly identified by a Personal Identity Code (PIC) since 1992
Standardized national Public Key Infrastructure to bind citizens’ identity to cryptographic
keys with digital certificates
15. Gov IDP with eID
Public Services
Eessti
Citizens
Government
Private sector
State
Regulation
Private Sector
Bank, MNOs…
National Identity scheme
*Certification Centre (AS Sertifitseerimiskeskus)
is Estonia's primary and currently only
certification authority (CA), providing certificates
for authentication and digital signing. Owned by
banks and Mobile Network Operators
MNOs IDP with
MobiliID
Certificates
Authority *
17. Building Block: e-Services and State
PortalMore than 3 millions citizens public online users
Foundation: federal constitutional
monarchy
Population: 11.3 millions
Territory: 30 527 km²
Capital: Brussels
Language: French, Dutch, German
EU membership: since 2004
Currency: Euro
18. Key Metrics
Electronic national ID card
introduced already back in
2008
>17 years eID cards
12<years<17 kid ID cards
Authentication Methods
60% eID
30% token and 10% others
Mobile Authentication
schedule for end 2016
Public Online Services
700 applications & services
3.3 millions users (FAS: Federated
Authentication Services)
30% population
2.2 millions eGov profiles
(binding with the eID)
2 millions
transactions/month and, 4
millions during the tax payment
period
22. Building Block: e-Services and State Portal
BankID is the leading electronic
identification in Sweden
Foundation: Unitary parliamentary
Constitutional monarchy
Population: 9.8 millions
Territory: 450 295 km²
Capital: Stockholm
Language: Swedish
EU membership: since 2004
Currency: Euro
BankID is available on smart
card as well as mobile
phones, iPads and other
tablet computers.
23. Key Metrics
BankID : Successful private public Partnership
10 banks (consortium BankID) issues BankID services for use by
members of the public, authorities and companies:
digital identification guaranteed by the bank issuing the BankID
signing transactions and documents with legal binding within European Union
+80% population [~6 million people]
2 billion transac/year = 28 transac/citizen/month. [June 2016]
The first BankID was issued in 2003.
24. Key success factors
A working business model
Cross industry usage with same user experience
A dedicated organization that handles all important parts of the infrastructure
A cost effective and scalable infrastructure where “one size fits all”
So far it has been free of charge for the users
25. IDP
- Authentication
- Digital
Identification
- Signature
CA
Citizens
IDP
Federated
Identity (2016?)
Public
SP
...
eLegislation
board
ID issuers (DL, eID)
Private SP
Companies,
banks…
Government
Private sector
Bank Consortium
Future
Ecosystem driven by Banks
Identity schemes SDW 2016
26. Model 4: hybrid
models based on
verified attributes
exchange
Use cases Gov.uk Verify in UK
28. Gov.uk Verifiy : to prove who you are online
Foundation: Unitary parliamentary
Constitutional
monarchy Population: 64.7 millions
Territory: 242 495 km²
Capital: London
Language: English
EU membership: since 2004
Currency: Euro
29. Key Metrics
Gov.uk Verify launched in April 2016
Main drivers:
Cost reduction.
The cost of identity services has been estimated in UK in
2014 at £3.3bn
Federated approaches like Gov.uk Verifiy is supposed to
reduce these costs by 90%
Fraud. (Source CIFAS)
41% of all fraud was identity fraud in 2014
84% of identity fraud was online
No use of ID cards nor central database. The
user’s identity is verified by a certified company.
The current main certified companies are Barclays,
Digidentity, Experian, GB Group, SecureIdentity,
Post Office, Royal Mail and, Verizon.
31. Liability is key.
Allocates risk among participants
enforces obligations of participants
punishes non-compliance and compensate
injured parties
Identity Provider
Incorrectly identifying or authenticating a user
Failing to verify or revoke a credential
Failing to protect a user’s personal data
Relying Party
Relying on a false identity credential
Failing to protect a user’s personal data
User Providing false identity data
If someone else uses the user’s credential
Potential concerns
32. Sources of duties
Laws or regulations (public law)
per countries such as Gov.uk Verify
per region for cross border transactions such
as eIDAS for Europe or PAA.net, ASEAN
SW in Asia
Contracts among the parties (private law)
such as Facebook, Google
Concerns
Lack of international legal framework for data
protection and data flow
Lack of uniform standards
Intensifying cyber-security concerns
• Data localization/sovereignty
• Extraterritorial law enforcement
33. Thank you
More on digital identity and trends in 2017
http://www.gemalto.com/govt/identity/digital-identity-trends
More on digital ID schemes
http://www.gemalto.com/govt/documents/national-identity-schemes
Hinweis der Redaktion
Estonia, one of Europe’s smallest countries, has become an eGovernment role model with over 400 government services now fully integrated online. Full transparency has seen widespread positive acceptance of the eGovernment agenda by citizens.
eGovernment in Estonia began with the development of a functional architecture that enables government databases to communicate, the introduction of a state ID card and the creation of a public key infrastructure. This was backed by a nation-wide state information security policy designed to create a safe information society for business and consumers.
State issued ID smart cards unlock access to government eServices and allow Estonians to send and receive encrypted emails. Today, Estonian citizens can register their tax, vote in national elections, access e-health records or school reports and register newborn children online.
CS2009:
Pressure by banks
Termination of authentication service to 3rd parties
Reduction of transaction limits with passwords
Availability
Alternative PKI-based tokens/methods
Redundant service network
Wide support and usability
Support for alternative platforms (Mac,Linux,..)
Awareness and training
This is how BankID works
Currently, there are two types of BankID on the market: bank-stored BankID and BankID on mobile phones. The most common version is the bank-stored BankID, where your BankID is stored for you at the Norwegian Banks’ Payment and ClearingCenter (Nets). If you have a BankID on your mobile phone, your BankID is stored in the mobile phone’s SIM-card.
If you have a bank-stored BankID, you use your personal ID number, the code you get from your code unit and the personal password you have chosen to access your BankID. To access your BankID on your mobile phone, you use your mobile telephone number, your date of birth and a PIN code of your own choice.
The code unit for a bank-stored BankID is often mistaken for a BankID, but a BankID is an electronic certificate centrally stored with Nets.The banks have different code units. These may for example be an electronic code calculator/code chip which generates security codes, or a card with a card reader, or cards with pre-printed codes.
Examples of when you can use BankID:
- BankAxess (a payment service for online shopping)- Log-in and payment via internet bank- Change of address with the postal service- Placing a bid when buying property- Login on municipal websites- Purchasing units in equities funds
Identification
The identification tool is used when you use BankID as electronic proof of identity, for example when you log in at a BankID user site.
Signing
You use the signing function when you use your BankID to make a personal electronic signature, for example when you enter into an agreement with a BankID user site. An electronic signature with BankID is just as binding as a handwritten signature on paper.
CS2009:
Pressure by banks
Termination of authentication service to 3rd parties
Reduction of transaction limits with passwords
Availability
Alternative PKI-based tokens/methods
Redundant service network
Wide support and usability
Support for alternative platforms (Mac,Linux,..)
Awareness and training