As the digital world advances, what is the potential for secure eIDs in terms of access to public services?
Digital technology expands across a plethora of devices and systems resulting in multiple identities for consumers and citizens as they access services or information or pay bills online. The eID credential is emerging as the vehicle for this, but security concerns still prevail.
We raised the subject with opinion leaders in this field to learn how vital it is that we should have strong, reliable mechanisms, which can be easily understood and relied upon across the course of a lifetime for managing multiple identities.
Petteri Ihalainen
Many developed countries are in the process of either deploying or developing national ID schemes, where electronic identity plays an important role. The identity documents that are issued to the citizens not only have the normal ID functions, but also support the electronic identity, making the documents citizen eID cards. In some countries the citizen eID scheme has already reached the second generation in development and hundreds of thousands if not millions of citizens are using their citizen eID regularly. Developing countries are now following suite and are either in the planning phases or already deploying and implementing such identity projects, where the electronic ID for citizens is included by default. When the citizen eID is deployed it makes perfect sense to enable the citizen to conduct business anywhere, anytime using a mobile device. Valimo Mobile ID can enable this and bring true mobility to electronic identity.
Petteri Ihalainen was appointed to strategic marketing of the Valimo Mobile ID solution in September 2011. Before Valimo Wireless, Petteri was working as a contract agent in the European Commission research center in Ispra, Italy. Between 2000 – 2008 he worked first in SSH Communications Security managing the PKI and VPN product lines and later on at Ubisecure Solutions as the development manager.
Neelie Kroes
The Internet has been over-performing economically and socially in recent years, but it has been under-performing politically. In parallel with a unified economic market, steps for a unified Internet society should be taken – for example, by creating a common portal through which entrepreneurs can access e-government services in other EU countries. If we fixed the chokepoints and delivered entrepreneurs a single market and standardisation in e-communications, they would be the faces behind a 1% rise in GDP. For the sake of our overall economy, it must be done. We are seeing a need for digital action and connections across all levels of government and leadership. Arab Spring and other efforts by Internet communities show how much they value their internet freedoms. Countries such as Estonia, where an e-society was consciously built in the nineties, could serve as guides for emerging digital societies.
Neelie Kroes is currently Vice President of the European Commission and European Digital Agenda Commissioner. Her political career started on the Rotterdam Municipal Council, and in 1971 she was elected as a Member of the Dutch Parliament for the liberal VVD party. From 1982-1989 she served as Minister for Transport, Public Works and Telecommunication in the Netherlands.
Dan Butnaru
When tackling large scale governmental programs like electronic ID cards, three major subjects come up: how to make sure that citizen data is protected; how to encourage broad usage of electronic IDs and how to ensure return on investment. Security of information is an essential aspect in all applications dealing with private data. Therefore, from the data collection and storage up to the on-line usage, compromising on protection and best practices leads to weakening the overall system. A clear endto- end security approach avoids security breaches and builds up trust towards the solution. On the other hand, citizens need to identify the value inherent to eGovernment projects. This value comes from usage through frequent day-to-day actions, like authentication towards on-line applications, but also from less frequent, highly sensitive operations as digital signature for non-repudiation. Obviously, no project whatsoever can be considered if the expected return on investment is not achieved.
Dan Butnaru is Product Manager for Keynectis and is in charge of digital ID solutions for Industry, e-ID and e-Passport product lines. He joined Keynectis in 2007 as Pre Sales Engineer and had been previously working for Gemalto from 1996 until 2007. He has been occupying various positions in R&D, Marketing and Business Development, particularly in the field of cryptographic smart cards and IT solutions.
Marcus Klische
Over the past six years we would see sporadic articles about contactless mobile pilots at far flung destinations like Japan and South Korea, and for the length of that time, we’ve waited for an ecosystem to develop, and now we see contactless technology used in access control, payment, transport and dozens of other applications in our day to day lives. The next logical step is to take all of these applications and put them in one device where we can benefit from a more integrated and interactive experience. Use cases involving NFC, for example, include payment, transportation, ID cards, driver license cards, health insurance cards and more. In terms of security there are attack possibilities include data insertion where attackers manipulate the NFC communication by sending complete message as answer to the sender before the valid receiver could, man-in-the-middle (MITM): and relay, where an attacker relays the communication between sender and receiver.
Marcus Klische works for Research in Motion within the BlackBerry Security Group in an Advisory role, interfacing with security agencies, governmental bodies and strategic enterprise customers. He has more than 20 years of experience in IT Industry, and with a broad range of IT Security, Product Management, and Government solutions experience. Over the last five years he has been working in the areas of national electronic identity.
Sławomir Górniak
Nowadays each person has the opportunity of living multiple lives in parallel, in the real as well as in the virtual world. A trend observed over the last years, first in the research community, but now also in commercial offerings is the increase of interactions between these two worlds, making real-world information accessible to services on the Internet. An area of particular interest is the management of multiple identities, where “identity” is being considered in a broad sense. Issues related with this area include anonymity, pseudonymity, unlinkability and unobservability. The increasingly digital nature of relationships between people is central to dealing with those issues. It is not a question simply of hardware or software, but more importantly of enabling people to enjoy and benefit from their online experiences, while dealing with potential issues. The problems might include a lack of knowledge or training or difficult personal circumstances.
Slawomir Gorniak, CISSP, is a telecommunications engineer focused on network security. Currently he is working as an expert in security tools and architecture at ENISA (European Network and Information Security Agency) mainly in the area of resilience of public communication networks and data breach notifications. He is also responsible for following up European security related R&D projects and in standardization.