The next generation of identity cards

By Emmanuel Ventadour, Gemalto

Providing security, confidentiality and opening the door to innovative eServices

Smart cards – in the form of credit cards and SIM cards – are the most common form of IT processing power on the planet. The available technology offers now the potential for a virtuous circle of increasing take-up supporting increasing functionality and increasing attractiveness of eID to the citizen. The challenge to all governments will be to achieve this virtuous circle and avoid the risk of issuing eID with limited functionality and appeal.

A hallmark of citizenship and cohesion

The right to identify citizens, but also the duty to protect their identity, are perfect examples of the responsibilities that come with a state’s right of sovereignty. The secure documents issued by government authorities for just this purpose not only allow states to identify their citizens but also to distinguish them from foreign nationals, who may, for whatever political or economic reasons, seek to fraudulently benefit from rights reserved to citizens of that particular state. These documents enable the citizen to exercise their rights and responsibilities. Clearly, document theft and fraud are sources of social injustice as the community may inadvertently allocate resources to an ill-intentioned individual feigning another person’s identity, thus depriving the genuine citizen of that to which he or she is legally entitled.

The most important requirement is therefore the inviolability of issued documents. It is quite clearly the reason why states are now modernizing their national identity documents to move over to highly-secure documents incorporating all the very latest secure printing innovations.

A means of guaranteeing the security and protection of citizens’ data in a digital world

The number of digital exchanges has increased exponentially over the last 10 years, from 100 million to 30 billion private or professional emails. Ease of use goes hand-in-hand with the general public’s perception of the relative fragility of electronic media. The absence of “written proof” and eye witnesses, which is characteristic of electronic modes of exchange, very quickly led to the identification of a requirement to guarantee the identity of the issuer or the receiver.

Since 1997, the design, production and deployment of Secure Electronic National Identity Cards, more generally known as “eID Cards”, have been seeking to meet just that requirement.

The idea of an electronic identity card which is both physically valid and valid for digital use is fast becoming a reality

Furthermore, the electronic format of such ID cards means that, in addition to being used for electronic signature applications, they are also ideally suited to be employed for other uses such as access cards to grant the holder access to company infrastructures or secure locations, as well as social security cards and in some countries, drivers licenses, healthcare cards, “Pass cards” for transport services, payment cards or even bank cards.

The main objectives of states today as expressed to our industry

• Build a modern, secure civil register on which public services and administrations can confidently and sustainably rely
• Modernize identity documents in order to help actively combat document fraud and increase levels of trust at both national and international levels
• Ensure compliance with international identity and travel
• document standards
• Help to bring about decentralization and strengthen the bond between public services and citizens
• Provide a shared and future-proof platform for the creation of identity documents and the delivery of public services for all government authorities
• Lay the foundations for a modern, digital economy
• Provide citizens with a guarantee that their data is protected and can be exchanged in confidence (e-Identity or identity on/ for the net)

How does it work and what does it do?

The smart card (microprocessor) is considered to be the most secure means of authentication, making it possible both to prevent identity fraud and protect citizen’s personal data in an effective way. It is the media of choice for granting access to e-Government applications. It can also be used as a means of hosting a range of other applications (e-payment, e-purse, digital signature, authentication, identification, travel card, etc.). This potential to provide a range of different services on a single format means a number of uses can be brought together in the most ergonomic way possible, thereby transforming a simple state identity card into a card which is of genuine use to the citizen, granting them access to the widest possible range of state services.

Thanks to the chip incorporated into it, the eID card is now able to serve three distinct functions. Identification, authentication and signature.

The first function of the identity card is identification of the holder. The eID provides exactly the same information as the traditional identity card but this information is also stored on the chip. The eID can therefore be used for two different forms of identification:

• Visual, face-to-face identification: using the information visible on the card,
• Automatic identification: by acquisition of the data stored on the chip. This sort of identification can be performed remotely over the internet.

Identification alone (whether visual or automatic) does not allow us to be certain that the applicant is the person he/she is claiming to be. To be sure of this, we need authentication. This is where the second function of the chip on the eID card comes into play: card holder authentication. This is a new function that was not physically present on old identity cards. The electronic chip contains a digital certificate of authentication which can “electronically” prove the identity of the cardholder. Authentication offers a better level of security than identification as it requires the user to be in possession of the eID and to know the corresponding PIN code.

The third function is also an addition to what was offered by the conventional identity card. A second certificate, located on the chip of the electronic card, allows for an authentic electronic signature to be applied to electronic documents.

After entering his/her eID card, the citizen can then confirm his/her approval in a window which will then generate a unique document signature. Every year, each citizen fills out a large number of administrative forms that all have to go through a more or less time-consuming identification process. This process, currently a reality at many different counters throughout the country, usually involves the following steps:

• The identity of the applicant has to be checked by the civil servant,
• Data has to be transcribed or encoded,
• The applicant has to sign his/her application.

Using eID cards, these operations can all be performed in seconds.

Applications:

• Local administrations
• Police stations
• Post offices
• Banks
• Social sector
• Vehicle or equipment rental services
• Transport (in Estonia)
• Healthcare and hospitals (Malta, Belgium, Italy, etc.)

Benefits:

• Saving time: identification processes are carried out much more quickly and efficiently, even in an over-the-counter setting
• In terms of physical identity checks, the visual inspections are carried out in the same way as with a traditional card. Border control personnel can check the photo saved to the smart card
• Quality and consistency of information gathered: a strong decrease in the number of errors/inaccuracies in coding
• Reduction in the number of errors in data entry
• Economy and ecology: a reduction in the amount of paper used means less archiving is necessary

Identification and authentication on the internet

The authentication element of eID is probably the component that offers the most potential, by offering the capacity for digital signature. Electronic authentication is something that is to set to revolutionize our lives as citizens. All official documents that previously had to be approved with a manual signature will now all be able to be authenticated with an electronic signature.

Applications:

• Online declarations (tax declarations, VAT declarations, police)
• Remote signature of contracts
• eVoting
• Remote justice (remote submission of testimony, submission of decrees, remote access to verdicts rendered)
• eCommerce (purchase of tickets for sporting events, remote public auctions)
• Professional certification cards (lawyers, solicitors)

Benefits:

• Significant time savings: the user doesn’t have to travel to the point of delivery
• Cost savings: travel costs, postal costs
• Widespread availability: service available 24/7, regardless of the user’s location
• Ecology: reduction in the amount of paper used

The deployment of these digital documents provides real services and benefits to citizens and companies in terms of their day-to-day interaction with local or national administration.

Our observations clearly show that eID has become a real catalyst for the success of e-Government, particularly in countries where communication goes hand in hand with the modernization of relations with citizens and businesses, demonstrating that eID is an efficient tool for the exercising and protection of citizens’ rights.

Examples of these applications are:

• Monitoring, treatment history and prevention in healthcare, (Belgium, France, Germany, Algeria, Portugal…)
• Children’s aid (Belgian Kids-ID)
• Computer ticketing or e-Ticketing, “Swipe Cards” as a way of regular billing for local transport subscriptions (Estonia, Spain, Belgium)
• Secure purchasing for the extended enterprise (France, Belgium, Italy, etc.)
• Access cards for access to private or public secure locations or public car parks
• Application links with digital verification of roles and powers of authorization for use in the international exchange of confidential government data (Austria, Belgium, Europol, EuroJust, etc.)
• Electronic vote, e-participation and free internet access for citizens attending debates and deliberation sessions of local authorities (Estonia, Belgium, France, Spain (Barcelona), etc.)