By Igor Pejic, Austria Card.
Filing your taxes, applying for a passport, or checking your pension funds can be a very strenuous and time-consuming process. Governments across the world are striving for a maximum level of security to protect their citizens from the abuse of their identities, yet this comes at a cost of severe cutbacks for convenience. But now, digital security leader Austria Card has found a way to help governments take the next step towards the digital era: FIDO-secured online access.
Large-scale thefts of login data show how insecure traditional passwords are. Recent hacks such as “Peace_of_mind” show why online-authentication cannot solely rely on passwords or PIN-codes. To solve this problem Google, Paypal and other well- known companies have founded the FIDO®-Alliance. With the newly developed FIDO-technology, online-accounts such as Gmail or Facebook can be protected with a second factor, which means that after entering the password, users have to identify themselves with an additional hardware. Up until now this has been a USB-stick. However, with stationary PCs continuously losing market share against mobile devices, the technology reaches its boundaries.
That is why the contactless expert Austria Card has transferred the technology onto the contactless card. It is the first company worldwide that has achieved FIDO® certification for EMV smart payment cards. Thus, the login from the phone or tablet is now also possible with a maximum of security and convenience. Austria Card implemented the technology on contactless and dual interface-cards, as well as NFC-based key fobs, stickers, bracelets, and even FIDO-tokens with Bluetooth Low Energy (BLE); literally covering all user preferences. Also, it offers a FIDO-authentication server and support for an easy integration of the customer’s systems.
Convenience Despite Second-Factor-Security
For governments the use cases are manifold, but above all, FIDO can help to secure citizen or beneficiary access to government services. Easily and securely verifying your identity online can help filing taxes, managing social security benefits, applying for student loans, submitting health insurance claims, getting your criminal records, checking pension funds, or simply signing documents online.
In many European countries there is already the possibility to access governmental services with two-factor authentication. In addition to PIN-value entry, users also have to use the so-called qualified electronic signature cards to authenticate themselves before unlocking online citizen services. In most of these countries, however, you can only use the service if you have a card reader and are seated at your computer. This deters potential users. If health cards, driving licenses, or other ID documents were equipped with an NFC antenna and a FIDO application, secure access to these services would be possible from the phone as well. No card reader required.
Efficiency Gains for Governments
For governments, stimulating citizens to switch to online services means lifting a significant financial burden from them, by reducing time spent checking identities and typing in data manually. Moreover, governments don’t need to issue specialized credentials any more just to offer secure, privacy-enhancing multi- factor authentication for the services they provide. With FIDO- technology they can achieve the security benefits of public key cryptography without the traditional and costly infrastructure.
And FIDO has the potential not only to slash government bureaucracy, but also the number of frauds. After all, it is easier to trick a person than a tested and vetted cryptographic hardware. Thus, countries with the largest problems with identity fraud will profit the most.
The Ubiquitous Smart Card Is Predestined for FIDO
“For us, a smart card is THE device that ensures FIDO technology can be used conveniently,” says Bernd Eder, Head of R&D at Austria Card, “There are many arguments in favour of smart cards, but first and foremost it is their ubiquity. Everyone owns not one, but multiple cards. Second, people carry them in their pockets wherever they go. The same is true for the smartphone. NFC in general has a much higher penetration rate than other technologies that are used for second factor authentication such as biometrics.”