SLIDE 1
E-ID, MOBILEID 7.9.2016 HARALDUR BJARNASON, CEO, AUKENNI AUKENNI - - PowerPoint PPT Presentation
E-ID, MOBILEID 7.9.2016 HARALDUR BJARNASON, CEO, AUKENNI AUKENNI - - PowerPoint PPT Presentation
E-ID, MOBILEID 7.9.2016 HARALDUR BJARNASON, CEO, AUKENNI AUKENNI Aukenni was founded by banks and others in 2000 Currently owned by all banks and one of the major Telco in Iceland Since the turn of the century Icelandic
SLIDE 2
SLIDE 3
AUÐKENNIS SERVICES ■
OTP keys in 2006
■
Distributed to all bank customers
■
Has been a great success, done what it was supposed to do
■
Aim to close the infrastructure soon
■
Electronic certificates (PKI) in 2008
■
Authentication + Qualified signatures
■
Debitcards, ID cards, SIM for mobile
■
Risk-based authentication, transaction monitoring and fraud detection systems from 2013
SLIDE 4
THE PKI PROJECT (ELECTRONIC CERTIFICATES ) ■
Auðkenni was founded by banks and others in 2000
■
Distribute PKI cards for authentication and electronic signatures
■
Governments work gained ground in 2001
■
Law on electronic signatures passed in parliament
■
Government committee on PKI
■
The government started a PKI pilot in 2003
■
The ministry of finance sends a letter to Financial Services Association asking for partnership in 2004
SLIDE 5
THE PKI PROJECT (ELECTRONIC CERTIFICATES ) ■
Banks and the government formed a partnership on eID in 2005
■
Icelandic Financial Services Association and Ministry of Finance
■
Partnership initiated by government in 2004
■
Auðkenni and Ministry of Finance signed a formal contract in 2007
■
Setting up and building a national level PKI infrastructure
■
Distributing certificates to virtually all citizens – using the debit cards
■
Goal: To be the main solution for authentication and electronic signature
SLIDE 6
THE PKI PROJECT (ELECTRONIC CERTIFICATES ) ■
Preparation: 2006-2008
■
Defining, procuring and implementing the national infrastructure
SLIDE 7
THE PKI PROJECT (ELECTRONIC CERTIFICATES )
■
Preparation: 2006-2008
■
Defining, procuring and implementing the national infrastructure
■
Infrastructure running: June 2008
■
Íslandsrót, the national root, owned and governed by the Ministry of Finance.
■
Fullgilt auðkenni, the intermediate certificate, issued by Íslandsrót.
■
Owned and governed by Auðkenni.
■
The first end-user certificate on a debit card in July 2008.
■
October 2008
■
The financial crisis hit Iceland and the banks collapsed...
■
November 2013 wireless PKI based MobileID
■
Icelandic Financial Services Association and Ministry of Finance sign a MOU 2014
SLIDE 8
THE PKI PROJECT – DISTRIBUTION CARDS ■
Registration Authorities
■
Distributed around the country (operated by bank branches)
■
Roughly 800 trained Registration Officers
■
Issued over 400 thousand certificates on debit cards
■
Around 40% of population activated the certificate
■
A few thousand employee cards
SLIDE 9
THE PKI PROJECT – USAGE CARDS
■
Majority of online services accept the certificates for authentication
■
Banks and Insurance companies
■
Government and municipalities
■
Pension funds, unions, mobile operators and more
■
eSigning applications breaking ground
■
Money transaction
■
Contracts and applications
■
Accountants, auditors, engineers, Auðkenni
■
Audkenni – trying to make paper obsolete in our business.
■
Usage of eID on debit cards not as high as expected
■
Usage of eID on employee cards is high
■
Mandatory and business critical
SLIDE 10
CHALLENGES WITH USAGE OF CARDS
■
Middleware – (Personal from Nexus)
■
Having to download special software is a hinder for some
■
Lack of support with operating system/browsers (Mac problem)
■
Lack of distribution of card readers is a hinder
■
Users with built-in readers more satisfied than others
■
Two PINs, one for each certificate
■
Creates a confusion
■
Lack of support in standards
■
Reason: To protect the user from fraud
■
Not very mobile
■
Lack of support for mobile device
■
We needed to do something new
SLIDE 11
FUTURE OF PKI ENVIRONMENT ■
Where to store private key-searching for „secure elements“
■
Smart cards
■ Bank cards, ID cards, USB sticks
■
Central storage (how to access them?)
■ Username/password – OTP (SMS, tokens, apps, etc.)
■
Soft certificates (on computer)
■
Mobile
■ On mobile (soft/apps) ■ On SIM
■
Role of risk-based authentication, fraud detection systems, device identification and behavioral analysis?
SLIDE 12
WHAT TO DO?
SLIDE 13
WHAT ARE OUR PARTNERS DOING? ■
Usage of certificates (private keys) in the North
■
On cards (Iceland, Sweden, Finland)
■ Debit cards, eID card
■
Centrally stored (Norway, Denmark, Austria)
■ Username/password/OTP
■
Mobile on APP (Sweden)
■
Mobile on SIM (Norway, Estonia, Finland)
SLIDE 14
OUR RESPONSE – EID ON SIM
SLIDE 15
WHY? ■
The only solution that fulfils our security requirements
■
App not secure enough (missing secure element)
■
Easier to manage
■
No development for different operating systems/browsers/etc.
■
Easier to service
■
Much easier to track if user is experiencing errors in usages
■
Easier to use
■
No technological requirements
SLIDE 16
CHALLENGES (CONS) ■
Distribution of compatible SIM cards
■
When people change SIM card they need new certificate
■
Depended on mobile operators
■
Partnership with majority of mobile operators needed
■
Finding the right business model
SLIDE 17
MOBILE PKI (ON SIM) ■
Based on our existing PKI infrastructure
■
In-house registration solution
■
Online for users with certificates from Auðkenni
■
In person for others (face-to-face)
■
Partnership with
■
Telecom operators in Iceland
■
Banks
■
Government
■
Others
■
Mobile solution from Valimo/Gemalto
SLIDE 18
REGISTRATION
The system is just as strong as the weakest link…
SLIDE 19
MOBILEID – REGISTRATION PHASE
■
In person (face-to-face), show credentials (Passp/driving license, etc.)
■
Bank branch
■
Auðkenni
■
Online
■
For users with certificates from Auðkenni
■
Username/passw and our OTP key not allowed..!
■
The system is just as strong as the weakest link…
SLIDE 20
MOBILEID - USABILITY ■
Support for SIM (SIM toolkit)
■
Works on most mobile phones (Nokia 5110 to iPhone 6)
■
Works on most tablets that use SIM and support the SIM toolkit standard
■
Accessing services
■
No technical requirements from the mobileID solution
■ Works on all operating system and browsers ■ No need for user to set up special software, use special versions of browsers, operating
system or even device
■
One PIN – not two
■ Usability over liability?
SLIDE 21
MOBILEID - USAGE
■
Strong authentication
■
To majority of online services in Iceland
■
Enterprise usage (like VPN)
■
More…
■
Qualified signatures
■
ETSI compliant signatures (CAdES, XAdES, PAdES)
SLIDE 22
EXAMPLE OF SERVICES AVAILABLE
■
All internet banks in Iceland
■
The tax authorites
■
Insurance companies
■
Education
■
Healthcare portal
■
E-democracy portal (online voting)
■
Payment applications
■
Document signing services
SLIDE 23
E-SIGNATURES – AUÐKENNI USE CASE ■
Everything that is signed is signed electronically….
■
Auðkenni usage of eSigning -> a mission possible
■
All contracts
■ Contractors/Suppliers ■ Employees
■
Annual statement (P&L and balance sheet)
■
Minutes of the board
■
Communications with government
■
Communications with banks
■
A cross-country contract electronically signed
■
With Valimo …
SLIDE 24
ANNUAL REPORT
Auðkenni‘s board of directors digitally signed Auðkenni‘s annual reportwhile in seven differentlocations: Three countries and four cities in Iceland.
SLIDE 25
SLIDE 26
THE AMENDMENT (GOVERNMENT PROGRAMME) ■
Programme that aims to assist households with indexed mortagages by writing down a portion of the mortage debt
■
It extends to over a third of all Icelanders
■
The entire process is electronic (oblicated by law)
■
Qualified electronic signature are required
SLIDE 27
STATUS TODAY - MOBILEID ■
About 30% of the population has MobileID
■
Close to 100% of telecom operators now offer MobileID (all but one small)
■
Over 200 service providers accept MobileID
■
MobileID both used for identification/authentication and signature
■
MobileID has transformed the usages of eID
■
Usages is rising
■
Number of new service providers is rising
SLIDE 28
MOBILE ID NUMBER OF USERS
SLIDE 29
MOBILE ID NUMBER OF USERS AND USAGES
SLIDE 30
RAFRÆN SKÍLRÍKI Á FARSÍMA – NOTKUN EFTIR SKRÁÐRI BÚSETU AÐILA
SLIDE 31