Mobile digital ID from Barcelona (idBCN) wins award

2013/11/21

Barcelona City Council together with Firmaprofesional and TechIDEAS won the Novay Digital Identity Award 2013 with idBCN: a mobile digital identity solution for Barcelona. Mercedes Mestre Antolí (security official of the Barcelona City Council in charge of Digital Identity matters) and Xavier Tarres (CEO of Firmaprofesional) presented their submission at the  IDentit.Next (un)conference earlier this week and accepted the award. The award was a mask made by Dutch artist Frans Krom.

See below the pressrelease from Novay and IDentity.Next for details.

DSC01827

DSC01775

idBCN wins Novay Digital Identity Award

November 19, The Hague, The Catalan identity solution idBCN wins the 2013 Novay Digital Identity Award. The price for the best new concept or product was awarded today during the Identity.Next’13 conference in The Hague. idBCN is a mobile identity solution that allows citizens of the city of Barcelona to identify themselves in a user friendly and secure way to regional government and commercial service providers.

Read the rest of this entry »


Which level of assurance is needed for LSP and other patient portals?

2013/09/09

lock

More and more health providers offer patient portals. These portals can contribute more efficient and effective health care. In addition, because since they provide easy access to personal health records and personalized health information, they can contribute to more patient empowerment. But there is also a risk: the wrong person (i.e., an identity thief) may get access to this very personal information.

Novay participated in a working group that developed a guide for health providers to help them determine how secure the authentication solution for patient portals should be, i.e., which levels of assurance is needed. My colleague Mettina Veenstra and myself tried out this new guide on the Dutch national infrastructure for the exchange of personal health records. This infrastructure is in Dutch called Landelijk Schakelpunt (LSP), which I have no idea how to translated in English (it resembles what the EU epSOS project calls a National Contact Point). The LSP recently added the possibility for patients to see which health professionals used the LSP to access their health records. It does not provide access for patients to the actual health records. Nevertheless, if an identity thief can see that e.g. an oncologist accessed your medication record as stored by your local pharmacy, then it implies something you may not want to share. The blog post discusses this, including the relationship to the national identity solution in the Netherlands (DigiD which is STORK 2, and lack of STORK 3 solution in the Netherlands).

The full blog post is only in Dutch, see here and copied below for convenience. For non-Dutch speakers, this is what Google translate makes of it.

Read the rest of this entry »


An NFC app to make your offline identity mobile?

2013/06/20

Blogpost by Maarten Wegdam and Martijn Oostdijk

We believe that there is a bright future for the combination of smartphone and digital identity, which we refer to as mobile-centric identity. The question is, of course, how and when, and probably also who (which organisations) will benefit from this.  To contribute to making mobile-centric identity happen, we are experimenting with how we can use a smartphone to get access to our ‘offline identity’, i.e., our passport / ID card. More specifically, we developed an Android app, called NFC Passport reader, that uses NFC to read the chip embedded in a passport / ID Card (aka ePassport). This app is now available from Google Play.

What did we do?

Read the rest of this entry »


The challenges for a Dutch eID

2013/06/07

eid-stelsel-nl-bzk

My colleague Wolfgang Ebbers is a blogger for iBestuur. iBestuur is an independent platform for i-government (the i stands for information). In his latest blogpost he discusses a recent letter from the minister of Internal Affairs on the minister’s vision on digitale government 2017. Wolfgang zooms in on the role of an eID solution in this vision, and interviews me on what I consider are important challenges for the Dutch eID framework that the Dutch government is working on. I basically try to make five points.  I start with that (i) it is good that there is now an eID framework vision that is broadly supported by different parts of the Dutch government, and that it also extends to consumer-2-business. Then I make the point that the unclarity/uncertainty on how this vision will be implemented causes initiatives for eID solutions to wait. Then I discuss some major challenges:  (iii)  the business model (who is paying, private sector vs government vs consumer, market entry), (iv) the privacy aspects, including the trade-off between privacy, costs, security and convenience and (v) redundancy in the framework (e.g., authentication means) including that it is difficult to create the desired level-playing field between government and private sector.

The complete blogpost can be found here (in Dutch). For your convenience, I also copied the text below:

Read the rest of this entry »


Privacy and security in an eID solution?

2013/05/27

irma4

In the Netherlands we have a digitale identity solution, called DigiD, for citizins that want to use e-government services. It is used quite a lot (compared to e.g. Belgium or Germany), but not very secure (only SMS as second factor, and verification via a well-known address contrary to e.g. face-2-face). The Dutch government is now working on a more secure eID solution, as part of an bigger identity trust framework that is called “eID stelsel” (roughly translates to eID scheme or eID framework). In the below blog post (in Dutch …) we discuss this, and zoom in on the IRMA research project in which we participate. IRMA smartcard aims to be both secure and privacy friendly (attributes, double blind certificates etc).

Een betrouwbaardere en privacyvriendelijkere DigiD

In een kamerbrief over de toekomstbestendigheid van Nederlandse identiteits-infrastructuur, schrijft minister Plasterk dat DigiD, in de huidige vorm, op korte termijn niet meer voldoende beveiliging biedt voor nieuwe gevoelige e-overheids diensten. Voor deze diensten is een veiligere eID oplossing nodig. Te denken valt dan, bijvoorbeeld, aan toekomstige diensten als toegang van patiënten tot hun elektronische patientendossier.

Read the rest of this entry »


Step-up authentication as-a-Service

2013/01/07

IDentity-as-a-Service (IDaaS) was a hot topic in 2012 (e.g., this blog post of Dave Kearns), and probably will continue to be so in 2013. In a project for and with SURFnet (Dutch NREN) Novay designed a IDaaS-like service to make existing identities more trustworthy: Step-up authentication as-a-Service. (No idea more to abbreviate this: SuaaaS?)  The Step-up authentication as-a-Service we designed addresses this need by making it possible to increase the trustworthyness (put differently: increase the level of assurance) of identities in an existing identity federation. The service addresses both the technology and the process/registration side: a second factor authentication and an additional face-2-face check who this digital identity (and second factor) actually belongs to.

From a user perspective, the service has a self-service interface to register a second factor (see mockup below), an interface for the identity providers for user management (see second mock-up below) and of course every time a step-up authentication is needed the user is re-directed to the Step-up authentication as-a-Service to authenticate with this second factor.

Read the rest of this entry »


eRecognition won Novay Digital Identity Award

2012/12/04

eRecognition (in Dutch: eHerkenning) has won, congratulations to Logius, ICTU, ministerie of Economic Affairs, all the partipating companies in eHerkenning and of course especially to the people that have contributed to eHerkenning! Below the official press release. What I’d like to personally add to this is that I think it is great that eHerkenning simply started facilitating business-2-government identification, with the parties that saw oppertunities to provide identity services and only a limited set of government service providers. It now has a growing usage, and is also targetting business-2-business.

Physically the award is a small statue (ceramics), from the artist Alexandra Veneman. A (bit shortened) explanation on her idea when she made this:

Read the rest of this entry »