Authentication and identification – the pylon in providing eServices
The Ministry of Interior of the Slovak Republic prepares to launch new national identity cards (eIDs) equipped with an electronic chip. Not everyone knows what is the main purpose of the integrating an electronic chip into the IDs. This particular step is a part of the global process of building information society. Main goal is to enable smooth communication between the citizens and/or organizations with the government offices over the internet. In future, the life situations like changing the permanent address when moving to a different location, registration of a vehicle, registration at the Labor office will be easily accessible via the internet. The companies and various organizations might easier process the situations like filling and submitting the tax declarations, start or close a firm, registering a new employee, submitting the statistic reports. It would enable us to forget about travelling to the nearest municipality's offices and waiting in the endless lines.
To perform the processes of the Government services on the Internet the authentication and identification of a citizen or legal entity are of the highest importance. The office/service must know unambiguously who it is communicating with. To serve this purpose, the electronic identity card will have two important functions – authentication and identification.
How will the identity card protect our identity – our personal data? Are we going to lose our identity? Will every move we make be tracked? These are very important questions asked by the public. The protection of personal data is researched by the German Federal Office for Information Security, which has for the German e-ID developed a special mechanism for authentication and identification on the internet – EAC Online Authentication.
The principle of the mechanism is based on the identity securely stored in the restricted area of the chip. The citizen presents his/hers electronic identity to a government service, whilst the concept is paying extra attention to a protection of the personal data stored on the chip. Technically said, it is possible to read out the data stored on the chip only if the citizen approves it by entering the PIN and only if the service provider has a valid certificate issued by the State. The certificate determines access rights of a service provider. Only authorized service providers will have such certificates and thus could request reading of chip data from the card. In addition, the holder of the card has a full control of the data set to be read from the chip and to be presented to the service provider. Before submitting the data are displayed and citizen can adjust the list as necessary – the access to some specific data can be refused.
Sign in to Autumn ITAPA 2024
Michal Ševčík
Michal Sevcik obtained his Master's degree at the Slovak Technical University in Computer Science. After finishing his studies he started to gather his professional experience as a junior analyst working for Digital. Later he has gained experience and skills working on software development projects for key players in the financial and mortgage brokering market in New Zealand and Australia. Since his return to Slovakia in 2001 he has been working for Compaq and then Hewlett-Packard as a business analyst and solution architect using his experience and skills to analyze, design and implement complex IT projects and deliver system integration projects in the public sector. Since 2004 he was focusing mainly on the technologies and projects re…
See more info about the speaker