Secure identity for all EU citizens (WP4)

WP4 (“Secure identity for all EU citizens”) is one of the two key technical work packages of the EKSISTENZ project. The objectives of WP4 are to research and to develop technologies and improved processes that cover the complete life cycle of a Primary Identity as well as the creation and management of Secondary Identities.

Today, there exist a number of different document types for a Primary Identity (Passport, National ID Card, driver license) and especially for Secondary Identities (health cards, insurance cards, bank cards, employee cards or loyalty cards). Furthermore, depending on the document type and issuing organization, there exist varying process implementations for the application, issuance, usage and revocation/renewal of a token.

To focus the work in WP4, the consortium selected:

  • the National ID card as a Primary ID Document because this type of document affects – with the exception of the UK – all adult EU citizens,
  • the banking sector for a Secondary Identity as ID Theft especially concerns this domain and is thus of high relevance for all adult EU citizens.

Based on these selections, the consortium defined a use case that addresses the complete life cycle of a National ID and a banking card. This use case describes a realistic but fictive scenario involving several Member States thus giving the use case a European dimension. A key part of this use case is the opening of a bank account with a National ID Card from any Member State using hereby a mobile NFC device. This device together with the National ID document is used for the creation of a software token (Secondary Identity) that is stored and used from the mobile device for different services. These services are defined and implemented within WP5.

Based on these definitions, the key outcomes of WP4 are:

  • The definition of a chip-based Primary ID token that is compliant with the eIDAS (electronic identification and trust services for electronic transactions) regulation and that supports 3-factors authentication (token, PIN and biometrics).
  • The definition of a software token (Secondary ID) based on the Primary ID of a citizen; this software token is created and stored on a mobile device and supports 3-factors authentication (token, PIN and biometrics).
  • The definition of improved processes that cover the complete life cycle of a Primary Identity (National ID Card) as well as the creation of a Secondary Identity (banking card):
    • Improvements of the processes based on technologies (tools) that are used or developed in WP4 such as biometrics for user verification, duplicate checks, ID-Theft Register, 3-factors authentication or electronic token checks.
    • Usage of eIDAS nodes to enable secure and reliable authorization relay across the borders in a European context. User verification and (Primary ID) token checks are performed to unlock the information stored in the token.
    • Improved processes are shown to be more resistant against common ID Theft / Fraud scenarios.
  • The definition of Privacy Enhancing Technologies for the enrolment, revocation and renewal processes for PIDs and SIDs, including:
    • Biometric template protection mechanisms.
    • Anonymous tokens/credentials.
    • Privacy-preserving revocation mechanisms.
  • The implementation of relevant parts of the proposed improved processes (including EKSISTENZ tools) in the form of a proof-of-concept demonstrator.

Regarding implementation, not all processes related to the life cycle of a Primary and a Secondary Identity could be completely implemented. Instead, implementation had to focus on the most relevant and innovative parts. Here, WP4 in cooperation with WP5 selected the following sub-processes that were implemented in the form of a proof-of-concept (PoC):

  • Creation and Issuance of a Primary ID (smart-card based token) for a country A
  • Usage of this Primary ID in connection with a SmartPhone supporting NFC to open on-line a bank account on-line in country B and to create a software token on the mobile device
    • Usage of eIDAS for user authentication across member states
    • Usage of a sign-me application to digitally sign a contract
  • Usage of the software token for different payment services
  • Easy revocation of the software token

It is noteworthy that these PoCs were thoroughly tested and demonstrated during the international PORVOO group/Eksistenz conference (25-26 May 2017 Rome, Italy).