Online access to government services, in what’s known as eGovernment or simply eGov, is a rapidly growing trend. National, state, and even local governments around the world now offer online access to services and personal information, so people can do things like apply for benefits, pay taxes, renew their vehicle registrations, or simply get information without having to visit a brick-and-mortar office.
Offering eGov services helps improve workflows and lower administrative costs, and makes it easier for citizens to do what they need to do. There’s less need to leave home and wait in line, and you can take care of business on your own time, without having to worry about when offices will be open.
Evolving how we access eGov services
Citizens often access eGov services using the familiar combination of a username and password. To make access safer and more secure, eGov services have started adding government-issued electronic IDs, or eIDs, to the login process. These eIDs, which may do double duty as a national ID, driver’s license, or voter card, use microprocessor-based smartcard technology to store and protect personal information, and provide a more secure way to authenticate the user’s identity before granting access to the online service.
The eID format does a really good job of protecting logins. The information stored in an eID is protected from copying and tampering, and the authentication process uses cryptography, so it’s much harder for scammers and thieves to sneak online. Also, adding a PIN code and/or biometrics to the login process strengthens authentication further and helps prevent unauthorized use if the eID is lost or stolen.
On the other hand, using eIDs for logins can be somewhat cumbersome. The process involves having a card reader, which is a piece of equipment that lets your computer communicate with the microchip in the eID. There’s also a certain amount of special software needed to read the eID. If the authentication process uses a biometric, like a fingerprint, you need another reader for the fingerprint scan and additional software. What’s more, most readers and scanners are designed for use with a desktop or laptop, not a smartphone or tablet, and that means the eID process isn’t particularly portable, either.
Having to buy, install, and maintain extra hardware and software means it’s not really all that simple or convenient for people to use an eID as the login to access eGov services. Supporting folks who have trouble with the process also means extra work – and extra cost – for the government agencies deploying the eGov services.
The good news, though, is that credential technology is evolving, and we now have ways to make digital IDs much more portable. Using what’s called a derived credential, the information needed for secure online access can be stored in just about any kind of mobile device, including smartphones and tablets.
What is a derived credential?
A derived credential is essentially a companion to an eID credential. A government agency uses the information in a genuine, verified eID to create a derived credential, which is then securely stored in the citizen’s portable device. Once in the device, the derived credential works in much the same way as an eID credential, following the smartcard standards for cryptography and other security mechanisms to create strong authentication, but without the dedicated hardware and software components required with smartcards. Using derived credentials for eGov logins adds simplicity and versatility while maintaining security, and creates a more flexible, more citizen-friendly way to enable secure online access.
A derived credential can serve as a single sign-on (SSO) to provide access to a number of different services, even in strictly regulated environments that require the highest levels of security. Yet the format is versatile enough, and easy enough to implement and use, to support secure access in environments that don’t require such advanced security mechanisms. That means eGov applications can encompass a more varied set of services, while maintaining the varying levels of security associated with each one.
It’s important to remember that derived credentials aren’t a replacement for eIDs. There’s still a long list of reasons why having a tangible, card-based eID is a very good idea, for citizens and government agencies alike. But when it comes to online access, especially from mobile devices, having a new kind of secure ID, in the form of a derived credential, creates new levels of convenience, ease of use, and freedom, while meeting the necessary requirements for security.
The growing demand for increased mobility is driving developers to find new ways to ensure security in mobile and virtual environments, and derived credentials are seen by many in the identity industry – including those of us at NXP – as the best way to meet the need for secure mobile access to online services.
We’re leading the efforts to establish standards for derived credentials, building on our number-one position as a supplier of silicon solutions for eGovernment. We have a track record of substantial contributions to the secure ID business in general, and bring a unique perspective on the technology of secure credentials as they apply to governance.
To learn more about our work in this area, visit the eGov section of our website or contact your local sales office.