Digital Identity – Present Day Reality

Jun 26, 2017

 In order to exist in today’s digital world, we all need our own digital, or electronic, identities. Frankly, nearly all of us could be diagnosed with a digital "multiple personality disorder", as we reply to the requests of various providers of online services to use their authentication methods, most of which either lack security or provide a poor user experience. Halcom’s brand new solution, OneID, aims to make life easier for users and providers of online content. It is designed as a universal identifier that guarantees a great user experience and top-notch security and mobility levels. 

Digital identity, or electronic identity (eID), enables providers of digital services to securely identify a user before granting access to digital content. This process is commonly known as authentication. Several different methods of authentication are available today (e.g. user name and password; SMS passcodes; fingerprint recognition; digital certificates on smart cards), yet only those using at least two independent factors are considered secure: 
  • Something only the user has (e.g. a smartphone or card),
  • Something only the user knows (e.g. PIN, password),
  • Something only the user is (biometric characteristics, e.g. fingerprint or retina)
Digitalisation and paperless offices have set high requirements for the integrity of digital data, which can be guaranteed by using digital signatures, or e-signatures. An electronic signature allows a recipient to verify who has prepared the received content. Under Slovenia’s Electronic Commerce and Electronic Signature Act (ZEPEP), a secure electronic signature, which is any signature that is generated using a digital certificate issued by a qualified certificate agency, has been considered equivalent to a handwritten signature since 2000. However, the existing digital identity protection methods have certain limitations: 
  • An endless barrage of new user names and passwords which are to be remembered and regularly changed, but yet still get hacked by criminals; 
  • Secure passcode generators must be kept at hand at all times and all content needs to be entered; 
  • Digital certificates on smart cards, which may ensure safe registration and safe electronic signature but will only work in certain browsers and must normally be installed by qualified technical staff.
A Digital Certificate in the Cloud – The Digital Identity of the Future
The new EU’s eIDAS regulation, which took effect in July 2016, has led to a major change. Under the new Regulation users can store their digital certificates with a qualified trust service provider, i.e. a qualified certificate agency, rather than on a smart card or USB key. The qualified trust service provider will first verify the identity of the user via secure authentication and then electronically sign online content on his/her behalf.
Halcom’s own qualified certification agency Halcom CA has been operating since 1999. Its newest eIDAS-compliant solution is a digital certificate in the Cloud. The solution allows a smartphone to be used to log in to an online application or e-sign digital documents in just a few steps:
  1. The registration or signing process starts in the online application: users select OneID as the signature method and enter their OneID user name. The application will now send a request to Halcom CA to obtain personal authorisation (electronic signature of the content).
  2. Users receive a push notification on their smartphones (“something only the user has”) informing them of the online application request. 
  3. As the user opens the notification in their mobile application, they can see the content of the request (e.g. Confirm log-in to application XXX as user YYY, Confirm payment of XYZ to account ZZZ, Sign contract), and decide whether to reject the request or confirm it using an e-signature.
  4. In order to confirm the request, enter the second authentication factor into the application, “something only the user knows” (e.g. PIN) or “something only the user is” (e.g. fingerprint).
  5. The mobile application forwards the user’s decision to Halcom CA. If the request is confirmed, Halcom CA signs it electronically using the user’s digital certificate, and notifies the application accordingly. The process is complete. 
OneID, the Halcom CA qualified digital certificate in the Cloud, enables fast, simple and safe two-factor authentication and digital signing via a smartphone on any device, browser or operating system. No other devices, driver installations, signature components or additional user names are required.
In 2017 OneID will already be available for accessing several online banks and e-government portals as well as all mobile applications and online portals who want to make it simple, comfortable and secure for their customers to use their electronic identities.

Back to news
© 2018 - Data Protection Policy
Powered by PROGMBH