Skip to main content
SpringerLink
Log in
Book cover

Nordic Conference on Secure IT Systems

NordSec 2015: Secure IT Systems pp 213–230Cite as

Electronic Citizen Identities and Strong Authentication

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9417))

Abstract

Both public and commercial services in most countries depend on government-issued identity documents for citizen authentication. Traditionally such documents have been fairly uniform around the world, i.e. identity cards and passports. The dawn of strong electronic authentication, however, has created a much more diverse situation. New technologies such as tamper-proof microchips and cryptographic authentication are used in different ways for both offline and online authentication. Countries have made quite different choices in what kind of security or privacy they prioritize and what services are supported. This paper attempts to form an overall picture of electronic citizen-identity and strong-authentication technologies and of the management of electronic citizen identities around the world. Understanding of the global state of the art is necessary because Internet services are often global and accessed across national borders, and because there sometimes is a need to bootstrap the user identity from the government issued or sanctioned credentials. This survey provides background information both for the selection of authentication technologies and for research on strong authentication.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Rissanen, T.: Electronic identity in finland: Id cards vs. bank ids. Identity in the Information Society 3(1), 175–194 (2010)

    Article  Google Scholar 

  2. The Economist: Which firms will profit from providing your identity online? February 9, 2013. http://www.economist.com/news/international/21571418-which-firms-will-profit-proving-your-identity-online-voucher-business (referred March 25, 2015)

  3. Oh, Y., Obi, T., Lee, J.S., Suzuki, H., Ohyama, N.: Empirical analysis of internet identity misuse: case study of south Korean real name system. In: Proceedings of the 6th ACM Workshop on Digital Identity Management, DIM 2010, pp. 27–34. ACM, New York (2010)

    Google Scholar 

  4. Ministry of Security and Public Administration: What is public I-PIN? (2009). http://www.g-pin.go.kr/center/pic/sub_01.gpin (referred February 3, 2015)

  5. K4E consulting: Real name rule on korean websites, October 2012. http://www.korea4expats.com/article-id-requirement-access-korean-websites.html (referred February 3, 2015)

  6. Department of Electronics and Information Technology (DeitY): e-Pramaan: Framework for e-authentication. Framework, Ministry of Communications & Information Technology, Government of India (GoI) (2012)

    Google Scholar 

  7. Tu, Y.C., Thomborson, C.: Preliminary security specification for new zealand’s igovt system. In: 7th Australasian Information Security Conference (AISC 2009), Australian Computer Society, Inc. (2009)

    Google Scholar 

  8. Department of Internal Affairs, New Zealand: Realme for logging in. https://www.realme.govt.nz/about-realme/realme-for-logging-in/ (referred January 29, 2015)

  9. Internet Service Unit, King Abdulaziz city for Science & Technology: Introduction to content filtering (2006). http://www.isu.net.sa/saudi-internet/contenet-filtring/filtring.htm (referred March 26, 2015)

  10. Saudi: National e-government portal, frequence asked questions (2015). http://www.saudi.gov.sa/wps/portal/yesserRoot/faq (referred March 26, 2015)

  11. e-estonia.com, the digital society: Electronic id card. https://e-estonia.com/component/electronic-id-card/ (referred March 25, 2015)

  12. Kitsing, M.: Online participation in Estonia: active voting, low engagement. In: Proceedings of the 5th International Conference on Theory and Practice of Electronic Governance, ICEGOV 2011, pp. 20–26. ACM, New York (2011)

    Google Scholar 

  13. Fioravanti, F., Nardelli, E.: Identity management for e-government services. In: Digital Government. Integrated Series in Information Systems, vol. 17, pp. 331–352. Springer US (2008)

    Google Scholar 

  14. Paul, C.L., Morse, E., Zhang, A., Choong, Y.-Y., Theofanos, M.: A field study of user behavior and perceptions in smartcard authentication. In: Campos, P., Graham, N., Jorge, J., Nunes, N., Palanque, P., Winckler, M. (eds.) INTERACT 2011, Part IV. LNCS, vol. 6949, pp. 1–17. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. European Parliament: Directive 1999/93/ec of the european parliament and of the council of 13 december 1999 on a community framework for electronic signatures (1999). http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:31999L0093 (referred March 12, 2015)

  16. Bundesdruckerei GmbH: Id card - id document for the real and digital world (2015). https://www.bundesdruckerei.de/en/714-new-german-id-card (referred February 23, 2015)

  17. djwm: CCC reveals security problems with German electronic IDs. The H Security, September 22, 2010. http://www.h-online.com/security/news/item/CCC-reveals-security-problems-with-German-electronic-IDs-1094577.html (referred March 26, 2015)

  18. Graux, H., Inte, F., Majava, J., Meyvis, E.: eiD interoperability for pegs: Update of country profiles study italian country profile. Technical report, IDABC European eGovernment Services, August 2009. http://ec.europa.eu/idabc/servlets/Docea18.pdf?id=32311 (referred February 23, 2015)

  19. Agenzia per l’Italia Digitale, Presidenza del Consiglio dei Ministri: Specifiche tecniche, March 2, 2015. http://www.agid.gov.it/agenda-digitale/infrastrutture-architetture/carta-nazionale-servizi/specifiche-tecniche (referred March 11, 2015)

  20. per l’Italia Digitale, A.: Sistema pubblico per la gestione dell’identit digitale, March 10, 2015. http://www.agid.gov.it/agenda-digitale/infrastrutture-architetture/spid (referred March 11, 2015)

  21. Le Conseil Constitutionel, France: Loi relative la protection de l’identit, March 2012. http://www.conseil-constitutionnel.fr/decision/2012/2012-652-dc/decision-n-2012-652-dc-du-22-mars-2012.105165.html. Dcision n 2012-652 DC du 22 mars 2012

  22. Snat: Projet de loi de finances pour 2014: Adminstration territoriale, February 16, 2015. http://www.senat.fr/rap/a13-162-1/a13-162-15.html

  23. DGPGC: DNI electrnico gua de referencia bsica, July 4, 2014. http://www.dnielectronico.es/PDFs/Guia_de_referencia_basica_v1_4.pdf (referred March 13, 2015)

  24. Ministry of Internal Affairs and Communications: Basic resident registration card (2009). http://www.soumu.go.jp/main_sosiki/jichi_gyousei/c-gyousei/zairyu/english/basic_resident_registration_card.html (referred February 4, 2015)

  25. Messmer, E.: Indonesia advances world’s most ambitious biometric-based national identity card project. NetworkWorld, September 20, 2012. http://www.networkworld.com/article/2160047/access-control/indonesia-advances-world-s-most-ambitious-biometric-based-national-identity-card-proj.html (referred March 25, 2015)

  26. Priyanto, U.: National electronic id card (e-KTP) programme in indonesia. ID World, Abu Dhabi, slides, March 18–19, 2012. http://www.mesago.de/download/IDA/5_Presentations/Powerpoint_Presentation/Conference_room1/Day1/Session1/1_Priyanto_Unggul.pdf (referred March 25, 2015)

  27. ChinaNews: Harbin first third-generation ID card contains fingerprint anti-counterfeiting, January 23, 2014. http://www.chinanews.com/sh/2014/01-23/5770899.shtml (referred March 26, 2015)

  28. Mutlugün, M., Adalier, O.: Turkish national electronic identity card. In: Proceedings of the 2nd International Conference on Security of Information and Networks, SIN 2009, pp. 14–18. ACM, New York (2009)

    Google Scholar 

  29. Information Technologies and Communications Authority: Electronic certificate service providers. http://www.btk.gov.tr/bilgi_teknolojileri/elektronik_imza/eshs.php (referred February 5, 2015)

  30. Soares, E.: Brazil: New national ID card launched, January 4, 2011. http://www.loc.gov/lawweb/servlet/lloc_news?disp3_l205402458_text (referred March 25, 2015)

  31. Giesecke & Devrient: G&D becomes first manufacturer to gain ITI certification for new eID cards in Brazil. Press Release, April 18, 2012. http://www.gi-de.com/en/about_g_d/press/press_releases/G%26D-Becomes-First-Manufacturer-to-Gain-ITI-Certification-for-New-eID-Cards-in-Brazil-g19648.jsp (referred March 26, 2015)

  32. Indra: Indra awarded the implementation of the electronic identity card ans passport in chile, July 19, 2010. http://www.indracompany.com/en/noticia/indra-awarded-the-implementation-of-the-electronic-identity-card-and-passport-in-chile (referred March 26, 2015)

  33. Marty, B.: Argentina’s national ID cards to store sensitive data. Panam Post, July 1, 2014. http://panampost.com/belen-marty/2014/07/01/argentinas-national-id-cards-to-store-sensitive-data/ (referred March 26, 2015)

  34. Electronic Frontier Foundation: Mandatory national IDs and biometric databases (2014) (referred March 26, 2015)

    Google Scholar 

  35. Pys.org: Mexico to pioneer iris technology on ID cards, January 21, 2011. http://phys.org/news/2011-01-mexico-iris-technology-id-cards.html (referred March 26, 2015)

  36. Voronov, A., Dementieva, X.: Russians to get plastic digital identity cards. Russia & India Report, September 5, 2013. http://in.rbth.com/society/2013/09/05/russians_to_get_plastic_digital_identity_cards_29081.html (referred March 26, 2015)

  37. Department of Home Affairs, Republic of South Affica: General information about south african identity books / identity documents (2015). http://www.dha.gov.za/index.php/civic-services/identity-documents (referred March 26, 2015)

  38. South African Government: Identity document (2015). http://www.gov.za/services/personal-identification/identity-document (referred March 26, 2015)

  39. Swiss Post: SuisseID (2015). https://postsuisseid.ch/en/suisseid (referred March 27, 2015)

  40. Fleurus, C., van der Peijl, S., Zuuren, E.V., Wauters, P., Whitehouse, D.: Towards a trusted and sustainable European federated eID system. Final report, European Commission, Information Society and Media Directorate-General (2011)

    Google Scholar 

  41. Finnish Bankers’ Association: Tupas identification service, April 19, 2011. http://www.fkl.fi/en/themes/e-services/tupas/Pages/default.aspx (referred March 25, 2015)

  42. Mobile certificate (in finnish), April 15, 2011. http://www.mobiilivarmenne.fi/documents/Mobiiliasiointivarmenne-Varmennepolitiikka.pdf (referred April 20, 2015)

  43. 3GPP: Generic authentication architecture GAA; generic bootstrapping architecture GBA. Technical report, 3GPP (2014). http://www.3gpp.org/DynaReport/33220.htm (referred April 20, 2015)

  44. Schneier, B.: Two-factor authentication: Too little, too late. Commun. ACM 48(4), 136 (2005)

    Article  Google Scholar 

  45. Nyman, T., Ekberg, J.E., Asokan, N.: Citizen electronic identities using TPM 2.0. In: TrustED 2014. ACM, November 3, 2014

    Google Scholar 

  46. Tamrakar, S., Ekberg, J.E., Laitinen, P.: On rehoming the electronic id to TEEs. In: Trustcom 2015, August 2015

    Google Scholar 

  47. First Post India: Three new online aadhaar services to authenticate your identity, May 24, 2013. http://www.firstpost.com/india/three-new-online-aadhaar-services-to-authenticate-your-identity-812451.html (referred February 4, 2015)

  48. Collins, J.: Japan issues e-passports. RFID journal, March 28, 2006. http://www.rfidjournal.com/articles/view?2224 (referred February 5, 2015)

  49. European Union: Council regulation on standards for security features and biometrics in passports and travel documents issued by member states, December 13, 2004. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2004:385:0001:0006:EN:PDF. No 2252/2004

  50. Porter, A., Kirkup, J.: ID card scheme will be scrapped with no refund to holders. The Telegraph newspaper, May 24, 2010. http://www.telegraph.co.uk/news/politics/7757720/ID-card-scheme-will-be-scrapped-with-no-refund-to-holders.html (referred March 25, 2015)

  51. Mathieson, S.: Minister destroys national identity register. Kaple, government computing, February 10, 2011. http://central-government.governmentcomputing.com/news/2011/feb/10/minister-destroys-national-identity-register (referred March 25, 2015)

  52. Citizencard: Citizencard (2014). http://www.citizencard.com/ (referred March 25, 2015)

  53. Government Gateway: Welcome to the government gateway (2015). http://www.gateway.gov.uk/ (referred March 28, 2015)

  54. Bolten, J.B.: E-authentication guidance for federal agencies, December 16, 2003. https://www.whitehouse.gov/sites/default/files/omb/memoranda/fy04/m04-04.pdf (referred September 7, 2015)

  55. Wagner, M.: E-gov (a speech in the U.S house of representatives, March 24, 2004. http://www.gsa.gov/portal/content/101464 (referred March 28, 2015)

  56. NIST: National strategy for trusted identities in cyperspace (NSTIC). http://www.nist.gov/nstic/ (referred March 31, 2015)

  57. Canada Revenue Agency: My account for individuals, March 5, 2015. http://www.cra-arc.gc.ca/myaccount/ (referred March 28, 2015)

  58. Australian Government, Department of Finance: Authentication and identity management (2008). http://www.finance.gov.au/policy-guides-procurement/authentication-and-identity-management/ (referred March 28, 2015)

  59. Allonby, N.: ID cards - a world view. GlobalResearch, August 31, 2009. http://www.globalresearch.ca/id-cards-a-world-view/14992 (referred March 25, 2015)

  60. Estonian World: Estonia and finland become first in the world to digitally sign international agreement, December 23, 2013. http://estonianworld.com/technology/estonia-finland-become-first-world-digitally-sign-international-agreement/ (referred March 29, 2015)

  61. The Economist: Estonia takes the plunge, June 26, 2014. http://www.economist.com/news/international/21605923-national-identity-scheme-goes-global-estonia-takes-plunge (referred March 26, 2015)

  62. Kitsing, M.: Online participation in Estonia: active voting, low engagement. In: Proceedings of the 5th International Conference on Theory and Practice of Electronic Governance, ICEGOV 2011, pp. 20–26. ACM, New York (2011)

    Google Scholar 

  63. OECD: Digital identity management, enabling innovation and trust in the internet economy. Technical report, OECD (2011) http://www.oecd.org/sti/ieconomy/49338380.pdf (referred March 30, 2015)

  64. The Economist Intelligence Unit: Democracy index 2012: Democracy at a standstill, March 2013. http://pages.eiu.com/rs/eiu2/images/Democracy-Index-2012.pdf (referred June 18, 2015)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Aalto University, Espoo, Finland

    Sanna Suoranta, Lari Haataja & Tuomas Aura

Authors
  1. Sanna Suoranta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lari Haataja
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tuomas Aura
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. KTH Royal Institute of Technology , Stockholm, Sweden

    Sonja Buchegger  & Mads Dam  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Suoranta, S., Haataja, L., Aura, T. (2015). Electronic Citizen Identities and Strong Authentication. In: Buchegger, S., Dam, M. (eds) Secure IT Systems. NordSec 2015. Lecture Notes in Computer Science, vol 9417. Springer, Cham. https://doi.org/10.1007/978-3-319-26502-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26502-5_16

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26501-8

  • Online ISBN: 978-3-319-26502-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation