Online access to government services, in what’s known as eGovernment or
simply eGov, is a rapidly growing trend. National, state and even local
governments around the world now offer online access to services and personal
information, so people can do things like apply for benefits, pay taxes, renew
their vehicle registrations or simply get information without having to visit
a brick-and-mortar office.
Offering eGov services helps improve workflows and lower administrative costs,
and makes it easier for citizens to do what they need to do. There’s
less need to leave home and wait in line, and you can take care of business on
your own time, without having to worry about when offices will be open.
Evolving how we access eGov services
Citizens often access eGov services using the familiar combination of a
user name and password. To make access safer and more secure, eGov services
have started adding government-issued electronic IDs or eIDs, to the login
process. These eIDs, which may do double duty as a national ID,
driver’s license, or voter card, use microprocessor-based smart card
technology to store and protect personal information and provide a more
secure way to authenticate the user’s identity before granting access
to the online service.
The eID format does a really good job of protecting logins. The information
stored in an eID is protected from copying and tampering, and the
authentication process uses cryptography, so it’s much harder for
scammers and thieves to sneak online. Also, adding a PIN code and/or
biometrics to the login process strengthens authentication further and helps
prevent unauthorized use if the eID is lost or stolen.
On the other hand, using eIDs for logins can be somewhat cumbersome. The
process involves having a card reader, which is a piece of equipment that lets
your computer communicate with the microchip in the eID. There’s also a
certain amount of special software needed to read the eID. If the
authentication process uses a biometric, like a fingerprint, you need another
reader for the fingerprint scan and additional software. What’s more,
most readers and scanners are designed for use with a desktop or laptop, not a
smartphone or tablet and that means the eID process isn’t particularly
portable, either.
Having to buy, install and maintain extra hardware and software means
it’s not really all that simple or convenient for people to use an eID
as the login to access eGov services. Supporting folks who have trouble with
the process also means extra work – and extra cost – for the
government agencies deploying the eGov services.
The good news, though, is that credential technology is evolving, and we now
have ways to make digital IDs much more portable. Using what’s called a
derived credential, the information needed for secure online access can be
stored in just about any kind of mobile device, including smartphones and
tablets.
What is a derived credential?
A derived credential is essentially a companion to an eID credential. A
government agency uses the information in a genuine, verified eID to create a
derived credential, which is then securely stored in the citizen’s
portable device. Once in the device, the derived credential works in much the
same way as an eID credential, following the smart card standards for
cryptography and other security mechanisms to create strong authentication,
but without the dedicated hardware and software components required with
smartcards. Using derived credentials for eGov logins adds simplicity and
versatility while maintaining security, and creates a more flexible, more
citizen-friendly way to enable secure online access.
A derived credential can serve as a single sign-on (SSO) to provide access to
a number of different services, even in strictly regulated environments that
require the highest levels of security. Yet the format is versatile enough,
and easy enough to implement and use, to support secure access in environments
that don’t require such advanced security mechanisms. That means eGov
applications can encompass a more varied set of services, while maintaining
the varying levels of security associated with each one.
It’s important to remember that derived credentials aren’t a
replacement for eIDs. There’s still a long list of reasons why having a
tangible, card-based eID is a very good idea, for citizens and government
agencies alike. But when it comes to online access, especially from mobile
devices, having a new kind of secure ID, in the form of a derived credential,
creates new levels of convenience, ease of use and freedom, while meeting the
necessary requirements for security.
Coming soon
The growing demand for increased mobility is driving developers to find new
ways to ensure security in mobile and virtual environments, and derived
credentials are seen by many in the identity industry – including those
of us at NXP – as the best way to meet the need for secure mobile
access to online services.
We’re leading the efforts to establish standards for derived
credentials, building on our number-one position as a supplier of silicon
solutions for eGovernment. We have a track record of substantial contributions
to the secure ID business in general, and bring a unique perspective on the
technology of secure credentials as they apply to governance.
To learn more about our work in this area, visit the
eGov section of our website or contact your local sales office.
Related links
NXP blog: 4 things you should know about secure eGov applications