From a user account for government services to a user account with a clothing company, our daily transactions frequently take place online using several different electronic identities accessed via passwords. But, these identities create security issues as well as problems in managing the many different passwords and accounts for the user. This could be overcome with a widely available, trusted and secure electronic identity system. One EU-funded project, FUTUREID, has created an innovative electronic identity system that could allow users to access a wide range of services from eHealth and banking to online shopping accounts – all within one secure system. The concept is based on electronic identity cards that are already functioning in many EU countries such as Belgium, Austria and Estonia. However, FUTUREID expands the use of eID cards to cover access to health services, justice and law-enforcement, and secure tokens like those used by banks and the private sector. "Identity theft is an enormous problem with password-based authentication and eID systems make ID theft much costlier for attackers,” explains Heiko Roßnagel, FUTUREID project coordinator. Moreover, “secure and trustworthy identities are increasingly important for allowing an ever growing number of transactions to take place on the internet. These are of vital importance to the functioning and efficiency of the EU's single market," says Roßnagel. "Much of the competitiveness of Europe depends on finding a way of moving beyond the overly vulnerable electronic identities based on passwords," he adds. Under the eID system developed by the project, users can use their existing electronic identities. The FutureID system is designed to support any eID card, token and mobile identity technology as well as being able to interact with current eID infrastructures. “The FUTUREID approach is to take everything existing and add interoperability, enhance privacy and create a consistent user experience across a diverse range of services on top,” says Roßnagel. The project hopes to create a two-way draw: users will be attracted to the wide range of services. Meanwhile, service providers are attracted by the potential of a large number of users encouraging them to invest in the eID system. "FUTUREID allows private sector players to offer services on what is essentially an open market place for intermediation services. This fosters competitive pricing, flexibility to market needs, support for niche markets as well as technological innovation," says Roßnagel. At the same time, users can select how much personal information is disclosed, meaning that the system is attractive to users with privacy concerns. Currently some eID systems disclose the full set of information contained in some eIDs to any service provider, even when only nationality or proof of age is required, explains Roßnagel. FUTUREID overcomes this, he says. While eIDs are in their early phases, what is certain is that the internet has to mature beyond the use of passwords to remain useful and secure in the future. In some European countries roll-out of eIDs has already happened, but the availability of services that will attract users to activate their eIDs, install card readers or other systems and remember their PIN is still lacking. “This is why FUTUREID has put so much emphasis on the private sector as only their services will make it worthwhile for citizens to actually use their eIDs”, says Roßnagel. With the project over, the key concepts are now in place for a successful and sustainable roll-out of very large-scale identity management infrastructures in Europe and beyond. “Talks with a major stakeholder on how best to demonstrate very wide-scale use of this technology are already in their second round, says Roßnagel.
FUTUREID, electronic identity, cyber security, password, eID, privacy