SuisseID – next generation
SuisseID, the swiss standard for secure identification and digtal signature was launched in 2010. The success and usage of the existing SuisseID is moderate. The use cases of end user, enterprise customer and attached service partner has changed within the last years. Therefore SwissSign has defined a new SuisseID – next generation, which will launch in 2017.
Currently, a SuisseID user has to go through every steps of the SuisseID registration process to get at the end the SuisseID Token. The steps are felt as fastidious and require media breaks as going to postal office, sending information per post or installing software etc.. Only then the user has the possibility, with his token connected, to activate Mobile Service (2nd factor authentication with email, password and SMS challenge) and use the full potential of the SuisseID.
One main motivation of the project was to give the user the possibility to get the Mobile Service in the first steps, before he has to achieve the whole steps for a full SuisseID with Identification and signature features . That’s why In the first phases of the project the project was called “Mobile First”.
The goal is also to give the possibility to the user to enable, a modular step by step, on demand the other features of the SuisseID when needed. The user will and can decide when and on what level of identity quality he wants to get registered.
Basically the SuisseID offers 3 main functionalities:
– Authentication (2 Factors)
– Identification (modular step up)
– Digitale Signature (as service)
SwissSign will launch a new bundle of identification service (Identity as as service) for Service Providers. Service Providers will get additional benefits, being administrations, eGov services, financial institutes, companies or online shops to outsource a part of their Identity and Access Management to a third reliable party. This Bundle of services consists in a Secure authentication with a second factor, and trough the step up process a digital verified identity and services for digital qualified signature capability.
The service streamlines a step by step registration process for the users and the possibility to manage the self-declared data by changing them – when necessary. IdP data will be stored at the SwissSign IdP with the adequate vetting level, self-declared or verified. Only the user is able to modify, add and use the IdP entries, with full control and privacy. The user will decide through consent screen, which identity information’s will get forwarded to his used online service providers.
The Service provider will be able to register online within a short time for the 2nd factor authentication. The service provider will get the possibility to process the user data through the authentication, with agreement of the user, and the verification level.
The Service Provider can also add the signing service within his portal to propose the digital qualified signature to his users.
Below; showing the process of the project.
In a nutshell:
Features for users:
– Online registration
– Secure authentication with second factor (mobile service)
– Immediate use
– Upgrade for online Identification
– Upgrade for Online Qualified Signature
– Can be used on any device
Advantages for users:
– No token necessary
– No additional software
– High usability, free for the user
– Easy registration and upgrade process
– Dynamic data management
– No renewal process
– Ready for future processes
Features for Service Providers:
– Online registration
– Compatibility with “existing” SuisseID
– Possibility to get verified Identity «on demand»
– Possibility to get verified attributes «on demand»
Advantages for Service Providers:
– Easy registration process
– Standard technologies
– Compatibility with “extisting” SuisseID