Open in app

Sign in

Write

Sign in

Digital identity as a 3 week miracle

Ronny Khan
8 min readJun 4, 2020

Summary and introduction

“Dr Hans Kluge, director for the WHO European region, warned countries beginning to ease their lockdown restrictions that now is time for preparation, not celebration”.

Thankfully we did most of this before anybody had heard of Covid-19 by laborious work on making an implementation friendly and ready requirement specification.

Once the crisis hit we where able to implement remote on boarding in 3 weeks to an existing eID scheme adapted for the use case. This goes beyond technical implementation but also covers changes to government rules and regulations as well.

This proves important learning points on what can be done quickly if need musts and will prevails. The preparations are not exclusive and can be reused by others wanted.

Problem to be solved

As the first but not last wave of Covid-19 descended over us we did go into lock down and travel restrictions. Most of the population in Norway was by default well prepared for going electronic by the fact that more than 90% of the populous did possess an electronic identity and in practice all public and private services had support for the usage of electronic identities.

However there was one group that did not have this option which are non nationals from EU countries who was not eligible for the national schemes and do not have a suitable or recognized electronic identity for their home state.

Those subjects would in part and are still locked out of the country and can not do this the old way even once the lockdown was lifted.

Still these subjects are eligible for benefits which during such times is literally what puts food on the table.

Solution

Well I have given most of this away already but due to the fact that a considerable effort had been done on remote onboarding driven by a general digitization effort a broad framework was ready to handle the onboarding part.

Since this have been a joint public and private sector effort the public sector was well positioned to use this existing work and driven by a courageous public sector including the political level they just acted given the situation developing.

This would be what we call agile development which is perhaps not what one would normally associate with this area full cred to the directorate of digitization

A few weeks later the solution space was done in an minimum viable product fashion and regulations was changed in what can be coined in a minimum viable regulation manner.

It is important to understand that this is one time operation where you are issued an electronic identity at the end. The solution is totally secure and suitable for the highest level of assurance even if we have chosen at this junction to on board for substantial for a limited user group as this solved the problem needed to be urgently to be solved now.

Precursors

This work would not be possible had it not been for the extended work being performed by BITS on behalf of the Norwegian banking sector. This work can be found here BITS (Norway) work on remote identification of natural persons.

In part this activity shadowed the EU expert group activities which I have had the great pleasure in participating in and where I hope work will be picked up pretty soon as while reports lasts the availability of people dwindle and it is allays about the people no matter what you try to achieve.

We had excellent political backing of this project which was instrumental for ensuring progress and a true public private cooperation.

The work and the competence built here would be of untold value for implementing such solutions and can be accessed by the different vendors which will find it easy to implement and reasonable to claim adherence to as a very concrete pice of work and very specific requirements.

I really this competence will be picked up on instead of starting at basic with questionable manning as I have seen some examples of.

Further development

Health care closed loop

On the tail of this we have seen an establishment of a health care private brand solution using the same on boarding.

Again the major part here is solving the challenging onboarding problem. By doing this by self enrollment using the users phone and existing identity document what used to be complicated becomes easy.

The rest of such solutions are of the shelf components, not labor or capital intensive so once the interaction with the end user is sorted things gets a lot easier.

Just consider.

  • Nobody has to go anywhere to enroll.
  • Nobody has to do the enrollment.
  • Personalized devices need not be used as they can be personalized in the process thus bulk purchase is possible.
  • There are no inherent password/pin requirements but can be enrolled if 2FA is needed or biometrics can be used as the second factor.
  • Lost token or forgotten password can be handled by resetting via the same procedure as on boarding.

Extension to the normal electronic identity enrollment cases

The requirements work was intended for broad deployment in any and all use cases. This will follow on the tail of this project which would be seen as an advanced pilot towards this.

Extension to other jurisdictions

This process has been started as keen interest has been shown from other countries.

Going further down the rabbit hole

The process prescribed can be used for a lot of use cases. Some are described above but there are a lot of others.

If we relate this generic tokens it is relatively simple to use this for closed loop or open offerings quickly and at very reasonable costs with very high security.

From digital identification to digital validation

Digital identity proofing is important especially if one is starting from scratch the basic ability to access services based on who you are is a huge step forward.

Once this step is passed one will realize that it is only a part of the journey. In area after area if becomes clear that that more is needed. One example would be KYC data where knowing who you are dealing with is important but by no means enough additional data is needed for validation.

The same applies in a lot of areas it is nice to identify a subject but what you really need is some way of establishing the credit worthiness, perhaps you need to determine the civil status or in given circumstances you need know that the person has a clean slate in terms of criminal record.

All of these validations build upon identification and may add value to identification or may not in subjects to determine if a person is above a certain age, enrolled to an university and a lot of areas where you do not need or want the complete identity but merely an attribute associated with an identified subject.

In the public services domain this is called the single digital gateway where in my opinion the single should be replaced with a P2P virtual gateway. Furthermore this concept should be extended to private sector usage in a regulated manner with explicit user consent.

This is paramount to achieve an internal market at scale and is where the next frontier will be hopefully the suggestions we have proposed on KYC will be tools to open this frontier.

Conclusion

It is always nice to do things by the book and let the time laps and costs be whatever they may become.

I believe we live in a time where we urgently need to make haste. We should.

  • Get remote on boarding implemented where there is a feasible foundation to build on. If there is a digital identity scheme in place that is.
  • Make sure of acceptance in critical and semi critical services.
  • If there is no foundation consider a simpler way by using generic tokens which can be purchased in bulk and personalized at enrollment.
  • If all of this is under control the focus should immediately switch from digital identification to digital validation.

There is a lot to be learned here especially what can be achieved in a short time.

More articles can be found on my homepage giving more information on these subject and I am always happy to contribute on these matters.

About the author

Ronny Khan is an IT and Business development specialist within the Norwegian financial sector, who is involved in standardization effort on remote natural person identification targeting trust level high as part of a shared effort by the Banking association with public sector stakeholders.

He is currently working full time seconded to the banking association as liaison with key players in the public sector to ensure deployment at scale of remote on boarding for electronic identities.

He is also participating in ISO standardization, national standardization with focus on biometrics and security in retail banking , a keen follower of the are of identity, identity proofing , KYC and always looking for new interesting domains. Currently he is focused on digital validation as a natural evolution of digital identities.

Previously he has been working within a broad field covering digital identities, internet bank authentication/authorization, card security and telecommunications.

Kyc
Digital Identity
Eidas
Onboarding
Aml Compliance

--

--

Ronny Khan

Written by Ronny Khan

12 Followers

Innovation expert with deep background in user authentication, authorization, digital identity, remote customer on-boarding. Participating in ISO initiatives.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams