eID |
    | We offer an eID wallet smartphone app that allows a person to identify and authenticate themselves and sign (e.g. payments and contracts).
A person can use their eID for many purposes. Examples include logging into a web site, opening a bank account and providing proof of age. They could also use it to combine covid-19 status with a ticket to a sports or entertainment event. A key requirement of eID is privacy. Only the minimum required information about the person is presented during each eID procedure. The person is in charge of what information about themselves (attributes) they wish to store in their wallet (i.e. they are Self Sovereign). They also control which attributes they are prepared to share during each eID transaction. |
---|---|---|
    | ||
Trust Framework |
    | A Trust Framework enables two parties (i.e. a Person and a Relying Party) who have never met and perhaps may never meet again to transact safely with each other.
To enable this, Identity and Attribute Service Providers underwrite the identities and integrity of their attributes. As a first step in all eID transactions, the Person's eID wallet app must authenticate the Relying Party (e.g. website or terminal) before presenting the eID request. Personal data is only shared with bona fide members of the Trust Framework. |
    | ||
SCA |
    | All eID transactions involve Strong Customer Authentication (SCA). The SCA procedure binds the person to their action.
The person's SCA credentials take the form of their Identity X.509 certificate which bind the real person to a cryptographic private key. This key is stored within the Secure Element of the user's smartphone. The key is unlocked with a PIN and/or using the biometric sensor on the device. The SCA procedure creates independently verifiable proof in the form of an Advanced Electronic Signature (AdES). |
    | ||
Online / Offline |
    | All the person's credentials and attributes are stored locally within their wallet app (i.e. Decentralized), together with the certificate chains of trust.
As well as an internet connection, the app supports proximity technologies such as QR codes and BLE. These enable the eID app and terminal to authenticate each other and verify the proof, even when both are offline. |
    | ||
CBDCs |
    | In the future, Central Bank Digital Currency transactions will require both eID and SCA. In addition, as a replacement for physical cash, the BIS and central banks have identified the key requirement for CBDC payments to continue even during periods of power or network outage.
For both Person-to-Person and POS transactions, assuming both devices have battery power and proximity (e.g. BLE) connectivity, CBDC transactions can be completed even when both devices are offline. |