Identification, Authentication and Authorization

eIDAS

Electronic identification, Authentication and trust Systems

  • EU regulation on electronic identification and trust services for electronic transactions in the internal market

Sets the standards and criteria for

  • Simple electronic signature

  • Advanced electronic signature

  • Qualified electronic signature

  • Qualified certificates

  • Online trust services

Rules electronic transactions and their management

Types of electronic signature

Electronic signature

Data in an electronic format attached (or logically associated) to other electronic data that the signer uses to accept the contents of a document

Advanced electronic signature

An electronic signature that:

  • Linked to the signer in a unique way and allows their identification

  • Created using electronic signature creation data that the singer can use with a high level of trust and under his exclusive control

  • Linked and sealed with the signed data so that any subsequent modification of it is noticeable

Qualified electronic signature

Advanced electronic signture created by a qualified electronic signature creation device based on a qualified electronic signature certificate

Qualified trust services

Services electronically provided that:

Meet eIDAS requirements

  • To operate at a high level of confidence and technical security

A natural or a legal person who provides one or more trust services

  • Either as qualified or non-qualified trust service provider

Hold authenticity presumption

Services, normally provided for remuneration, of:

  • Creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services

  • Creation, verification and validation of certificates for website authentication

  • Preservation of electronic signatures, seals or certificates related to those services.

Qualified (digital) certificate

Public key certificate issued by a qualified trust service provider

  • TSP has government-issued qualifications

Essential for non-repudiation

  • Links a signature to its owner (citizen)

Corresponding private key produces signatures with legal value

Trusted lists (TSL)

Each Member State shall establish, maintain and publish trusted lists

  • Relation (Trusted-Service Status List) of certifying entities that are registered or accredited by the accrediting authority

  • Information about qualified trust service providers for which it is responsible

  • A TSL may include information on non-qualified trust service providers

    • It shall be clearly indicated that they are not qualified according to EU Regulation

Member States shall establish, maintain and publish, in a secured manner, the electronically signed or sealed trusted lists in a form suitable for automated processing

  • Usually, XML

Member States shall notify to the Commission information on the body responsible for establishing, maintaining and publishing their national TSL

  • And details of where such lists are published, the certificates used to sign or seal the trusted lists and any changes thereto

  • In Portugal: GNS (Gabinete Nacional de Segurança)

The Commission publishes, through a secure channel, the information about member States’ TSL

  • In electronically signed or sealed form suitable for automated processing

  • LOTL (List of Trust Lists)

eID Levels of Assurance (LoA)

Confidence in the identity claimed by a person

  • How certain a service provider can be that it is you the one using your eID to authenticate to the service

    • And not someone else pretending to be you

  • The difficulty one would have to use someone else’s eID to access an online service

3 levels: low, substantial, high

The LoA considers:

  • The process of obtaining the eID scheme (enrolment)

  • How the eID means is managed, how it is designed

  • How authentication is performed

CEF (Connecting Europe Facility) eID

Citizens from an MS can prove and verify their identification when accessing on-line services in other MS

  • Using their national eIDs and connecting with their country IdP

Steps:

  1. A citizen requests an on-line service in another MS

  2. The citizen is requested to authenticate themselves by the on-line service

  3. The citizen chooses to authenticate with an eIDAS eID

  4. The authentication request is delegated to the citizen’s country

    1. Through the eIDAS network, to the citizen’s IdP

  5. The authentication result is returned to the service provider

  6. Authentication is complete

    1. And the citizen can proceed with accessing the service

CEF (Connecting Europe Facility) eID

September 29, 2018

  • All online public services requiring electronic identification assurance with substantial or high LoA must be able to accept the notified eID schemes of other EU countries

Extending the use of online services across Borders video

Additional Context

eIDAS Regulation for Portugal

Several Pilots for testing the digital wallet

PreviousInteroperabilityNextPrivacy

Last updated