Title: The eIDsolution of the Norwegian Banks Interoperable European Electronic IDPublic Service Cards 2021
1The eID-solution of the Norwegian
BanksInteroperable European Electronic
ID/Public Service Cards20-21 May 2003Gamle
Logen, OsloØystein LysvikSpareBank 1 Gruppen
ASoystein.lysvik_at_sparebank1.no
2SpareBank 1 Gruppen AS
SpareBank 1 Livsforsikring (100)
SpareBank 1 Skadeforsikring (100)
Bank 1 Oslo (100)
SpareBank 1 Fondsforsikring (100)
Eiendoms-Megler 1 (Chain)
SpareBank 1 Bilplan (100)
First Securities (33,3)
SpareBank 1 Aktiv Forvaltning (100)
Odin Forvaltning (100)
Bank alliance as owners and distributors
SpareBank 1 SR-Bank
Swedbank
Union Fed.
Sparebanken Vest
SpareBank 1 Midt-Norge
SpareBank 1 Nord-Norge
Samarbeidende Sparebanker
14,08 14,08
14,08 8,67 14,08
10 25
Alliance of 19 norwegian saving banks, separate
legal units 350 branches, nation wide 2.000.000
clients (incl. 800.000 trade union insurance
clients) 360.000 internet banking customers (
2.000/week)
3BankID the organisation
4BankID the solution
Soft certs( 2002)
Internetbank
Micro Client (Febr 2003)
Merchants
Government
Certificate holder
Relying party
Companies
BankID Server
BankID Client
SmartCard Pilot 2003
Mobile Pilot 2003
5BankID the marketplace(with the banks as the
trusted 3rd party)
- Participants in 3 segments
- C Consumer
- B Business
- G Government
- Business interactions
- within segments
- between all segments
- Different levels of security and trust needed,
based on - transaction value and content
- risk exposure
- segments involved
6BankID status and ahead
- December 1999 Banking associations decided to
develop BankID - Current status
- Banks/RA ready to issue certs. (Registration
Authority) - Authentication and limited signature solution
available - Pilots in internet banks and internal banking
solutions - Proof of concept for Verified by Visa.
- Project Internet account debit payments
- Several government and commercial projects
starting -
- Ahead
- Enhanced signature (Publicus Notarius and
TA-Timestamp authority) - Encryption, encrypted email
- From pilots to rollout (critical mass is target)
- From banking applications to government and
commercial segments - New services in internet banking (not possible
with current security divices) - Added value depending on number of services
offered (Critical mass). - One trust solution for multiple applications in
multiple market segments
7BankID introducing smartcards
- The Norwegian smartcard initiative
- Smartkort Norge (Smartcard Norway) a joint
project between the Norwegian banks and BBS to
implement EMV (Europay/MasterCard/Visa
specifications for ICC debit/credit products). - Norwegian EMV pilots from Q1 2004
- Technology and infrastructure ready for payment
schemes (debit/credit) and other applications - PKI, e-purse, OTP, loyalty, ticketing, etc.
- Smartcards as OTP (One Time Password) solution
for BankID - Strong authentication of customer when using
net-centric BankID keystore - No installation, offline reader. OTP host at BBS.
- Now in pilot (SpareBank 1 Gruppen and
BBS/Smartkort Norge) - To what extent will there be a need for
smartcards with full BankID keystore ? - Market need, will to pay, viable technology, ease
of use and ownership(support).
8BankID lessons learned (so far)
- New business area for banks, and for other
segments ! - 3rd party trust offering. Banks can offer
experience and skills to non banking businesses!
- Be aware of both the the details and the
complexity - Make a plan !
- Keep it simple. Target efficiency and simplicity
in early stages - Management commitment
- The business-case is good, but no pain, no
gain. Be patient ! - Make a roll-out strategy
- First get the simple stuff working
- Implement on own solutions before going external
(but with minimum delay) - Client and merchant penetration to achieve added
value for all parties - There were no (or few) real experts.
- .but everyone has learned a lot, and there is
still a lot to learn. - There is a possible hen egg situation, but
the banks . - . have the trusted customer relations
- . have the infrastructure to issue BankID and
offer BankID based services - . can deliver authenticated clients to non
banking segments