The eIDsolution of the Norwegian Banks Interoperable European Electronic IDPublic Service Cards 2021

1
The eID-solution of the Norwegian
BanksInteroperable European Electronic
ID/Public Service Cards20-21 May 2003Gamle
Logen, OsloØystein LysvikSpareBank 1 Gruppen
ASoystein.lysvik_at_sparebank1.no
2
SpareBank 1 Gruppen AS
SpareBank 1 Livsforsikring (100)
SpareBank 1 Skadeforsikring (100)
Bank 1 Oslo (100)
SpareBank 1 Fondsforsikring (100)
Eiendoms-Megler 1 (Chain)
SpareBank 1 Bilplan (100)
First Securities (33,3)
SpareBank 1 Aktiv Forvaltning (100)
Odin Forvaltning (100)
Bank alliance as owners and distributors
SpareBank 1 SR-Bank
Swedbank
Union Fed.
Sparebanken Vest
SpareBank 1 Midt-Norge
SpareBank 1 Nord-Norge
Samarbeidende Sparebanker
14,08 14,08
14,08 8,67 14,08
10 25
Alliance of 19 norwegian saving banks, separate
legal units 350 branches, nation wide 2.000.000
clients (incl. 800.000 trade union insurance
clients) 360.000 internet banking customers (
2.000/week)
3
BankID the organisation
4
BankID the solution
Soft certs( 2002)
Internetbank
Micro Client (Febr 2003)
Merchants
Government
Certificate holder
Relying party
Companies
BankID Server
BankID Client
SmartCard Pilot 2003
Mobile Pilot 2003
5
BankID the marketplace(with the banks as the
trusted 3rd party)

• Participants in 3 segments
• C Consumer
• B Business
• G Government
• Business interactions
• within segments
• between all segments
• Different levels of security and trust needed,
  based on
• transaction value and content
• risk exposure
• segments involved

6
BankID status and ahead

• December 1999 Banking associations decided to
  develop BankID
• Current status
• Banks/RA ready to issue certs. (Registration
  Authority)
• Authentication and limited signature solution
  available
• Pilots in internet banks and internal banking
  solutions
• Proof of concept for Verified by Visa.
• Project Internet account debit payments
• Several government and commercial projects
  starting
• Ahead
• Enhanced signature (Publicus Notarius and
  TA-Timestamp authority)
• Encryption, encrypted email
• From pilots to rollout (critical mass is target)
• From banking applications to government and
  commercial segments
• New services in internet banking (not possible
  with current security divices)
• Added value depending on number of services
  offered (Critical mass).
• One trust solution for multiple applications in
  multiple market segments

7
BankID introducing smartcards

• The Norwegian smartcard initiative
• Smartkort Norge (Smartcard Norway) a joint
  project between the Norwegian banks and BBS to
  implement EMV (Europay/MasterCard/Visa
  specifications for ICC debit/credit products).
• Norwegian EMV pilots from Q1 2004
• Technology and infrastructure ready for payment
  schemes (debit/credit) and other applications
• PKI, e-purse, OTP, loyalty, ticketing, etc.
• Smartcards as OTP (One Time Password) solution
  for BankID
• Strong authentication of customer when using
  net-centric BankID keystore
• No installation, offline reader. OTP host at BBS.
  
• Now in pilot (SpareBank 1 Gruppen and
  BBS/Smartkort Norge)
• To what extent will there be a need for
  smartcards with full BankID keystore ?
• Market need, will to pay, viable technology, ease
  of use and ownership(support).

8
BankID lessons learned (so far)

• New business area for banks, and for other
  segments !
• 3rd party trust offering. Banks can offer
  experience and skills to non banking businesses!
  
• Be aware of both the the details and the
  complexity
• Make a plan !
• Keep it simple. Target efficiency and simplicity
  in early stages
• Management commitment
• The business-case is good, but no pain, no
  gain. Be patient !
• Make a roll-out strategy
• First get the simple stuff working
• Implement on own solutions before going external
  (but with minimum delay)
• Client and merchant penetration to achieve added
  value for all parties
• There were no (or few) real experts.
• .but everyone has learned a lot, and there is
  still a lot to learn.
• There is a possible hen egg situation, but
  the banks .
• . have the trusted customer relations
• . have the infrastructure to issue BankID and
  offer BankID based services
• . can deliver authenticated clients to non
  banking segments