TRUST IN THE
Trust is the linchpin of the digital world. Trust makes us give out our credit card details, share our personal information and enter into agreements with services we might not even be familiar with. And the higher the confidence, the greater the opportunities.
TRUST LEVELS MATCHING YOUR NEEDS
Identity is the foundation of trust – both in the physical and in the digital world. When you are certain of who you are dealing with, you can link everything that enables a meaningful relationship between an organization and an individual; responsibility, payment, consent, agreement and delivery.
In order for an identity to be reliable, two things are required:
- A reliable method of transferring the user’s real identity to a digital identity
- A secure way to ensure across time that it is the same individual who holds the digital identity.
An e-ID that meets both criteria can therefore be used as the leverage upon which all your digital business rests. Many make the mistake of settling for the first step. They issue a digital identity with careful checks of the user but allows the identity be borne by a user name and password. As vulnerable as the passwords are now, they do not meet the second criterion, to keep the identity secure across time.
More problematic is that even more businesses are content without any of the criteria; they make no check that the user is who he or she claims to be and lets this weak identity be carried by an uncertain password. In the digital future that awaits, these players will soon be out.
Freja eID is an e-ID designed and reviewed according to Swedish and international standards to fulfill both criteria.
TRUST LEVELS FOR eIDS
To assess the trust level of an e-ID, various international standards have been created. The levels in these different standards are to some extent similar and different services, public and private, may have different levels to relate to. Most often, however, it is up to you as an organization to assess the level of trust you want for your users and we can help you find the level that is appropriate, based on both regulatory as well as security-related requirements.
THE TRUST LEVELS OF
Freja eID is created for both Swedish and international use and to make it clear, we have therefore defined three levels, each of which can correspond to both Swedish and international standards.
Freja eID Basic: Requires only self-registration of e-mail address and thus has a trust level corresponding to Level 1 and Low. However, Freja eID Basic has 2FA, which significantly increases the security level significantly.
Freja eID Extended: After the user has registered Freja eID Basic, the identity is proven by registering an ID document and a biometric ID photo. Security personnel check the authenticity of the document and validity, compare the photo ID of the ID document with the biometric ID photo and do a lookup in the SPAR register to compare personal data and obtain address information.
Freja eID Extended corresponds to Level 2 according to DIGG’s standard and Essential according to eIDAS. However, this is not officially certified because such a possibility is not available at present.
Freja eID Plus: After the user has been approved for Extended, a physical ID check is required at one of Freja eID’s 2000 representative agents. A check is made according to the Banking Association’s (Bankföreningens) seven steps and if no irregularities are found, Freja eID Plus is issued to the user.
Freja eID Plus has trust level 3 according to DIGG’s standard and is also approved for the governmental quality mark Svensk e-legitimation. Our assessment is that Freja eID Plus corresponds to the eIDAS level High but it remains to be tested.
THE QUALITY MARK SVENSK e-LEGITIMATION
To create a consensus in the issue of eID’s, the Swedish state has developed the quality mark Svensk e-legitimation. It is DIGG – the Swedish Agency for Digital Government which, based on national and international security criteria, reviews and approves Swedish e-ID’s for the quality mark.
Public and private actors with e-services that require e-ID can trust e-ID’s that have the quality mark Svensk e-legitimation, and users can feel confident that it is a secure identity document.
In order to get the quality mark, the e-ID must fulfill the requirements in the Framework of trust for Svensk e-legitimation. The purpose is to make sure that the e-ID can be issued and maintain the trust level which the application refers to. In addition to the technical architecture, the issuer is also reviewed on the following points:
– Financial stability
– Information security work and internal control
– Process for identifying people applying for an e-ID
– Producing and providing of e-IDs
Freja eID + is Sweden’s only mobile e-ID that has been approved for the governmental quality mark Svensk e-legitimation.
PHYSICAL AND LOGICAL SECURITY
Security is absolutely fundamental to Freja eID. Protecting the user’s data and integrity is essential and trust in an e-ID is founded on the fact that it is secure. Freja eID is based on proven technology and world-leading security solutions to ensure the reliability of identity over time.
Verisec, which is behind Freja eID, has been working with IT security since 2002 and handles digital identities for millions of people worldwide. Much of the technology that forms the basis of Freja eID has been developed for banks, authorities and companies with large user groups and is proven and tested in large-scale contexts.