Technology provider for eIDAS

Knowledge base

Technology provider for eIDAS

At SecMaker we already have provided the technology means for issuing electronic identication to significant players in the public healthcare authorities in Sweden. Our technology base is well proven and the authorities hosting the technology, in other words the customers of SecMaker, are aiming to get the SecMaker product suite a standard for the public sector in Sweden.

We aim for Europe. And Europe has demands that we consider we can enable to fulfil for a corresponding electronic identication provider, meaning a customer buying our technology, to make the SecMaker way of electronic identification a standard in any European country. How? Please read further below.

Refering to the EU regulation 2015/1502 of assurance levels, below are a brief description of what requirements that an electronic identication provider needs to fulfill, using our technology.

As well, the requirement list of assurance levels below would apply if we at SecMaker ourselves would be the provider of electronic identications.

Application and registration

The requirement deals with how whether the provider can confirm how they run their business and what rules apply.

If a provider can supply a certificate stating their:

• Identity and contact details
• Descriptions of the supplied solutions and services including methods for issuance, blocking and dismantling.
• Terms ensuring the user has fully understood his commitment regarding security.
• How personal data are taken care of.
• How changes are made to this certificate

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Identity proofing and verification, natural and legal person

Are SecMaker able to deliver the means for an e-ID provider to be able to verify the identity of a person that applies for an electronic identification? As well, if applicant is approved, does the technology of Secmaker allow issuance of an electronic identification in connection to the application?

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Electronic identification means characteristics and design

SecMaker's technology should be robust enough, including the usage of two factor authentication, to be protected from unapproved usage including copying and manipulation. Also, from manipulation by mechanical means.

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Issuance, delivery and activation

Does SecMaker have a process of issuance and activation of the electronic identification that includes a delivery control that ensures the electronic identification was solely distributed to the applicant?

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Suspension, revocation and reactivation

Does the SecMaker technology provide functions that enable reactivation of an electronic identification in a similar manner as the initial activation?

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Renewal and replacement

Does the SecMaker technology provide functions that enable renewal and replacement of an electronic identification? Also, if the identification process by the applicant is done using electronic identification (other)?

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Authentication mechanism

With respect to the authentication mechanism of SecMaker's technology, does it protect from compromising and manipulation by an attacker with high attack potential of subversion? This, if the applicant choses to identify himself electronically.

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Management and organisation. General provisions for the business

• SecMaker/the e-ID provider is a recognized legal entity fully operational for the services provided and we possess all the necessary insurances?
   
• Does SecMaker/the e-ID provider meet all legal requirements in connection with the operation and delivery of the service? 
   
• Is SecMaker/the e-ID provider capable of taking on liability and resources to continue operating and providing the services? 
   
• Is SecMaker/the e-ID provider responsible for any contract outsourced?
   
• Is there a plan for possible closure of operations?

If the answer is YES to all the questions as above then we at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Information security management

This requirement deals with whether the information security management system follows proven and tested standards.

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Record keeping

The record keeping "of relevant information" takes place with an effective registry management system and is protected in accordance with law and regulations, and can be destroyed effectively whenever appropriate.

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Facilities and staff

Personnel are adequately trained and available in sufficient quantity, as are subcontractors. Facilities are monitored and access is limited to authorized personnel. No one can claim an e-ID in another person's name. Also applies to cryptographic data as well as personal data.

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Technical controls

This requirements deals with protection against manipulation and eavesdropping of sensitive information, etc. Key material is never stored in plain text. The existence of comprehensive security mechanisms. Activation data for protecting key material is handled through multi person control.

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

Compliance and audit

Existence of regular independent external audits.

We at SecMaker are convinced we can supply the means for an e-ID provider to meet the eIDAS assurance level HIGH.

A European Union without borders

What if Swedish citizens would be able to buy a property in Spain without leaving Sweden just for the sake of authenticate and identify themselves physically in front of government officials in Spain at a crowded office that have uncomfortable opening hours?

Well, having prepared all bureaucracy in advance the process would run much smoother and a lot of time and money saved. In the end, it would turn out beneficial for the Spanish state to sell more properties in less time.

There are many similar examples. especially when it comes to the future generation people, the young, the students, the millenials whose ability to use the internet became an innate characteristic. For them, borders have always been something fictitious.

We are with you in conquering the borderless European Union.