Both public and commercial services in most countries depend on government-issued identity documents for citizen authentication. Traditionally such documents have been fairly uniform around the world, i.e. identity cards and passports. The dawn of strong electronic authentication, however, has created a much more diverse situation. New technologies such as tamper-proof microchips and cryptographic authentication are used in different ways for both offline and online authentication. Countries have made quite different choices in what kind of security or privacy they prioritize and what services are supported. This paper attempts to form an overall picture of electronic citizen-identity and strong-authentication technologies and of the management of electronic citizen identities around the world. Understanding of the global state of the art is necessary because Internet services are often global and accessed across national borders, and because there sometimes is a need to bootstrap the user identity from the government issued or sanctioned credentials. This survey provides background information both for the selection of authentication technologies and for research on strong authentication.
Sanna Suoranta, Lari Haataja, Tuomas Aura (Aalto University): Electronic Citizen Identities and Strong Authentication
Presented at NordSec 2015, Stockholm