Achieving a high level of security is a futile practice if the solution is not usable. In this blog, and in a complementary one written by our partner Juan Asenjo from nCipher Security, we examine how to satisfy digital security requirements while maximizing usability.
Fortunately, advanced modern digital identity and signature technologies are making secure transactions with improved user experience possible. Governments, citizens, and private organizations can now securely manage their identities in the cloud or centralized on-premises with a user-friendly experience, combining multifactor authentication with mobile-based solutions, single sign-on, and identity federation. On top of that, PKI identity attributes can be added for deploying digital signature functions, granting the necessary balance between high security and a friendly user experience for digital transactions through any device.
Digital ecosystems in several countries around the world have evolved towards the development of trusted services through the legal recognition of new digital identification and digital signature technologies. One of the main objectives followed by regulatory entities in these evolved ecosystems is to provide legal equivalence between these new digital technologies, physical presence, and handwritten signatures. An organization that delivers these kinds of identity and signature services and meets the related local regulation is usually known as a Trusted Service Provider (TSP).
One cloud-based identity. Multiple methods to prove its ownership.
Digital identity is the online representation of a subject or an entity (e.g., a person or a company). The TSPs deploy the infrastructure and registry procedures to enroll those subjects and perform the identity proofing to establish that the subjects are whom they claim to be. The registry procedures can vary significantly, often in nuanced ways that can strengthen or weaken the expected proofing results.
Once the registration process has been completed, the TSP central cloud infrastructure is used to generate, store, and protect those digital identities, their data, and attributes. Digital public key infrastructure (PKI) certificates may also be issued to provide a standard high degree of trust in those identities, thus ensuring that the person stating that they possess a given identity is in fact that person.
In digital authentication, the claimant possesses and controls one or more authenticators that have been registered in the enrollment process and are used to prove the claimant’s identity. The classic paradigm for authentication systems identifies three factors as the cornerstones of authentication: something you know (e.g., a password or a PIN), something you have (e.g., an ID badge or a mobile phone), and something you are (e.g., a fingerprint or other biometric data). Some of these factors are highly secure, and some of them are easier to use.
What is the user experience?
The end-user, as a TSP subscriber, has exclusive control over their cloud-based identity and can manage their profile through a web portal or a mobile application. When logging into a system or application, the user can choose between several authentication methods like a password, an SMS/email one-time code (OTP), or a mobile application combined with a PIN/fingerprint/ face verification, among others.
The combination of several registry procedures and authentication technologies can provide different identity assurance levels. This kind of approach supports the necessary balance between security and usability.
Go mobile and use your trusted cloud identity
Once the TSP issues your cloud-based identity, you can now authenticate and remote sign transactions from your PC, tablet, or smartphone. Remote signature services are part of these new technologies that allow you to sign anywhere, anytime, and on any device by using your digital certificate private key stored and managed by the TSP’s central infrastructure.
Remote digital signing dramatically simplifies and optimizes transactions and e-documents signing processes. Users get hands-on tools that enable them to create digital signatures in a safe, fast, and effortless way.
What is the user experience?
Click and sign, no installations. Just authenticate and enter your signature’s PIN. No more smart cards or USB/OTP tokens. No downloads to make. No drivers to install. No client dependencies.
Neodata, through system integrator Interfase, and in partnership with Safelayer and nCipher Security (both Entrust Datacard companies), have developed a secure transaction signing solution through web browsers and mobile applications that is trouble-free and safe. To learn more about this innovative cloud-based digital signature services, check out Juan’s blog “Unmistaken Identity – Empowering Trusted Digital Signatures” and read our customer case study.