📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - in Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account. Otherwise, see the FAQ.

Smart-ID

From EverybodyWiki Bios & Wiki




Smart-ID is an electronic authentication solution developed by SK ID Solutions, which enables users to log in to e-services and to give digital signatures. Smart-ID is available for iOS and Android operating systems and does not require a SIM card.[1] Smart-ID meets the European Union's eIDAS regulation standards for digital signatures and the European Central Bank's requirements for authentication solutions.[2]

Smart-ID is a Qualified Signature Creation Device (QSCD)[3] and can be used to give Qualified Electronic Signatures (QED).[4]

As of March 3, 2020, Smart-ID has 2 666 693 active users across Estonia, Latvia, and Lithuania.[5]

History[edit]

Smart-ID was introduced by SK ID Solutions in November 2016.[6] In February 2017, three large Estonian e-services added Smart-ID as a log-in option. In March 2017, SEB Pank and Swedbank were the next to include support for Smart-ID across their e-services in Estonia, Latvia and Lithuania, followed by an international digital signing service in April 2017.[7][8] By November 2019, support for Smart-ID had been added to over 100 e-services.[9]

On November 8, 2018, SK ID Solutions announced that Smart-ID had qualified for the QSCD level. As a result, users who signed up for the service from that date onwards could give QES-level signatures with Smart-ID, which are considered to be the digital equivalent to handwritten signatures within the European Union member states.[10][11][12][13]

On August 26, 2019, Smart-ID was evaluated by a group of experts assembled by the Estonian Information System Authority who concluded that Smart-ID corresponds to the high assurance level of electronic identification described in the eIDAS regulation.[14]

In September 2019, the Estonian Information System Authority which is responsible for managing state e-services, such as the central state portal eesti.ee, added support for Smart-ID to their central authentication service.[15][16][17]

In January 2020, the first Smart-ID accounts passed their validity period of three years.[18][19][20]

On February 6, 2020, SK ID Solutions announced that support for Smart-ID had been added to the national digital signature software DigiDoc4.[21][22][23]

On February 26, SK ID Solutions revealed a new signup method for Smart-ID. In addition to the previous options of using an ID-card, Mobile-ID or passing a physical identification process in a bank branch, the option of using a biometric passport to create an account was added. The new option was made available to users who had previously used Smart-ID at least one time. The new solution was created in cooperation between SK ID Solutions, iProov from the UK, and InnoValor from the Netherlands. The solution was evaluated by the German certification company TÜV Informationstechnik GmbH.[24][25][26]

Overview[edit]

Smart-ID uses the two-factor authentication principle by combining a smart device (something the user possesses) and PIN codes (something the user knows).

After the creation of a new account, the user must authenticate themselves via ID-card or Mobile-ID and then they must confirm PIN1 and PIN2 codes either by creating them or by using automatically generated codes. The PIN1 code must be at least four digits long, the PIN2 code must be at least five digits long.[27]

To log in to an e-service, the user must pick Smart-ID as the log-in method and enter their unique Smart-ID user ID. A notification will then display a verification code to the user on their smart device. If the verification code matches the code in the e-service, then the user can confirm the match with the PIN1 code. To give digital signatures, the user must confirm the action with the PIN2 code instead.[28]

A Smart-ID account is valid for three years. The account can be updated, changed and deleted at any given time free of charge.[29]

Smart-ID is available in five languages: Estonian, Latvian, Lithuanian, Russian and English.

Security[edit]

Smart-ID uses the SplitKey Authentication and Digital Signature Platform technology which was developed by Cybernetica. The technology uses public-key cryptography, digital signature schemes and PKI. The PIN codes generated by the user are not saved onto the user's device and are only used to decrypt the private key located on the Smart-ID application. When the user enters their PIN code, the private key is decrypted and a response is sent to the Smart-ID server where the part of the key that was sent out by the application is combined with an encrypted key stored in the server.[30]

If the user enters the PIN code incorrectly three times in a row, then use of the application is blocked for [JV1] three hours. If the PIN code is again submitted incorrectly three times in a row, then use of the application is blocked for 24 hours. If this is repeated for a third time, then the account is permanently blocked. The PIN codes cannot be changed or restored after an account has been created. If an account is permanently blocked, a new account must be created in its stead.[31]

Smart-ID uses Google's and Apple's messaging platforms to notify the application of any incoming information stored in its servers. Other communications use an HTTPS connection.[32]

2019 Phishing Scam[edit]

In April 2019, the Estonian Information System Authority published its monthly report where they reported that in February, unknown criminals had attempted to create Smart-ID accounts by using IDs stolen via phishing text messages and websites. These attacks had become more frequent by April after which the Estonian Police and Border Guard Board started an official inquiry into the case.[33][34]

The perpetrators sent text messages to victims, posing as well-known banks. The messages asked the victims to visit a counterfeit bank login page, which redirected them to a phishing page where they were then asked to log in via Mobile-ID. After a victim had submitted their Mobile-ID user ID, personal identification number and Mobile-ID PIN1 code to the phishing page, then the perpetrators would start creating a new Smart-ID account. The victim would then be asked to submit their Mobile-ID PIN2 code, which would complete the registration process in the background.

The perpetrators could then use the new Smart-ID account and the victim's personal details to log into Smart-ID supported e-services without the victim's knowledge. This included online banking services. The Estonian Information Authority System reported that multiple victims suffered financial losses as a result of the scam.

The Information System Authority asked SK ID Solutions to submit a detailed report of the incident. After receiving the report, they decided against implementing any sanctions on SK ID Solutions, stating that they did not consider the system Smart-ID is based on unsecure, but that the process of setting up a Smart-ID account would have to be re-evaluated. The Estonian Banking Association corroborated this by reporting that no banks in Estonia had stopped using Smart-ID nor considered the change necessary.[35][36]

References[edit]

  1. "SEB and Swedbank started using Smart-ID | SEB". www.seb.ee. Retrieved 2019-11-06.
  2. "Trusted List Browser". webgate.ec.europa.eu. Retrieved 2020-03-09. Unknown parameter |url-status= ignored (help)
  3. "Compilation of: Member States' notifications on: Designated Bodies under Article 30(2) and 39(2) of Regulation 910/2014 and Certified Qualified Signature Creation Devices under Article 31(1)-(2), and Certified Qualified Seal Creation Devices under Article 39(3) of Regulation 910/2014, and information from Member States on: Secure Signature Creation Devices benefiting from the transitional measure set in article 51(1) of Regulation 910/2014" (PDF). 2019-09-13. Retrieved 2019-11-06. Unknown parameter |url-status= ignored (help)
  4. "Smart-ID". e-Estonia. Retrieved 2020-03-09.
  5. "Home > ID.ee". www.id.ee. Retrieved 2020-03-03. Unknown parameter |url-status= ignored (help)
  6. "Estonia readying Smart-ID digital identity system". Security Document World. Retrieved 2020-03-09. Unknown parameter |url-status= ignored (help)
  7. "SEB and Swedbank started using Smart-ID | SEB". SEB (in eesti). Retrieved 2020-03-09. Unknown parameter |url-status= ignored (help)
  8. "Kolme riigi peale on Smart-ID saanud juba 100 000 kasutajat". Delfi (in Estonian). 2017-04-04. Retrieved 2019-11-05.CS1 maint: Unrecognized language (link)
  9. "Services". Smart-ID. Retrieved 2019-11-06.
  10. ERR, BNS | (2018-11-08). "Smart-ID signatures now legally equivalent to handwritten signature". ERR. Retrieved 2020-03-09.
  11. "Smart-ID issued signatures are now legally binding". e-Estonia. 2018-11-09. Retrieved 2020-03-09.
  12. "Smart-ID turvalisust tunnustati kõrgeimal võimalikul tasemel". ITuudised (in Estonian). 2018-11-08. Retrieved 2019-11-05.CS1 maint: Unrecognized language (link)
  13. Pau, Aivar (2018-11-08). "Tänasest saab digiallkirja anda uut moodi". Postimees Tehnika (in Estonian). Retrieved 2019-11-05.CS1 maint: Unrecognized language (link)
  14. "Means of eID | Estonian Information System Authority". Information System Authority. Retrieved 2020-03-04. Unknown parameter |url-status= ignored (help)
  15. "The Information System Authority will adopt Smart-ID for state services | Estonian Information System Authority". www.ria.ee. 2019-09-16. Retrieved 2019-11-06. Unknown parameter |url-status= ignored (help)
  16. ERR (2019-09-13). "Public services can soon be accessed using Smart-ID". ERR. Retrieved 2019-11-06. Unknown parameter |url-status= ignored (help)
  17. Vasli, Karoliina (2019-09-13). "RIA võtab riiklikes teenuses kasutusele Smart-ID". Delfi Forte (in Estonian). Retrieved 2019-11-05.CS1 maint: Unrecognized language (link)
  18. "Smart-ID has grown at an incredibly rapid pace in just three years - the first Smart-ID users must update their certificates". en.15min.lt. Retrieved 2020-03-09.
  19. "Smart ID: kolm aastat ja 2,6 miljonit kasutajat hiljem". Delfi Forte (in eesti). 2020-01-28. Retrieved 2020-03-04. Unknown parameter |url-status= ignored (help)
  20. "Esimesed Smart-ID kasutajad peavad nüüd hakkama oma sertifikaate uuendama | AM.ee". Arvutimaailm (in eesti). Retrieved 2020-03-04.
  21. "Estonian ID software now allows digital signing with Smart-ID | Security Document News". Security Document World. Retrieved 2020-03-09. Unknown parameter |url-status= ignored (help)
  22. "New version of ID software enables digital signing with Smart-ID". The Baltic Course. 2020-02-05. Retrieved 2020-03-09. Unknown parameter |url-status= ignored (help)
  23. "Nüüd saab ametlikku digiallkirja anda ka Smart-ID-ga". Delfi. 2020-02-05. Retrieved 2020-03-04. Unknown parameter |url-status= ignored (help)
  24. "SK ID Solutions Announces Biometric Registration for Smart-ID Service". Find Biometrics. 2020-02-27. Retrieved 2020-03-09. Unknown parameter |url-status= ignored (help)
  25. "Biometric registration coming to the Baltics' Smart-ID | Planet Biometrics News". Planet Biometrics. 2020-02-27. Retrieved 2020-03-09. Unknown parameter |url-status= ignored (help)
  26. "Smart-ID kasutajaks saab nüüd biomeetrilise passiga". Delfi Forte (in eesti). 2020-02-26. Retrieved 2020-03-04. Unknown parameter |url-status= ignored (help)
  27. "About Smart-ID". Smart-ID. Retrieved 2019-11-06.
  28. "PIN codes: what are they?". Smart-ID. Retrieved 2019-11-06.
  29. "How long can I use my Smart-ID account for?". Smart-ID. Retrieved 2019-11-06.
  30. Smart-ID Technical Overview, SK ID Solutions, 2019-09-30, retrieved 2019-11-06
  31. "Security". Smart-ID. Retrieved 2019-11-06.
  32. SK-EID/smart-id-documentation, SK ID Solutions, 2020-02-28, retrieved 2020-03-09
  33. "RIA aprillikuu raport: kurjategijad lõid inimeste teadmata Smart-ID kontod". Information System Authority (in Estonian). 2019-05-14. Retrieved 2019-11-05.CS1 maint: Unrecognized language (link)
  34. Roonemaa, Henrik (2019-05-17). "Hullem kui ID-kaardi kriis: Smart-ID turvaauk ajab pangad ja eksperdid ärevile". Geenius (in Estonian). Retrieved 2019-11-05.CS1 maint: Unrecognized language (link)
  35. Pärli, Merilin (2019-05-20). "Riik hindab Smart-ID-d ka pettustelaine järel turvaliseks lahenduseks". ERR (in Estonian). Retrieved 2019-11-05.CS1 maint: Unrecognized language (link)
  36. Liive, Ronald (2019-06-04). "Mobiil-ID teenusepakkuja pääses politsei sanktsioonidest". Geenius (in Estonian). Retrieved 2019-11-05.CS1 maint: Unrecognized language (link)

External Links[edit]


This article "Smart-ID" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Smart-ID. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.

Page kept on Wikipedia This page exists already on Wikipedia.

Retrieved from "https://en.everybodywiki.com/index.php?title=Smart-ID&oldid=4705918"
License CC BY-SA 3.0
Powered by MediaWiki
Powered by Semantic MediaWiki