Secure solutions for the 3.0 version of the electronic identity card

18/01/2018 A collaboration between FBK and Istituto Poligrafico e Zecca dello Stato, the Italian Mint, has been signed to develop an access system to online services via smartphone, which exploits the new generation eID card

In June 2017, FBK signed an agreement with Istituto Poligrafico e Zecca dello Stato (IPZS) for the development of secure solutions linked to the use of the new “3.0” version of the electronic identity card. In particular, the project involves the Security & Trust ( S & T) Research Unit, led by Silvio Ranise.

The goal is to create a smartphone-based system that will provide access to a series of online services, especially public administration ones, which use the eID card as additional authentication factor. The idea is to create a One-Time Password (OTP) similarly to what is done in banking, where a numeric code generated through a device or an app is requested during the authentication process in addition to the login and password.

In the recognition process jointly developed by S&T and IPZS, the user is not required to enter the OTP but only to bring the eID card close to the smartphone and enter the PIN to unlock the card. Thanks to the NFC (Near Field Communication) connectivity and cryptographic capabilities of the card, the OTP is then generated in a manner that is fully transparent to the user, thus simplifying the entire authentication process and maintaining a high degree of security.

The agreement, which has a one-year duration but can be extended for a second year, provides for the development of a prototype and the validation of its functionality on different Android platforms, up to the development of the final version.