CSSCurrent en:Electronic Identity (eID)
The security mode ID Provider allows legally compliant proof about who sent a Cryptshare transfer and who retrieved it. The sender can proof his identity when providing a transfer and recipients can access the corresponding data by identifying themselves. For this operation the Signicat platform for secure eIDAS identification is used. The abbreviation eIDAS is a EU Regulation and stands for electronic IDentification, Authentication and trust Services. Depending on the country different systems are available, i.e. BankID Sweden for Sweden and the personal identity card for Germany.
- Electronic Identity is only available for the Cryptshare Enterprise Plus Licence. If you already own a corresponding licence, the feature is however not yet activated, please contact your Cryptshare Sales Contact to receive a new licence file.
- Electronic Identity only supports the identity provider 'BankID Sweden'. Users need to have a corresponding account and a personal identity number.
In the current version of Cryptshare the identification method 'BankID Sweden' is available. Additional identification methods used in different countries will be added in future versions of Cryptshare.
Signicat is a company founded in Norway that offers, among other things, solutions for identity verification and serves as a link between applications such as the Cryptshare Server and the various eID systems of different countries.
BankID Sweden is the largest provider of an electronic identification system in Sweden and is driven by Finansiell ID-Teknik BID AB, which is owned by various Swedish and Scandinavian banks. Only owners of a personal identity number and a bank account at one of the participating banks can retrieve a BankID Sweden. Please find more information here. Cryptshare supports the BankID App for mobile devices, which can be found in the corresponding app store of the operating system, as well as the BankID Säkerhetsprogram for Windows and Mac OS.
The identification procedure
For the identification procedure a user is forwarded to Signicat by the Cryptshare Web App. He can then select the preferred method for identification and start the procedure. If the procedure was successful the user is taken back to the Cryptshare Web App together with a corresponding authorization code. The Cryptshare Server uses the code for verifying the data and save portions of it for further processing during transfer provisioning. (In the chapter GDPR and Cryptshare you will find more information about which data is stored and for how long.)
Sender Identification is the first step before a transfer. The administrator can configure whether it is mandatory, optional or deactivated. By default this function is disabled. When enabled, a sender identifies himself to the recipients of the transfer using his electronic identity. For proof of successful identification on recipient side information from the ID Provider profile is displayed in the download section.
For proof of the identity of the sender the following information is stored in the database in order to present them to the recipients in the download section:
- Personal Identity Number
- Full Name as stored in the ID Provider profile
In addition to the previous security modes QUICK and One-Time-Password, the security mode 'Electronic Identity' is now available to the sender, if enabled in the policy. If sender uses this security mode, the transfer behaves as follows:
- The transfer doesn't need to be secured with an extra password. Recipients can retrieve the transfer using proof of identity.
- The sender needs to specify the necessary, expected information per recipient. When retrieving the transfer this information is compared with the respective information from the ID Provider profile of the recipient. If the information matches with the stored information, the recipient gets access to the transfer.
For proof of identity of the recipient, the information given by the sender is stored in the database in order to compare them with the information in the ID Provider profile of the recipient. The following information is used for this purpose:
- Personal Identity Number of the recipient