Norwegian Digital Identity BANKID, Blockchain, and Smart Locks

Norge BankID: Revolutionizing Digital Identity Verification

About
Norge BankId conceptualized in 2004 is an evolving identification system to cryptographically store identification details of Norwegian citizens enabling digital signatures of many linked apps and services. Bankid is a collaborative project built on the cooperation of 200 Norwegian financial services, Finans Norge , and later, telecom. The first edition of the BankId was written in Java. In 2007, Bankid’s code was exploited by a MITM (man in the middle attacked) that led to the development of a non java HTML 5 BankId . (Tsudik, p 201)

Man in the middle attacks are easier for hackers to complete on SSL and Java platforms. BankID added a mobile identification option with hardware key fobs and digital pin usb encoders followed later by cell phone integration with biometric unlocking. Norwegian developers added additional security with the Second Gen BankID advanced mobile digital identity function rollout in 2017. BankID chose Encap to provide the mobile integration. “Encap ’s ‘Smarter Authentication’ is a device-based, multi-factor platform that removes the need for key fobs by enabling authentication to take place inside an app .” (SecureIdnews.com) Norwegian Tech company Evry provides the proprietary cryptographic algorithms and PKI signature certificates that encode the legally binding electronic signatures .
To obtain a BankID: a passport must be physically verified in a Norwegian bank. The bankID holds the passport owner’s information, username, social security number, pin code and generates one time access codes, not dissimilar to Google Authenticator’ s one time use codes to access a wide variety of services and retail.
According to Trusted Electronic Document Authority/TEDA, BankID information routing and public/private key schematic works as illustrated below in a schematic

from a TEDA presentation10.

BankId integrated apps, such as, Vipps allow verified BankID users to send money to a telephone number instead of an account number. In addition to signing dozens of digital government documents: BankID offers a convenient portability into other applications such as leasing and unlocking rentals, enrolling in coursework, leasing cars, and even opening the door to the tanning bed at the solarium by issuing access codes . It seems Norwegian BankID has already done much of what Slock.it smart locks are starting to do apart from not using a blockchain to record transactions.
GSMA STUDY found Norwegians really like BankID. This screenshot is extracted from an extensive study on BankID by GSMA.

https://www.gsma.com/identity/wp-content/uploads/2014/02/Case-Study-on-Digital-Identity-Norwegian-Mobile-Bank-ID.pdf

Signicat examines if the success of Norwegian BankID can be replicated elsewhere? 40% of people just stop filling out sign up forms in the UK out of frustration . Over 3 Million people use BankID in Norway and state one of the advantages is not re-signing up for everything. Portability of digital information provides ease of access to other services that users may not have signed up for because of unnerving sign up processes.
The United States of America does not have a universal digital identification system that co-ordinates between financial sectors, government branches, and telecom. Our authentication process for opening accounts does require input of a social security number, a driver’s license, state id, and or passport. Americans must re-enter information for each service, account, or government entity signed up for. Would a digital id work in America ? States’ rights, inter-agency bureaucracy, and the fact that we have a lot larger land and population could make
cross-sector communications to develop a universal ID more challenging than other countries who do not have strong, independent State’s rights platforms. Americans have access to Samsung and Apple Pay where debit, credit, and rewards cards are encoded into an all-encompassing wallet to pay at smart registers that accept mobile payment. Safari Com’s M-Pesa offers users from Kenya to Romania the ability to pay and send money with a mobile application but does not offer identification portability. Estonia is another leader in the digital identification sphere with immensely popular XROAD government services integration and population registration identification integration into Xroad. Estonia though governmentally integrated does not match Norway’s BankID with integration across government and non-government platforms.
Blockchain technology could make identification borderless and immutable reaching the unbanked with biometric data and cell phone API’s allowing more participation in the global economy . Humaniq , an ICO not available to America investors, is working towards building a biometric database of the record-less and unbanked to integrate over the blockchain. A plethora of other blockchain start-ups are working to eliminate KYC (know your customer) issues with a variety of security designs over the blockchain utilizing tokenization, colored coins-meta data stores asset/record information, and digital currencies.

CITATIONS and References

1. https://www.bankid.no/om-oss/

2. https://en.wikipedia.org/wiki/Finance_Norway

3. Tsudik Financial Cryptography and Data Security: 12th International Conference, FC 2008, Cozumel, Mexico, January 28-31, 2008. Revised Selected Papers Financial https://link.springer.com/book/10.1007/978-3-540-85230-8/page/1

4. https://security.stackexchange.com/questions/33374/whats-an-easy-way-to-perform-a-man-in-the-middle-attack-on-ssl

5. https://null-byte.wonderhowto.com/how-to/hack-like-pro-conduct-simple-man-middle-attack-0147291/https://op-co.de/blog/posts/java_sslsocket_mitm/

6. https://www.encapsecurity.com/norway-pioneers-next-generation-digital-id-tech-covering-75-population/

7. https://www.secureidnews.com/news-item/norway-adding-mobile-digital-identity-function-to-its-bankid-program/

8. https://www.evry.com/en/what-we-do/industry/financialservices/security/electronic-signatures/

9. https://www.secureidnews.com/news-item/norway-adding-mobile-digital-identity-function-to-its-bankid-program/

10. http://www.teda.th/files/teda-day/section-5.pdf

11. https://www.vipps.no/

12. https://www.nordea.fi/en/personal-customers/everyday-finances/internet-mobile-and-phone-services/access-codes.html

13. https://slock.it/

14. https://www.gsma.com/identity/wp-content/uploads/2014/02/Case-Study-on-Digital-Identity-Norwegian-Mobile-Bank-ID.pdf

15. https://www.signicat.com/eid/financial-identity-bankid-norway/

16. http://www.nextgov.com/big-data/2016/07/managing-identity-case-government-digital-id/129745/

17. https://www.cnet.com/news/samsung-pay-vs-apple-pay/

18. https://en.wikipedia.org/wiki/M-Pesa

19. https://e-estonia.com/solutions/interoperability-services/x-road/

20. https://www.intelligenthq.com/innovation-management/how-blockchain-can-make-identification-borderless-and-immutable/

21. http://www.humaniq.co/

22. https://letstalkpayments.com/12-companies-leveraging-blockchain-for-identification-and-authentication/