LuxTrust’s electronic identities qualify for the “substantial” assurance level and they are securely bound with certificates, allowing the creation of qualified electronic signatures.
Ensuring certainty of individual identities
Electronic identities (eIDs) are used to uniquely identify physical persons and organizations on the Internet.
A same person or organization can have multiple electronic identities e.g. an electronic identity provided by a municipality and another one provided by a bank or employer.
According to eIDAS (the relevant EU regulation), electronic identities can have different levels of assurance (low, substantial or high) depending on the way the identification process has been carried out. The level of assurance provided by a municipality is typically “high”.
LuxTrust electronic identities are granted after a face-to-face or video identification process. The electronic identities LuxTrust provides qualify for the “substantial” assurance level.
To be in a position to offer authentication and electronic signature services, LuxTrust systematically associates a unique number (also called Single Serial Number or SSN) and a pair of electronic keys (one private key and one public key) to each of the identities it manages.
To certify the unique binding existing between a pair of keys and the person or organization it is associated with, LuxTrust produces electronic certificates. Those are stored, together with the SSN and the pair of keys:
- either in a chip which is embedded in a smart card or a USB key, also called a Signing Stick (on those devices, user access to her / his private key is protected by a PIN);
- or in a highly secure module (HSM), a server managed by LuxTrust in its Tier IV data centers. In that case, user access to her / his private key is protected by strong authentication based on the use of two or more elements categorized as:
- knowledge (something only the user knows): a user password
- possession (something only the user possesses): a token
- and inherence (something the user is): fingerprint
LuxTrust also implements the concept of “professional attributes” which offers the possibility to enhance personal certificates with information attributes like profession, specialty, organization the person is working with, grade etc.
For security reasons, the pairs of keys must regularly be renewed and the related certificate updated. To enable service continuity, the Single Serial Number included in the certificates and bound with the identity is kept unchanged during the key renewal process.
The user registration process (i.e. the certificate ordering process) can be seamlessly integrated within the customer’s operational workflow, provided the customer agrees with LuxTrust to become a member of its network of registration authorities (RAs).
When stored in a Qualified Secure Creation Device, the corresponding certificates are called “Qualified Certificates”. A qualified certificate is a prerequisite to produce a qualified electronic signature, the only electronic signature having the equivalent legal effect of a handwritten signature.
LuxTrust’s strategy is to promote the adoption of qualified certificates. In line with that, LuxTrust is part of the European Trusted List.
- LuxTrust fully supports “Mobile first” strategies.
- The LuxTrust electronic identification scheme is in the process of being notified (eIDAS term – see excerpt in green box below) at EU level. With user consent, a same identity can be used in various environments like banking applications and governmental portals. Businesses can take advantage of LuxTrust’s database of identities that already includes more than 500 000 entries, spread over more than 100 countries.
- On-line business activities (e.g. on-line payment) can require recurring strong authentication of customers. The use of long-life certificate (renewable 3-year certificates) enables a user to authenticate himself and sign documents and transactions once he has been identified and as long as the certificate remains valid.
- New customer acquisition strategies may create a need for on-line customer enrolment processes requiring an identification equivalent to direct face-to-face. LuxTrust’s on-line identification service is approved by the Luxembourg regulator CSSF and is eIDAS certified for the creation of qualified certificates.
- The option to have professional attributes in the certificate offers a way to do simple authentication checks.
- Electronic seal certificates raise the authentication services to the level of an organization. That option can prove useful in case of high staff rotation and where service is limited to user access for information display only.
Member States should remain free to use or to introduce means for the purposes of electronic identification for accessing online services. They should also be able to decide whether to involve the private sector in the provision of those means. Member States should not be obliged to notify their electronic identification schemes to the Commission. The choice to notify the Commission of all, some or none of the electronic identification schemes used at national level to access at least public online services or specific services is up to Member States.
In order to speed up and extend its reach the identification process can be executed remotely by means of video technology.
Such an identification process is fully compliant with the eIDAS regulation as of July 2016. The service is also compliant with the EU GDPR regulation.
The partnership with IDnow GmbH enables LuxTrust to extend its range of Qualified Trusted Services to international clients anywhere in the world.
Remote identification is simple: watch this video!
- LuxTrust’s electronic identities qualify for the “substantial” assurance level.
- LuxTrust electronic identities are securely bound with certificates, allowing the creation of electronic signatures.
- LuxTrust offers qualified certificates and supports the creation of qualified signatures having the equivalent legal effect of handwritten signatures
- LuxTrust supports remote identification through remote video identification. LuxTrust’s process can be used to produce qualified electronic identities.
- When stored on LuxTrust’s HSMs, the user certificates can easily support authentication from, and creation of, electronic signatures on mobile devices.
- Certified professional attributes can help simplify the implementation of elaborate business application requirements.