The report reveals that businesses and institutions have passed an important volume of orders since then; in September 2010 the SECO had already received 110 000 requests for a SuisseID from several big buyers - mainly organisations specialised in electronic commerce, eGovernment and eHealth. Other large-scale projects are planned to be implemented in the next months. The SECO will release a second progress report at the end of the autumn of 2010.
During September 2010, several concerns were voiced here and there as to the security of SuisseID. The SECO says that SuisseID meets high security requirements, in particular:
- SuisseID is produced in line with the high security requirements for qualified certificates contained in the Swiss law on electronic signature (SCSE).
- The identity of the SuisseID holder (the certificate) is stored on an encrypted chip (smartcard) which prevents any copying, cloning or identity alterations.
- Access to the identity data on SuisseID (on the encrypted chip) is password (PIN code) protected. Access becomes blocked for good after entering the wrong password three times. The smartcard without the password is as unusable as the password without the smartcard.
User security does not rely exclusively on the SuisseID solution; it has to be assessed using an integrated threefold approach, around the axis user/computer/Internet. Just like they have to abide by the traffic rules, users of the Internet also have to adopt behavioural rules on the web and take relevant protection measures. This is how, for instance, they should always keep their PIN code separated from their SuisseIDs, use an antivirus on their computers and visit trustful websites. By using their SwissID in a responsible manner, they can prevent any abuse. However, careless Internet use and failure to comply with the guidelines can jeopardise security.
The issue of security is not specific to SuisseID, it is common to all known and tested identification procedures, from electronic commerce to online banking services. The SECO published on the SuisseID website a whole set of recommendations regarding the secure use of the card. If these general guidelines are followed, SuisseID may be used in multiple ways. It makes electronic transactions more efficient, creates added value thanks to the integration of web applications and simplifies relations with the public authorities and with commercial partners.
The SECO explains it will go on looking into the need and the means for reducing the risks relating to the use of smartcards. To this end, it receives the assistance of independent experts whose analysis focus mainly on interactions between a smartcard, a card reader and a computer with potential security deficiencies. The results of the experts' research will be presented shortly.
Further information:
- Original press release - Swiss State Secretariat for Economic Affairs (in French, German and Italian)
- SuisseID (in French, German and Italian)
- Related ePractice news article - CH: Members of Steering Committee for eGovernment receive SuisseID
- Recommendations on the secure use of SuisseID (in French, German and Italian)
---
Quelle/Source: epractice, 09.11.2010
Bitte besuchen Sie/Please visit:
