Skip to the content

BSI kicks off work on authentication standard



Takes on online authentication issues on week of launch of GOV.UK Verify

The UK’s national standards company has begun to work on a new standard for online identity authentication.

BSI has said it is working with the MIDAS (Mobile Identity Authentication Standard) Alliance on PAS 499, which will involve recommendations for identity, validation, verification and authentication of online transactions.

The scope of the project extends to privacy enhancing technologies, personally identifiable information, enrolment at different levels of assurance, strong authentication, anti-money laundering, device identification and biometrics.

It will involve the development of a publicly available specification, which can take as little as eight months before being placed before the relevant stakeholders. There would have to be a full consensus around its viability before it can emerge as a full standard.

BSI has said the initiative has been launched in the context of EU legislation including the Electronic Identity Authentication and Signatures Regulation and the recently passed General Data Protection Regulation, and emphasised its significance for cyber security and financial transactions.

Verify week

It will have a relevance to online services for public and private sectors, and creates the question of how closely it will align with GOV.UK Verify, the Government’s online identity assurance service that formally went live yesterday.

While the announcement focused heavily on the importance to the private sector, one of the leading figures involves suggested it also implications for the public sector.

Andrew Churchill of the MIDAS Alliance – which was set up last year to resolve issues caused by the European Central Bank’s guidelines on online payments – said: “Cybercrime and fraud are the fastest growing areas of criminal activity, and vulnerabilities in identity and authentication practices account for much of this unwelcome growth.

“Adoption of enhanced identity and authentication techniques are essential to make secure the ever increasing number of online transactions and services that a successful digital economy needs. However, if industry sectors adopt different approaches to achieve this, the resulting fragmentation will cause considerable discontent among businesses, the public sector and consumers.”

Image: Simon Waldherr, CC 3.0 through Wikimedia

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.