And without further due, first of all, we enter the second part of this, this track. It's the foundation's track.
And I, once again, welcome Bakka Aing I don't, I don't know if I remember it correctly, or if I butcher your name again, you will talk about Denmark's 22 brand new E I D solution. And I'm really looking forward to that because it's night, it's it neatly ties in with what we've just heard before. Thank you very much. Thank you. Help for B
And good up. Yeah. And good afternoon.
And yes, I'm, I'm gonna talk about the, the, the Dan E I solution, I think is actually ticking quite well into some of the, the discussions that we have already have here in, in the panel discussion, you know, what are kind of the trust angle? Where can we go? Where can we find the right, the right point in, in it should say next year, but it doesn't do
It
Should work.
Yeah, there do. Okay. So just quick words on who I am and why I'm standing here in front of you and for all of you that potentially hopefully looking for the screen.
Also, I am the current member and a prior co-chair of the national day cybersecurity council. I am also chair of the national, the it security committee and member of in the Danish. It security, I C T industry association. It's a long word, which I've been, yeah, for nearly a couple of decades.
Now, also a member of the Danish, what is called the dece, which is a new kind of certificate organization providing a outside guarding of an organization that holds customer data. So they, we are established now in Denmark, a solution where let's say you are company, you have confidential data about your customers. You want to tell your audience that you actually are, you know, capable of maintaining this data.
It can be worse going to DC and get your certification show to the world that you have, that you have these things in place.
I think you all know that from food industry, going to a restaurant, that restaurant has to prove to the audience, to the, to the visitors that they actually have the right healthcare in, in position. And also I'm finally founder and group director of the it security company named, named Liga. The speech I'm doing here today is on behalf of the, the security council. And in this role, I will take the further. So in national E I D solution in Denmark, it's the third generation since 2003. So this is something that we have been used to for many, many, many years,
And it's named mid ID.
So it means in more or less, I think you can easily translate that to mine. My ID in, in, in, in English, it's free of charts for any citizens and many businesses. So it's actually across platform.
It's, it's across, across businesses that will come to that and, and who's using it and, and how it's being used, but it has been free for any, any citizens since the early days. And the same goes for a lot of, in a lot of business cases.
It's for, yeah, nearly 15 years employees, public authorities and businesses. Everyone has been using this, you're using it and will comes to some, those used cases. It's been used, both a syndication, but also for qualified digital signing. I've signed my mortgages at my house with my national E I D as an example. So those are important things.
I think also when it comes to the discussion that we have already had on, on E I D that you need somewhere to go, you need some, some very trusted area.
And obviously your citizenship, when you tie your E I D your national identity together with your citizenship, you get something that is, you know, really, so to say heavy it's, it's something that everyone can rely on. And I think this has been evolving in the way and will come to some point on the way that it has been involving throughout the years. It's the IDAs compliant it's been now, I think reported into the level substantially.
We also obtain the level high in, in various, in the various ways that, that the IDAs is, is working right now, there are about 5.4 million users in the population of 5.9. So it's both the current and now the new version in, in combination.
So it's, it's quite a lot. And it's been, obviously, since Corona's been been used. And I think I have never used my, my, my year is so much because you need to book your test. You need to get your certificate, you need all that stuff.
And yeah, it's been used since the last 12 months for this 1.1, 1.3, 1.2, sorry, trillion times. So yes, it's, it's been used and it is centralized, but of course also in, in various ways decentralized, but the identity store and everything here comes with the architecture. What is the success behind this E I D services is that the government together with the, with the finance industry was able to put together a package in which everyone had a shared interest.
I think this is the critical thing that was able to do and make, make, make work in Denmark because the banks they saw many years ago, that they had all the problems on two facts and how to a net, you know, web banking and all that stuff.
How do we do that? The government also had an interest. So in various ways, they were able to come together and form a genuine shared company that established these things.
So the finance industry, they pay their share cost and the government pays another share the cost and in the various ways, and the CEO exactly here in a second, the business model and the tech model. So the current will say old model has been a little bit more complicated. I will not go into all the details, but generally you have the company of nets. And I see also we have nets right, sitting here, and, but the private sector has kind of had its own branch. And the public sector had had is another branch.
And it has caused some friction, some confusion, some other, you know, stuff down the road that not necessarily has been, I would say, forthcoming and, and easy for, for everyone to, to navigate inside this hybrid of, of, of entities.
One thing is a good example. This net login saying easy login, that's the national IDP service. So if I want to go to my tax authority, my healthcare, I will be passed by this login service. And then I will be connected to these service providers. The new model is more streamline.
And as you also see the arguments off top easier to develop and one unified system. So what they've done now is that they have this mid ID partnership, as it just showed you these two organizations and the finance organizations and umbrella organization for all the banking. So various interest. And everyone that is in, in, in that industry is, is connected there.
And then obviously the government, the agency of the digitization is representing all parts of the DESE government, but also the representing the, the, the entities of the local municipalities and healthcare organization and everyone else that is kind of under taxpayer's money.
So this way you have a broker system. So in this way, here, everyone more or less could connect straight into what what's named the core of the system, leaving the complexity of who gets access and way and administrative burden made.
It, made it more difficult, also difficult to develop new services and to be more agile. The new system with these brokers are some in the finance industry. There are some private contractors there, the government themself, but the point is that we have a layer of brokers in which more or less everyone can sign up and then start using the services. So we now have this development, this real rolling say, okay, it's not a problem. I can use that one. I can start to put that into my, whatever application. I'm a union. I wanna sign up new members.
You know, how do I do that?
You know, go there, click in. And I will show you a simple solution in a second on, on how enrollment can be done using an E I D in Denmark. So one of the things that always comes, comes to this discussion, how do you actually authenticate? What are you using? So all end users must have a user it and choose one or the following identification means. And we'll show you a few, one of those, there's an app, not surprising, but what they've also done now with the app is they've made this one passwordless app it's did come as a surprise to some users at least.
But so now you have a username and then the app in combination with crypto and, and I guess some Fido protocol, it's some of the creating now, as I said, I'm, I'm outside the government. So I can also bring forward a little bit criticism sometimes, but that's some part of that that we have provided also discussion in national cybersecurity council saying, why is this not disclosed and fully, instead of having this secrecy around how it's being done.
So of course we can kind of, you know, trying to reverse it, but I think that's not, would not be the right way to do it.
Obviously also for other people, we just heard, you know, what are the kind of people? Some people do have phones. Some people don't have an adequate phone. It needs to be an iPhone that one or Android, that one version. And of course, there's a lot of debate on, you know, I'm not having the, the right phone because it's too old, I'm using an old NAIA.
You know, I can't install an app on a NAIA, you know, cetera, C so people can go and get, they can get either the, this good old tractor code display version OTP, or they can go and get a fighter based token with unfortunate. And I don't know why based on 5 0 1 or the U two F protocol, but it might be, I don't know, upgraded at some later point for people with various like hearing, you know, site etcetera special needs.
There's also a unit that can speak the number and you can do other things with so more or less the solution covers everything.
So use cases, any tax system, any legal system, any financial system, any healthcare system, any educational system, and much, much more. I put in 500 here. And I think my friend here from, from net, he said 2000 systems yesterday. Actually it, it can be somewhere in between. I think we will see a lot more system coming in, in, in the next years to come looking at a, from a business point of view, it's named saying mediad business, the use case, the public tax and VHT systems. That's been a cornerstone for many, many years, but also some financial system, others.
They are, this is some of the things that is being solved. Now, the old system did not edit, were not adequate.
So the banks still need to do something in, in terms of businesses, public mail system. In this sense, this is not email, but, but you know, regular mail. So we have a national email mail system where I can go and pick up company, email, digital mail encryption. So there's a certificate system still in the system. So you can fetch a certificate for, for low cost free euros for, for free year lifecycle.
You can get a qualified certificate, digital signing, and much, much, much more it it's development. So just a few things on the new use cases, E I D validation of employees, something we've now heard here a few times during the last few days, password reset for employees authentication to business systems. So suddenly I can start, let's say I'm a large supermarket chain. I have young people working in my organization. How can I authenticate that 17 year old person to my it system without handing out a username password to the person.
Maybe I can just ask them to use their immediate ID, because then I at least can get them securely into my company system. Obviously that needs to happen stuff in the backend to make that happen. But I think it's, it's, it's quite important. This one here is a white paper we did together with co coal last year. I just want to emphasize that the, not as much as, as the see the corporate part of with legal, but mostly that we were very happy that keeping cohort agreeing with us also on this approach, that E I D can be a, a great asset for, for companies also to think about.
So you have that opportunity across Europe to do that, and you can go legal.com/white papers, download the, the white paper. So, as I said, I just wanna show you a symbol enrollment. This is a symbol of how a enrollment can be done.
The use of types in the, the new username and account is just created this not active account. This is the app running you, swipe you log in, done, go to back to the browser, put in your new password for your company. And off you go, that's it, it takes less than half a minute.
You are, what is actually coming out of this process is also all the users, passport name, you know, the official name. So we get a lot of dates back from that process. You can enrich your data quality in your company. We can secure that.
It's, it's those things that comes out of using E I D. So you're not having to rely on mistyping names, misspelling, you know, that kind of stuff. We could include, whatever people could, you know, agree, giving consent, cetera, cetera, cetera, but the process is simple. Everyone knows it.
It's trusted and straightforward. Just give you a, a, a very small example on, on how this technology today and, and the building blocks that is out there can, can be used. So wrapping a little bit up here.
And I think I, I take this twist also a little bit towards the, I would say the cybersecurity, which obviously, you know, is my background. So I think responsibility, we, we need to do something. We need to secure critical infrastructure. And you're looking at the world goals of UN it's a very strong thing. It comes across a lot of the, the world goals that that security is a, is, is a fundamental right for, for citizens. And using E I D services across Europe will be a very important part. So to contribute to that, to achieving that, secondly, it's about leadership.
So everyone is talking it's time to start acting leading by example is defining a new normal.
And finally, I think the it's a new optimized solution for identity management, and it's also for access management. And I think it coming into both the European union cybersecurity directives and, and, and the other things that we also, the next upcoming AI, it, it provides us an opportunity to, to bring forward a system where we have trust and a trust anger we can, we can rely on.
And I would say, finally, if we don't act, others will act on our behalf, but against our interest, this is the true nature of cybersecurity. There are people out there, they are looking to take the space that is opening up. And if we are not acting, they will act, they will take our money. And this is not in our interest. So that's my, you know, wish to you. So with that, I would just wanna say, thank you. You can find me on those social media accounts. Now you can find me right here.