Securing and Proving your Digital Self

Good afternoon, ladies and gentlemen, welcome to this webinar securing and proving your digital self, providing reliable identities for strong authentication and trusted transaction in a digital society. This webinar is supported by nexus. The speakers today are me. My name is Matthias IK. I'm senior Analyst for, and I will be presenting the first part of this webinar. And then the second part, Mallon Rubio director of product marketing software at nexus will join us before we start some housekeeping.

And of course, some general information about KuppingerCole as an Analyst company KuppingerCole is providing enterprise it research advisory research services, decision support, and networking for it professionals. And we do this through our research services where we provide several types of documents, including our leadership compass documents, comparing market segments with advisory notes, looking at various topics, vendor reports, executive views, and much other formats. We do this through our advisory services where we provide advice to end user organizations and vendors.

And we do this our event like webinars or seminars and our conferences. There are several events upcoming. The first very close to us is the cons consumer ID summit in Paris, France. This will focus on the challenges and promises of new types of identities by managing customers and consumers at an internet scale, of course, driven by the digital transformation.

In parallel, we are already preparing the digital finance world in Frankford in March next year, this will be an event covering strategies for the developments and changes happening in financial services currently, which range, which is ranging from, from FinTech to big data, to new business models between mobile decentralization and the blockchain. And our main event is the European identity and cloud conference. And the next installment is planned for Munich in may next year.

And this will be of course, again, the must attend event when it comes to identity and access management to cloud security, to governance, to GRC, and more in general, please, we recommend to have a look at the URL given in the slide below the guidelines for this webinar, you are muted centrally, so you don't have to do anything regarding that. We are recording this webinar with the recording and the Slidex going online, our website tomorrow, and there will be a Q and a session at the end of the webinar.

And you can enter your questions during the presentations at any time using the questions panel of the software you're using. And please do so so that we can start the Q and a session right away with a good set of your questions. The agenda for today is as always in three parts, the first part will be my part regarding strong and reliable digital identities. So it will be an Analyst view part and an introduction. Then I will hand over to Mallin Rido of nexus and she will detail and drill down into modern features of state of the art signature services.

And the third part as already mentioned, will be the Q and a session, the questions and answers. And again, I really encourage you to contribute your questions and that's it already for the introductory part. And so let's start with my first part, strong and reliable digital identities. As a simple start, we are all, as we are participating in these, in this webinar, acting online in various roles, we are acting as employees. We are acting as consumers as customers, but we are also as we are representatives of companies also sometimes providing services.

And so we are acting online in various ways, and we do this as consumers shopping portals. We do this as insured people in, in with insurances. We are users and, and subscribers. We use governmental services and of course we have employers who, whom we interact with sometimes even online. And we have all kinds of contracts, which we deal with on a day to day basis when it comes to our identification. In that context, this picture is still very diversified to put it politely.

So we have lots of IDs that we use for various use cases, with different personas being represented and all of these are part of our complete online identity. So if we ask you who, what is your online identity? There are the typical, typical answers that you receive from various people. So the first part that you might think of is your credit card, because this is something that is issued by somebody trusted and it's about money.

So this is something that you can trust in, of course you have an, a national ID card, usually still a traditional one, but this is an identity that might be used also for online purposes. At least for authentication purposes, you have an employer who knows who you are, who has assigned you a mail address, a staff number, maybe a login to access several services. Also from the outside, you have a frequent flyer card for your airline. And of course, as a companion to your credit card, you might have a bank account. And this bank also assigns some identity to you.

All of these are assured in various ways, but to be honest, if we think of online identities, there are others that we think of. These are the ones that come to our mind, usually at first. And if you have kids, you might see other services around from Snapchat to, I don't know what, what is on vog just as of now, but all of this is not what we at cooking a coal consider to be a strong online identity. And I want to focus a bit on what we think are building blocks for a strong online identity.

And these are mainly three building blocks that we will analyze a bit more in detail in the following slides to give an overview. The first part is identification. So identifying who is the actual natural person, the real life ID that is going to be considered based on that. We have authentication taking place many times a day, and we have a set of identity data. And if we look at this in more detail, we will first drill down into the identification aspect. So identification, first of all means implementing trust.

Trust means that we register that we identify a natural person, a real life ID, and we verify that. So that is an initial step that needs to be taken to tie the real life identity to the digital identity. When we talk about what Mallon will present later on a very important part is that a digital signature can then be used as a representation of the digital identity. And in that way also helps to, to verify the real life identity in later steps.

In general, we have to understand that this verification is a highly responsible step and that it needs to be executed in a highly reliable way, in a trusted way as this is that important. It is good that it also needs only to be executed once or very rarely, but the idea is to take this real life identity and to tie the digital identity during this identification process. Once for later usage, the second step then will be the building block to what we call authentication.

Once we have been verified who we are, and this digital identity is tied to our real life identity, we can actually use this digital identity to prove our real life identity. So we can then act in the digital environment that needs to be a strong and a reliable authentication to really prove that we are associated with this digital ID. So we need a robust and trusted technological foundation, and that's again where digital signatures come into play.

And the idea is now that we are verified, we can apply very good methods of authentication and really understand what is going on in as part of the authenticated process. And we can even decide on, on a risk basis on a session by session basis or which level of authentication might be required. And in general, the term is, as I put it here, it should be as good as required to meet the risk requirements. And of course we need to achieve accountability.

And non-repudiation when we come to interactions in the digital world in general, we know other than the identification, which only takes place once the, the authentication has to happen often, regular many times a day, implicitly or explicitly. So now we have the digital ID as the first step, which represent the real life ID. And with this digital ID, we now can access services. As we present it through these icons, from shopping to governmental, to finance, to cloud services. The third building block, as I've mentioned before, is identity information.

Identity information is a set of reliable data, which of course needs to be accurate, which makes really sense when it comes for example, to your account balance and verified identity information, this information needs to be, and this is something that we are really thinking of as a prerequisite. This needs to be only used if required. So a minimum disclosure principle should be applied. This is also something that we also get as a task from the upcoming GDPR, which we will talk about later.

Of course, the, the topic and the idea of privacy is an important point when it comes to identity information. So the user, which is the real life identity represented through the digital identity, should be able to decide which information to disclose or not. So the concept of consent is an important part here. So deciding which is the information to present for which use case, and always decide that consent can only be assigned on a single purpose basis so that people really understand for which purpose they are offering their information at that time.

So once this is understood, and this is implemented adequately, the user really can decide which parts of the identity information associated with him into digital or heritage digital ID can be used.

So, as an example, for the customer ID, the delivery address to get the package from a to B or your national ID to get to your text information, or to provide it to the governmental agencies, your account number to get to your balance and your user ID, your login to get to the adequate services, digital identities today, I think this slides actually states some of what we like to call fundamentals. So the digital identities today are in another situation as they were, I think last year or five years ago is it is really changing. So the requirements are changing and the fundamental are changing.

So a digital, a strong digital identity is in our opinion, a strong and resilient correlation of a digital identity to a physical person. That is a requirement that we think is for many use cases, the case that does not mean that does not need to be something like a anonymity or some, some right to have pseudonyms, but when it comes to reliable interactions, for example, with a nation state government, then this needs to be a strong and a resilient correlation of digital identities.

And that leads to trusted interaction and communication between individuals and organizations, as they may have also identities. A very important concept is what we think is data sovereignty, so that the real life ID and we presented through the digital ID has its ultimate ownership of the associated data and total control of personal information. And we mean it as it, as we say it, because this is something that will be prerequisite and the requirement for many of the upcoming use cases in the near future. So consent is the key for use and disclosure of data.

So people have to understand, have to really understand for what reason they offer the information and they disclose the data and for which purpose it is used and for which not. And as I've mentioned before, the GDPR, the upcoming EU general data protection regulation has strong requirements when it comes to this topic of data sovereignty and consent. And we expect that to be a motor for implementing strong online identities and the necessary proof of trustworthiness. And this will be a question I think that Marlin will also dig into later on.

So once we have understood this, we let's, let's, let's ask the question why isn't this type of strong digital identities always available and, and everywhere available. This is the reason, the reason for that is that there are inhibitors, which are still, yeah, hindering this strong digital identities being available in all countries, in all environments, for the EU in general or for the us. So these are some, I will not dive into all of them, but I think you have all seen that. And you have all realized that there might be some truth to that.

So clumsy registration processes, but also the general user reluctance and the lack of user trust in official provided ally provided online identities might be an issue in that case. So I think that we will talk about that later as well, how we can get to trust and how can we get rid of yeah. Incon inconvenient, authentication processes and clumsy registration.

Of course, an important point is the aspect of critical mass once a ID or a type of ID has a certain critical mass available that leads to a better implementation. What we think is that there should be a partnership of strong national IDs and business. And I think this is also something that we will ate on as well. So strong national ideas of course require some basic steps. So this national idea depicted through this item of course, needs to offer trust and usability and trust and usability people have to trust it, and they might be able to use it easily as straightforward.

And that obviously might lead to a broad adoption. And then the bracket, it says Estonia versus Germany. Estonia is a complete success story when it comes to reliable, trusted, and used broadly used online identities.

And with, we compare it to Germany with the Noya being used by less than, I don't know, 5% of the, of the actual citizens of the country, which clearly hints at being the opposite of a success story as of now. So the idea is that this strong national ID is good enough for replacing alternatives and alter alternatives. And this might be everything that you can think of the PayPal ID, the Amazon ID, this Facebook ID. And of course that must be understood by the citizen.

So the higher trust level is an important aspect and still the ease of use the, that it's easy to understand and easy to deploy on a day to day basis, because if this is not given, there is no strong altern or strong national ID in place, alternatives will win. And this is something that we see in Germany, for example, very strongly while other countries are far more into this digital ID business as issued by a national nation state provider of identities. But once this is in place, of course, this can be a, an enabler for business as well.

So getting business on board for using and reusing this national ID of course, is an important part for using it all types of contracts, not only when it comes to governmental use cases, but any type of use cases and business invest, of course, then when there's business in it business in, it means that there are either new business opportunities or a chance to retain, to keep their existing customer relations. When it comes to the digital transformation and online business in general, people are always thinking of optimization. Businesses are often think always thinking of optimization.

So getting to more efficient business processes, for example, by relying on existing strong identities is an important aspect compliance. Of course, I've mentioned that before I've mentioned GDPR before and all business will be required to, to comply to these legal and regulatory requirements. And of course, when there is a strong identity in place, this might help in achieving compliance. At that point, information security is an important aspect and all of this together might help to get a strong national ad ID used for governmental purposes.

Also being reused for, for reliable online transactions when it comes to business, not for everything, but might be an important aspect. So success factors, we're actually getting two mile final slide. So to understand what is required to get actually to this critical mass of people so that it gets a, a movement towards deploying this solution also driven from the, from the citizens and the customers, which might be the same people. So the first step that is required of course, is broad support for access to governmental services.

Everything that usually would require the citizen to, to stand up out of their chair and walk over to a governmental office should be available online if possible. But of course there should be also support for non-governmental use cases and also broad support for these and that that should not end at the nation state border, but it should be reusable beyond all NA national borders so that you can use your strong ID somewhere else as it is trusted somewhere else. Of course, we don't want to pay for that. I can think of myself being in the same situation.

I would not like to pay much more money for a strong digital identity, at least not much more than I would have to pay for my personal, but for my local ID. And of course this has to lead to business value for all involves parties, including the government, by achieving efficiency, the businesses by achieving their business goals and the citizens slash customers who also get to a better service in various ways, user friendly. We've mentioned that before. Yeah.

Easy to use, easy to get a real life solution, not something that requires additional readers, additional processes and clumsy processes at home, of course, a strong level of security, a strong level of trust and, and a clear communication of the value. And that needs to be achieved by having open communication. In general, we will have a balance between security and convenience and to sum all this, all of this up, we get to my final picture for this slide before I hand over to Mallon.

So we have a, a balance also between user experience, which needs to be cross-platform has to have the, an adequate market coverage, a register one's approach, and an ease of use, of course. And we, and in contrast to that, we have privacy and security, which needs to be maintained. So we always have this, yeah, this, this, this balance to be identified and well maintained that leads to privacy security, which is not the same data protection, which is again, not the same as privacy. And it required an if necessary in auditability when it comes to contracts that need to be documented reliable.

So for that's, I'm, I'm through with my slides, I would like to hand over to Mallon right now, but first of all, I would like to remind you to provide your questions. I see the first coming in and that's great. Please add yours as well for my part, for Mallon's part so that we have a strong set of questions to start out later on when we get to the Q and a, and now I would like to hand over to Mallon Mallon, are you there?

Yes, I'm here. So thank you Matthias. Good afternoon, everyone. My name is Mollys and I'm responsible for product marketing in nexus software. And this afternoon, I'm going to talk about digital signatures first.

However, I would like to start with some words about nexus nexus as a company, I have had the advantage of having two quite advanced home markets in Sweden and in Germany, Sweden being very early in adopting online banking type of solutions, even based on PPI already in 99, as well as, as quite early strong e-government initiatives. And in Germany, we have since many years been working with one of the trust centers. For example, this strong experience in something is something that we are leveraging from.

Of course, when we see this strong movement in the market for digitalization automation, and by doing, by implementing this with digital signatures nexus, as a company was founded already in 1994, our headquarter is in Stockholm, Sweden. We are actually located in eons the telecom company's old premises, and the street name is telephone street. If you translate directly from Swedish, we're about 250 employees, mainly in Europe, but also in Asia and north America. And throughout the years, we have had the privilege to manage more than a hundred million identities via our customers.

Our slogan is enabling trusted identities, and this is something that we do both in the physical and digital world, meaning that we enabled identities, both for access to physical buildings, as well as networks and cloud applications and access also managed these identities throughout their life cycles from both grade in a single identity and access management system. Traditionally identities have been all about people, but today with the digitalization and the always connected society, trusted identities are also required for software and things.

I think you see that in, in, in a lot of, of things happening in the market. So moving into the digital signatures, digital signatures helps the world economy to grow. There are big initiatives in the market where this definitely is in the focus, and I'm thinking about the new EU regulation aid us.

However, it has been obvious, I think since a really long time that in business in general, automation and digitalization should also affect the bottom line of enterprises businesses.

Not only because you allow people to focus on the core business, like in this example where people say that they spend more than one third of their working time on administration, but also because you can implement more secure processes that give you less problem with compliance and auditing automation may also enable better follow-up mechanisms increase the understanding of the business characteristics that would lead to better visibility and improved possibilities for true knowledge based decision making. So we would like to say, I mean, please join the digitalization of, of society.

And next is definitely believe that now is the time to join this digitization of, of society. And with initiatives like ADAS and the harmonization of legal frameworks in Europe, this should also support the drive towards interoperable and standard based cost efficient deployments and solutions. One particular trade trend that we see in the market. And that next is definitely believes in is the movement towards remotes, or you could also call it server based type of digital signature solutions.

However, remote digital signature solutions requires designers identity or authentication before actually executing the designing process. And here is where also nexus with this offering can actually offer a more and flexible solution with an adaptive way of authentication authenticating the users as such. This gives you freedom and the possibility to actually implement the solution that suits your needs in the best way. I will come back to this more later in the presentation nexus as a company. And the experience that we have from from the market also has a strong belief in mobility.

We believe that mobility equals usability and that end user convenience is a key factor for the success and the level of adoption that may, that you may achieve with your solution. And Matthias mentioned that also earlier in his presentations and also organizations that the GSMA also shows that in their figures, that the number of smartphones in the market would actually almost double until 2020. And this shows, I mean that the smartphone will, will continue.

I mean, it always already plays an important role in most people's lives, but it, I think we also believe that it will play, play a very important role in, in different types of security solutions. We also have a really, really good example of this already today. And this is with this, with this Swedish bank ID in Sweden, there are today more than 7 million bank ID users. I think the, the, the potential is 8 million or something like that. So it's really lot of, of, of users that are using, or have a bank ID already. And the solution has actually been around for a while.

However, in 2014 bank ID introduced mobile bank ID, this is a typical mobile app that enables you to do the authentication and digital signing transaction with your mobile instead of the traditional ones that, that they already have, and, and used to have on a smart card or in a file and today on, and, and, and actually, as you can see in, in this picture here, you can see that the reality actually today, that while the amount of transactions with smart cards and the traditional soft certificates remains steady and actually quite low, there is really a rapid increase of the amount of transactions using mobile bank ID and on a daily basis.

And I, I can tell you on a daily basis, cause we see that also from the request that we get from the market, new applications are being launched that leverage from bank ID as their identity and authentication mechanism. And I must say personally, as, as a consumer, I love it. And I love it because it's easy. I use it all the time and there are no hassle with passwords or, or similar things to remember.

And, and I even expect that Porwal or online services should support bank ID. I get a little bit annoyed, even if, if I can't use bank Eddie, and if I have to register and, and give a password, et cetera, an examples of when I use it, I use it. When I log on to the public transport, Porwal here in Stockholm to, to buy tickets for my children or, or check, check their traveling.

I, I use it when I pay for my online shopping. I use it when I register, leave for my children at their school. I use it when I buy insurances and, and I use it when I pay my bills. So there's all different types of, of use case scenario that we see in the market.

And, and it's really something that, that everyone is leveraging from one other good example, coming from the customer side is one of the one nexus customer SBO SBO is state owned bank. You could call it a niche bank in the sense that they, they are focused on, on some particular businesses, mainly top loans and savings for, for, for customers. They have limited number of branch offices, meaning they're.

They are a typical online bank leveraging from, from their web bank and also from their customer care type of, of channels nexus already in 2013, implemented an authentication platform for, for SPI. And they have actually on a year on year basis increased the usage of their online services by 30%. So this was, this was just to make it easier to, to get online to their particular services.

However, in addition, they have recently also evolved their business and identified new opportunities with these authentication and digital signature mechanisms that they're using. And these new opportunities is actually about upselling on existing customers. The function that they have implemented is that they over the customer care channel can authenticate their user, know your customer type of, of implementation using mobile bank ID. So while the customer care is helping the customer with whatever support that is required, they can also offer new or updated services.

And if the customer is interested, he's then asked to sign or authenticate with his mobile bank ID. And of course, as he's on the phone with this, with this bank, normally he's actually also using his mobile phone for doing that. He also has his mobile bank with him. Customer care then sends a request to his mobile bank ID and the customer can then sort of approve the approve the signing process. And in a minute, a transaction has actually been executed.

So there is a number of possibilities or areas for digital signature and the implementations can of course differ slightly depending on workflows or, or ender types that that are, that you're addressing, but the drivers and, and I think Matthias had some of these also in, in, in his presentation is, is normally that you won't like to reduce some costs. You, you would like to become more efficient. You would also like to enhance your customer relationship, like with the SBO B case, interact more build stickiness and, and in the end do more transactions with your customer.

You would like to get paid faster, have, have faster processes, track progresses in, in processes, or even enable new services when upgrading to, to a better type of security that would enable that. So we definitely believe that you should enjoy signing, but coming back to my statement a little bit earlier, there are actually some choices that you, that you can do make here.

We, we do see movement in the market towards these remote or server based S clients based signatures are still around and also relevant, but it's important to understand the difference. And the difference is that in the client based signature solution, normally the keys are stored in smart card and the signatures is executed on the smart card. The execution is initiated by the user that enables access to the key with the smart card pin in the remote, or sort of server based signature solutions. The keys are one time keys, new keys and certificates are generated for every new signatures.

And the keys are protected on the server by N HSM hardware security module. This means that there is no need for a smart card or smart card reader nor sort of a life cycle manages of these keys or certificates, validity checks, or revocation controls in the client signature, the key center certificates.

They, they have a life. They recite on these smarts that are out in, in and with the customer wherever they are, and these have a validity and they can be revoked. So these checks sort of are automatically required in these type of solutions. The important thing with the remote signature solution is also that the sort of signature function and, and the, the mechanisms of doing signatures and the identification of, of the actual user, they are separated. You may use any authentication method to start the execution of a signature operation.

And this particular particular characteristics of these solutions actually gives you more freedom and enables more better enables interoperability and mobility in a new way that has not been possible before way. So remote signatures gives you the freedom to implement signatures that can really be done from any device from anywhere, from at any time and nexus solutions for implementing an end to end sort of remote signature solution in particular enables you to implement the so-called adaptive authentication solutions.

So you can mix and match depending on your user type, depending on what device this, this particular person is using, where they are located the time during the day and authentication mechanism, the strength of the actual authentication mechanism in the end, and, and, and decide throughout sort of this uses the movements in, in different locations, what type of, of mechanism that should be required. So again, enjoy get the possibility actually to pick the mechanisms or mechanisms that you need.

And, and typically, as I mentioned before, there are some evaluation criterias that are, that are important. And one of them is of course, end user convenience.

How, how will I really implement the most convenient user for my users, cost and security. And this is something that needs to be evaluated in each and every occasion, But coming back and looking at solutions like mobile solution mobility equals usability, and the nexus personal is, is the solution that enables this. It's a mobile app for online out. Theand two factor authentication and signing.

And we believe that the mobile is not only convenient, but it actually reduces cost also, and improve usability without having the need for a hardware token, like a smart card, or, or having to implement a card reader in your, in your laptop or, or, or PC it supports iOS and Android. And, and it also comes and that's, and that's the key for integration in third party applications.

Finally, then coming to the core part of, of, of the actual signature solutions itself, A solution from nexus can be used sort of in, in, in many different ways. And, and this part, this picture here actually shows the complete end to end end to end solution as such. So if we start from the left hand side here, typically the, the interface to the actual solution can come from either an employee or a user in some way, it could be a customer or partner or, or, or someone that could through web interface actually upload the document.

Typically we're talking about a PDF document or, or, or similar. The other interface is through an API where there is a business application, some kind of workflow that initiates a signature, and this signature could, could be sort of a flow of signatures that needs to be executed by multiple users.

The, but the actual initiation comes from a business application. The nexus signature server relies on nexus certificate manager, which is the CS software from nexus that has been deployed in numerous installations and has a proven, scalable, reliable, and secure. And as you can understand that, depending on the actual use case, there can be a lot of signatures that has to be executed in a very short timeframe and, and certificate manager then is responsible for the key generation.

And the certificate issuing keys are generated in the HSM, the hardware security module, and the actual signature is of course also executed in the HSM. Nexus is interoperable with multiple HSM vendors and models from for example, tireless, security and statement. And coming back then to, to what we talked about in, in several slides before, before the signature actually can be executed in this type of solutions where you have a remote or, or a server based signatures, you need to ask the, or get the, get the authentication of the actual user that is initiating this authentication.

And this is where the nexus sort of adaptive authentication server comes into place and where you get all these possibilities of being able to pick as, as a service provider, what actual authentication methods should be applicable for this particular use case for this particular location during the day, and for this particular location where this with this person, or is, is located located at this time. And this, this authentication server, of course also can work with nation nation type of, of identifi IDs, like bank ID in Sweden or, or, or other nation national IDs as such.

So in the end, this means that that the remote signature solution actually means again, that you can from any device from anywhere at any time conduct digital signature. So the takeaways from this presentation that I would like to give is actually to enjoy digital signatures. The fact is that it saves times reduces cost and enables new opportunity by reducing signing processes from, from, from days to seconds and mobility equals usability and convenience. Convenience is what actually empowers your digital signing solution.

And finally standards are important, and we believe that regulations like ADA and similar regulations in, in, in regional regionally, in, in different countries will actually push these type of solutions also for the future. Thank you very much. That's everything from me. So thank you Martin, for, and I hope it was not all of you because we have some questions left, but thank you very much.

And again, do your reminder, if you have still some questions that you would like to provide, there are a few already there, which are great ones, very, very colorful set of questions here. That is great. But if you still have another, another question to, to, you would like to have discussed, please let us know, and we will pick them up here.

So, first of all, I, I, I start actually with a reference to your final slide. There was one question that says the electronic signature is a revamp or very similar to the signature as regulated by in 1999. And at that time it wasn't really a success.

Why do we, or why do you think that this is now more, more successful? Is it really a matter of time? Is it the digital transformation? What do you think? Why is the, I does now a driver and it has not been some 15 years ago.

I, I would say that I does, you can look at AI does from, from multiple angles first. I would like to say that similar to what you said, Matthias and, and what I think also, I said in, in my presentation, there needs to be of course, a, a commercial drive behind these type of, of implementation. Also there needs for, for, for vendors like nexus and, and other players, there, there needs to be sort of an initiative sort of around it so that there will be usage around the service.

But I think this will be, this will be the case for, for I also, what I do, what I do see is that what AI brings is, is interoperability to some extent and, and also open up for, for, for, for an infrastructure that is for what you call it, distributed in the sense, and, and, and allows for more players to, to be a part of it.

So this trusted server service sort of concept that is defined in, in AI is, is one thing that I see is as very interesting, and, and, and also this breaking up of between the signature function and the authentication function enables us actually to implement the signature services that, that can also leverage from identities that has been issued in, in other countries. But, but with, with some other mechanisms that, that we would normally not support in, in, in our local services such. So I think that is, that is what I believe. Okay.

Additional question in the same area is, do you expect the other trust services of a rider to be successful as well? So seal or timestamp or the focus still, mainly on, on the signature part?

I mean, I, I think that they, they, they go hand in hand in, in some cases, but, but I think definitely the signature function is where you can really see, see optimizations and, and the clear business case around it. So I think that is the, the most important one. Okay.

From, from your market experience, from, from your, from your market view, how do you think, or do, do you see the GDPR already being a driver when it comes to strong online identities? Is this something that people are asking you proactively for? Yes. I think that is, that is something we see in particular for, for strong authentication solutions that, or, or similar sort of a regional legal requirements. Definitely. That is something that we see. Okay.

Then, as I said, very colorful questions, one is to really focused on the product on, on next personal, how do you link the mobile phone to the users? So how do you ensure that the effective procession is actually yeah, that this user actually owns this, this phone?

How, how is that done? Okay.

I, that time, that particular question I need to pass on and give an answer later on I'm, I'm not that detailed in the knowledge around that. Okay.

So please, the one person that asked that question, please get in touch with, with Mel afterwards, the mail address is what's on the front slide of, and it will be available in the recording at least. So that would be nice if you get the more technical question over to her by mail. Another question that I have here is a more general question.

So the, what would be typical deployment options for such a remote signature services? How, how do you, how would that be designed? What are the, what are the options there? As I said, I, I, I think that this, the, the remote and the sort of all survey based digital signature solution, I, I definitely see that that cloud based solutions are, are one of the options that, that is very interesting.

And that, that of course is, is, is possible here as a customer, you have the possibility to get the quite a quick start test, test your services and, and, and, and get, I mean, without having to do sort of a huge investment in, in, in the technology as such then of course, there, there are regional or, or local requirements where, where cloud based type of solutions are, are not applicable. And here also questions around where is actually the data stored, et cetera, is of course important questions, questions to address in, in a cloud-based solution.

But as I see, I think we will see a variety of, of solutions where cloud or managed cloud as, as, as, as we call it where we actually manage the, the customer's data or the on premise type of installation, I think a little bit, depending on, on, on the country and the type of customer, I think we will see a variation of those. Okay. Thank you. Another question, which is very interesting, and maybe I would like to comment on that as well. There is another question. I just read it out.

Most of the person have a unique, real life ID, but very often people want to separate private life and professional life. Do you think people should be limited to one unique digital it for an identity provider? And at first, my, my, my opinion on that is of course not because many people want to have different types of personas for different use cases, different areas of communication, different yeah, different ways, how they interact with people in organizations. And that should not be touched by what we are talking here about.

We, we, there will be an area where we will have to have a reliable, strong security, secure identities as I describe them before, but that does not mean that somebody does not have to be represented through various personas, even through personas who are somewhat dis disjoined from their actual ID and even pseudonymized, or, or anonymized. I think this is something that is apart from what we are talking here about.

This is really, we are talking here about, about contracts, about strong I identities and auditability, and this is something different, but Martin, maybe you want to, to comment on that as well. Yes.

I, I, I mean, the way, for example, in, in, in Sweden that is sort of a whole topic cause these, we also, we are very dependent in Sweden on what we call the personal identifications number that is actually used in, in many different sort of scenarios. And, and this is also something that, that, that is being discussed.

That if I, I then act as a, as an employee of a company, et cetera, then I should not use my sort of personal identification number or my person personalized electronic idea as such, this is actually used in this way, in some cases in Sweden. But, but I see that again, a does as sort of a framework, if you could call it that now they have also specified these electronic scenes that's particular for, for, for companies.

And, and we also see in, in, in, in some cases here in Sweden, that we talk about attributes that then we will be sort of added to, to, to the actual authentication processes. However, I think, I mean, in the end, it's, it's all about finding the right solution.

And, and what has hindered that in, in Sweden for example, is, is that, that there has been regulations on how you can actually change one ID to another ID and, and therefore you have not been able to leverage from, from the, from the national ID in, in the extent that could have happened if, if that would have been allowed. Okay. Yeah. Great. Thank you different know of that. That's very interesting that there's already an, a concrete issue behind that.

Maybe the final question that I pick up, but which is more a almost philosophical question, because we would then have to solve the identity problem for the us, but, but maybe this is something that you already thought about. So we have in the us, the closest thing I read it out is we have is a, to a national ID is the social security number. But as we all know, there are various restrictions and issues with the social security number.

Have you already thought about workable alternatives to this, to a national ID for the us, or is this as of now out of your scope, It, it is as of now out of our scope. Yes, it is. So we have not worked with that.

I, I think because that, that, that really would solve some, some issues for the us as, but, but I think as you are providing infrastructure and, and processes, the, the, the idea of getting to a, a unified identifier across the, the us states might, might be yeah. Beyond what, what we can, can manage today in this, in this webinar. But it's an interesting question, and I really would like to see, to get to a, to a solution here. So we are running out of time. We are getting close to the, to the end of this webinar.

Thank you for the, to the participants for all these interesting questions was very good to see such an, an, an interesting interaction and such a, yeah, as I said, colorful mixture of, of questions. Marlin, do you want to add something finally, before we close down the call?

I mean, just, just quickly, please, please free to send, send me an email if you have any additional questions or would like to discuss some more things in more detail. Yeah. And the same is true for me.

If, if anything is, was left open, or you find get to some other questions that you did not type into the go to webinar software, please let us know the, the, the mail addresses are available in the recording on the front slide. So, yeah, that's it for today. We're looking forward to having you again, as participants in other webinars would love to see you in one of these conferences that we are doing, or if you just get in touch in any other way with us, that's it for today. Thank you for being with us today. Have a great day and goodbye.