Perhaps the most important requirement of government services is Trust. Every department and agency is continually challenged to become more efficient at delivering services to the citizenry, with less resources, but is also required to improve access and transparency through new models such as self-service, and electronic delivery. Yet they must do this in a way that doesn’t erode a public’s confidence in their service delivery, and certainly in a way that does not compromise a citizen's personal information.
A common approach to self-service and transparency is to offer a citizen portal. These solutions typically offer information for a specific area, but also include both content that may be restricted to only authorised parties, or areas for online transactions to facilitate for efficient commercial exchanges. The need for a secure, yet simple, authentication solution is therefore paramount. The access mechanism must also not disenfranchise users through complexity, and also address all accessibility dimensions.
Looking inward, there is also the common challenge of accessing data across functional domains within government. Privacy is a major driver, and while there are always documented rules around who should have access to systems, this is often weakened by the ‘spaghetti’ of electronic access controls but in place. Furthermore, as phishing attacks become more and more common, it is almost inevitable that every department will face a key-logger based threat (e.g. password mining) where an identity is misused contrary to policy, and ultimately breaking the privacy controls.
Cipherise addresses both the need to provide a simple, safe and secure access method for external access to government ‘portals’, as well as a mechanism to enforce identity access rules within a Department or agency. Via a simple QR scan, (enabled by a single easy to remember secret), citizens can be granted access to a payment portal under multi-factor authentication rules, and be confident that their personal identity is never weakened as their unique credentials are never shared. No password is ever typed, transmitted or stored, yet access is granted simply, and without having to remember complicated user credentials or rules.