Webcams and smart cards to access Turin eGov services (SyC)

How many citizens have a smart card or a barcode reader? A few. How many have a webcam? A lot. So why not use a webcam to identify digitally a citizen who wants to access an eGov service website? The Italian city of Turin (Torino) has designed the ShowYour Card (SyC) system, which allows users to optionally use their own webcam to identify themselves thanks to a software that reads a 2d barcode identifier printed on the Torinofacile card. After the identification process, the users only have to type their password to access the local eGov portal.

Policy Context

The Turin Municipality has been pursuing since 2000 the goal to create online services to allow users access to personalized information or to send administrative requests to the City. To protect citizen’s privacy, this communication channel has to be provided with an authentication system for the identification. This goal had to follow some simple but strategic requirements: - Low technical requirements for the computer station. - Easy to use (minimal computer knowledge requirements). - Set up by a tool accessible through a totally on-line process in order to make it simple to organise. - As much secure as possible, both in terms of information presentation and usage. - Consistent with the choices made nationally on the Electronic Identity Card - Cheap, since it has to be widely available. The objective was achieved through the creation of the TorinoFacile system, a portal where it is possible to find all online municipal services and where a citizen can register and acquire an individual secure digital identity for the portal. The digital identity is mainly set up by two elements: a password chosen by the user and a pin given by the system. To identify himself within the system the citizen has to provide both credentials, besides a login name. The same approach has been used by many other municipalities participating in the regional eGovernment plan, leaded by the City of Turin, in order to share good practice. From the point of view of the city this was just the starting point from which to begin to develop new online services, in an easy digital environment. This is the context in which Turin Municipality decided to provide the citizen with a new facility, the SyC option, to easily access its online services.

Description of target users and groups

All citizens that need to access the Turin on-line services provided through the Torinofacile portal. These citizens are mainly people who live in Turin, but there are many other users who live in nearby cities and need to exchange personal data with the Council related with their house, their car or their job.

Description of the way to implement the initiative

From the inception of the project, it was clear  that the SyC system had a small dimension that the all the requirements were not identified at once and that they could change during the development phase. Besides that the project should have had a very low cost and should have been realised by a team of developers inside the Municipality. For these reasons, the City of Turin decided to follow a development approach very similar to the Rapid Application Development (RAD) methodolgy, instead of using a more articulated multi-phase methodology.

The chosen approach allowed the team to create a set of prototypes incrementally implementing  the neeeded functionalities. The design and development of the system was carried out by a team of three developers, where each one focused on a different component of the system. Once the first fully functional release of the system was realised it was not possible to open  the new service to the citizens, because they simply did not own a card with the 2D barcode representing their personal code.

Thus, It was decided to activate a test phase. Before accessing the test, users were asked to login through the standard form based approach, and then to request a run-time service allowing them to download and print a PDF file containing the 2D barcode representation of their personal alphanumeric code. This way users were able to test the login feature, without having to type the personal code.

At the end of the test, citizens were asked to answer a short survey about the use of the SyC system, focusing on the difficulties and problems they might have found. This prompt feedback allowed the developers' team to continiously improve the usability and efficiency of the system during the test phase.

Once the test phase ended, the SyC system has been made available to all users on the Torinofacile portal and at the same time the Torinofacile card issuing process has been modified in order to print on the card the user's personal code represented in the two-dimensional barcode image.

The architectural design follows two main principles:

• Service Oriented principle;governing aspects of communication, architecture and processing logic as loose coupling, abstraction, composability, autonomy, stanelessness.
• Software reusability; partly driven by the previous one, and it is at the base of all the cooperation projects realised in the Piedmont Region in the latest years.

The three components previously described have a life cycle completely independent from each other with defined interfaces. Whenever is neeeded it is possible to improve a componenent or change it with a different one, without having to modify the other components. This potentially has been used during the test phase and the start-up period; primarily the user interface has been changed in order to make it more usable and improve the interaction between the citizen and the webcam; then the codec has been changes to make the system more efficient. All these changes have been developed at the same time, without modifying the interfaces and the new versions could run in parallel to permit the switch from one release to another without stopping the service.

In addition, each component can be reused in other contexts. For instance, the City of Turin has already started to work on a new codec, with the aim to add other 2D barcode algorithms to be used not only by on-line services, but also by back-office applications using standard barcode readers. In these cases, on-line services that need to add a 2D barcode images, for example in an on-line generated document can invoke the codec with the appropriate parameters identifying the needed barcode. On the other side a back-office application can read a large amount of data stored in the barcode without having to retype them.

 

Main results, benefits and impacts

Through a webcam and a very simple software interface it is possible to read a code printed on a card or ticket and send it to an application that will process it. This idea has been initially implemented to provide Torinofacile users a new way to identify themselves within the portal.

Until the implementation of this new facility, registered users had to identify themselves typing a PIN, an alfa-numeric code, plus username and password. The identification process is secure enough thanks to the fact it is based on three different keys. But at the same time it forces the user to remember all these three keys and write them correctly.

Now the user has also another way. In fact their credential printed on a card has been converted in a 2D barcode that the user can show to a webcam activated by a simple flash interface inside an HTML page. As soon as the code is acquired and decoded, the data is sent to the authentication system in order to complete the identification process asking just one password to the user.

There are two aspects of the project SyC that are beyond the state-of-the-art. The first is the use of a webcam to acquire information data. This device has been used to send images over Internet to another person without considering the meaning of the images transmitted, but now it is used as a reader device in order to acquire a specific image and decode it to gather data.

The second one is the use of 2D barcodes in the Italian public administration. Turin is the first city using this coding to represent data, just as many other private companies already do.

Today there are about one hundred of citizens that have been using SyC to login on Torinofacile portal and there are daily requests for new cards having the code printed, since the old cards don't have it. The use of the two-dimensional barcode to identify oneself in the portal has not implied a decrease of the time needed to log in. Nevertheless it has been chosen in those cases where the user had some difficulties typing correctly his personal coded, following the right sequence of the alphanumeric characterers. In fact, when the user becomes familiar with the interaction with SyC, the chance of mistakes is null and the time spent showing the coded to the webcam is comparable to the averagetime required to type it more than once due to mistakes, or to the extra needed to avoid them.

It is important to state that the use of this new identification process did not cause a drop in the security level of the authentication system. Regrading this aspect it is worth to detail some specific and critical security issues that have been taken into consideration implementing SyC. For each point a possible weakness is reported and the solution adopted is described.

1. The barcode image is printed on the card and so it can be photocopied. Of course this is true, but this is valid in general for all the data printed in clear text on the Torinofacile card, as required by the cheap solution in Turin. For this reason, it is important that the citizen keeps the card safe, as he does with a credit card. Nevertheless it needs to be highlighted that the barcode cannot be read with a human eye and in this way it is more secure than have it in clear text on the card.

2. The barcode can be generated on its own using some available tool knowing the text string to be coded. The real barcode is generated using a text string, representing the user personal code, and a non reversible hashing string created from the string plus a private passphrase. The interface towards the authentication system verifies the integrity and the authenticity of the hashing before accepting the decoded data, preventing possible misuse.

3. The data sent to the codec are transmitted in plain text over the communication channel. These data can't be read by a third party, because the channel uses SSL encryption. In face all the communications between the citizen browser and authentication system, codec included, use the secure protocol SSL and the standard X509V3.

 

Return on investment

Return on investment: Not applicable / Not available

Lessons learnt

Lesson 1 - The first main lesson is that it is possible to use a webcam as a card reader. In fact the software component able to acquire an image and send it over internet is quite general and reusable. This allows us to contemplate other possible types of use of this device. Lesson 2 - The second lesson is related to the 2D barcode encoding used. The project SyC adopted the DataMatrix encoding, developing simple API to encode and decode data. Both technologies can be easily transmitted to other administrations. Lesson 3 - The third and last lesson is that citizens are ready to communicate with the public administration using widely available devices in an innovative way in order to improve and secure online interaction.

Scope: Local (city or municipality)