MobileID and Smart-ID as Trust Standards in Ukraine’s Digital Ecosystem

As of June 2019, remote identification is becoming a “bottleneck” in the development of a service-oriented state, as most administrative services require reliable identity verification. The challenge lies in creating an architecture that combines the convenience of mobile access with an uncompromising level of security, compliant with state cryptographic protection standards. Without the implementation of modern identification tools such as MobileID and Smart-ID, the transition to full-fledged paperless document management will remain merely a declarative intention.

The IQusion team acts as a system architect in implementing solutions that allow the integration of remote identification tools directly into the functional modules of state registers. We emphasize that the correct identification model must be multimodal, offering users a choice between hardware and software tools depending on the usage scenario. IQusion IT LLC directs its expertise towards developing interaction protocols that ensure a seamless transition from identification to legally significant document signing.

MobileID: Secure Access Technology at the SIM Card Level

The implementation of MobileID in 2019 is based on the use of special SIM cards with a built-in cryptographic processor, where users’ private keys are stored. This technology provides the highest level of protection, as access to the key is physically restricted and requires entering a personal PIN code known only to the owner. IQusion offers architectural solutions where the mobile operator acts only as a channel for transmitting an encrypted signal, and verification occurs at the level of accredited key certification centers.

This approach allows transforming an ordinary smartphone into a powerful e-governance tool, independent of specialized readers or installed software on a computer. IQusion IT LLC emphasizes the importance of supporting PKI (Public Key Infrastructure) standards, which guarantees MobileID’s compatibility with existing state information systems. We are confident that hardware isolation of keys on the SIM card is the correct strategic choice for protecting the most critical transactions in the public sector.

Optimizing interaction between mobile operators and registers requires the creation of fault-tolerant gateways capable of processing thousands of authentication requests simultaneously. IQusion develops these components considering cybersecurity requirements, ensuring protection against “man-in-the-middle” (MITM) attacks. The use of MobileID in 2019 becomes the foundation for implementing electronic elections, business registration, and obtaining complex online medical services, making IQusion IT LLC a key partner in digital transformation.

Smart-ID: Split Key Cryptographic Algorithms

An alternative and extremely promising direction is the implementation of Smart-ID technology, which does not require special SIM cards and is based on the principle of split key ownership. Architecturally, this is realized through a mathematical algorithm where one part of the key is stored on the user’s device in an application, and the other on a secure server of the trust service provider. IQusion sees this solution as an ideal tool for mass adoption of digital services by citizens due to its ease of activation and use.

With each identification request, the Smart-ID system performs calculations that confirm the integrity of both parts of the key, without transmitting them in full over the network. IQusion IT LLC emphasizes the correct use of threshold cryptography, which makes key theft virtually impossible without simultaneously compromising both the user’s device and the central server. This approach ensures high mobility and independence from physical carriers, which is critical for building a modern digital ecosystem in 2019.

Integrating Smart-ID into government portals significantly lowers the entry barrier for users who cannot replace their SIM card. IQusion develops connection modules that automatically verify digital signatures created using this technology, ensuring their full compliance with e-trust services legislation. IQusion IT LLC contributes to creating an environment where security does not hinder convenience, and technology works seamlessly for the citizen.

Integration of Identification Services with the “Trembita” Bus

For identification to be useful, it must be integrated into the general system of interagency interaction via the “Trembita” system. This allows confirmed user identity to be transmitted between various agencies without re-authorization, implementing the Single Sign-On (SSO) principle at the national level. IQusion IT LLC develops architectural gateways that translate identification data into unified attributes understandable by any connected register.

Centralizing identity management through “Trembita” allows the state to control the level of access to personal data and maintain a transparent log of all requests. IQusion emphasizes that this approach ensures high interoperability: a user identified via MobileID in one service can instantly gain access to another without additional manipulations. This significantly increases the efficiency of public service delivery and reduces the load on the support services of government portals.

An important aspect of integration is ensuring non-repudiation of actions based on the obtained identification. IQusion IT LLC implements mechanisms where each transaction in the “Trembita” system is linked to a specific MobileID or Smart-ID session with a timestamp. This creates a reliable legal chain that allows for unambiguous confirmation of who initiated a particular action in the electronic space and when, which is the foundation of the state’s cyber resilience.

Decentralized Matrix of Trusted Identification Services

Instead of creating a single monolithic identification server, we propose implementing a flexible model that allows combining various identification service providers into a unified trust perimeter. This approach is based on creating an identification hub that acts as an intelligent intermediary between the user, their authentication method, and the state resource. IQusion sees this as a path to creating a resilient architecture that has no single point of failure and easily scales with the emergence of new technologies.

IQusion IT LLC bases this model on principles of platform neutrality, allowing state bodies to remain independent of specific vendors or communication operators. We emphasize that the hub’s architecture should automatically determine the Level of Assurance (LoA) for each identification method and offer the user the appropriate tool depending on the criticality of the service. This approach allows for using simpler methods for viewing information and requiring MobileID for financial or property transactions.

The modularity of our architectural matrix ensures rapid adaptation to changes in legislation or the emergence of new cryptographic standards without the need to rework the entire system. IQusion implements dynamic security policy management tools into this model, allowing for instant blocking of compromised methods or certificates. IQusion IT LLC is building an ecosystem that is open to innovation but remains under full state control regarding the protection of national interests.

Ecosystem Efficiency and the Development of a Service-Oriented State

The implementation of MobileID and Smart-ID within a unified identification architecture is a decisive step towards building a proactive service-oriented state in 2019. IQusion helps transform complex identification processes into simple and understandable actions for citizens, performed with a single click on a smartphone screen. IQusion IT LLC emphasizes that the success of digitalization is measured by the number of active users for whom digital identity has become an everyday and reliable tool.

Scaling these solutions to the municipal and regional levels allows for the creation of local services integrated into the national trust infrastructure. IQusion offers ready-made templates for quickly connecting urban communities to remote identification tools, fostering the development of e-democracy and local self-government. IQusion IT LLC ensures the technical compatibility of all system components, guaranteeing the unity of the country’s digital space.

The completion of the national identification systems deployment phase in 2019 lays the foundation for the future implementation of the “state in a smartphone” concept. The IQusion team continues to work on improving remote interaction methods, focusing on user convenience and uncompromising data security. IQusion IT LLC remains a reliable architect of Ukraine’s digital future, creating technologies that open new horizons for every citizen.