PSD2 breaks up the ways in which banks do their business, by forcing them to open up their APIs. By doing so, PSD2 challenges the way in which data was traditionally secured in banks.

In this article, we will have a deeper look at the aspect of authentication in the context of PSD2. We will first categorize the authentication challenges immanent to distributed systems. Then, building on NIST’s authentication reference model, we suggest an extended model that caters to the challenges in a distributed context. With this distributed authentication model, we want to provide a common language for the context, and a common understanding of the dimensions of the value flow in such composite systems. We want to be able to most accurately describe the relay of the user's identity through the various atomic services (the individual services which compose a composite service).

The eIDAS Regulation creates a pan European market for electronic Trust Services (eTS). This includes things like electronic signatures and seals, electronic service delivery, website authentication and time stamps. The major thrust of the Regulation is towards ensuring that these mechanisms, when used, get the same legal status as conventional paper-based alternatives - across borders, throughout the EU.

The Payment Service Directive 2 (PSD2) allows non-banks to provide payment services which before were reserved for banks only. The market of services initiating a payment transaction or getting information about account balance will grow, and will also be open for new business models and technologies. The Directive and its implementation standards require all transactions to be handled through secure channels and all data shall be protected regarding authenticity and integrity.

In Part 1 of our series exploring the wide footprint of the eIDAS regulation, we looked things like PSD2, the European Citizen’s Initiative and the eHealth Governance Initiative. However, these are just a few examples of the many applications of the eIDAS mechanisms. In this part, we look at some other interesting applications including Social Security and the prevention of Money Laundering.

The eIDAS regulation is a key foundational stone in the creation of the pan-European Digital Single Market. It provides the essential elements to build a robust and secure electronic identification system and reliable trust services. Without the tools that eIDAS enables, a number of other EU directives and initiatives would not be able to function effectively - or at all.

 eSeal - solution for legal persons

The eIDAS regulation introduced Electronic Seals as a solution for legal entities, allowing them to protect authenticity and integrity of electronic documents and data. An Electronic Seal is based on the same technology as an Electronic Signature and also can be Advanced and Qualified. A Qualified Electronic Seal is verified with Qualified Certificate.

Following the revised Payment Service Directive (PSD2), banks in the EEA are required to enable their customers (users) to grant third party providers (TPPs) access to

 A Forrester Research survey found that documents with electronic signatures reduced the error rate by 80% and improved productivity by as much as 85%. These are just some of the statistics which highlight the potential disruptive power of technologies like eSignature and eIdentification in transforming digital businesses.

The eIDAS regulation sets the standard for electronic identification, electronic signatures and trust services. It paves the way for delivering financial, public and other services online in a more secure and reliable way than ever before. The eIDAS document and its accompanying guidelines cover the technical aspects in great detail. But what are the guiding principles behind eIDAS?