Liga’s SmartSignatur makes it easy for the staff at the public schools in Lyngby-Taarbæk Municipality to identify themselves and gain secure access to confidential data. Access can now be granted without repeated usage of smartphones and personal NemID – and the setup ensures compliance with the new NSIS-standard.
“We have been using the SmartSignatur-platform for some time, and it seemed the obvious choice to use the platform for secure and encrypted access to Aula, too. It gives teachers and educational staff two-factor-based access to sensitive data via a USB chip card. The administration is easy and significantly cheaper than other solutions based on new server infrastructure or traditional token setups,” says Martin Oldin, Identity and Data Architect, Lyngby-Taarbæk Municipality.
As the digitization of the public infrastructure increases, it becomes essential to establish a structure for secure and encrypted access to sensitive information. Such a structure is also crucial for schools and the new learning platform, Aula. Primarily as the platform contains confidential information and communication about individual student’s wellbeing, health and social conditions, Martin Oldin notes.
Secure access to sensitive student data
Aula has been appointed the very first joint public solution to comply with the latest version of the National Standard for Identiteters Sikringsniveauer, also known as NSIS, issued by the Danish Agency for Digitisation in cooperation with private contractors such as KOMBIT.
The decision implies that teachers and other staff can log in to Aula with their username and password to read non-sensitive information. To access sensitive data, however, they must identify themselves with a two-factor based key.
The new two-step access solution has been implemented at Lyngby-Taarbæk Municipality, and approximately 1,000 teachers and other educational staff can shift between the two types of access: The traditional based on username and password, and the extra-secure login based on their Smartsignatur USB chip card or their personal NemID.
Seamless and secure two-factor identification
“Some teachers prefer to shift between access types. Sometimes they don’t want to use their private NemID because it typically involves using personally owned smartphones. That does not present a problem, as they can instead choose to use their SmartSignatur chip card for high security and quick access,” Martin Oldin explains.
It is voluntarily to use SmartSignatur and still, most staff use their personal NemID to gain access to confidential information. Already, however, 50 employees are using SmartSignatur, and the municipality expects that number to rise.
Following the Corona crisis, the municipality will have a new and better opportunity to issue chip cards to employees. At a self-service desk computer in each school’s office, staff can identify themselves, get a chip card and choose a personal PIN-code. Furthermore, approximately 600 employees in the municipality’s daycare will be linked to Aula in the second half of 2020.
To further simplify the identification process, the municipality of Lyngby-Taarbæk has introduced a simple workflow where the employee’s mobile number is used for one-time verification when issuing a new chip card.
“It is important to us that SmartSignatur offers a secure, recognized login method in line with the identity management model we already use. The point is that the employees get easy access to confidential information via a two-factor based solution – that is, a combination of something you know and something you have. No matter whether they log in via private NemID on their phone or via the USB chip card through Liga’s solution. This means that we are now compliant with new requirements in NSIS in a way that is financially and administratively affordable for the municipality and convenient for the employees,” says Martin Oldin.
SmartSignatur is now Liga GlobalID
Liga GlobalID is built to handle the entire identity lifecycle from the initial onboarding and validation of the user, to the enrollment of multifactor authentication tokens, the everyday use, and the revocation process and reporting for compliance purposes.