eKey (eKey)
eGovernment Authority

A. Problem Analysis

 1. What was the problem before the implementation of the initiative?
The Bahrain eGovernment Authority (eGA) has been active in working with government agencies throughout the Kingdom to ensure that citizens have easy online access – via the channel of their choice - to a wide range of public services. The Authority has successfully implemented a national web portal, a mobile portal, kiosks and national contact centers, and has been proactive in helping citizens to use these channels. One area where the eGA confronted challenges in terms of providing easy access to online public services, however, was secure authentication. Security and identity are critical issues in the development of trusted eGovernment services. Citizens need to have confidence that they can deal with government online without having their privacy compromised. At the same time, government needs to have confidence that a person really is who he/she says they are. Unfortunately, achieving these objectives is often easier said than done. Like many other countries around the world, government agencies across the Kingdom of Bahrain initially each used their own sign on and verification procedures to authenticate and validate the users of online public services. Doing so meant that citizens needed to juggle a wide array of differing PINS and Passwords, and provide the same basic information over and over again each time they accessed a different service. Moreover log-in procedures often varied by department as there was no common standards for validating a citizens identity and, consequently, no unified approach to security. A lack of ‘Single-Sign-On’ credentials meant that citizens needed to fill in different registration forms for every online service they used. This requirement was time consuming and off-putting. Moreover, even when they managed to do so for one service, they often lost or forgot their passwords for others. The elderly, in particular, found the it difficult to navigate multiple authentication codes and systems, as did poor and time-pressed migrant workers many of whom faced literacy challenges and often had enough trouble as it was learning to live far away from home in a new country. Across the Kingdom, citizens and residents were understandably frustrated, and uptake of online services suffered. Ultimately, it became clear that the lack of a common identity management approach represented a major barrier to further progress in the delivery of easy user access to online government services. To genuinely improved public service delivery for ALL social groups in the Kingdom (and not just the tech-savvy and/or patient!), the eGA realized that it needed to develop a robust yet flexible identity management solution that instilled public confidence, worked across government, and, last but not least, was easy to use.

B. Strategic Approach

 2. What was the solution?
The Bahrain eGovernment Authority (eGA) has been active in working with government agencies throughout the Kingdom to ensure that citizens have easy online access – via the channel of their choice - to a wide range of public services. The Authority has successfully implemented a national web portal, a mobile portal, kiosks and national contact centers, and has been proactive in helping citizens to use these channels. One area where the eGA confronted challenges in terms of providing easy access to online public services, however, was secure authentication. Security and identity are critical issues in the development of trusted eGovernment services. Citizens need to have confidence that they can deal with government online without having their privacy compromised. At the same time, government needs to have confidence that a person really is who he/she says they are. Unfortunately, achieving these objectives is often easier said than done. Like many other countries around the world, government agencies across the Kingdom of Bahrain initially each used their own sign on and verification procedures to authenticate and validate the users of online public services. Doing so meant that citizens needed to juggle a wide array of differing PINS and Passwords, and provide the same basic information over and over again each time they accessed a different service. Moreover log-in procedures often varied by department as there was no common standards for validating a citizens identity and, consequently, no unified approach to security. A lack of ‘Single-Sign-On’ credentials meant that citizens needed to fill in different registration forms for every online service they used. This requirement was time consuming and off-putting. Moreover, even when they managed to do so for one service, they often lost or forgot their passwords for others. The elderly, in particular, found the it difficult to navigate multiple authentication codes and systems, as did poor and time-pressed migrant workers many of whom faced literacy challenges and often had enough trouble as it was learning to live far away from home in a new country. Across the Kingdom, citizens and residents were understandably frustrated, and uptake of online services suffered. Ultimately, it became clear that the lack of a common identity management approach represented a major barrier to further progress in the delivery of easy user access to online government services. To genuinely improved public service delivery for ALL social groups in the Kingdom (and not just the tech-savvy and/or patient!), the eGA realized that it needed to develop a robust yet flexible identity management solution that instilled public confidence, worked across government, and, last but not least, was easy to use.

 3. How did the initiative solve the problem and improve people’s lives?
Several key innovations have enabled eKey to deliver on its central objective of providing a common system for securely identifying and authenticating online service users in the Kingdom of Bahrain: Multi-Channel Support - eKey seamlessly authenticates users at point of entry across a full range of online platforms and channels in order to provide users maximum choice in accessing online public services. Personalized User Experience Support – Once a user is authenticated, government departments now have the ability to create a unique service interface that exactly matches the user’s needs including customized displays of their personal information and access to relevant services based on their age, abilities or other key criteria. Back-End Service Linkage – eKey provides authentication service on the National Portal, which contains services from various government entities. With the use of the Single Sign On, users will be able to use services, from the same entity or even different entities, with a single login, within a single user session. User information can be exchanged from one service to the other without the need for re-authentication. Use of Biometric Technologies - eKey solution allows the use of Biometric technology to verify the identity of a person. This is particularly important to provide highly secured services online, and to provide services which were not possible to automate in the past because of the requirement for the presence of the user for confidentiality reasons and to assure the identity physically. This is no longer required when eKey Biometric authentication is used because it acts like a digital signature authorizing sensitive transactions, like legal cases as well as official government transactions.

C. Execution and Implementation

 4. In which ways is the initiative creative and innovative?
The eKey System has been developed following an extensive service development methodology combined with the eGA’s established Project Management tools: - Phase 1 – Conceptualization - In March 2009, research (in the form of an Enterprise Architecture Maturity study) was conducted to establish the basic concepts of eKey and identify the needs of the initiative. This study covered all ministries and government entities and identified the needs across the government. - Phase 2 – Engagement of Partners - In June 2010, a Request For Proposal (RFP) was submitted to Bahrain Tender Board to invite specialized local, regional and international firms. The review of all bids and the awarding of the project took around one month from the date of opening the bids. - Phase 3 – Design of eKey System - In September 2010, the selected bid was awarded with the tender and was officially kicked-off. The design activities of eKey solution were conducted by the vendor, and in cooperation with CITO. The design included the system design as well as all integration specifications and the specific standards to which eKey solution has to adhere. - Phase 4 – Implementation - In December 2010, implementation began in cooperation with the relevant stakeholders. The first step of implementation was to setup the infrastructure on site. This phase included setting up the Hardware, configuring the servers and setting up the required networking components. A parallel phase started to develop the application running on these servers. A third phase was to develop the integration interfaces with the CITO, owners and maintainers of the Biometric data of all citizens and residents of Bahrain. An additional phase was introduced and dedicated to all tests to be performed on the solution. These include various kinds of security tests, such as penetration testing, vulnerability assessments, tests against the common threats like hackers attacks and denial of service issues. Moreover, tests also included performance testing and availability testing. This phase was considered completed in November 2011. - Phase 5 – Service Launch and Testing - In January 2012, the project went live in production. The first eKey integrated service was launched the following February. The production soft launch was followed a marketing campaign to create the awareness amongst the public in the country. - Phase 6 – Roll-Out and Integration - On 8th April 2012, the project was inaugurated by His Highness Shaikh Mohammed bin Mubarak Al Khalifa, the Deputy Prime Minister during the opening ceremony of Bahrain International eGovernment Forum. After the inauguration, a nationwide campaign was launched to register users on the system with a target of over 50,000 registered users by end of 2014

 5. Who implemented the initiative and what is the size of the population affected by this initiative?
The eKey system was conceptualized and developed by eGA with support and engagement from the a range of internal and external stakeholder groups: CITIZENS & NGOS The eKey worked with citizens and NGOs during the user requirement gathering and testing phase to ensure that the final solution made it quicker and easier for ALL Bahraini’s to access and use online services. These groups include elderly citizens, expat, housewives and charity organizations representatives. BUSINESSES The eKey team also conducted user requirement gathering and testing with potential private sector end users to ensure that the eKey solution could be extended to an eCommerce setting for use in conjunction with their services. The requirements gathering sessions were conducted with telecommunications companies, such as Zain and Viva companies, and retails banks, such as Ithmaar bank. In a parallel activity, the internal legal team made the effort to ensure that the usage of such innovative solution, especially with its biometric identification mechanism, is properly covered under local laws and adhering to the best practices regionally and internationally. GOVERNMENT AGENCIES The Central Informatics and Telecommunications Organization (CITO) was the primary government stakeholder alongside the eGA. During service launch and testing, however, the eGA also consulted extensively with the full range of government departments to ensure that the secure infrastructure fully supported the needs of all government agencies. PRIVATE SECTOR CONTRACTORS The eKey team consulted with external experts from consulting firms PwC and Wipro during the design phase and CrimsonLogic during the implementation phase. CrimsonLogic assisted in the technical adaptation and deployment of the solution.
 6. How was the strategy implemented and what resources were mobilized?
The eKey initiative was initiated, supported and funded by eGA. Execution of the technical solution was outsourced to an external vendor, CrimsonLogic, through a tendering process as per the rules and regulations of the Kingdom. The principal criterion for selecting and assigning the project to CrimsonLogic was the company’s previous experience with a similar project on a related user-base scale - SingPass for the Singaporean government. The value of the project was at BD800,000 ($302,000) which include various expenses such as the hardware infrastructure, over the shelf applications, implementation of the custom built solution and the support. The majority of the project’s work was carried out offshore (Singapore and India) so as to minimize the cost of the project, as a result, only required resources were mobilized to the Kingdom. The CrimsonLogic team handled the project management aspect and all the development and configuration activities. eGA resources managed the overall implementation and ensured its alignment to the requirements and to the international best practices as agreed with the vendor. In addition, a technical team from CITO was assigned to work with both eGA and the vendor team on the integration and the use of fingerprint data residing at CITO.

 7. Who were the stakeholders involved in the design of the initiative and in its implementation?
The eKey system has been designed to ensure that any citizen, resident or business has the ability to access the full range of Bahrain’s online service through a secure, trusted, Single-Sign-On credential. The cross-departmental approach and linked-up back-end infrastructure have allowed the system to be seamlessly integrated into the service offering of all departments. Within this framework, a number of key outputs have contributed to the success of the initiative: Secure Identification Credentials - eKey uses a Personal Identification Number (PIN) as the identity verifier; and three factor credentials (password, smart card and finger print) to verify and assert identity. This approach ensures the usage of one identity and a set of credentials to avail all electronic services from the governmental agencies. Seamless Integration with Existing Services –eKey’s infrastructure is fully available to government service channels in an easy-to-integrate format and is flexible enough to be shared with the private sector. The established solution asserts and underwrites the identity presented to a level of confidence required by the integrated services. Biometric Linkage –The use of biometric data helped the whole government reach new levels of secured methods of service delivery. Users will be able to use their biometric information to avail highly secured services from the comfort of their homes. Biometric data are extremely difficult to imitate and manipulate, especially with all the security components built around the system. Therefore, sensitive and highly confidential services are now possible to be provided the internet. Personalized Content Support - eKey empowers capable channels to provide personalized content. As a result, government departments across the Kingdom can now provide a unique service interface including customized displays of a users’ personal information and access to relevant services based on a users age, abilities and/or other key criteria. Back-End Service Linkage – With the use of a unified authentication solution, namely the eKey solution, the government and the citizens alike realize a considerable amount of convenience, cost and time savings. Government entities will be able to provide the majority of their services online, thus, will be able to reduce the need for establishing customer facing units and save expenses relating to hiring customer service representatives, hiring buildings, establishing customer care units and provide parking space. Additionally, government entities do not need to implement another authentication solution, because the eKey solution uses the National Personal Number for identifying individuals, which is being used in almost all of government services, thus making it compatible and suitable to be used across entities. Moreover, citizens also save time, money and effort using the services online because they no longer need to travel to the ministries’ headquarters to use a particular service.

 8. What were the most successful outputs and why was the initiative effective?
Continuous measurement of service uptake and registration was used to guide the team towards the most appropriate strategy for creating awareness about the solution and extending its reach to additional public and private sector users. A key metric for evaluating success was the introduction of additional eKey services and features to maximize the potential of the solution and achieve the highest benefit. Performance monitoring is a key aspect for the eKey system. The eGA team had defined a set of performance indicators to which the system had to adhere to. For instance, the response time had to be within the following: • Registration of the Individual Users: The total process should be completed in between 7 – 10 minutes time • The First Factor (1FA – CPR Number and Password) authentication transactions shall be completed as below • 100% of authentication transactions shall be completed in 8 seconds of time • 99% of authentication transactions shall be completed in 5 seconds of time • 95% of authentication transactions shall be completed in 3 second of time • Bahrain eKey infrastructure shall provide users a minimum operational availability of 99.95% for the production environment These metrics were monitored throughout the lifetime of the system, from the Acceptance testing, to the sanity testing after the go live and it is conducted on a bi-monthly basis to ensure these values are met. Additionally, eKey adapts a number of security standards used to secure the data at rest and in transmission. For instance, the use of a state-of-the-art HSM (Hardware Security Module) for the purpose of Random Number Generation (RNG). Another example would be the use of AES 256-bit encryption to encrypt the password and user’s details stored in the database. Moreover, the system uses RSA 2048-bit encryption, using the HSM, to encrypt exchanged messages between eKey and integrated systems. Lastly, eKey system also uses SHA-256 Hashing Algorithm for digital signatures.

 9. What were the main obstacles encountered and how were they overcome?
eKey encountered and overcame the following problems during implementation: 1. Ensuring No Duplication of Identities Challenge: Citizens and residents alike already own an identification number issued by CITO via the legacy system used in government transactions/services. When designing eKey, the team identified a potential challenge that the legacy system of CITO might produce a conflicting identity record set leading to duplicated work in the registration of individuals’ information. Solution: The eKey system integrated with the CITO system to leverage the existing users’ information database to ensure the unification of the physical identity and electronic identity parameters. 2. Developing a Light-Touch Enrollment Process Challenge: Users intending to use the eKey solution were required to undergo a short, one-time registration procedure to create their electronic identity. While this process was necessary to ensure the security and trustworthiness of the system through biometric support, a time burden was placed on the individual that could have deterred enrollment Solution: Enrollment challenges were overcome by enhancing the accessibility by means of providing registration stations in the eService Centers which are distributed all over the Kingdom to ensure ease of access. In addition, the eKey solution provides an online interface for users to register online and begin to use services immediately.

D. Impact and Sustainability

 10. What were the key benefits resulting from this initiative?
eKey’s main objective is to establish a system which can uniquely identify each citizen and resident with the highest degree of confidence. Key benefits include: WIDESPREAD AVAILABILITY The same identity and set credentials can be used across all systems which subscribe to the services of the eKey, making online authentication more widely available to all Bahrainis. The system provides the capability to register online so that credentials are created and users can use the services immediately. MORE PERSONALISED SERVICE eKey enables government departments to match the service interface to a user’s unique needs and consequently provide access to relevant services based on user-specific criteria such as age or abilities. Personalization was only possible after introducing the eKey because service providers needed to know who the user trying to login is. Also, once authenticated, the service provider can establish the trust and present information that are relevant and customized based on the user profile, such as gender, residential location and history of previous transactions. INCREASED CUSTOMER SATISFACTION AND TRUST By enabling secure, single sign on, eKey has increased customer satisfaction and trust by 19% amongst all users. This was measured through a public survey across users approached throughout eGovernment campaigns and roadshows. It is anticipated that such percentage will increase with the increase of the public awareness and the introduction of more highly secured services, such as Ministry of Interior and Ministry of Justice services. INCREASED UPTAKE OF ONLINE SERVICES Following the introduction of eKey, uptake of online services in the Kingdom of Bahrain has increased by 12%. ENHANCED eCOMMERCE eKey was intentionally designed for use by the private as well as public sectors. Private sector use of the solution, particularly amongst telcos and banks, has helped to give Bahraini businesses a competitive edge in the eCommerce arena by bolstering the security of online transacations and thereby enhancing public confidence in them. [Can we include supporting statistics?] MORE SECURED SERVICES TO BE AUTOMATED After the launch of eKey, government entities are able to provide services that were not possible to be provided online and required the presence of the actual customers. Such requirement was mainly to prove the identity and to provide government employees with signed documents for future reference. This is no longer required as the eKey can provide the audit trail of the user’s transactions along with their authentication details. Thais then can be cross referenced with the service logs to form a clear evidence of users transactions, in case of any dispute. Signatures can be forged and imitated, however, authenticating users based on their fingerprint is difficult to forge.

 11. Did the initiative improve integrity and/or accountability in public service? (If applicable)
FINANCIAL SUSTAINABILITY Long-term funding for the maintenance and administration of the initiative will be delivered through the fee-for-service use of the solution by key private sector players in the in the Kingdom’s telecom and banking sectors. As fees are charged on a per-transaction basis, there is a significantly lower likelihood of revenue decline than under a fixed-fee system. This is anticipated because of the limitless possibilities for services to be introduced using eKey. The more services introduced, the revenue is generated. It is projected that the number of transactions is going to grow on an average growth rate of 45% annually, especially with introducing more government entities and private sector partners simultaneously. ENVIRONMENTAL SUSTAINABILITY The system has been designed to deliver significant environmental savings through eliminating the need for in-person authentication for each different service. The ability to have secure biometric authentication remotely has saved Bahrainis an estimated average of up to 3 journeys per month to government entities and 2 journeys per month for private sector. These values are expected to double with the end of 2014 with more services from both sectors are introduced. SCALABILITY AND INTERNATIONAL TRANSFERABILITY The whole of government architecture used to implement the eKey solution ensures scalability. A common infrastructure and seamless integration with existing services provides the system also delivers international transferability. The most crucial requirement for implementing the eKey system is the data against which the identity of the individuals will be asserted. The solution can be transferred and applied based on the existing and available infrastructure, since the solution leverages the existing databases of citizens and residents. Finally, countries wishing to adopt eKey can easily adapt a number the solution’s attractive ‘out of the box’ features.

 12. Were special measures put in place to ensure that the initiative benefits women and girls and improves the situation of the poorest and most vulnerable? (If applicable)
Future-Proof through Flexibility: The eKey team developed the solution in line with the latest international standards on identity management such as STORK. With STORK 2.0 now under development, the team learned that it is essential to map your system from the outset and identity the correct ‘maintenance points’ for updating the system in the future. By designing the system to be updated in a simple, modular way, eKey has saved time and money for the future. Simple Service Integration leads to Higher Uptake: During stakeholder consultation, the eKey team identified a lot of concern about the burdens that would be placed on existing services to redesign their software to integrate with the eKey system. The team made sure to design eKey to be technology-independent and fit in easily with the full range of existing government services. Making it easy for your service developers is the best way to ensure that everybody takes up the new solution. Prioritize an Effective Marketing Strategy: The eKey team soon discovered that it was critical to have an effective promotional campaign to foster public acceptance and uptake of the system. A dedicated marketing strategy helped to increase awareness among the public about the need to protect their electronic identity every bit as much sources of physical identification such as the passport and ID cards, if not more. Engage Senior Leadership Early: The eKey team found it critical to provide clear strategic directions and plans from higher management from the outset of the initiative through to conclusion. Ongoing communication from senior management and regular status report meetings were used to ensure that the entire team shared a common sense of purpose and strategic mission.

Contact Information

Institution Name:   eGovernment Authority
Institution Type:   Government Agency  
Contact Person:   Mohammed Hammad
Title:   Chief of Information Security  
Telephone/ Fax:  
Institution's / Project's Website:  
E-mail:   mihammad@ega.gov.bh  
Address:  
Postal Code:  
City:  
State/Province:  
Country:  

          Go Back

Print friendly Page