National Authentication Framework (eKey)
eGovernment Authority – Kingdom of Bahrain

A. Problem Analysis

 1. What was the problem before the implementation of the initiative?
The economic, political and social development in Bahrain over the past decade has paved the way for a technological revolution to take place in the Kingdom. The general population from locals to foreigners, young children to senior citizens, has kept up with the revolution through their use technologies such as social media, smartphones, and online shops. However, many governmental services failed to keep pace with digital advances, forcing people – including the elderly, handicapped and women - to queue, deal with paper work and make time-consuming appointments simply to benefit from governmental services. Although, the number of governmental eServices has increased exponentially during the past decade, many key services remained offline and out of reach. Major services that dealt with sensitive data – such as personal data, financial data and health records– required the physical attendance of applicants in order to verify their identities before they were served. Further, these personal data records were held by multiple different authorities on paper, making it impossible to create any centralized electronic identity for service users. The lack of electronic identities made the transition of many services to online delivery impossible without compromising sensitive user data. The technological gap placed a huge pressure on key services and hindered their delivery to citizens and residents who were not able to show up in person because of obligations, difficulties or an inability to travel. This was coupled with constant costs that the service providers had to bear to provide their services through physical channels. The Kingdom is passionate about listening to the views of our community of citizens. Being part of the community, we understood the citizens feeling of discomfort and outrage at these difficult physical services. Based on this feeling, we started searching for a common element that all citizens and residents shared in order to base digital identification upon. Luckily for us, the Kingdom had already excelled in the smartcard field, and all citizens and residents alike had their fingerprints stored and linked to their smartcards. Using smartcard records, we built a framework that enables people to authenticate their identities online against their smartcard identities to use services securely without having to be present in person. During the 2 years following the release of the solution, we took on the tasks of bringing government agencies onboard, building their eServices, integrating them with eKey and enhancing the users’ experience. In 2014 integrated public services of the pension fund with eKey, serving almost all working people in the Kingdom. Previously, people – including many pensioners – had to wait in long queues to get access to pension services. Since the launch of the services, people are flocking in to get their eKey accounts to avoid the hassle. In the 4 months following the release of the pension fund services, the average number of new eKey registrants per month (RPM) has increased by 189%, jumping from an average of 812 RPM to 1538 RPM in the 4 months up to September 2014, accounting for 25.25% of all users.

B. Strategic Approach

 2. What was the solution?
In 2011, the Kingdom of Bahrain, under the leadership of King Hamad Al Khalifa, launched its 2012-2016 eGovernment Strategy. The strategy adopted a six-step approach from vision to implementation in order to achieve targets that are challenging but achievable. The eGA based its strategic approach upon the findings of a comprehensive Enterprise Architecture Maturity Study, which identified the absence of a Single-Sign-On Authentication Infrastructure as a key ‘gap’ within the provision of eGovernment services in Bahrain and provided a clear set of requirements. The eGovernment Authority (eGA) used these requirements to create a new identity authentication and verification system: ‘eKey.’ The objectives of eKey are to transform the government’s approach about authenticating people’s identities, ease citizens’ access to government services, and enable the government to serve more services through eChannels. In order to achieve these goals, the eGA built eKey. To cover as much ground as possible, eKey was implemented as both a web-based solution and a webservice. This allowed government entities to replace their fragmented authentication systems with eKey on multiple channels including web, and mobile apps. Moreover, the communication servers, eKey and government backend systems, uses standardized and secured webservices to reduce the dependency on a particular technology for integration. eKey also minimizes the number of user names and passwords that citizens had to maintain. By integrating eServices with eKey, users could readily access them using an eKey account, with no additional registration required. The eKey identification system was based on the existing national identification infrastructure and validates identities using the Central Population Register (CPR) before creating their accounts. This approach ensures that government entities still deal with the trusted identity register but through digital channels. This feature allowed the introduction of new eServices that weren’t available in the past due to the identification requirements which mandated citizens to show up in person. With eKey however, validating a user’s fingerprint with the CPR electronically has improved public service delivery (as well as eCommerce) in the Kingdom of Bahrain by using online biometric authentication to provide the same levels of security and trust that users would have if accessing services in person. The eKey solution benefits a range of target audiences in Bahrain: CITIZENS within the Kingdom can now access government services via a single portal, spend less time logging in and feel safer and more secure when interacting online. With the use of a unified authentication system, based on use of a username and password, the time-to-authenticate is reduced by more than 50%. BUSINESSES can use the infrastructure to increase the security of their own eCommerce systems. Businesses across the Kingdom invest a considerable amount of money on IT infrastructure in order to provide high quality and customized services to their customer. The approach of the eGA was aiming to reduce the total cost of ownership of such authentication solutions on the private sector firms and to provide them with access to eKey solution to cater for their authentication requirements saving time and money. In addition, the use of the eKey solution for the private sector will remove the need to put an effort to register users and maintain a secured repository of their credentials. GOVERNMENT DEPARTMENTS across the Kingdom can use eKey to improve the security of their online services whilst also benefiting from a common authentication framework to join-up back-end services. Thanks to the deployment of a consistent, secure and unified authentication services across all of Bahrain’s government departments citizens, residents and businesses alike can now easily access online public services, secure in the knowledge that their personal data and identity are protected.

 3. How did the initiative solve the problem and improve people’s lives?
Several key innovations have enabled eKey to deliver on its central objective of providing a common system for securely identifying and authenticating online service users in the Kingdom of Bahrain: Multichannel Support - eKey seamlessly authenticates users at point of entry across a multiple channels in order to provide users maximum choice in accessing online public services. Personalized User Experience Support – Once a user is authenticated, government departments now have the ability to create a unique service interface that exactly matches the user’s needs including customized displays of their personal information and access to relevant services based on background. Back-End Service Linkage – eKey provides authentication on the National Portal, which contains services from various government entities. With the Single-Sign-On, users are able to use services from many departments with no annoying logins. Use of Biometric Technologies – eKey solution employs Biometric technology to verify the identity of a person. This is a crucial innovation for highly-secured services and confidential services traditionally requiring the physical presence of the user. Biometric authentication eliminates this by acting as a digital signature authorizing sensitive transactions, like legal cases as well as official government transactions.

C. Execution and Implementation

 4. In which ways is the initiative creative and innovative?
The eKey System has been developed following an extensive service development methodology combined with the eGA’s established Project Management tools: Phase 1 – Conceptualization - In March 2009, research (in the form of an Enterprise Architecture Maturity study) was conducted to establish the basic concepts of eKey and identify the needs of the initiative. This study covered all ministries and government entities and identified the needs across the government. Phase 2 – Engagement of Partners - In June 2010, a Request For Proposal (RFP) was submitted to Bahrain Tender Board to invite specialized local, regional and international firms. The review of all bids and the awarding of the project took around one month from the date of opening the bids. Phase 3 – Design of eKey System - In September 2010, the selected bid was awarded with the tender and was officially kicked-off. The design activities of eKey solution were conducted by the vendor, and in cooperation with CITO. The design included the system design as well as all integration specifications and the specific standards to which eKey solution has to adhere. Phase 4 – Implementation - In December 2010, implementation began in cooperation with the relevant stakeholders. The first step of implementation was to setup the infrastructure on site. This phase included setting up the Hardware, configuring the servers and setting up the required networking components. A parallel phase started to develop the application running on these servers. A third phase was to develop the integration interfaces with the CITO, owners and maintainers of the Biometric data of all citizens and residents of Bahrain. An additional phase was introduced and dedicated to all tests to be performed on the solution. These include various kinds of security tests, such as penetration testing, vulnerability assessments, tests against the common threats like hackers’ attacks and denial of service issues. Moreover, tests also included performance testing and availability testing. This phase was considered completed in November 2011. Phase 5 – Service Launch and Testing - In January 2012, the project went live in production. The first eKey integrated service was launched the following February. The production soft launch was followed by a marketing campaign to create awareness amongst the public in the country. Phase 6 – Roll-Out and Integration - On 8th April 2012, the project was inaugurated by His Highness Shaikh Mohammed bin Mubarak Al Khalifa, the Deputy Prime Minister during the opening ceremony of Bahrain International eGovernment Forum. After the inauguration, a nationwide campaign was launched to register users on the system with a target of over 50,000 registered users by end of 2014.

 5. Who implemented the initiative and what is the size of the population affected by this initiative?
The eKey system was conceptualized and developed by eGA with support and engagement from a range of internal and external stakeholder groups including: CITIZENS & NGOS The eKey worked with citizens and NGOs during the user requirement gathering and testing phase to ensure that the final solution made it quicker and easier for ALL Bahraini’s and residents to access and use online services. These groups include elderly citizens, expats, housewives and charity organizations representatives. BUSINESSES The eKey team also conducted user requirement gathering and testing with potential private sector end users to ensure that the eKey solution could be extended to an eCommerce setting for use in conjunction with their services. The requirements gathering sessions were conducted with telecommunications companies, such as Zain and Viva companies, and retails banks, such as Ithmaar bank. In a parallel activity, the internal legal team made the effort to ensure that the usage of such innovative solution, especially with its biometric identification mechanism, is properly covered under local laws and adhering to the best practices regionally and internationally. GOVERNMENT AGENCIES The Central Informatics and Telecommunications Organization (CITO) was the primary government stakeholder alongside the eGA. During service launch and testing, however, the eGA also consulted extensively with the full range of government departments to ensure that the secure infrastructure fully supported the needs of all government agencies. PRIVATE SECTOR CONTRACTORS The eKey team consulted with external experts from consulting firms PwC and Wipro during the design phase and CrimsonLogic during the implementation phase. CrimsonLogic assisted in the technical adaptation and deployment of the solution.
 6. How was the strategy implemented and what resources were mobilized?
The eKey initiative was initiated, supported and funded by eGA. Execution of the technical solution was outsourced to an external vendor, CrimsonLogic, through a tendering process as per the rules and regulations of the Kingdom. The principal criterion for selecting and assigning the project to CrimsonLogic was the company’s previous experience with a similar project on a related user-base scale - SingPass for the Singaporean government. The value of the project was at BD800,000 ($2,127,000) which includes various expenses such as the hardware infrastructure, over the shelf applications, implementation of the custom built solution and the support. The majority of the project’s work was carried out offshore (Singapore and India) so as to minimize the cost of the project, as a result, only required resources were mobilized to the Kingdom. The CrimsonLogic team handled the project management aspect and all the development and configuration activities. eGA resources managed the overall implementation and ensured its alignment to the requirements and to the international best practices as agreed with the vendor. In addition, a technical team from CITO was assigned to work with both eGA and the vendor team on the integration and the use of fingerprint data residing at CITO.

 7. Who were the stakeholders involved in the design of the initiative and in its implementation?
The eKey system has been designed to ensure that any citizen, resident or business has the ability to access the full range of Bahrain’s online services through a secure, trusted, Single-Sign-On credential. The cross-departmental approach and linked-up back-end infrastructure have allowed the system to be seamlessly integrated into the service offering of all departments. Within this framework, a number of key outputs have contributed to the success of the initiative: Secure Identification Credentials - eKey uses a Personal Identification Number (PIN) as the identity verifier; and three factor credentials (password, smart card and fingerprint) to verify and assert identity. This approach ensures the usage of one identity and a set of credentials to avail all electronic services from the governmental agencies. Seamless Integration with Existing Services – eKey’s infrastructure is fully available to government service channels in an easy-to-integrate format and is flexible enough to be shared with the private sector. The established solution asserts and underwrites the identity presented to a level of confidence required by the integrated services. Biometric Linkage –The use of biometric data helped the whole government reach new levels of secured methods of service delivery. Users will be able to use their biometric information to avail highly secured services from the comfort of their homes. Biometric data are extremely difficult to imitate and manipulate, especially with all the security components built around the system. Therefore, sensitive and highly confidential services are now possible to be provided the internet. Personalized Content Support - eKey empowers capable channels to provide personalized content. As a result, government departments across the Kingdom can now provide a unique service interface including customized displays of a user’s personal information and access to relevant services based on a user’s age, abilities and/or other key criteria. Back-End Service Linkage – With the use of eKey, government and the citizens alike have saved considerable time and money. Government entities can provide the majority of their services online. reduce the need for establishing customer-facing units, save expenses on hiring customer service representatives, hiring buildings, establishing customer care units, and provide parking space. Additionally, government entities do not need to implement another authentication solution because eKey is compatible with all services. Moreover, citizens also save time, money and effort using the services online because they no longer need to travel to the ministries’ headquarters to use a particular service.

 8. What were the most successful outputs and why was the initiative effective?
Continuous measurement of service uptake and registration was used to guide the team towards the most appropriate strategy for creating awareness about the solution and extending its reach to additional public and private sector users. A key metric for evaluating success was the introduction of additional eKey services and features to maximize the potential of the solution and achieve the highest benefit. Performance monitoring is for this reason a central feature of the eKey system. The eGA team had defined a set of performance indicators to which the system had to adhere to. For instance, the response time had to be within the following: • Registration of the Individual Users: The total process should be completed in between 7 – 10 minutes time • The First Factor (1FA – CPR Number and Password) authentication transactions shall be completed as below • 100% of authentication transactions shall be completed in 8 seconds of time • 99% of authentication transactions shall be completed in 5 seconds of time • 95% of authentication transactions shall be completed in 3 second of time • Bahrain eKey infrastructure shall provide users a minimum operational availability of 99.95% for the production environment These metrics were monitored throughout the lifetime of the system, from the Acceptance testing, to the sanity testing after the go live and it is conducted on a bi-monthly basis to ensure these values are met. Additionally, eKey adapts a number of security standards used to secure the data at rest and in transmission. For instance, the use of a state-of-the-art HSM (Hardware Security Module) for the purpose of Random Number Generation (RNG). Another example would be the use of AES 256-bit encryption to encrypt the password and user’s details stored in the database. Moreover, the system uses RSA 2048-bit encryption, using the HSM, to encrypt exchanged messages between eKey and integrated systems. Lastly, eKey system also uses SHA-256 Hashing Algorithm for digital signatures.

 9. What were the main obstacles encountered and how were they overcome?
eKey encountered and overcame the following problems during implementation: 1. Ensuring No Duplication of Identities Challenge: Citizens and residents alike already own an identification number issued by CITO via the legacy system used in government transactions/services. When designing eKey, the team identified a potential challenge that the legacy system of CITO might produce a conflicting identity record set leading to duplicated work in the registration of individuals’ information. Solution: The eKey system integrated with the CITO system to leverage the existing users’ information database to ensure the unification of the physical identity and electronic identity parameters. 2. Developing a Light-Touch Enrollment Process Challenge: Users intending to use the eKey solution were required to undergo a short, one-time registration procedure to create their electronic identity. While this process was necessary to ensure the security and trustworthiness of the system through biometric support, a time burden was placed on the individual that could have deterred enrollment Solution: Enrollment challenges were overcome by enhancing the accessibility by means of providing registration stations in the eService Centers which are distributed all over the Kingdom to ensure ease of access. In addition, the eKey solution provides an online interface for users to register online and begin to use services immediately.

D. Impact and Sustainability

 10. What were the key benefits resulting from this initiative?
eKey’s main objective is to establish a system which can uniquely identify each citizen and resident with the highest degree of confidence. Key benefits include: WIDESPREAD AVAILABILITY The same identity and set credentials can be used across all systems that subscribe to the services of the eKey, making online authentication more widely available to all Bahrainis. The system provides the capability to register online so that credentials are created and users can use the services immediately. MORE PERSONALISED SERVICE eKey enables government departments to match the service interface to a user’s unique needs and consequently provide access to relevant services based on user-specific criteria such as age or abilities. Personalization was only possible after introducing the eKey because service providers needed to know who the user trying to login is. In addition, once authenticated, the service provider can establish the trust and present information that are relevant and customized based on the user profile, such as gender, residential location and history of previous transactions. INCREASED CUSTOMER SATISFACTION AND TRUST By enabling secure, single sign-on services, eKey has increased customer satisfaction and trust by 19% amongst all users. This was measured through a public survey across users approached throughout eGovernment campaigns and roadshows. It is anticipated that such percentage will increase with the increase of the public awareness and the introduction of more highly secured services, such as Ministry of Interior and Ministry of Justice services. INCREASED UPTAKE OF ONLINE SERVICES Following the introduction of eKey, uptake of online services in the Kingdom of Bahrain has increased by 12%. ENHANCED eCOMMERCE eKey was intentionally designed for use by the private as well as public sectors. Private sector use of the solution, particularly amongst telecoms companies and banks, has helped to give Bahraini businesses a competitive edge in the eCommerce arena by guaranteeing the security of online transactions thereby enhancing public confidence in them. MORE SECURED SERVICES TO BE AUTOMATED After the launch of eKey, government entities are able to provide services that were not possible to be provided online and required the presence of the actual customers. Such requirement was mainly to prove the identity and to provide government employees with signed documents for future reference. This is no longer required as the eKey can provide the audit trail of the user’s transactions along with their authentication details. These then can be cross-referenced with the service logs to form a clear evidence of users’ transactions, in case of any dispute. Signatures can be forged and imitated; however, authenticating users based on their fingerprint is difficult to forge.

 11. Did the initiative improve integrity and/or accountability in public service? (If applicable)
FINANCIAL SUSTAINABILITY Long-term funding for the maintenance and administration of the initiative will be delivered through the fee-for-service use of the solution by key private sector players in the in the Kingdom’s telecom and banking sectors. As fees are charged on a per-transaction basis, there is a significantly lower likelihood of revenue decline than under a fixed-fee system. This is anticipated because of the limitless possibilities for services to be introduced using eKey. The more services introduced, the revenue is generated. It is projected that the number of transactions is going to grow on an average growth rate of 45% annually, especially with introducing more government entities and private sector partners simultaneously. ENVIRONMENTAL SUSTAINABILITY The system has been designed to deliver significant environmental savings through eliminating the need for in-person authentication for each different service. The ability to have secure biometric authentication remotely has saved Bahrainis an estimated average of up to 3 journeys per month to government entities and 2 journeys per month for private sector. These values are expected to double with the end of 2015 with more services from both sectors are introduced. SCALABILITY AND INTERNATIONAL TRANSFERABILITY The whole of government architecture used to implement the eKey solution ensures scalability. A common infrastructure and seamless integration with existing services provides the system with scalability and also delivers international transferability. The most crucial requirement for implementing the eKey system is the data against which the identity of the individuals will be asserted. The solution can be transferred and applied based on the existing and available infrastructure, since the solution leverages the existing databases of citizens and residents. Finally, countries wishing to adopt eKey can easily adapt a number of the solution’s attractive ‘out of the box’ features.

 12. Were special measures put in place to ensure that the initiative benefits women and girls and improves the situation of the poorest and most vulnerable? (If applicable)
Future-Proof through Flexibility: The eKey team developed the solution in line with the latest international standards on identity management such as STORK. With STORK 2.0 now under development, the team learned that it is essential to map your system from the outset and identify the correct ‘maintenance points’ for updating the system in the future. By designing the system to be updated in a simple, modular way, eKey has saved time and money for the future. Simple Service Integration leads to Higher Uptake: During stakeholder consultation, the eKey team identified a lot of concern about the burdens that would be placed on existing services to redesign their software to integrate with the eKey system. The team made sure to design eKey to be technology-independent and fit in easily with the full range of existing government services. Making it easy for your service developers is the best way to ensure that everybody takes up the new solution. Prioritize an Effective Marketing Strategy: The eKey team soon discovered that it was critical to have an effective promotional campaign to foster public acceptance and uptake of the system. A dedicated marketing strategy helped to increase awareness among the public about the need to protect their electronic identity every bit as much sources of physical identification such as the passport and ID cards, if not more. Engage Senior Leadership Early: The eKey team found it critical to provide clear strategic directions and plans from higher management from the outset of the initiative through to conclusion. Ongoing communication from senior management and regular status report meetings were used to ensure that the entire team shared a common sense of purpose and strategic mission.

Contact Information

Institution Name:   eGovernment Authority – Kingdom of Bahrain
Institution Type:   Government Agency  
Contact Person:   Ayman AlAnsari
Title:   Project Manager  
Telephone/ Fax:   +97336115585
Institution's / Project's Website:  
Postal Code:  

          Go Back

Print friendly Page