| 4. In which ways is the initiative creative and innovative?
|
|
The eKey System has been developed following an extensive service development methodology combined with the eGA’s established Project Management tools:
Phase 1 – Conceptualization - In March 2009, research (in the form of an Enterprise Architecture Maturity study) was conducted to establish the basic concepts of eKey and identify the needs of the initiative. This study covered all ministries and government entities and identified the needs across the government.
Phase 2 – Engagement of Partners - In June 2010, a Request For Proposal (RFP) was submitted to Bahrain Tender Board to invite specialized local, regional and international firms. The review of all bids and the awarding of the project took around one month from the date of opening the bids.
Phase 3 – Design of eKey System - In September 2010, the selected bid was awarded with the tender and was officially kicked-off. The design activities of eKey solution were conducted by the vendor, and in cooperation with CITO. The design included the system design as well as all integration specifications and the specific standards to which eKey solution has to adhere.
Phase 4 – Implementation - In December 2010, implementation began in cooperation with the relevant stakeholders. The first step of implementation was to setup the infrastructure on site. This phase included setting up the Hardware, configuring the servers and setting up the required networking components. A parallel phase started to develop the application running on these servers.
A third phase was to develop the integration interfaces with the CITO, owners and maintainers of the Biometric data of all citizens and residents of Bahrain. An additional phase was introduced and dedicated to all tests to be performed on the solution. These include various kinds of security tests, such as penetration testing, vulnerability assessments, tests against the common threats like hackers’ attacks and denial of service issues. Moreover, tests also included performance testing and availability testing. This phase was considered completed in November 2011.
Phase 5 – Service Launch and Testing - In January 2012, the project went live in production. The first eKey integrated service was launched the following February. The production soft launch was followed by a marketing campaign to create awareness amongst the public in the country.
Phase 6 – Roll-Out and Integration - On 8th April 2012, the project was inaugurated by His Highness Shaikh Mohammed bin Mubarak Al Khalifa, the Deputy Prime Minister during the opening ceremony of Bahrain International eGovernment Forum. After the inauguration, a nationwide campaign was launched to register users on the system with a target of over 50,000 registered users by end of 2014.
|
|
| 5. Who implemented the initiative and what is the size of the population affected by this initiative?
|
|
The eKey system was conceptualized and developed by eGA with support and engagement from a range of internal and external stakeholder groups including:
CITIZENS & NGOS
The eKey worked with citizens and NGOs during the user requirement gathering and testing phase to ensure that the final solution made it quicker and easier for ALL Bahraini’s and residents to access and use online services. These groups include elderly citizens, expats, housewives and charity organizations representatives.
BUSINESSES
The eKey team also conducted user requirement gathering and testing with potential private sector end users to ensure that the eKey solution could be extended to an eCommerce setting for use in conjunction with their services. The requirements gathering sessions were conducted with telecommunications companies, such as Zain and Viva companies, and retails banks, such as Ithmaar bank. In a parallel activity, the internal legal team made the effort to ensure that the usage of such innovative solution, especially with its biometric identification mechanism, is properly covered under local laws and adhering to the best practices regionally and internationally.
GOVERNMENT AGENCIES
The Central Informatics and Telecommunications Organization (CITO) was the primary government stakeholder alongside the eGA. During service launch and testing, however, the eGA also consulted extensively with the full range of government departments to ensure that the secure infrastructure fully supported the needs of all government agencies.
PRIVATE SECTOR CONTRACTORS
The eKey team consulted with external experts from consulting firms PwC and Wipro during the design phase and CrimsonLogic during the implementation phase. CrimsonLogic assisted in the technical adaptation and deployment of the solution.
|
| 6. How was the strategy implemented and what resources were mobilized?
|
|
The eKey initiative was initiated, supported and funded by eGA. Execution of the technical solution was outsourced to an external vendor, CrimsonLogic, through a tendering process as per the rules and regulations of the Kingdom. The principal criterion for selecting and assigning the project to CrimsonLogic was the company’s previous experience with a similar project on a related user-base scale - SingPass for the Singaporean government.
The value of the project was at BD800,000 ($2,127,000) which includes various expenses such as the hardware infrastructure, over the shelf applications, implementation of the custom built solution and the support. The majority of the project’s work was carried out offshore (Singapore and India) so as to minimize the cost of the project, as a result, only required resources were mobilized to the Kingdom. The CrimsonLogic team handled the project management aspect and all the development and configuration activities. eGA resources managed the overall implementation and ensured its alignment to the requirements and to the international best practices as agreed with the vendor. In addition, a technical team from CITO was assigned to work with both eGA and the vendor team on the integration and the use of fingerprint data residing at CITO.
|
|
| 7. Who were the stakeholders involved in the design of the initiative and in its implementation?
|
|
The eKey system has been designed to ensure that any citizen, resident or business has the ability to access the full range of Bahrain’s online services through a secure, trusted, Single-Sign-On credential. The cross-departmental approach and linked-up back-end infrastructure have allowed the system to be seamlessly integrated into the service offering of all departments. Within this framework, a number of key outputs have contributed to the success of the initiative:
Secure Identification Credentials - eKey uses a Personal Identification Number (PIN) as the identity verifier; and three factor credentials (password, smart card and fingerprint) to verify and assert identity. This approach ensures the usage of one identity and a set of credentials to avail all electronic services from the governmental agencies.
Seamless Integration with Existing Services – eKey’s infrastructure is fully available to government service channels in an easy-to-integrate format and is flexible enough to be shared with the private sector. The established solution asserts and underwrites the identity presented to a level of confidence required by the integrated services.
Biometric Linkage –The use of biometric data helped the whole government reach new levels of secured methods of service delivery. Users will be able to use their biometric information to avail highly secured services from the comfort of their homes. Biometric data are extremely difficult to imitate and manipulate, especially with all the security components built around the system. Therefore, sensitive and highly confidential services are now possible to be provided the internet.
Personalized Content Support - eKey empowers capable channels to provide personalized content. As a result, government departments across the Kingdom can now provide a unique service interface including customized displays of a user’s personal information and access to relevant services based on a user’s age, abilities and/or other key criteria.
Back-End Service Linkage – With the use of eKey, government and the citizens alike have saved considerable time and money. Government entities can provide the majority of their services online. reduce the need for establishing customer-facing units, save expenses on hiring customer service representatives, hiring buildings, establishing customer care units, and provide parking space. Additionally, government entities do not need to implement another authentication solution because eKey is compatible with all services. Moreover, citizens also save time, money and effort using the services online because they no longer need to travel to the ministries’ headquarters to use a particular service.
|
|
| 8. What were the most successful outputs and why was the initiative effective?
|
|
Continuous measurement of service uptake and registration was used to guide the team towards the most appropriate strategy for creating awareness about the solution and extending its reach to additional public and private sector users.
A key metric for evaluating success was the introduction of additional eKey services and features to maximize the potential of the solution and achieve the highest benefit. Performance monitoring is for this reason a central feature of the eKey system. The eGA team had defined a set of performance indicators to which the system had to adhere to. For instance, the response time had to be within the following:
• Registration of the Individual Users: The total process should be completed in between 7 – 10 minutes time
• The First Factor (1FA – CPR Number and Password) authentication transactions shall be completed as below
• 100% of authentication transactions shall be completed in 8 seconds of time
• 99% of authentication transactions shall be completed in 5 seconds of time
• 95% of authentication transactions shall be completed in 3 second of time
• Bahrain eKey infrastructure shall provide users a minimum operational availability of 99.95% for the production environment
These metrics were monitored throughout the lifetime of the system, from the Acceptance testing, to the sanity testing after the go live and it is conducted on a bi-monthly basis to ensure these values are met.
Additionally, eKey adapts a number of security standards used to secure the data at rest and in transmission. For instance, the use of a state-of-the-art HSM (Hardware Security Module) for the purpose of Random Number Generation (RNG). Another example would be the use of AES 256-bit encryption to encrypt the password and user’s details stored in the database. Moreover, the system uses RSA 2048-bit encryption, using the HSM, to encrypt exchanged messages between eKey and integrated systems. Lastly, eKey system also uses SHA-256 Hashing Algorithm for digital signatures.
|
|
| 9. What were the main obstacles encountered and how were they overcome?
|
|
eKey encountered and overcame the following problems during implementation:
1. Ensuring No Duplication of Identities
Challenge: Citizens and residents alike already own an identification number issued by CITO via the legacy system used in government transactions/services. When designing eKey, the team identified a potential challenge that the legacy system of CITO might produce a conflicting identity record set leading to duplicated work in the registration of individuals’ information.
Solution: The eKey system integrated with the CITO system to leverage the existing users’ information database to ensure the unification of the physical identity and electronic identity parameters.
2. Developing a Light-Touch Enrollment Process
Challenge: Users intending to use the eKey solution were required to undergo a short, one-time registration procedure to create their electronic identity. While this process was necessary to ensure the security and trustworthiness of the system through biometric support, a time burden was placed on the individual that could have deterred enrollment
Solution: Enrollment challenges were overcome by enhancing the accessibility by means of providing registration stations in the eService Centers which are distributed all over the Kingdom to ensure ease of access. In addition, the eKey solution provides an online interface for users to register online and begin to use services immediately.
|