The GIE Sesam Vitale unveils its partners for mobile ID development

FACTS

• The GIE Sesam-Vitale has clearly stated its intention to have its mobile identity solution qualified by the ANSSI to the substantial eIDAS level.

• To achieve this, the GIE Sesam-Vitale must enhance and secure the mobile application currently being tested with a strong authentication solution that complies with eIDAS requirements, but not only. The identification solution must also enable users to be enrolled at a level of risk equivalent to face-to-face enrolment.

• GIE Sesam Vitale did not wait for the ANTS SGIN offer (which is under schedule) to provide access to a remote identification service as-a-service or a mobile identity derivation solution (pending on legislation). Its proposal is based on a partnership between two European trusted third-parties recognized in the market:
  • French company Tessi, a major player in trust for dematerialization processes and archiving services in France
  • and the Spanish company Electronic IDentification, a provider of trust services, qualified to supply electronic signature certificates, which has developed a "Registration Authority" know-how for remote identification.

• An asynchronous solution: their remote identification solution is natively compliant with the ANSSI PVID standard, which allows human control of video streams and automatic verification of identity documents as well as facial recognition with live detection.

• Their solution is already deployed in 50 European companies and verifies more than 1.5 million identities each year with a high level of service (24/7, time between video stream capture/automatic control and manual operator validation reduced from 1 to 2 minutes).

CHALLENGES

• Provide users with a unique mobile access mode to a range of online services, such as the Digital Health Space, the Shared Medical Record (DMP), online appointment scheduling, telemedicine, hospital pre-admission, etc.

• Secure the mobile application to enable an online identification solution at the substantial eIDAS level for both online authentication and enrolment with the option of online identification at the same risk level as face-to-face.

• To have the e-ID Electronic IDentification solution qualified in France for compliance with the ANSSI PVID standard issued since April, 1st 2021. Many other players are also jumping on the boat (Docapost for its AR24 solution, Ariadnext, Ubble ...) and others seem to have the the same intention (Jouve-Deepsense ...).

• Integrate in the SDK of the mobile app an eIDAS compliant strong authentication solution, robust enough to be used on a large panel of mobile phones on the market (and not only the latest generation). For the time being, GIE Sesam Vitale has not revealed the solution it has chosen.

• To offer a mobile identity solution at a substantial level, as an alternative to the Post Office's digital identity, which could be connected to FranceConnect+. It should be remembered that GIE Sesam Vitale is currently sharing the lead with the tax authorities as the preferred identity provider for the French on the FranceConnect platform.

MARKET PERSPECTIVE

• GIE Sesam Vitale had been authorized by a decree dated May 27, 2019 to experiment with the dematerialization of the Vitale card in the form of a mobile App, called, e-health insurance card. Objective: to allow the social insured to access health insurance teleservices, but also to present their dematerialized card to health professionals to be reimbursed for care provided for themselves or their dependents.

• This experiment started in October 2019 with the constitution of a panel of health professionals and insured volunteers from 2 health insurance funds (Rhône and Alpes-Maritimes) and two MSA organizations (Ain-Rhône and Provence-Azur). In December 2019, the first healthcare professionals who adopted a compatible software solution successfully completed the first electronic healthcare sheets (FSE) with the Vitale card app for their patients.

• The experiment will continue in the fourth quarter to all insured persons in the two pilot departments, before being extended to all departments in 2022.

• To enable this generalization, a law (ordinance as suggested by Nextinpact) should allow the use of all types of electronic identification means, whether physical, such as the Vitale smart card, or immaterial (a mobile app or via a federation of proofs of identity like FranceConnect).

• The Ministry of Health, after receiving the opinion of the CNIL, could reinforce the requirement for a substantial eIDAS level for the processing of sensitive data such as health data.

• This law should also be able to refer to a CNIL opinion for the use of facial recognition for enrolment in the mobile application. As for Alicem, in addition to a privacy impact analysis, the CNIL will probably request an alternative: to be able to enroll face to face and then be authorized to use the mobile application.