There are known certified identification systems.
The systems currently used, for example by banks (internet banking), require users to certify their identity at the time they establish their relationship with the bank by physically presenting their identifying documents (identity card, driving license, passport) and also by signing the agreement to use online services.
Security for online identification is usually implemented using various systems such as: the use of a password or token consisting of a device issued by the certifying body with defined time codes, and possibly reinforced with physiognomic recognition measures, such as, for example, fingerprint readers and others known at the technological state of the art in this field.
The use of these online identification systems is recognised by the legislation of various countries, but currently these systems can be used only for operations or actions performed with the body which issued the certification.
To the knowledge of the inventors, there does not exist a system, method or methodology which permits a single certified identification to be valid for a plurality of different bodies or for uses other than those pre-established by the certifying body and in any case they must always be for activities to be performed with the certifying body.
It follows that a person interested in carrying out certified operations must be identified with each body that provides a specific certification.
In other words, the certification is tied to the person who is acting, in combination with a particular single certifying body.
Furthermore, if a certifying body were to decide, by common agreement with another body, to share the information on the certified identity of individuals, it would be obliged to adapt its own system to make it compatible with the other system.
This makes it substantially impossible to have flexible and efficient data sharing. Each body has its own computer system; modifying such a system to make it compatible with another inevitably gives rise to a weakening of the security requirements peculiar to each system, causing a possible leak in the security which a certified identity must, on the contrary, guarantee.
Currently, in Italy, a Prime Ministerial Decree awaiting approval defines the compliance and delivery modes for a Public Digital Identity Service (SPID). In this service, which will be provided if approved within the pre-ordained time, a citizen who wishes to obtain a Digital Identity will have to apply to one of the accredited Digital Identity operators. In order to be able to provide a Digital Identity, the operator will have to proceed with a “strong” recognition of the citizen, through a face-to-face check.
This service is, at the very least, limited as a result of this characteristic, since it seems that the only way that has been found to identify a subject with certainty is direct recognition through the physical presence of the person concerned. In other words, any certifying body must have had at least one “face-to-face” recognition.
Furthermore, based on what is currently public knowledge, the structure and operating modes of the service seem to be the classic bureaucratically (and therefore also technically) complex solution typical of a public administration.