PartnerWeb: Accessing Confidential Data with SuisseID
PartnerWeb is business software for social insurance companies and compensation registers. The compensation registers are responsible for administering “Alters- und Hinterlassenenversicherung / Invalidenversicherung” (AHV/IV, old-age and survivors’ insurance / disability insurance) and other services such as e.g. family allowances for employed persons. Companies directly settle the contributions to the AHV/IV with the compensation registers. For calculating the contributions, all organisations with employees are legally obliged to report employee salaries and family background to the compensation registers. With PartnerWeb, that information can be forwarded to the compensation registers electronically via the Internet. While companies could previously send data electronically, data protection reasons did not allow the electronic access to those data. SuisseID provides companies with additional access to their confidential data.
PartnerWeb: Information System for Compensation Registers
Companies in Switzerland have important obligations regarding the social insurance of their employees, e.g. the AHV/IV. In this process, compensation registers assume crucial administrative functions and therefore require the respective information from the companies. Within one month following employment, companies must register each new employee with the compensation register of which they are members. The compensation register will, in turn, issue insurance certificates that the companies have to give to their employees. Employee family allowances also require registration with the compensation register.
In the past, those registrations were always done on paper while today, they are mainly processed electronically via e-business solutions. PartnerWeb is such an e-business solution for social insurance companies such as compensation registers. PartnerWeb was developed by the “Interessengemeinschaft für Ausgleichskasseninformationssysteme” (IGAKIS) in cooperation with Mathys & Scheitlin AG (M&S). When using PartnerWeb, companies can electronically process payroll notifications and other respective business with their compensation register.
There are ca. 90 compensation registers in Switzerland. In general, the compensation registers use one of a total of five business software systems specially developed for compensation registers. For each, a purchasing association such as IGAKIS is responsible for further developing the system with one or several business software providers. 63 compensation registers and 15 pension funds operate PartnerWeb as self-sufficient entity. The 63 compensation registers serve 320,000 Swiss companies. Most companies use the PartnerWeb of the compensation register of which they are a member.
Presentation of business partners
Principals
The “Interessengemeinschaft für Ausgleichskasseninformationssysteme” (IGAKIS) was founded in the late 1980s and has the legal form of a Swiss cooperative. In 1992, the technical platform for the newly developed Compensation register Information System (Ausgleichskasseninformationssystem, AKIS) was determined. In 1996, the first AKIS version with client-server architecture on the basis of Microsoft products was released. Today, the community comprises 41 compensation registers (36 by associations, 4 by cantons and the Eidgenössische Ausgleichskasse EAK).
Business software provider
Company Mathys & Scheitlin AG (M&S), founded in 1990, has company offices in Bern and Schlieren. M&S employs over 50 experts handling client projects at various locations. The business software developments are based on Microsoft .NET technology M&S is a Microsoft Gold Certified Partner. The strengths of M&S lie in the e-business, workflow, document management application areas and in information systems for social insurances.
Decision in Favour of SuisseID
Previously, persons responsible for payroll notifications at the companies used to be able to identify themselves at PartnerWeb through a web browser using username and a password. They could then use the functions for any notifications to the compensation registers. This process made it for example possible to store current salaries or changed family backgrounds.
Since the password could have been stolen and was therefore relatively unsafe, data protection prohibited a user from once again viewing the previously transmitted data during a later session. A user could merely request the transmitted data from the compensation register, which he would then receive via mail. Confidential and protected data are e.g. payroll lists of employees of the respective organisations or data on employee family background.
When the launch of SuisseID was announced, IGAKIS recognised that there was a way to do away with administratively complex and time-consuming physical mail. Authentication with SuisseID at PartnerWeb renders a user identity unambiguous. Thanks to the secure authentication, users can now see even confidential and protected data in PartnerWeb. For IGAKIS, this was an important reason for offering authentication with SuisseID.
A further decision factor for supporting SuisseID consists in IGAKIS’ declared goal of being a leader in technology and most recent developments. Current infrastructure preparations are aimed at enabling the market to use SuisseID on an even greater scale. Insured persons (employees and retirees) are expected to also have a SuisseID in the future. This would allow an insured person to order a pension analysis from the compensation register or to retrieve confidential data.
Accessing Confidential Data with SuisseID
Business View and Processes
Compensation registers are non-profit organisations. The affiliated companies (members) finance their operations. Member representatives usually make up the compensation register’s board of directors. The primary goal of a compensation register does not consist in profit optimisation but in efficiently administrating the insured persons and their AHV/IV contributions. The gathering process of insured persons and the administration of individual pension accounts are therefore among the key processes conducted by the compensation registers.
Notifications regarding company employee entries and exits trigger the gathering process for compensation registers. When employees newly enter a company, the latter must notify the compensation register. In the past, the company had to send the AHV card of the insured person by mail. Today, virtually all compensation registers allow for electronically gathering information interactively and the AHV card is no longer needed. The registration confirmation notification by the compensation register is most frequently still sent via physical mail.
For each insured employee, the compensation registers require the AHV-relevant salary for determining insurance contributions individual employees must make to the compensation registers. Compensation registers also receive the data on family allowances that the company must pay to the employee. Family allowances are set off against insurance contributions so that frequently, the compensation registers do not need to make any payments to the companies.
For loss-of-income according to the Loss-of-Income Act (EO, Erwerbsersatzordnung), the compensations claims will be paid in accordance with the due notifications (compensations are due for military service, civil protection service and for youth and sports squad education).
With the extension of user authentication via SuisseID, the compensation registers are now able to make even confidential information electronically available to system users. In principle, this information is identical to the one companies previously received via physical mail. On the recipient side, the notifications had been deposited in electronically scanned or paper form. This was not always unproblematic with regard to the information’s confidentiality. The new access possibility renders physical storage void since the authorised employees can at any time retrieve the information via the compensation register’s PartnerWeb.
The advantage is particularly pronounced for larger companies since the paper documents often required additional copies and internal distribution (since the documents may contain employee information distributed among various company units where the personnel departments are not served by the same individuals).
Figure 1: Business scenario compensation registers
The difference between logging in with a username/password and logging in with SuisseID consists in the strength of authentication. For username and password, two inputs suffice and it is relatively easy to steal them. For SuisseID, the USB reader with the SuisseID chip card must be connected to the computer before entering the PIN and/or password. The private key required for the authentication with SuisseID that is stored on the SuisseID chip cannot be stolen since it never leaves the card. [Quade, 2010: p. 18].
Swiss legislation also requires that the future SuisseID owners must be clearly identified before a SuisseID can be issued [Quade, 2010: p. 14].
Application View
There are several alternatives for companies for sending data to PartnerWeb:
- The responsible persons working in company payroll or personnel administrations log into PartnerWeb via a web browser (there are no non-personal user accounts) and utilise the functions offered online. These comprise e.g. the forms “Notification processes for employees” or “Salary notification processes”.
- The responsible persons at the company log into PartnerWeb and use the file upload function. The files must have the structure required by swissdec [2010]. In general, swissdec-certified payroll accounting systems can create such files.
- The company ERP system directly communicates with an XML-based PartnerWeb service. Swissdec-certified ERP systems for the “Process integrated processes (PIV)” and “Unitary payroll accounting processes (ELM)” can use this alternative.ren (PIV)" des "Einheitlichen Lohnmeldeverfahrens (ELM)" zertifiziert sind, können diese Variante nutzen.
If data are transmitted via one of the first two above-mentioned alternatives, e.g. payroll data via file upload or detection via online form, the PartnerWeb user will receive a summary of the transmitted data during the very same session. He will be able to once again view the data. When logging off before once again logging in at a later moment using username/password, he will no longer have access to those data. This ensures that a potentially unauthorised person logged into PartnerWeb cannot access data transmitted in previous sessions.
User logging in with SuisseID on the other hand may once again view data even from previous sessions. To this end, PartnerWeb has been extended by one function: Via dossiers, users can now retrieve data once again. Standard dossiers available in PartnerWeb are: contributions, insured persons and family allowances. The compensation registers can define further dossiers and attribute access rights via roles and user groups. The SuisseID login of PartnerWeb uses simple authentication [Quade, 2010: p. 20].
Figure 2: Application view PartnerWeb
During a SuisseID login, the SuisseID Identity Provider/Claim Assertion Service (IdP/CAS) will verify the validity of the used SuisseID. During SuisseID access, TLS (Transport Layer Security) secures the communication between web browser and PartnerWeb. When exchanging data, the system employs the process, as defined in the SuisseID Specification, with SAML (Security Assertion Markup Language) [Bürge & Zweiacker, 2010, p. 26].
When integrating PartnerWeb and an ERP system via web services, the introduction of SuisseID does not cause any changes. As before, the company ERP systems do not receive back any data.
All compensation registers connected to IGAKIS have their own individual PartnerWeb installations. In practice, each installation is configured slightly differently. Each compensation register for example provides their users with different frontend functions, e.g. different types of dossier.
PartnerWeb is divided into a backend and a frontend. The frontend is a web application enabling Internet access. The backend is a client-server application to which only the compensation register network has access. The database for the frontend therefore only stores information required for operating the web application. The IGAKIS outsourcing partner operates the PartnerWeb frontends, while the compensation registers operate the backend themselves.
Company-transmitted data, such as payroll or contribution data, are directly transferred from the frontend to the backend or retrieved from there. The frontend contains data exchange functions. Functions for supporting the compensation register business processes are only available at the backend. The backend can also be used for providing support to frontend users, e.g. renew passwords or block users.
PartnerWeb can activate a login with SuisseID for existing and for new users. This will require the unique SuisseID number. It is possible to link several SuisseID numbers to each user account provided that a person owns several SuisseID tokens with different numbers that he would like to use on PartnerWeb.
For a compensation register to obtain permission to activate a user login with SuisseID, the user employer must have applied for such access. The application process is formal since it authorises access to confidential PartnerWeb information for the respective employee.
The employer application can be generated via the “Certificate registration” function. The application requires a hand-written signature of the applying company’s employer or, in case of a PDF, an electronic signature. When generating the PDF form, the SuisseID certificate will automatically detect and enter the SuisseID number, the registered name and the registered e-mail address into the designated fields. Additional information, such as the name of the applying company and the membership number must be added in the form..
Project Flow and Operation
In autum of 2009, a press release by the State Secretariat for Economic Affairs SECO [Staatssekretariat für Wirtschaft SECO, 2009], IGAKIS learned about the launch of SuisseID. As early as autumn 2009, IGAKIS decided to integrate PartnerWeb functions that add value in connexion with SuisseID without however having to make significant changes to the existing functions.
Investment Decision
No formal decision was made for investing in the support of SuisseID and the novel functions. A rough cost estimate was however conducted. The effort for integrating SuisseID and the development of the new functions (dossiers) was estimated to total 100 man-days. IT partner M&S furthermore insisted that PartnerWeb constantly adopt current technology and innovation so that the product can maintain and further develop its leading market position.
Solution Development and Implementation
M&S has developed the integration of SuisseID on Microsoft .NET-Basis. The complementary Software Development Kit (SDK) available from SECO was not used since the SECO SDK was not yet available at the time of development at M&S. SECO-provided SuisseID test certificates served to develop and test new functions [Quade, 2010: p. 35].
During development, it became evident that it was not sufficient to provide persons logging in using SuisseID with confidential data. For users logging in using SuisseID are not always authorised to view all company data. The PartnerWeb frontend therefore required the development of a role and user group concept allowing users to receive different access rights. Previously, such a concept had not been necessary since notifications could only be forwarded to compensation registers. All users therefore had the same roles and rights.
A pilot phase was conducted in cooperation with “Eidgenössische Ausgleichskasse”. The results led to further function adjustments. Upon initial registration for login using SuisseID, the system added an application in the form of a PDF document that automatically retrieves information from the SuisseID and enters it into the form.
The new functions are presented at IGAKIS events and during M&S customer symposiums. In addition to the advantages from electronic access to confidential data using SuisseID, the administrative requirements regarding user rights are also addressed.
Continuous Maintenances and Planned Further Development
In normal operation mode, the system does not require any special maintenance. For compensation registers and companies, administering the user accounts with SuisseID is additionally required. Companies must sign off exiting employees with a PartnerWeb user account – independent of whether they own a SuisseID or not. Depending on the compensation register, companies can sign off persons themselves via the frontend user administration or the compensation register signs them off via the backend.
Offering those new functions accessible with SuisseID triggers new types of company demand. Providing data is just a first step. In the future, additional functions for comfortable service should be offered. This includes for example business transactions that previously required a signature on paper but may soon also be submitted bearing an electronic signature. In the area of insurances, one example includes persons that would like to have a portion of their pension entitlements paid out to another person. This type of authorisation requires a signature.
Experiences
Within a few weeks, half of all compensation registers using PartnerWeb activated the solution. The solution therefore has the potential that employees (especially in personnel administration) of many Swiss companies will register at PartnerWeb using a SuisseID.
The compensation registers are glad about the new function “dossier” as it allows them to better satisfy member demands. Especially larger companies, such as SBB, benefit since they will no longer need to internally distribute compensation register documents in the future.
Success Factors
An important success factor for PartnerWeb is the fact that users logging in with SuisseID can electronically retrieve confidential data. This advantage does not directly result from the authentication process but indirectly, since secure authentication enables better online services. This also comprises the dossier function PartnerWeb extension: obtaining direct electronic access to confidential data – instead of receiving physical mail as before – constitutes a clear added value to users.
Solution Particularities
PartnerWeb handles the attribution of SuisseID to a new user account via the unique SuisseID number. This has the advantage that the code is standardised for all providers and remains unchanged when renewing SuisseID. M&S has embedded this function so that it is possible to assign to users other electronic X.509 certificates corresponding to the SuisseID security standard [ITU-T Recommendation, 2005]. It is for example possible to use a certificate from internationally active companies like Thawte or VeriSign to access PartnerWeb. Larger companies already employing such security solutions can therefore also use PartnerWeb. Unless the certificate has been issued according to the SuisseID Specification, issuer and serial number are certificate characteristics requiring registration in PartnerWeb.
Lessons Learned
An important insight from the project with M&S was that as soon as access to confidential information should be granted, the question as to ‘who may view which data’ arises. As mentioned in Chapter "Solution Development and Implementation" a role and user concept was required that allowed allocating different access rights to different users.
References
Bürge, Urs; Zweiacker, Marc (2010): SuisseID Specification V1.3. Bern: Staatssekretariat für Wirtschaft SECO.
Quade, Michael (2010): Fachbeitrag "Was ist die SuisseID?", in: Quade, Michael; Wölfle, Ralf; (2010): SuisseID in der Praxis - Grundlagen und Fallstudien zum elektronischen Identitätsnachweis der Schweiz, Basel: edition gesowip, 2010. p. 13-34.
Staatssekretariat für Wirtschaft SECO (2009): "Die SuisseID kommt 2010 auf den Markt". SECO - Die SuisseID kommt 2010 auf den Markt. Retrieved 11.09.2010 fromhttp://www.seco.admin.ch/themen/00476/03466/03482/index.html?lang=de&print_style=yes.
swissdec (2010): "Über swissdec". Retrieved 25.10.2010 from http://www.swissdec.ch/ueber_swissdec.htm.