Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Digital Identity - NemID
Head of Division Charlotte Jacoby
September 2016
1
THE DANISH AGENCY FOR DIGITISATION
Ministry of Finance
Agency for the Modernisation of
Agency for Digitisation
Public Administration
Agency for Agency for
Governmental Administration Governmental IT Services
2
THE DANISH AGENCY FOR DIGITISATION Objectives Improving efficiency and effectiveness through digitisation Enabling public sector innovation through digitisation Ensuring outcomes of digitisation and e-gov implementation Projects Joint-government strategy and policy issues Shared public sector digital infrastructure 3
DANISH PUBLIC SECTOR - HISTORY
Strong tradition of joint public sector digitisation
Multi-year joint government eGovernment strategies since 2001, include
central, regional, and local government
• 2003: Digital Signatur
• 2010: NemID
• Digital self-service made mandatory 2012-2015 (80 pct. of all
correspondence digital by 2015)
• Mandatory use of digital letter box
• November 2013 for businesses
• November 2014 for citizens
• Improved public online self-services
4
DIGITISATION STRATEGY 2016-2020
A Stronger and More Secure Digital Denmark
• Strong focus on data and digital infrastructure
• Further digital development
• Cost saving through efficient digital solutions
• Once-only
• Data-sharing
Next generation eID and signature solution will be a central
infrastructure
5
oktober 2016
NEMID - THE COMMON KEY TO RELEVANT DOORS Public sector… • Public portals, e.g. sundhed.dk , borger.dk • e-services, e.g. skat.dk, optagelse.dk • Digital Post (4.3 mio. signed up) • Supported by all major government sites … and the private sector • Supported by all banks for e-banking • + ~400 private service providers Eg.: insurance companies, pension funds, apoteket.dk, buy’n’sell-site, etc
DIGITAL INFRASTRUCTURE TODAY NemID – for citizens (national eID since July 2010) • 4.6 million citizens have a NemID (92 pct. of citizens aged 15+) • High degree of satisfaction (85 pct.) and trust (81 pct.) • NemID used as secure eID and eSignature in both public and private sector (e.g. banking and private service providers, Digital Post, recording of a deed) NemID – for businesses (since November 2011) • 1.1 million NemID employee-ID used by employees in public sector (e.g. accessing data within the public health service) and private sector (e.g. when interacting with the public sector) NemLog-in • Single sign-on to public sector solutions, digital self-service, Digital Post, etc. 7
”IT LANDSCAPE”
PUBLIC SECTOR CORE SECURITY COMPONENTS
Banks
Identity and
authentication
Other Private NemID
Sector
Public Sector Citizens’
SP’s and
Solution
idP’s/Brokers
NemID
Login broker, Business
Public Sector authorization,etc.
Public Sector (employee)
Service
Public Sector Solution
Public Sector
Service
Providers
Service NemLog-in
Providers
Service
Providers
Providers
8
GOAL AND FOUNDATION – OCES STANDARD
• OCES = Public Certificates for Electronic Services
• Goal:
• A general open, scalable and transparent security infrastructure based
on PKI
• Controlled by the state and operated by a private Certificate Authority
(CA)
• Foundation:
• State-owned Certificate Policies (CP)
• Open architecture based on international standards
• EU-Tender with a Public Private Partnership in mind
9
oktober 2016OCES CERTIFICATES Issued as • Personal certificates – PID (a unique number related to civil registration number) • Employee certificates – RID/CVR (Employee number/Central company number) • Business certificates – CVR (Central company number) • Device certificates – CVR (Central company number + deviceID) Used for • Access control - Logon • Secrecy - Encryption of e-mails • Signature for e-mails, documents and web-sites (non-repudiation)
OCES 2.0 - NEMID Centrally securely stored private keys Access with 2-factor authentication independent of pc Something you know (password) Something you have (one time password) X.509 v3 CA certificates 2048 – 4096 bits RSA SHA256 End user certificates 2048 bits RSA SHA256 CRL’s and OCSP
NEMID AUTHENTICATION
End-user registration - citizen
Identity known – code
card sent to registered
CPR address
Netbank
Identity validated online –
Activation password and
code card sent to
registered CPR address
Nemid.nu
CA/DanID
Physical presence:
On-site issuance
Hand-over of activition
password and code card
Citizen Service centresNEMID – A NATIONAL SUCCESS – HOW COME?
Ambitious joint government eGovernment strategies based on a broad political
mandate
Digital maturity of the population
• High degree of internet penetration, usage and skills in population
• 87 pct. aged 16-74 use internet every day
• 88 pct. aged 16-74 have interacted online with public authorities within past 12
months
(source: European Commissi on. Digital Scoreboard, 2015)
Collaboration with the financial sector cross-sector high-frequency
usage
• More than 55 million transactions per month
High degree of trust and recognition
14A SUCCESSFUL SECURITY SOLUTION REQUIRES A GOOD
BALANCE BETWEEN MANY ASPECTS
Resistant to many different
attack types
What you see is what you
Security
sign
Strength of Evidence
Development and Easy to install
implementation costs
Easy to understand and
Rollout
Support
eID communicate
Easy to use in daily life
Lifetime User- Consistent use on many
Economy
Business Model friendliness platforms
Usable for people with
disabilities
MobilityNEXT-GENERATION SOLUTION
Objectives
• Still one single national eID to retain wide dissemination and high volume
• Focus on user experience and usability
• More scalability (volume), flexibility (diversity of uses), adaptability (new
technologies)
Means
• Modular architecture based on standard components
• Fast and agile development
• Sharing development and operations costs
16STATUS AND NEXT STEPS
• Partnership between public and financial sector June 2016
• Acquisition of next generation NemID solution:
Tender and Contract 2017
Solution development from 2017
• Implementation, deployment and migration: from 2019
IDEA ANALYSIS ACQUISITION IMPLEMENTATON REALISATION
17
oktober 2016PUBLIC-PRIVATE PARTNERSHIP Partnership agreement with Danish Bankers' Association Win-win partnership Agreed timeline and milestones Focus on core solution and interfaces Shared financing and contribution of resources Joint steering group and programme team Co-financing Exploitation Awareness and usage Stakeholder needs 18
NEW ELEMENTS
MORE
LOGIN-FACTORS
ENHANCED USE
SEPARATION OF E- OF PRIVATE NEMID
ID AND IN THE BUSINESS
E-SIGNATURE AREA
BASIC
FUNCTIONALITY
PRIVACY AND
CONTEXT- MORE LEVELS OF
DEPENDENT ASSURANCE
INFORMATION
IMPROVED
ADMINISTRATIVE
SOLUTIONS FOR
BUSINESSES
19
oktober 2016STAY IN TOUCH
digst.dk/English
digst.dk/Servicemenu/English/News/Newsletter
chaja@digst.dk
20REFERENCES AND LINKS • The official Danish NemID website: www.nemid.nu (some things in English • OCES certificate policies published in English: https://www.nemid.nu/dk- da/digital_signatur/oces-standarden/oces-certifikatpolitikker/ • Agency for Digitisation: www.digst.dk (some things in English) • Documentation for implementation of NemID (in English): https://www.nets- danid.dk/produkter/for_tjenesteudbydere/nemid_tjenesteudbyder/nemid_tj enesteudbyder_support/tjenesteudbyderpakken/ • Open Source Java applet for login and signing and demo environment: www.openoces.org •NemID JavaScript site: http://www.nets.eu/dk- da/Produkter/Sikkerhed/NemID-tjenesteudbyder/NemID- JavaScript/Pages/default.aspx
You can also read
