Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
THE DANISH AGENCY FOR DIGITISATION Ministry of Finance Agency for the Modernisation of Agency for Digitisation Public Administration Agency for Agency for Governmental Administration Governmental IT Services 2
THE DANISH AGENCY FOR DIGITISATION Objectives Improving efficiency and effectiveness through digitisation Enabling public sector innovation through digitisation Ensuring outcomes of digitisation and e-gov implementation Projects Joint-government strategy and policy issues Shared public sector digital infrastructure 3
DANISH PUBLIC SECTOR - HISTORY Strong tradition of joint public sector digitisation Multi-year joint government eGovernment strategies since 2001, include central, regional, and local government • 2003: Digital Signatur • 2010: NemID • Digital self-service made mandatory 2012-2015 (80 pct. of all correspondence digital by 2015) • Mandatory use of digital letter box • November 2013 for businesses • November 2014 for citizens • Improved public online self-services 4
DIGITISATION STRATEGY 2016-2020 A Stronger and More Secure Digital Denmark • Strong focus on data and digital infrastructure • Further digital development • Cost saving through efficient digital solutions • Once-only • Data-sharing Next generation eID and signature solution will be a central infrastructure 5 oktober 2016
NEMID - THE COMMON KEY TO RELEVANT DOORS Public sector… • Public portals, e.g. sundhed.dk , borger.dk • e-services, e.g. skat.dk, optagelse.dk • Digital Post (4.3 mio. signed up) • Supported by all major government sites … and the private sector • Supported by all banks for e-banking • + ~400 private service providers Eg.: insurance companies, pension funds, apoteket.dk, buy’n’sell-site, etc
DIGITAL INFRASTRUCTURE TODAY NemID – for citizens (national eID since July 2010) • 4.6 million citizens have a NemID (92 pct. of citizens aged 15+) • High degree of satisfaction (85 pct.) and trust (81 pct.) • NemID used as secure eID and eSignature in both public and private sector (e.g. banking and private service providers, Digital Post, recording of a deed) NemID – for businesses (since November 2011) • 1.1 million NemID employee-ID used by employees in public sector (e.g. accessing data within the public health service) and private sector (e.g. when interacting with the public sector) NemLog-in • Single sign-on to public sector solutions, digital self-service, Digital Post, etc. 7
”IT LANDSCAPE” PUBLIC SECTOR CORE SECURITY COMPONENTS Banks Identity and authentication Other Private NemID Sector Public Sector Citizens’ SP’s and Solution idP’s/Brokers NemID Login broker, Business Public Sector authorization,etc. Public Sector (employee) Service Public Sector Solution Public Sector Service Providers Service NemLog-in Providers Service Providers Providers 8
GOAL AND FOUNDATION – OCES STANDARD • OCES = Public Certificates for Electronic Services • Goal: • A general open, scalable and transparent security infrastructure based on PKI • Controlled by the state and operated by a private Certificate Authority (CA) • Foundation: • State-owned Certificate Policies (CP) • Open architecture based on international standards • EU-Tender with a Public Private Partnership in mind 9 oktober 2016
OCES CERTIFICATES Issued as • Personal certificates – PID (a unique number related to civil registration number) • Employee certificates – RID/CVR (Employee number/Central company number) • Business certificates – CVR (Central company number) • Device certificates – CVR (Central company number + deviceID) Used for • Access control - Logon • Secrecy - Encryption of e-mails • Signature for e-mails, documents and web-sites (non-repudiation)
OCES 2.0 - NEMID Centrally securely stored private keys Access with 2-factor authentication independent of pc Something you know (password) Something you have (one time password) X.509 v3 CA certificates 2048 – 4096 bits RSA SHA256 End user certificates 2048 bits RSA SHA256 CRL’s and OCSP
NEMID AUTHENTICATION
End-user registration - citizen Identity known – code card sent to registered CPR address Netbank Identity validated online – Activation password and code card sent to registered CPR address Nemid.nu CA/DanID Physical presence: On-site issuance Hand-over of activition password and code card Citizen Service centres
NEMID – A NATIONAL SUCCESS – HOW COME? Ambitious joint government eGovernment strategies based on a broad political mandate Digital maturity of the population • High degree of internet penetration, usage and skills in population • 87 pct. aged 16-74 use internet every day • 88 pct. aged 16-74 have interacted online with public authorities within past 12 months (source: European Commissi on. Digital Scoreboard, 2015) Collaboration with the financial sector cross-sector high-frequency usage • More than 55 million transactions per month High degree of trust and recognition 14
A SUCCESSFUL SECURITY SOLUTION REQUIRES A GOOD BALANCE BETWEEN MANY ASPECTS Resistant to many different attack types What you see is what you Security sign Strength of Evidence Development and Easy to install implementation costs Easy to understand and Rollout Support eID communicate Easy to use in daily life Lifetime User- Consistent use on many Economy Business Model friendliness platforms Usable for people with disabilities Mobility
NEXT-GENERATION SOLUTION Objectives • Still one single national eID to retain wide dissemination and high volume • Focus on user experience and usability • More scalability (volume), flexibility (diversity of uses), adaptability (new technologies) Means • Modular architecture based on standard components • Fast and agile development • Sharing development and operations costs 16
STATUS AND NEXT STEPS • Partnership between public and financial sector June 2016 • Acquisition of next generation NemID solution: Tender and Contract 2017 Solution development from 2017 • Implementation, deployment and migration: from 2019 IDEA ANALYSIS ACQUISITION IMPLEMENTATON REALISATION 17 oktober 2016
PUBLIC-PRIVATE PARTNERSHIP Partnership agreement with Danish Bankers' Association Win-win partnership Agreed timeline and milestones Focus on core solution and interfaces Shared financing and contribution of resources Joint steering group and programme team Co-financing Exploitation Awareness and usage Stakeholder needs 18
NEW ELEMENTS MORE LOGIN-FACTORS ENHANCED USE SEPARATION OF E- OF PRIVATE NEMID ID AND IN THE BUSINESS E-SIGNATURE AREA BASIC FUNCTIONALITY PRIVACY AND CONTEXT- MORE LEVELS OF DEPENDENT ASSURANCE INFORMATION IMPROVED ADMINISTRATIVE SOLUTIONS FOR BUSINESSES 19 oktober 2016
STAY IN TOUCH digst.dk/English digst.dk/Servicemenu/English/News/Newsletter chaja@digst.dk 20
REFERENCES AND LINKS • The official Danish NemID website: www.nemid.nu (some things in English • OCES certificate policies published in English: https://www.nemid.nu/dk- da/digital_signatur/oces-standarden/oces-certifikatpolitikker/ • Agency for Digitisation: www.digst.dk (some things in English) • Documentation for implementation of NemID (in English): https://www.nets- danid.dk/produkter/for_tjenesteudbydere/nemid_tjenesteudbyder/nemid_tj enesteudbyder_support/tjenesteudbyderpakken/ • Open Source Java applet for login and signing and demo environment: www.openoces.org •NemID JavaScript site: http://www.nets.eu/dk- da/Produkter/Sikkerhed/NemID-tjenesteudbyder/NemID- JavaScript/Pages/default.aspx
You can also read