Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net

Page created by Steven Blake
 
CONTINUE READING
Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
Digital Identity - NemID
Head of Division Charlotte Jacoby
September 2016

                                    1
Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
THE DANISH AGENCY FOR DIGITISATION

                                Ministry of Finance

    Agency for the Modernisation of
                                                      Agency for Digitisation
         Public Administration

            Agency for                                  Agency for
     Governmental Administration                  Governmental IT Services

2
Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
THE DANISH AGENCY FOR DIGITISATION

Objectives
Improving efficiency and effectiveness through digitisation
Enabling public sector innovation through digitisation
Ensuring outcomes of digitisation and e-gov implementation

Projects
Joint-government strategy and policy issues
Shared public sector digital infrastructure

3
Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
DANISH PUBLIC SECTOR - HISTORY
Strong tradition of joint public sector digitisation
Multi-year joint government eGovernment strategies since 2001, include
central, regional, and local government
     •   2003: Digital Signatur

     •   2010: NemID

     • Digital self-service made mandatory 2012-2015 (80 pct. of all
       correspondence digital by 2015)
     • Mandatory use of digital letter box
         •   November 2013 for businesses
         •   November 2014 for citizens

     • Improved public online self-services

 4
Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
DIGITISATION STRATEGY 2016-2020

A Stronger and More Secure Digital Denmark
     • Strong focus on data and digital infrastructure
     • Further digital development
     • Cost saving through efficient digital solutions
     • Once-only
     • Data-sharing

Next generation eID and signature solution will be a central
infrastructure

 5

 oktober 2016
Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
NEMID - THE COMMON KEY
TO RELEVANT DOORS
Public sector…
• Public portals, e.g. sundhed.dk , borger.dk
• e-services, e.g. skat.dk, optagelse.dk
• Digital Post (4.3 mio. signed up)
• Supported by all major government sites

… and the private sector
• Supported by all banks for e-banking
• + ~400 private service providers
  Eg.: insurance companies, pension funds,
  apoteket.dk, buy’n’sell-site, etc
Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
DIGITAL INFRASTRUCTURE TODAY
NemID – for citizens (national eID since July 2010)
• 4.6 million citizens have a NemID (92 pct. of citizens aged 15+)
• High degree of satisfaction (85 pct.) and trust (81 pct.)
• NemID used as secure eID and eSignature in both public and private sector
  (e.g. banking and private service providers, Digital Post, recording of a deed)
NemID – for businesses (since November 2011)
• 1.1 million NemID employee-ID used by employees in public sector (e.g.
  accessing data within the public health service) and private sector (e.g. when
  interacting with the public sector)
NemLog-in
• Single sign-on to public sector solutions, digital self-service, Digital Post, etc.

7
Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
”IT LANDSCAPE”
PUBLIC SECTOR CORE SECURITY COMPONENTS

        Banks
                                                  Identity and
                                                  authentication

     Other Private                                      NemID
        Sector
      Public  Sector                                   Citizens’
      SP’s and
                                                       Solution
     idP’s/Brokers

                                                        NemID
                             Login broker,             Business
      Public Sector          authorization,etc.
        Public Sector                                 (employee)
        Service
          Public Sector                                 Solution
             Public Sector
           Service
       Providers
              Service           NemLog-in
          Providers
                Service
             Providers
               Providers

8
Digital Identity - NemID - Head of Division Charlotte Jacoby - cloudfront.net
GOAL AND FOUNDATION – OCES STANDARD

• OCES = Public Certificates for Electronic Services

• Goal:

         • A general open, scalable and transparent security infrastructure based
           on PKI

         • Controlled by the state and operated by a private Certificate Authority
           (CA)

• Foundation:

         • State-owned Certificate Policies (CP)

         • Open architecture based on international standards

         • EU-Tender with a Public Private Partnership in mind

9

oktober 2016
OCES CERTIFICATES

 Issued as
 • Personal certificates – PID (a unique number related to civil registration number)
 • Employee certificates – RID/CVR (Employee number/Central company number)
 • Business certificates – CVR (Central company number)
 • Device certificates – CVR (Central company number + deviceID)

 Used for
 • Access control - Logon
 • Secrecy - Encryption of e-mails
 • Signature for e-mails, documents and web-sites (non-repudiation)
OCES 2.0 - NEMID
 Centrally securely stored private keys

 Access with 2-factor authentication independent of pc
 Something you know (password)
 Something you have (one time password)

 X.509 v3

 CA certificates
 2048 – 4096 bits RSA
 SHA256

 End user certificates
 2048 bits RSA
 SHA256

 CRL’s and OCSP
NEMID AUTHENTICATION
End-user registration - citizen

                                           Identity known – code
                                           card sent to registered
                                           CPR address

                 Netbank
                                                      Identity validated online –
                                                      Activation password and
                                                      code card sent to
                                                      registered CPR address

                   Nemid.nu
 CA/DanID
                                                  Physical presence:
                                                  On-site issuance
                                                  Hand-over of activition
                                                  password and code card
                 Citizen Service centres
NEMID – A NATIONAL SUCCESS – HOW COME?

Ambitious joint government eGovernment strategies based on a broad political
mandate
Digital maturity of the population
•    High degree of internet penetration, usage and skills in population
     •   87 pct. aged 16-74 use internet every day
     •   88 pct. aged 16-74 have interacted online with public authorities within past 12
         months
         (source: European Commissi on. Digital Scoreboard, 2015)

Collaboration with the financial sector  cross-sector high-frequency
usage
     •   More than 55 million transactions per month

High degree of trust and recognition

14
A SUCCESSFUL SECURITY SOLUTION REQUIRES A GOOD
      BALANCE BETWEEN MANY ASPECTS
                                         Resistant to many different
                                          attack types
                                         What you see is what you
                             Security
                                          sign
                                         Strength of Evidence

 Development and                                   Easy to install
  implementation costs
                                                    Easy to understand and
 Rollout
 Support
                             eID                     communicate
                                                    Easy to use in daily life
 Lifetime                                 User-     Consistent use on many
                   Economy
 Business Model                        friendliness platforms

                                                    Usable for people with
                                                     disabilities
                                                    Mobility
NEXT-GENERATION SOLUTION

Objectives
•    Still one single national eID to retain wide dissemination and high volume
•    Focus on user experience and usability
•    More scalability (volume), flexibility (diversity of uses), adaptability (new
     technologies)

Means

•    Modular architecture based on standard components
•    Fast and agile development
•    Sharing development and operations costs

16
STATUS AND NEXT STEPS

• Partnership between public and financial sector      June 2016

• Acquisition of next generation NemID solution:
  Tender and Contract                                  2017
  Solution development                                 from 2017

• Implementation, deployment and migration:            from 2019

      IDEA        ANALYSIS       ACQUISITION        IMPLEMENTATON   REALISATION

17

oktober 2016
PUBLIC-PRIVATE PARTNERSHIP

Partnership agreement with Danish Bankers' Association

 Win-win partnership
 Agreed timeline and milestones
 Focus on core solution and interfaces
 Shared financing and contribution of resources
 Joint steering group and programme team

 Co-financing
 Exploitation
 Awareness and usage
 Stakeholder needs

18
NEW ELEMENTS

                                      MORE
                                  LOGIN-FACTORS
                                                     ENHANCED USE
               SEPARATION OF E-                    OF PRIVATE NEMID
                    ID AND                          IN THE BUSINESS
                 E-SIGNATURE                              AREA

                                      BASIC
                                  FUNCTIONALITY
                 PRIVACY AND
                   CONTEXT-                        MORE LEVELS OF
                  DEPENDENT                         ASSURANCE
                 INFORMATION
                                    IMPROVED
                                  ADMINISTRATIVE
                                  SOLUTIONS FOR
                                   BUSINESSES

19

oktober 2016
STAY IN TOUCH

     digst.dk/English

     digst.dk/Servicemenu/English/News/Newsletter

     chaja@digst.dk

20
REFERENCES AND LINKS
• The official Danish NemID website: www.nemid.nu (some things in English
• OCES certificate policies published in English: https://www.nemid.nu/dk-
da/digital_signatur/oces-standarden/oces-certifikatpolitikker/
• Agency for Digitisation: www.digst.dk (some things in English)
• Documentation for implementation of NemID (in English):
https://www.nets-
danid.dk/produkter/for_tjenesteudbydere/nemid_tjenesteudbyder/nemid_tj
enesteudbyder_support/tjenesteudbyderpakken/
• Open Source Java applet for login and signing and demo environment:
www.openoces.org
•NemID JavaScript site: http://www.nets.eu/dk-
da/Produkter/Sikkerhed/NemID-tjenesteudbyder/NemID-
JavaScript/Pages/default.aspx
You can also read