Spanish initiative to encourage the use of eid & esignature technologies in egovernment Services. Ministry of Public Administrations

Transcription

1 Spanish initiative to encourage the use of eid & esignature technologies in egovernment Services Ministry of Public Administrations Miguel Álvarez Rodríguez IT Manager

2 Contents 1. The new eid citizen s smartcard 2. The multipki Platform for eid Verification services. 3. Status of the service and ways of operation. 4. Statistics of the service

3 Reasons for an Electronic ID citizen s card Need to modernize the traditional one, improving the issuing service: better service for the citizens, inmediate delivery (the whole issuing process takes 10/15 minutes ) Take advantage of the current citizen ID card in order to incoporate eid features (eidentity and esignature) in a smartcard. The ID card is the most common identification document in Spain utilized by citizens in their public or private relations (it accounts for the 99% of Public Registries as the main citizen s Identification number) Today, digital identity plays a key role in developing e-government and the Information Society

4 Uses of the eid card Services? Visual identity checking Digital identity (eid) ->eauthentication esignature

5 Digital identity and electronic signature Digital identity allows for a non-presential citizen s identification through a telecommunication network (over the internet) esignature Certificate allows citizens to sign electronic documents or transactions in their relations with public administrations or the private sector, with the same legal validity than the handwriting signature (-> based on Qualified Certificates). Elements in the ID card that make possible the Digital ID & electronic signature? Electronic chip embedded in the card (SSCD) Two electronic certificates: - For digital identity purposes Authentication Certificate - For electronic signature purposes Electronic Signature Certificate

6 Authorities involved in the eid card framework Who issues and manages the two electronic certificates? The Certification Authority is DGP Who and How is checked citizen s identity? The Registry authority is DGP and the issuing process is carried out at the DGP s Offices How is checked the validity of the two electronic certificates? Through the Validation Authorities authorized by DGP. Currently there are two: FNMT-RCM Ministry of Pûblic Administrations.

7 umber of Available egovernment Services for the eid Card Abril'07 En.'07 Diciembre Noviembre Octubre Septiembre Agosto Julio Junio Mayo Abril Marzo Available egovernment Services for the DNIe

8 Validation Scheme for the edni DGP PKI DNIe CRLs USUARIOS AEAT CRLs USUARIOS TGSS Web Services OCSP OCSP Public Sector (AGE, CC.AA, EE.LL) OCSP Public and Private Sector

9 National eid Verification Service Scheme 1) Authentication/eSignature Transaction A) Citizen B) egovernment Service Portal 2) Authentication Request 3) Authentication Response D) Certification Service Providers Established in Spain C) National Front-end Authentication Service on eid

10 The national eid Verification service Aim of the NATIONAL FRONT-END for eid Verification To establish a common free service to allow egovernment Applications to determine the status of all the qualified certificates accepted for electronic authentication/esignature purposes Advantages of having a Central eid Verification Service: eid authentication Service for egovernment Portals in order to identify electronically citizens and business The connection to the service provides immediate eid and esignature Features to egovernment Portals for all Qualified Certificates in the country (multipki Platform)

11 The national eid Verification service The service also covers the Translation of the fields of the certificate X509 to a normalized XML schema (name, surname...), saving the effort to egovernment Portals certificates in order to send back ID attributes such as name & surname of the holder, national citizen s/company s ID number Verification and validation of esignatures created by citizens/business in their relations with egovernment Services Transitivity of agreements with all the CSP established in the country reduce the need to establish N*M agreements CSP- Public Administrations and the technical connection to each CSP verification service The Validation Service is non intrusive with Administrative procedures (based on Webservice technology)

12 Status of the Project (1/ 05 /2007) Services in operation since 13 Feb. 2006: Validation of ecertificates (via OCSP or WS: Translation of the fields of the certificate X509 to a normalized XML schema (name, surname...) Verification of esignature (in various formats such as CMS, XMLDSig, XADES-BES, XADES-T). Secure and Trust Service: Auditing mechanisms; Securized WS. Existence of a Technical Support Desktop Service to facilitate the integration of Public Administrations to the platform. Connectivity through the Administrative Network (Intranet Administrativa) for efficiency and security reasons Value added services: Universal Client for esignature (Applet) that allows citizens to esign locally in a secure environment TimeStamping Service

13 OCSP HTTPS LDAP OCSP HTTPS LDAP OCSP HTTPS LDAP OCSP HTTPS LDAP OCSP HTTPS LDAP Way of Operation II: Federation of VAs SW is distributed for the implementation of their own Verification platforms in other Public Administrations (Regional and local levels). Red Test EUROPE Free distribution of new releases, patches, etc Configuration of Central Server is propagated to other implementations. OCSP Model allows for cross-validation among VAs Allows for Cross-validation and the creation of a national network or Federation of VAs Intranet / Intranet / Extranet AAPP Extranet AAPP HTTPS LDAP... Use of definitions IDABC-BGCA -> next year implementation of trust tokens based on: TSLs following ETSI TR I*Net I*Net

14 Statistics of the multipki Platform CAs incorporated in the Platform: 12 Types of Qualified Certificates: 69 egovernment Application using the service: 140 Public Administration Department Users 63 Central 35 Regional 11 Municipalities 17

15 Statistics of the multipki Platform: Number of transactions Marzo Mayo Julio Sept. Nov. En.'07 Mz.'07

16 Obrigado! Thank you! Gracias! Ministerio de Administraciones Públicas