Digital Identity - NemID Head of Division Charlotte Jacoby - - PowerPoint PPT Presentation

Sæt kryds ved ’Vis’

September 2016

Digital Identity - NemID

Head of Division Charlotte Jacoby

THE DANISH AGENCY FOR DIGITISATION

2

Ministry of Finance

Agency for the Modernisation of Public Administration Agency for Digitisation Agency for Governmental Administration Agency for Governmental IT Services

THE DANISH AGENCY FOR DIGITISATION

Objectives Improving efficiency and effectiveness through digitisation Enabling public sector innovation through digitisation Ensuring outcomes of digitisation and e-gov implementation Projects Joint-government strategy and policy issues Shared public sector digital infrastructure

3

DANISH PUBLIC SECTOR - HISTORY

Strong tradition of joint public sector digitisation Multi-year joint government eGovernment strategies since 2001, include central, regional, and local government

• 2003: Digital Signatur
• 2010: NemID
• Digital self-service made mandatory 2012-2015 (80 pct. of all

correspondence digital by 2015)

• Mandatory use of digital letter box
• November 2013 for businesses
• November 2014 for citizens
• Improved public online self-services

4

DIGITISATION STRATEGY 2016-2020

• ktober 2016

5

A Stronger and More Secure Digital Denmark

• Strong focus on data and digital infrastructure
• Further digital development
• Cost saving through efficient digital solutions
• Once-only
• Data-sharing

Next generation eID and signature solution will be a central infrastructure

NEMID - THE COMMON KEY TO RELEVANT DOORS

Public sector…

• Public portals, e.g. sundhed.dk , borger.dk
• e-services, e.g. skat.dk, optagelse.dk
• Digital Post (4.3 mio. signed up)
• Supported by all major government sites

… and the private sector

• Supported by all banks for e-banking
• + ~400 private service providers

Eg.: insurance companies, pension funds, apoteket.dk, buy’n’sell-site, etc

DIGITAL INFRASTRUCTURE TODAY

NemID – for citizens (national eID since July 2010)

• 4.6 million citizens have a NemID (92 pct. of citizens aged 15+)
• High degree of satisfaction (85 pct.) and trust (81 pct.)
• NemID used as secure eID and eSignature in both public and private sector

(e.g. banking and private service providers, Digital Post, recording of a deed) NemID – for businesses (since November 2011)

• 1.1 million NemID employee-ID used by employees in public sector (e.g.

accessing data within the public health service) and private sector (e.g. when interacting with the public sector) NemLog-in

• Single sign-on to public sector solutions, digital self-service, Digital Post, etc.

7

”IT LANDSCAPE”

PUBLIC SECTOR CORE SECURITY COMPONENTS

8

NemID Citizens’ Solution NemLog-in Public Sector Service Providers Public Sector Service Providers Public Sector Service Providers Public Sector Service Providers Public Sector

Other Private Sector SP’s and idP’s/Brokers Banks

NemID Business (employee) Solution Identity and authentication Login broker, authorization,etc.

GOAL AND FOUNDATION – OCES STANDARD

• OCES = Public Certificates for Electronic Services
• Goal:
• A general open, scalable and transparent security infrastructure based
• n PKI
• Controlled by the state and operated by a private Certificate Authority

(CA)

• Foundation:
• State-owned Certificate Policies (CP)
• Open architecture based on international standards
• EU-Tender with a Public Private Partnership in mind
• ktober 2016

9

OCES CERTIFICATES

Issued as

• Personal certificates – PID (a unique number related to civil registration number)
• Employee certificates – RID/CVR (Employee number/Central company number)
• Business certificates – CVR (Central company number)
• Device certificates – CVR (Central company number + deviceID)

Used for

• Access control - Logon
• Secrecy - Encryption of e-mails
• Signature for e-mails, documents and web-sites (non-repudiation)

OCES 2.0 - NEMID

Centrally securely stored private keys Access with 2-factor authentication independent of pc Something you know (password) Something you have (one time password) X.509 v3 CA certificates 2048 – 4096 bits RSA SHA256 End user certificates 2048 bits RSA SHA256 CRL’s and OCSP

NEMID AUTHENTICATION

End-user registration - citizen

CA/DanID

Netbank Citizen Service centres Nemid.nu Identity validated online – Activation password and code card sent to registered CPR address Physical presence: On-site issuance Hand-over of activition password and code card Identity known – code card sent to registered CPR address

NEMID – A NATIONAL SUCCESS – HOW COME?

Ambitious joint government eGovernment strategies based on a broad political mandate Digital maturity of the population

• High degree of internet penetration, usage and skills in population
• 87 pct. aged 16-74 use internet every day
• 88 pct. aged 16-74 have interacted online with public authorities within past 12

months

(source: European Com m issi on. Digital Scoreboard, 2015)

Collaboration with the financial sector  cross-sector high-frequency usage

• More than 55 million transactions per month

High degree of trust and recognition

14

A SUCCESSFUL SECURITY SOLUTION REQUIRES A GOOD BALANCE BETWEEN MANY ASPECTS

eID

Security

User- friendliness

Economy

• Resistant to many different

attack types

• What you see is what you

sign

• Strength of Evidence
• Easy to install
• Easy to understand and

communicate

• Easy to use in daily life
• Consistent use on many

platforms

• Usable for people with

disabilities

• Mobility
• Development and

implementation costs

• Rollout
• Support
• Lifetime
• Business Model

NEXT-GENERATION SOLUTION

Objectives

• Still one single national eID to retain wide dissemination and high volume
• Focus on user experience and usability
• More scalability (volume), flexibility (diversity of uses), adaptability (new

technologies) Means

• Modular architecture based on standard components
• Fast and agile development
• Sharing development and operations costs

16

STATUS AND NEXT STEPS

• Partnership between public and financial sector

June 2016

• Acquisition of next generation NemID solution:

Tender and Contract 2017 Solution development from 2017

• Implementation, deployment and migration:

from 2019

• ktober 2016

17

IDEA ANALYSIS ACQUISITION

IMPLEMENTATON REALISATION

PUBLIC-PRIVATE PARTNERSHIP

Partnership agreement with Danish Bankers' Association  Win-win partnership  Agreed timeline and milestones  Focus on core solution and interfaces  Shared financing and contribution of resources  Joint steering group and programme team

• Co-financing
• Exploitation
• Awareness and usage
• Stakeholder needs

18

• ktober 2016

19

BASIC FUNCTIONALITY PRIVACY AND CONTEXT- DEPENDENT INFORMATION SEPARATION OF E- ID AND E-SIGNATURE MORE LOGIN-FACTORS IMPROVED ADMINISTRATIVE SOLUTIONS FOR BUSINESSES ENHANCED USE OF PRIVATE NEMID IN THE BUSINESS AREA

MORE LEVELS OF ASSURANCE

NEW ELEMENTS

STAY IN TOUCH

digst.dk/English digst.dk/Servicemenu/English/News/Newsletter

20

chaja@digst.dk

REFERENCES AND LINKS

• The official Danish NemID website: www.nemid.nu (some things in English
• OCES certificate policies published in English: https://www.nemid.nu/dk-

da/digital_signatur/oces-standarden/oces-certifikatpolitikker/

• Agency for Digitisation: www.digst.dk (some things in English)
• Documentation for implementation of NemID (in English):

https://www.nets- danid.dk/produkter/for_tjenesteudbydere/nemid_tjenesteudbyder/nemid_tj enesteudbyder_support/tjenesteudbyderpakken/

• Open Source Java applet for login and signing and demo environment:

www.openoces.org

• NemID JavaScript site: http://www.nets.eu/dk-

da/Produkter/Sikkerhed/NemID-tjenesteudbyder/NemID- JavaScript/Pages/default.aspx