Belgian proposal of an organization model for an electronic identity card

1
Belgian proposal of an organization model for an
electronic identity card
Frank Robben General Manager Crossroads Bank for
Social Security Sint-Pieterssteenweg 375 B-1040
Brussels E-mail Frank.Robben_at_ksz.fgov.be
2
What is E-government ?

• E-government is a continuous optimization of
  service delivery and governance by transforming
  internal and external relationships through
  technology, internet and new media
• internal relationships
• government to government
• government to employees
• external relationships
• government to citizen
• government to business
• user of public services
• provider of services

3
Why E-government ?

• provision of better service to the customer
  (citizens and companies) and service providers
• modernization of the public sector
• example and catalyst for the adoption of new
  technologies
• improvement of cost efficiency
• more challenging work environment for government
  employees

4
Better service
5
E-government a structural reform process

• E-government requires
• re-engineering of processes
• re-organization
• change of mindsets (customer centric)
• changes of legal environment
• cooperation between several government levels

6
Back office integration is the key

• unique data collection
• integrated data management (principle of the
  authentic source)
• electronic data exchange and work flow
• architecture horizontal services
• unique identification keys (electronic identity
  card)
• PKI
• messaging and transaction services
• portal architecture
• content management system
• standards (XML, IP, etc)
• global but decentralized approach

7
Customer centric

• portal interaction triggered on
• life events (birth, marriage, etc.)
• life styles (sport, culture, etc.)
• life status (unemployed, retired, etc.)
• p-channels and e-channels must co-exist
• multi device access (PC, TV, WAP GSM, PDA, )
• integrated services
• information
• interaction
• transaction

8
Customer centric

• critical reflection on principles of data
  collection and creation of new added value
• readable and understandable text
• analysis of the requirement of data collection
• harmonization of basic concepts
• first data verification, then data collection
• default values based on previously entered data
• on-line help
• simulation environments

9
Levels of service maturity of E-government
Level 4 Integration Cross-agency information and
transactions are available via intention based
portals Back offices are integrated and
business processes are re-engineered
Level 3 Transaction User can communicate electron
ically with single government agencies,
and applications of the agencies respond
electronically to the user
Level 2 Interaction Users can communicate electro
nically with single government agencies, but
agencies dont necessarily communicate electronica
lly with the user
Constituency Value
Level 1 Information Government agencies publish
information on the web
Complexity / Costs
10
Electronic identity card

• possible functions
• identification of the holder
• authentification of the holder
• generation of electronic signature
• electronic proof of characteristics of the holder
• execution of programs
• electronic data storage
• electronic purse

11
Electronic identity card

• retained functions
• visual and electronic identification of the
  holder
• authentification of the holder via the technique
  of the digital signature
• generation of electronic signature via the
  technique of the digital signature
• proof of characteristics of the holder via the
  technique of the digital signature on the
  initiative of the holder
• only identification data storage
• no electronic purse
• no biometry

12
Identification

• visual
• basic identification data name, first names,
  place and date of birth, sex, nationality, unique
  identification number no address
• photograph
• electronic
• cfr. visual basic identification data ( address
  ?)
• digital photograph

13
Digital versus electronic signature

• digital signature
• technique based on asymmetric cryptography
• permitting to determine the origin and the
  integrity of electronic data
• certificate
• confirmation that a pair of keys proves something
  (e.g. identity, characteristic, )
• electronic signature
• use of a certain technique, e.g. the technique of
  the digital signature
• as an electronic and legally valid alternative of
  a manual signature

14
Scheme
digital signature
electronic signature
electronic signature by means of the technique of
a digital signature
15
Technique of the digital signature
16
Some concepts

• identity certificate proof of identity
• attribute certificate proof of characteristics
  (e.g. function, quality, mandate)
• function of registration authority (RA)
• counter where the certificate is requested and
  that verifies if communicated identity or
  characteristic is correct
• if so, approves the request and reports it to the
  certification authority
• function of certification authority (CA)
• produces on the base of the information from the
  RA a certificate which is linked with a pair of
  keys
• manages that certificate

17
Use of the technique of the digital signature

• 3 applications
• electronic storage private key with related
  identity certificate for electronic
  authentification
• electronic storage private key with related
  identity certificate for the generation of an
  electronic signature
• electronic storage of one or more private keys
  with related attribute certificates in order to
  proof characteristics

18
Use of the digital signature

• model
• private keys with related identity certificates
• automatically stored on the card unless
  opposition of the holder (opting-out)
• delivered by CA chosen by the government as a
  result of a public call for tenders
• private keys with related attribute certificates
• storage place available on the card
• free choice of the holder (opting-in)
• delivered by CA chosen by the holder

19
Law on electronic signature

• article 1322, paragraph 2 Civil Code
• For the purpose of this article can meet the
  requirement of a signature, a set of electronic
  data that can be attributed to a particular
  person and that proves that the content of the
  act has been maintained.

20
Law certification service providers

• implementation European Directive into Belgian
  law
• provision that qualified electronic signature
  meets the requirements of article 1322, paragraph
  2 Civil Code
• scheme of minimal missions (issuance, management,
  revocation of certificates) and liability of
  certification-service-providers
• rules at suspension of activities by
  certification-service-provider
• voluntary accreditation scheme
• rules regarding liability of certificate holder
• supervision and sanctions
• possibility to make the use of electronic
  signatures in the public sector subject to
  additional requirements

21
Goals

• promote rapid availability of identity
  certificates
• guarantee quality of identity certificates
• promote multifunctional and free use of identity
  certificates
• guarantee open market of independent evolving
  certification authorities
• guarantee interoperability between certification
  authorities
• guarantee conformity with evolving technical
  standards
• conformity with the European Directive

22
Organization model

• government chooses card producer and CA issuing
  the identity certificates as a result of a public
  call for tenders
• the municipality calls the holder for the issuing
  of the electronic identity card
• the holder can choose to have or not 2 private
  keys associated to identity certificates, on his
  identity card if so, the municipality acts as
  registration authority for the identity
  certificates

23
Organization model

• electronic identity card contains necessary space
  to store other private keys associated to
  attribute certificates that holder can obtain at
  CA of his choice
• private key associated to identity certificate on
  electronic identity card can be used to generate
  electronic signature within the scope of
  E-government applications which require an
  electronic signature

24
Organization model
VRK
VRK
CM/CP/CI
(7)
(4)
(5)
(8)
(9)
(10a2)
(6)
CA
(10a1)
(3)
CA
Meikäläinen
Matti
PIN PUK1
-
code
(10b)
(1)
-
(2), (12)
(11)
(13)
25
No storage of electronic data

• why not ?
• preventing perception of the card as a big
  brother
• preventing loss of data, when the card is lost
• preventing frequent updates of the card
• stimulation of the controlled access to data over
  networks, using the card as an access tool,
  rather than storage of data on the card
• thus, no integration of SIS-card and electronic
  identity card

26
Advantages

• to the user
• faster communicaton / service delivery
• better quality of service
• more personalized approach
• reduction of administration cost
• higher availability of services (24/7)
• more transparancy

27
Advantages

• to the government
• higher work satisfaction for employees by
  avoiding useless work
• better control of administration cost
• better image of public agencies
• more direct relation with target groups
• more efficient policy support
• more efficient fraud detection

28
Th_at_nk you !
Crossroads Bank for Social Security