belgian proposal of an organization model for an electronic identity card

Belgian proposal of an organization model for an

electronic identity card

Frank RobbenGeneral ManagerCrossroads Bank for Social SecuritySint-Pieterssteenweg 375B-1040 BrusselsE-mail: [email protected]

2Crossroads Bank for Social Security 09.10.2001

What is E-government ?

E-government is a continuous optimization of service delivery and governance by transforming internal and external relationships through technology, internet and new media

internal relationships- government to government- government to employees

external relationships- government to citizen- government to business

• user of public services• provider of services


Why E-government ?

provision of better service to the customer (citizens and companies) and service providers

modernization of the public sector- example and catalyst for the adoption of new technologies- improvement of cost efficiency- more challenging work environment for government

employees


reduce burdens (travel, queuing, paperwork, …)

realtime feedback

permanent access from any location

easy to find information personalized service

unique data collection proactive governance

more participation in decisions direct contact with competent

public agency access to personal data

Better service


E-government: a structural reform process

E-government requires- re-engineering of processes- re-organization- change of mindsets (customer centric)- changes of legal environment- cooperation between several government levels


Back office integration is the key

unique data collection integrated data management (principle of the

authentic source) electronic data exchange and work flow architecture & horizontal services:

- unique identification keys (electronic identity card)- PKI- messaging and transaction services- portal architecture- content management system

standards (XML, IP, etc) global but decentralized approach


Customer centric

portal interaction triggered on- life events (birth, marriage, etc.)- life styles (sport, culture, etc.)- life status (unemployed, retired, etc.)

p-channels and e-channels must co-exist multi device access (PC, TV, WAP GSM, PDA, …) integrated services

- information- interaction- transaction


Customer centric

critical reflection on principles of data collection and creation of new added value- readable and understandable text- analysis of the requirement of data collection- harmonization of basic concepts- first data verification, then data collection- default values based on previously entered data- on-line help- simulation environments


Levels of service maturity of E-government

Level 1Information

Government agenciespublish information

on the web

Level 2Interaction

Users can communicateelectronically withsingle government

agencies, but agenciesdon’t necessarily

communicateelectronically with

the user

Level 3Transaction

User can communicateelectronically with single government

agencies, andapplications

of the agenciesrespond electronically

to the user

Level 4Integration

Cross-agency informationand transactionsare available via

intention based portals

Back offices are integrated and business processes

are re-engineered

Complexity / Costs

Con

stit

uenc

y V

alue


Electronic identity card

possible functions- identification of the holder- authentification of the holder- generation of electronic signature- electronic proof of characteristics of the holder- execution of programs- electronic data storage- electronic purse


Electronic identity card

retained functions- visual and electronic identification of the holder- authentification of the holder via the technique of the digital

signature- generation of electronic signature via the technique of the

digital signature- proof of characteristics of the holder via the technique of the

digital signature on the initiative of the holder- only identification data storage- no electronic purse- no biometry


Identification

visual- basic identification data: name, first names, place and date of

birth, sex, nationality, unique identification number – no address

- photograph

electronic- cfr. visual basic identification data (+ address ?)- digital photograph


Digital versus electronic signature

digital signature- technique based on asymmetric cryptography- permitting to determine the origin and the integrity of

electronic data

certificate- confirmation that a pair of keys proves something (e.g.

identity, characteristic, …)

electronic signature- use of a certain technique, e.g. the technique of the digital

signature- as an electronic and legally valid alternative of a manual

signature


Scheme

digital signature electronic signature

electronic signature by means of thetechnique of a digital signature


Technique of the digital signature

CA

public key

CA

public key

digital signature


Some concepts

identity certificate: proof of identity attribute certificate: proof of characteristics (e.g.

function, quality, mandate) function of registration authority (RA):

- ‘counter’ where the certificate is requested and that verifies if communicated identity or characteristic is correct

- if so, approves the request and reports it to the certification authority

function of certification authority (CA):- produces on the base of the information from the RA a

certificate which is linked with a pair of keys- manages that certificate


Use of the technique of the digital signature

3 applications- electronic storage private key with related identity certificate

for electronic authentification- electronic storage private key with related identity certificate

for the generation of an electronic signature- electronic storage of one or more private keys with related

attribute certificates in order to proof characteristics


Use of the digital signature

model- private keys with related identity certificates

• automatically stored on the card unless opposition of the holder (opting-out)

• delivered by CA chosen by the government as a result of a public call for tenders

- private keys with related attribute certificates• storage place available on the card• free choice of the holder (opting-in)• delivered by CA chosen by the holder


Law on electronic signature

article 1322, paragraph 2 Civil Code

“For the purpose of this article can meet the requirement of a signature, a set of electronic data that can be attributed to a particular person and that proves that the content of the act has been maintained”.


Law certification service providers

implementation European Directive into Belgian law- provision that qualified electronic signature meets the

requirements of article 1322, paragraph 2 Civil Code- scheme of minimal missions (issuance, management,

revocation of certificates) and liability of certification-service-providers

- rules at suspension of activities by certification-service-provider

- voluntary accreditation scheme- rules regarding liability of certificate holder- supervision and sanctions - possibility to make the use of electronic signatures in the

public sector subject to additional requirements


Goals

promote rapid availability of identity certificates guarantee quality of identity certificates promote multifunctional and free use of identity

certificates guarantee open market of independent evolving

certification authorities guarantee interoperability between certification

authorities guarantee conformity with evolving technical

standards conformity with the European Directive


Organization model

government chooses card producer and CA issuing the identity certificates as a result of a public call for tenders

the municipality calls the holder for the issuing of the electronic identity card

the holder can choose to have or not 2 private keys associated to identity certificates, on his identity card; if so, the municipality acts as registration authority for the identity certificates


Organization model

electronic identity card contains necessary space to store other private keys associated to attribute certificates that holder can obtain at CA of his choice

private key associated to identity certificate on electronic identity card can be used to generate electronic signature within the scope of E-government applications which require an electronic signature


Organization model

CM/CP/CI (7)

(8)(9)

Matti

ERA

Face to face identification

De Gemeenten(1)

RC

(3)BullBull

Meikäläinen

PIN & PUK1

(10b)

(10a1)

(11)

(13)

-

(10a2)

(2), (12)

VRKVRK

(4)

CA

CA

(5)

(6)

-code


No storage of electronic data

why not ?- preventing perception of the card as a big brother- preventing loss of data, when the card is lost- preventing frequent updates of the card

stimulation of the controlled access to data over networks, using the card as an access tool, rather than storage of data on the card

thus, no integration of SIS-card and electronic identity card


Advantages

to the user- faster communicaton / service delivery- better quality of service- more personalized approach- reduction of administration cost- higher availability of services (24/7)- more transparancy


Advantages

to the government- higher work satisfaction for employees by avoiding useless

work- better control of administration cost- better image of public agencies- more direct relation with target groups- more efficient policy support- more efficient fraud detection

Th@nk you !

Crossroads Bank for Social Security

belgian proposal of an organization model for an electronic identity card

Documents