some initiatives of the belgian government in order to stimulate e-government frank robben general...

Some initiatives of the Belgian government in order to stimulate

E-government

Frank RobbenGeneral managerCrossroads Bank for Social SecuritySint-Pieterssteenweg 3751040 BrusselE-mail: [email protected]

Crossroads Bank for Social Security

2 18/06/2001


Plan of the exposure

model implemented for data exchange between back offices

proposal for an electronic identity card proposal for an organization model on

PKI-infrastructure

3 18/06/2001


Definition of the problem

in all countries, many administrations are active in all the fields of public affairs : e.g. tax law, social security, transport, internal affairs

information is one of the main production factors for each of those institutions

the information needed by those many institutions is often similar- identification data- data concerning e.g. the professional, social, fiscal, familial

status

- periodical data related to working periods and wages

- data concerning certain events, e.g. the occurence of a social risk

4 18/06/2001


Definition of the problem

lack of coordination in the area of information management leads to- administrative overloading of the citizens, their employers,

the municipality of residence,...- waste of efficiency and time within the institutions- suboptimal support of the policy- higher possibilities of fraud

5 18/06/2001


Possible solutions

central data management (big brother concept)- not frequently implemented

• privacy protection• technical feasibility• threat for the autonomy of the institutions

distributed data management (network concept)- decentralised but unique data gathering- decentralised and distributed data storage, with functional

task-sharing between public institutions- data exchange via a network

6 18/06/2001


A model for data exchange between back offices

structure of the network unique identification key register of references basic organisation principles

- data collection- data storage- data exchange

methods of electronic data exchange

secto

rial

organisi

ng unit

Central organising unit

external database

KSZ-BCSS

sectorial

organising unit

external database

external network


8 18/06/2001


Unique identification key

natural persons and enterprises/establishments unique invariable mentioned on an official document delivered to the

holder used by

- every public institution- every person declaring information to public institutions

9 18/06/2001


Register of references

3 functions:- preventive access control- routing of information- automatic transmission of information

structure:- register of persons: what persons in what capacities have

personal files in what public institutions for what periods- data availability register: what data are available in what

public institutions for what types of files- access authorization register: what data may be transmitted

to what institutions for what types of files

10 18/06/2001


Organisation principles of the network

obligatory participation of all public institutions every participant to the network can be supplier or

addressee of data coordination and management of the network by the

central organising unit- normalisation- stimulation- project management

11 18/06/2001



data collection- previous consultation of the network obligatory

data storage- decentralised- distributed- functional task-sharing between public institutions- valorization of external databases

12 18/06/2001



data exchange- can be initiated

• by the institution that needs the information• by the institution that disposes of new information• by the institution that manages the network

- basically via the central organising unit- previous authorization by an independent Control Committee- systematical logging of all exchanges

13 18/06/2001


Data protecting effects

network concept implies

no central data storage data exchange via the central organising unit =>

precautionary control on the legitimacy of data exchange

previous authorization of data exchange by an independent Control Committee

14 18/06/2001


Advantages of data sharing (1/2)

improvement of the service offered to the citizen/ enterprise- faster processing of files- more accurate processing of files- reduction of the administrative charge- more guarantees on data protection

advantageous effects for public sector- control of the administrative costs- more efficient fraud detection - more efficient policy support- more flexibility in answering to changing needs

15 18/06/2001


Advantages of data sharing (2/2)

more efficient working of the administrations- prevention of double work by task-sharing- optimalisation of task execution by computerisation- occasion for a self-critical attitude regarding internal

organisation- basis for efficiency and quality assurance

16 18/06/2001


Smart cards

possible functions- identification of the holder

• natural person• enterprise - establishment

- authentication of the holder• natural person• enterprise - establishment

- generation of an electronic signature- proof of qualities, characteristics, access rights, …- transport of data- transport of programs

17 18/06/2001


Electronic identity card

working proposal- storage of identity data- possibly storage of insurance status in the health care sector - possibility of storage of private key for generation of

electronic signature- possibility of storage of private key(s) for proof of qualities- “rentable” place for storage of other data- no biometrics- no data concerning driving licence

18 18/06/2001


Model on PKI-infrastructure

legal framework- European Directive 1999/93/EC- adaptation art. 1322 Civil Code- bill concerning functioning of the certification-service-

providers

proposal for an organization model on PKI-infrastructure, approved by the Council of the ministers of 22 November 2000

19 18/06/2001


European Directive

Member States shall ensure that “qualified” electronic signatures - have the same value as a handwritten signature- are admissible as evidence in legal proceedings

“qualified” means- based on a qualified certificate, t. means a certificate which

meets the requirements laid down in Annex I of the Directive- that is provided by a certification-service-provider who fulfils

the requirements laid down in Annex II of the Directive- and that is created by a secure device which meets the

requirements laid down in Annex III of the Directive

20 18/06/2001


European Directive

an electronic signature can not be denied legal consequences solely on the grounds that it is- not based upon a qualified certificate- not based upon a certificate issued by an accredited certification-

service-provider- not created by a secure device

Member States may make the use of electronic signatures in the public sector subject to possible additional requirements which- are related to the specific characteristics of the application

concerned- are objective, transparent, proportionate and non-disciminatory- don’t constitute an obstacle to cross-border services

21 18/06/2001


European Directive

each Member State shall ensure to- the certification-service-providers which are established on

its territory - and issue qualified certificates- to the public

for the establishment - of an appropriate system of supervision- of a liability scheme

Member States shall not make the provision of certification services subject to a prior authorisation

22 18/06/2001


European Directive

Member States may introduce voluntary accreditation schemes- aiming at enhanced levels of certification-service provision- based on objective, transparent, proportionate and non-

discriminatory conditions- without limiting the number of accredited certification-service-

providers

23 18/06/2001


Adaption art. 1322 Civil code

Addition paragraph 2

“For the purpose of this article can meet the requirement of a signature, a set of electronic data that can be attributed to a particular person and that proves that the content of the act has been maintained”.

24 18/06/2001


Bill functioning certification-service-providers

Implementation European Directive into Belgian law- provision that qualified electronic signature meets the

requirements of art. 1322, p. 2 Civil code- scheme of minimal missions (issuance, management,

revocation of certificates) and liability of certification-service-providers

- rules at suspension of activities by certification-service-provider

- voluntary accreditation scheme- rules regarding liability of certificate holder- supervision and sanctions - possibility to make the use of electronic signatures in the

public sector subject to additional requirements

25 18/06/2001


Organization model: purposes

promote rapid availability of identity certificates guarantee quality of identity certificates promote multifunctional and free use of identity

certificates guarantee open market of independent evolving

certification authorities guarantee interoperability between certification

authorities guarantee conformity with evolving technical

standards conformity with the European Directive

26 18/06/2001


Proposal organization model: notions

identity certificate: proof of identity attribute certificate: proof of characteristic (for example:

function, quality, mandate) function of registration authority (RA): ‘counter’ where the

certificate is requested and that verifies if communicated identity or characteristic is correct; if so, she approves the request and reports this to the certification authority

function of certification authority (CA): produces on the base of the information from the RA a certificate which is linked with a pair of keys and which indicates what the pair of keys further proves, and manages that certificate

27 18/06/2001


Proposal organization model: scope

identity certificates

attribute certificates with regard to natural persons

legal persons or organizations used for the generation of electronic signature into the

scope of ICT-application of the government which require an electronic signature

in the scope of E-commerce, E-banking, … no objection to (elements of) the organization model

being used voluntarily beyond the specified scope

28 18/06/2001


Proposal organization model: additionalrequirements

possibility to appeal to municipality as registration authority for identity certificates

possibility of separate use of identity and attribute certificates

private key associated to identity certificate is saved on a secure processorchip card with at least pincode protection

free use and verification of identity certificates quality and operability standards

29 18/06/2001


Proposal of organization model: working-out

government publishes additional requirements CA prove that they meet the additional requirements at call for electronic identity card, the holder can have

on this card a private key that is associated to an identity certificate- for which the municipal has served as registration authority- that is issued by a CA meeting the additional requirements

and chosen by the holder

electronic identity card contains necessary space to store other private keys associated to attribute certificates that holder can obtain at CA of his choice

30 18/06/2001


private key associated to identity certificate on electronic identity card can be used to generate electronic signature into the scope of ICT-applications of the government which require an electronic signature

Proposal of organization model: working-out

31 18/06/2001


Proposal of organization model: scheme

CM/CP/CI (7)

(8)(9)

Matti

ERA

Face to face identification

De Gemeenten(1)

RC

(3)BullBull

Meikäläinen

PIN & PUK1

(10b)

(10a1)

(11)

(13)

-

(10a2)

(2), (12)

VRKVRK

(4)

CA

CA

(5)

(6)

-code

some initiatives of the belgian government in order to stimulate e-government frank robben general...

Documents

holder n

unique data

social security slide

wages data

social security definition

offices n proposal

exposure n model

offices n structure