Digital Identity - NemID Head of Division Charlotte Jacoby - PowerPoint PPT Presentation

Sæt kryds ved ’Vis’ Digital Identity - NemID Head of Division Charlotte Jacoby September 2016 1

THE DANISH AGENCY FOR DIGITISATION Ministry of Finance Agency for the Modernisation of Agency for Digitisation Public Administration Agency for Agency for Governmental Administration Governmental IT Services 2

THE DANISH AGENCY FOR DIGITISATION Objectives Improving efficiency and effectiveness through digitisation Enabling public sector innovation through digitisation Ensuring outcomes of digitisation and e-gov implementation Projects Joint-government strategy and policy issues Shared public sector digital infrastructure 3

DANISH PUBLIC SECTOR - HISTORY Strong tradition of joint public sector digitisation Multi-year joint government eGovernment strategies since 2001, include central, regional, and local government • 2003: Digital Signatur • 2010: NemID • Digital self-service made mandatory 2012-2015 (80 pct. of all correspondence digital by 2015) • Mandatory use of digital letter box • November 2013 for businesses • November 2014 for citizens • Improved public online self-services 4

DIGITISATION STRATEGY 2016-2020 A Stronger and More Secure Digital Denmark • Strong focus on data and digital infrastructure • Further digital development • Cost saving through efficient digital solutions • Once-only • Data-sharing Next generation eID and signature solution will be a central infrastructure 5 oktober 2016

NEMID - THE COMMON KEY TO RELEVANT DOORS Public sector … • Public portals, e.g. sundhed.dk , borger.dk • e-services, e.g. skat.dk, optagelse.dk • Digital Post (4.3 mio. signed up) • Supported by all major government sites … and the private sector • Supported by all banks for e-banking • + ~400 private service providers Eg.: insurance companies, pension funds, apoteket.dk, buy’n’sell -site, etc

DIGITAL INFRASTRUCTURE TODAY NemID – for citizens (national eID since July 2010) • 4.6 million citizens have a NemID (92 pct. of citizens aged 15+) • High degree of satisfaction (85 pct.) and trust (81 pct.) • NemID used as secure eID and eSignature in both public and private sector (e.g. banking and private service providers, Digital Post, recording of a deed) NemID – for businesses (since November 2011) • 1.1 million NemID employee-ID used by employees in public sector (e.g. accessing data within the public health service) and private sector (e.g. when interacting with the public sector) NemLog-in • Single sign-on to public sector solutions, digital self-service, Digital Post, etc. 7

”IT LANDSCAPE” PUBLIC SECTOR CORE SECURITY COMPONENTS Banks Identity and authentication Other Private NemID Sector Citizens’ Public Sector SP’s and Solution idP’s /Brokers NemID Login broker, Business Public Sector authorization,etc. (employee) Public Sector Solution Service Public Sector Public Sector Service Providers NemLog-in Service Providers Service Providers Providers 8

GOAL AND FOUNDATION – OCES STANDARD • OCES = Public Certificates for Electronic Services • Goal: • A general open, scalable and transparent security infrastructure based on PKI • Controlled by the state and operated by a private Certificate Authority (CA) • Foundation: • State-owned Certificate Policies (CP) • Open architecture based on international standards • EU-Tender with a Public Private Partnership in mind 9 oktober 2016

OCES CERTIFICATES Issued as • Personal certificates – PID (a unique number related to civil registration number) • Employee certificates – RID/CVR (Employee number/Central company number) • Business certificates – CVR (Central company number) • Device certificates – CVR (Central company number + deviceID) Used for • Access control - Logon • Secrecy - Encryption of e-mails • Signature for e-mails, documents and web-sites (non-repudiation)

OCES 2.0 - NEMID Centrally securely stored private keys Access with 2-factor authentication independent of pc Something you know (password) Something you have (one time password) X.509 v3 CA certificates 2048 – 4096 bits RSA SHA256 End user certificates 2048 bits RSA SHA256 CRL’s and OCSP

NEMID AUTHENTICATION

End-user registration - citizen Identity known – code card sent to registered CPR address Netbank Identity validated online – Activation password and code card sent to registered CPR address Nemid.nu CA/DanID Physical presence: On-site issuance Hand-over of activition password and code card Citizen Service centres

NEMID – A NATIONAL SUCCESS – HOW COME? Ambitious joint government eGovernment strategies based on a broad political mandate Digital maturity of the population • High degree of internet penetration, usage and skills in population • 87 pct. aged 16-74 use internet every day • 88 pct. aged 16-74 have interacted online with public authorities within past 12 months (source: European Com m issi on. Digital Scoreboard, 2015) Collaboration with the financial sector  cross-sector high-frequency usage • More than 55 million transactions per month High degree of trust and recognition 14

A SUCCESSFUL SECURITY SOLUTION REQUIRES A GOOD BALANCE BETWEEN MANY ASPECTS  Resistant to many different attack types  What you see is what you Security sign  Strength of Evidence  Development and  Easy to install implementation costs  Easy to understand and eID  Rollout communicate  Support  Easy to use in daily life  Lifetime  Consistent use on many User- Economy platforms friendliness  Business Model  Usable for people with disabilities  Mobility

NEXT-GENERATION SOLUTION Objectives • Still one single national eID to retain wide dissemination and high volume • Focus on user experience and usability • More scalability (volume), flexibility (diversity of uses), adaptability (new technologies) Means • Modular architecture based on standard components • Fast and agile development • Sharing development and operations costs 16

STATUS AND NEXT STEPS • Partnership between public and financial sector June 2016 • Acquisition of next generation NemID solution: Tender and Contract 2017 Solution development from 2017 • Implementation, deployment and migration: from 2019 IDEA ANALYSIS ACQUISITION IMPLEMENTATON REALISATION 17 oktober 2016

PUBLIC-PRIVATE PARTNERSHIP Partnership agreement with Danish Bankers' Association  Win-win partnership  Agreed timeline and milestones  Focus on core solution and interfaces  Shared financing and contribution of resources  Joint steering group and programme team  Co-financing  Exploitation  Awareness and usage  Stakeholder needs 18

NEW ELEMENTS MORE LOGIN-FACTORS ENHANCED USE SEPARATION OF E- OF PRIVATE NEMID ID AND IN THE BUSINESS E-SIGNATURE AREA BASIC FUNCTIONALITY PRIVACY AND CONTEXT- MORE LEVELS OF DEPENDENT ASSURANCE INFORMATION IMPROVED ADMINISTRATIVE SOLUTIONS FOR BUSINESSES 19 oktober 2016

STAY IN TOUCH digst.dk/English digst.dk/Servicemenu/English/News/Newsletter chaja@digst.dk 20

REFERENCES AND LINKS • The official Danish NemID website: www.nemid.nu (some things in English • OCES certificate policies published in English: https://www.nemid.nu/dk- da/digital_signatur/oces-standarden/oces-certifikatpolitikker/ • Agency for Digitisation: www.digst.dk (some things in English) • Documentation for implementation of NemID (in English): https://www.nets- danid.dk/produkter/for_tjenesteudbydere/nemid_tjenesteudbyder/nemid_tj enesteudbyder_support/tjenesteudbyderpakken/ • Open Source Java applet for login and signing and demo environment: www.openoces.org • NemID JavaScript site: http://www.nets.eu/dk- da/Produkter/Sikkerhed/NemID-tjenesteudbyder/NemID- JavaScript/Pages/default.aspx