Electronic ID Card and Identification Service Development in Georgia Mikheil Kapanadze.

Slides:

Advertisements

Similar presentations

Universal Electronic Signatures Tarvi Martens ESTONIA.

Advertisements

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

TDL Meeting 7-8 April 2014 //Vienna Sprint Proposal The key of a legal on line signature The key of a legal on line signature: The inseparable link between.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Report on Attribute Certificates By Ganesh Godavari.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

August 2004 Providing Industry-wide Security and Identity Management Solutions.

INFORMATION TECHNOLOGY LAW LECTURE 3- ELECTRONIC SIGNATURE Dr. Kadir Bas.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.

Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.

2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Civil Registry Agency of the Ministry of Justice, Georgia Georgian ID card Mikheil Kapanadze.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Public Service Development Agency IT Innovation and Innovative Public Services.

1 Card Scanning Solutions SigniShell CSSN – Card Scanning Solutions THE ULTIMATE SIGNATURE CAPTURE & AUTHENTICATION SOLUTION.

“NATIONAL CHAMBER OF PRIVATE BAILIFF OFFICERS ” in the new era of the online execution SIAIP INTRODUCTION 16 th of December 2014.

Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

X-Road – Estonian Interoperability Platform

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Configuring Directory Certificate Services Lesson 13.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NEW SOLUTIONS IN LAND CADASTRE AND REGISTER: LITHUANIAN EXPERIENCE Kestutis Sabaliauskas, Director General, State Enterprise Centre of Registers

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Belgian EID Card 15/12/2004 Derette Willy eID program manager.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

The Development of the Electronic System for Government Meeting.

IDI Conference The digital signature of InfoCamere a practical and effective means for business Turin, 6 th of June Gabriele DA RIN.

Public Service Development Agency. Free ID card promotion – Electronic ID Card Number of eID Cards Issued in

European Electronic Identity Practices Country Update of Estonia Speaker: Ivar Jung Date:

E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.

PKI Services for CYPRUS STOCK EXCHANGE Kostas Nousias.

Digital Disruption, Alfresco, and Digital Signatures Brian LaPointe VP Sales, Americas CoSign by ARX.

Bulding blocks of e- government Ingmar Pappel. Bulding blocks of e-government  Personal Code  Digital Identity  Digital signature  X-Road  Organizations.

EJBCA AT THE HEART OF A TRUST CENTER F.Koray ATSAN Trust Center Project manager F.Koray ATSAN Trust Center Project manager

© Software602 a.s. SOFTWARE Zdenek Metodej Zalis Martin Vondrous Ondrej Malek.

Frank Schipplick Work Package Coordinator WP1 - eSignatures.

George Kurtanidze, Head of FAS

Training for developers of X-Road interfaces

ESign Aashutosh.

George Kurtanidze, Head of FAS

Paperless & Cashless Poland Program overview

E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.

National Trust Platform

Presentation transcript:

Electronic ID Card and Identification Service Development in Georgia Mikheil Kapanadze

What is Georgian eID Card?

Dual-Interface Chip contact contactless

Contact Interface 2 Certificates, issued by PSDA Online Authentication Digital Signature (Qualified) Secured with 2 distinct PIN codes PKI Applet Compliant with ICAO 9303 Personal Data Storage Secured with BAC ICAO LDS Applet

Contactless Interface MIFARE Application Directory Citizen’s Social Status data (if applicable) Any 3 rd party data can be deployed Custom-built secure reader-writer devices are available MIFARE 1k Classic (Emulated) Compliant with ICAO 9303 Personal Data Storage Secured with BAC ICAO LDS

PKI Applet in Details Two 2048-bit RSA Keys, secured by Different PIN codes 4 digits for Online Authentication, 6 digits for Signature Authentication PIN, E-Signature Transport PIN and PUK are delivered in secured envelope E-Signature PIN Code is set by the citizen Secure Key Storage Two Certificates, issued by PSDA and two CA certificates Certificate renew is possible Certificate Storage

Certification and Trust Services Certificates are issued instantly during personalization Certificate Validity – 2.5 Years CRL and OCSP services, with DR and load-balancing PSDA Certification Authority GEO Root CA GEO Authentication CA (For Authentication Certificates) GEO Signing CA (For qualified e-Signature Certificates) CA Hierarchy RFC 3161 Time-stamping, mainly used for digital signatures DR and load-balancing PSDA Time Stamping Authority

ID Card as SSCD Signature key (RSA 2048) is generated on the card The private key never leaves the card The key material cannot be extracted from the card Private Key Security 6-digit signature PIN is never delivered to the citizen Instead, we supply 5-digit transport PIN in secured envelope Signature PIN can activated ONLY ONCE Signature PIN change is possible. Reset is NOT … and it makes some problems with people who lost their envelopes immediately PIN code Security

Current Figures cards are already issued The Number is Growing Rapidly

Current ID Card Team 5 People Head of the Team Chief Architect Business Consultant 2 Junior Developers Small Team 2 highly skilled professionals for technical aspects 3 highly skilled professionals for business-related aspects Juniors are developing their skills rapidly Skilled People Highly-skilled professionals from IT, Research and Development and other departments of PSDA are involved on demand Inter-agency cooperation on key subjects External Support

Current Projects Digital Signature Portal Free Web-based signing with ID card, with possible commercial extensions Document sharing with multiple signers Signature Verification (ongoing) Identity Verification Service Based on OpenID 2.0, AX 1.0 and PAPE Free service with possible commercial extensions Digital Signature for Legal Entities (Ongoing) Signing as company’s authorized representative Signing as a notary representative Electronic Apostille

Current Projects Student Card In cooperation with the Ministry of Education, on 2012 Based on the concept of Citizen’s Social Status Students have discounts for many product (including ID card itself) Citizen’s Social Status 5 statuses can be written simultaneously on the card 255 statuses can be defined Statuses can be viewed using special application Uses card’s MIFARE emulator

DIGITAL SIGNATURE SERVICES

Personal Signatures Current Status It’s possible to upload PDF document on the portal and sign You can share the document for signing to anothers Signature Format: PAdES Verification report will be added soon Access conditions FREE for all eID holders, with limited space and document lifetime It’s possible to have broader limits (or no limits at all) for extran payment

Signatures for Legal Entities The project is ongoing One of the TOP PRIORITIES of Year 2013 for PSDA Current Status Signing contracts on behalf of organization Notary services to eliminate paper documents as much as possible Issuing electronically signed birth certificates, property ownership etc. Electronic Apostille Possible fields of application

Challenges for Legal Entity Signatures Signature seems to be always performed by some natural person and then sealed Do we really need to identify signer on the birth certificate? This is generated from the electronic system anyway! Workflow actions must be securely logged in the system. And possibly go to Archive then Who is signing? Sometimes, it’s a person (CEO of the company, etc) Sometimes the key is under control of the organization’s electronic system By whom the key is controlled?

Possible solution: Attribute Certificates We don’t need to establish additional issuing facilities and manage additional secure tokens Attribute certificate can be issued online to eID user National Agency of Public Registry, Notary chamber, etc. can act as attribute authorities Advantages Attribute authorities must have required software in place Content of AC must be standardized Short-lived AC or OCSP calls? Challenges

And how about birth certificates, etc.? We can mandate using HSM for secure key storage There will be a special, standard procedure of issuing and enrolling certificate in HSM Thus we may say we have an SSCD and the signature is qualified Possible solutions Do we really need such a complexity? Especially, if we may need e-Apostille for such documents? Do we need to establish sector-based CA’s? (For banks, insurance, government, etc.) Open Questions

E-Signature and E-Document Law Mainly based on European Directive 1999/93/EC Adopted in 2008 We are establishing an inter-agency working group to propose new changes in law Changes are Planned Regulations about certificate authority accreditation are in place Other regulations may be introduced Technical regulations

Signature and Document Formats The current law considers only textual information as an electronic document We use PDF (based on ISO/IEC ) format Document Format Signatures of *AdES family of ETSI standards were found to be permitted under the Georgian signature law PAdES (ETSI TS ) signatures are used PAdES-LTV is highly recommended as citizen’s certificates expire in 2.5 years Signature Format

Next Plans for Signatures Minimize scanned documents and save time If your diploma is electronic, there is no need to look for a scanner to upload it in online job application system Promote digitally-born documents Do all graduates need paper-based university diploma? Make E-Signatures usable in everyday life By further simplification of eID usage, other signature schemas, etc.

AUTHENTICATION SERVICES

eID Login Applet Written as Java Applet Distributed freely Can be embedded in any website Key Features You still need to write server-side logic You still need to fight with broken Java installations on clients’ machines Challenges for Integrators

Centralized Authentication System Based on OpenID 2.0 Uses Attribute Exchange 1.0 to deliver person’s information to Relying Party Key Features Easy to integrate Well-documented Avoids problems with broken Java installation Additional Features

Citizen’s consent on attribute exchange

Integration with Civil Registry WS SOAP web service which gives personal data Right now sharing with 3 rd parties is possible only after written consent of the data subject It’s a commercial service What is Civil Registry WS? Implement web-based consent using digital signature Thus, it’s possible to cover additional segment of clients Integration Possibilities

ACTIVITY IN OTHER FIELDS

Agency Profile LEPL Public Service Development Agency is an entity under umbrella of the Ministry of Justice of Georgia Established in 2012, based on Civil Registry Agency Who is PSDA? Supporting development of innovative public services Supporting reforms in Georgia Establishment of Civil Registry Other activities for supporting innovation Goals of the Agency

Key Project: Seafarer’s Identity Documents Seafarers identity document is a special document under regulations of International Labor Organization It’s mainly based on ICAO 9303 with some important modifications Apart from SID, seafarers must also have documents which prove their qualification and competency What is SID? We implement this project In cooperation with Maritime Transport Agency of Georgia Full cycle of document issuing: from application collection to printing and delivery First phase of the project is already done Georgian seafarers can now get new-generation documents PSDA Role

QUESTIONS?

Thank You! Mikheil Kapanadze Head of Identification Service Development Unit Public Service Development Agency Ministry of Justice of Georgia