Download presentation
1
Digital signatures in Denmark OCES 2.0
Boosting trust in the digital single market: The role of e-signature 9-10 November 2011, Poland Charlotte Jacoby Senior adviser, Master of law Centre for Digital Signature Danish Agency for Digitisation
2
Agency for Digitisation Ministry of Finance
Due to the inauguration of the new Danish government and changes in political areas, OCES and e-signature now resides in the Ministry of Finance By 3. October 2011 The National IT and Telecom Agency was closed, tasks moved to The Danish Agency for Governmental Management By 31. October 2011 The Danish Agency for Governmental Management was closed and two new Agencies formed. Tasks now in Danish Agency for Digitisation
3
Agenda Background, ICT policy and principles
National esignature standard OCES 1.0 National esignature standard OCES 2.0 – NemID How does it work? Status today
4
Government globalisation strategy
At the latest in 2012 it should be possible to perform all relevant written communication between companies, citizens and the public sector digitally. Fremgang, fornyelse og tryghed, april 2006
5
Goals for reforming the public sector
Productivity and efficiency Coherent infrastructure Digital communication
6
The Danish esignature history
NemID OCES I – Digital Signature Qualified Certificate Pilots 2000 2003 2004 2010
7
OCES legal framework OCES Agreement with governmental agency
State owned OCES Certificate Policies requirements for the public key infrastructure level of security applied for the digital signature CP’s part of agreement Agency for Digitasation supervisory authority Audit - annual report to the supervisory authority including external system audit of the CA CA liable for the content of the certificate unless the CA can prove that the CA has not acted negligently or intentionally
8
Goal and foundation of the OCES project
OCES = Public Certificates for Electronic Services Goal: A general open, scalable and transparent security infrastructure based on PKI Controlled by the state and operated by private Certificate authorities (CA) Foundation: Defining state-owned Certificate Policies (CP) An open architecture based on international standards – OCES CP’s EU-Tender with a public private partnership in mind Establishing a non-discrimination approval process for potential OCES CA’s
9
OCES Certificates Issued as: Used for:
Personal certificates – PID (a unique number related to civil registration number) Employee certificates – RID/CVR (Employee number/Central company number) Business certificates – CVR (Central company number) Device certificates – CVR (Central company number + deviceID) Used for: Access control - Logon Secrecy - Encryption of s Signature for s, documents and web-sites (non-repudiation)
10
Roles of interested parties
OCES CPs Supervision OCES CA OCES agreement DanID Develop. infrastructure Agency for Digitisation Dialogue Danish Standard Association Commercial agreement Coordinating and recommendations PKI services Guidance, monitoring, marketing etc. Public sector Private companies Vendors Citizens
11
OCES 1.0 – a good start March 2003 – July 2010:
More than 1.88 million OCES 1.0 digital signatures were issued Of these around employee certificates among companies/public authorities Many public and some private services
12
Examples of electronic services using digital signatures (OCES 1
Examples of electronic services using digital signatures (OCES 1.0 and 2.0) Sundhed.dk – the public sector’s health portal The National Tax Authority The State Education Fund The City of Copenhagen Borger.dk – A portal for citizens used by all local authorities “danmark” – the private Danish health insurance company “Virk.dk” – the common public sector portal for companies (potential companies) ATP - the Danish supplementary labour market pension fund The Ministry of Education: Central Education Admission Portal Digital post – public electronic mailbox “Eboks” - private electronic mailbox
13
OCES 2.0 Tender demands Economy of the solution Security
User friendliness and mobility Public as clear sender/owner Further penetration Functionality at least as today Continuity for services and easy migration for users
14
New agreement (august 2008)
All citizens can still order and use digital signatures and get competent support free of charge Companies and public authorities can order and use up to three employee certificates free of charge Public authorities can receive certificates for a five year period
15
OCES 2.0 - NemID Mobility Security
Penetration User- Friendly Frequent Use OCES NemID NemID is the new national digital signature NemID used for log-on, signing and secure Access to online banking in all Danish Access to a large number of public services NemID use from any computer NemID based on 2-factor security Private service providers use NemID
16
OCES 2.0 - NemID Centrally securely stored private keys
Access with 2-factor authentification independant of pc Something you know (password) Something you have (one time password) CA certificates 2048 – 4096 bits RSA SHA256 End user certificates 2048 bits RSA CRL’s and OCSP
17
Common use of infrastructure
DanID Netbank Tax Larger penetration Larger effiency potential OCES Signatures Frequent use Remember password OTP Server Netbank Signatures Applet
18
End user registration – based on requirements from law on money laundry and terror funding
Identity known - Code card sent to registered CPR-address Netbank Identity unknown - Activation password and code card sent to registered CPR-address CA/DanID NemID.nu Physical presence – On site issuance handover of Activation password and code card Citizen service centres Tax centres
19
Internet Tax authorities OTP-server Publicly financed Signature server
Citizen Signature server HSM Helpdesk
20
NemID Penetration Penetration status today 3,000,000+ active users
Supported by all major government sites Supported by all banks for ebanking Around new users per day Around 140 private service provider agreements 1,000,000 transactions per day average More than 450 transactions since 1st July 2010
22
References and links
23
???
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.