Some initiatives of the Belgian government in order to stimulate E-government Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 1040 Brussel E-mail: Frank. Robben@ksz. fgov. be Crossroads Bank for Social Security
Plan of the exposure model implemented for data exchange between back offices n proposal for an electronic identity card n proposal for an organization model on PKI-infrastructure n Crossroads Bank for Social Security 2 18/06/2001
Definition of the problem n n n in all countries, many administrations are active in all the fields of public affairs : e. g. tax law, social security, transport, internal affairs information is one of the main production factors for each of those institutions the information needed by those many institutions is often similar - identification data - data concerning e. g. the professional, social, fiscal, familial status - periodical data related to working periods and wages - data concerning certain events, e. g. the occurence of a social risk Crossroads Bank for Social Security 3 18/06/2001
Definition of the problem n lack of coordination in the area of information management leads to - administrative overloading of the citizens, their employers, the municipality of residence, . . . - waste of efficiency and time within the institutions - suboptimal support of the policy - higher possibilities of fraud Crossroads Bank for Social Security 4 18/06/2001
Possible solutions n central data management (big brother concept) - not frequently implemented • privacy protection • technical feasibility • threat for the autonomy of the institutions n distributed data management (network concept) - decentralised but unique data gathering - decentralised and distributed data storage, with functional task-sharing between public institutions - data exchange via a network Crossroads Bank for Social Security 5 18/06/2001
A model for data exchange between back offices n n structure of the network unique identification key register of references basic organisation principles - data collection - data storage - data exchange n methods of electronic data exchange Crossroads Bank for Social Security 6 18/06/2001
KSZ-BCSS external database or s ga ec ni tor sin ia g l un i l ia nit or g u ct se nisin ga or t Central organising unit external network Crossroads Bank for Social Security external database
Unique identification key n n natural persons and enterprises/establishments unique invariable mentioned on an official document delivered to the holder used by - every public institution - every person declaring information to public institutions Crossroads Bank for Social Security 8 18/06/2001
Register of references n 3 functions: - preventive access control - routing of information - automatic transmission of information n structure: - register of persons: what persons in what capacities have personal files in what public institutions for what periods - data availability register: what data are available in what public institutions for what types of files - access authorization register: what data may be transmitted to what institutions for what types of files Crossroads Bank for Social Security 9 18/06/2001
Organisation principles of the network n n n obligatory participation of all public institutions every participant to the network can be supplier or addressee of data coordination and management of the network by the central organising unit - normalisation - stimulation - project management Crossroads Bank for Social Security 10 18/06/2001
Organisation principles of the network n data collection - previous consultation of the network obligatory n data storage - decentralised distributed functional task-sharing between public institutions valorization of external databases Crossroads Bank for Social Security 11 18/06/2001
Organisation principles of the network n data exchange - can be initiated • by the institution that needs the information • by the institution that disposes of new information • by the institution that manages the network - basically via the central organising unit - previous authorization by an independent Control Committee - systematical logging of all exchanges Crossroads Bank for Social Security 12 18/06/2001
Data protecting effects network concept implies n no central data storage data exchange via the central organising unit => precautionary control on the legitimacy of data exchange previous authorization of data exchange by an independent Control Committee Crossroads Bank for Social Security 13 18/06/2001
Advantages of data sharing (1/2) n improvement of the service offered to the citizen/ enterprise - n faster processing of files more accurate processing of files reduction of the administrative charge more guarantees on data protection advantageous effects for public sector - control of the administrative costs more efficient fraud detection more efficient policy support more flexibility in answering to changing needs Crossroads Bank for Social Security 14 18/06/2001
Advantages of data sharing (2/2) n more efficient working of the administrations - prevention of double work by task-sharing - optimalisation of task execution by computerisation - occasion for a self-critical attitude regarding internal organisation - basis for efficiency and quality assurance Crossroads Bank for Social Security 15 18/06/2001
Smart cards n possible functions - identification of the holder • natural person • enterprise - establishment - authentication of the holder • natural person • enterprise - establishment - generation of an electronic signature proof of qualities, characteristics, access rights, … transport of data transport of programs Crossroads Bank for Social Security 16 18/06/2001
Electronic identity card n working proposal - storage of identity data - possibly storage of insurance status in the health care sector - possibility of storage of private key for generation of electronic signature - possibility of storage of private key(s) for proof of qualities - “rentable” place for storage of other data - no biometrics - no data concerning driving licence Crossroads Bank for Social Security 17 18/06/2001
Model on PKI-infrastructure n legal framework - European Directive 1999/93/EC - adaptation art. 1322 Civil Code - bill concerning functioning of the certification-serviceproviders n proposal for an organization model on PKIinfrastructure, approved by the Council of the ministers of 22 November 2000 Crossroads Bank for Social Security 18 18/06/2001
European Directive n Member States shall ensure that “qualified” electronic signatures - have the same value as a handwritten signature - are admissible as evidence in legal proceedings n “qualified” means - based on a qualified certificate, t. means a certificate which meets the requirements laid down in Annex I of the Directive - that is provided by a certification-service-provider who fulfils the requirements laid down in Annex II of the Directive - and that is created by a secure device which meets the requirements laid down in Annex III of the Directive Crossroads Bank for Social Security 19 18/06/2001
European Directive n an electronic signature can not be denied legal consequences solely on the grounds that it is - not based upon a qualified certificate - not based upon a certificate issued by an accredited certificationservice-provider - not created by a secure device n Member States may make the use of electronic signatures in the public sector subject to possible additional requirements which - are related to the specific characteristics of the application concerned - are objective, transparent, proportionate and non-disciminatory - don’t constitute an obstacle to cross-border services Crossroads Bank for Social Security 20 18/06/2001
European Directive n each Member State shall ensure to - the certification-service-providers which are established on its territory - and issue qualified certificates - to the public for the establishment - of an appropriate system of supervision - of a liability scheme n Member States shall not make the provision of certification services subject to a prior authorisation Crossroads Bank for Social Security 21 18/06/2001
European Directive n Member States may introduce voluntary accreditation schemes - aiming at enhanced levels of certification-service provision - based on objective, transparent, proportionate and nondiscriminatory conditions - without limiting the number of accredited certification-serviceproviders Crossroads Bank for Social Security 22 18/06/2001
Adaption art. 1322 Civil code n Addition paragraph 2 “For the purpose of this article can meet the requirement of a signature, a set of electronic data that can be attributed to a particular person and that proves that the content of the act has been maintained”. Crossroads Bank for Social Security 23 18/06/2001
Bill functioning certification-service-providers n Implementation European Directive into Belgian law - provision that qualified electronic signature meets the requirements of art. 1322, p. 2 Civil code - scheme of minimal missions (issuance, management, revocation of certificates) and liability of certification-serviceproviders - rules at suspension of activities by certification-serviceprovider - voluntary accreditation scheme - rules regarding liability of certificate holder - supervision and sanctions - possibility to make the use of electronic signatures in the public sector subject to additional requirements Crossroads Bank for Social Security 24 18/06/2001
Organization model: purposes n n n n promote rapid availability of identity certificates guarantee quality of identity certificates promote multifunctional and free use of identity certificates guarantee open market of independent evolving certification authorities guarantee interoperability between certification authorities guarantee conformity with evolving technical standards conformity with the European Directive Crossroads Bank for Social Security 25 18/06/2001
Proposal organization model: notions n n identity certificate: proof of identity attribute certificate: proof of characteristic (for example: function, quality, mandate) function of registration authority (RA): ‘counter’ where the certificate is requested and that verifies if communicated identity or characteristic is correct; if so, she approves the request and reports this to the certification authority function of certification authority (CA): produces on the base of the information from the RA a certificate which is linked with a pair of keys and which indicates what the pair of keys further proves, and manages that certificate Crossroads Bank for Social Security 26 18/06/2001
Proposal organization model: scope n n identity certificates attribute certificates with regard to natural persons legal persons or organizations used for the generation of electronic signature into the scope of ICT-application of the government which require an electronic signature in the scope of E-commerce, E-banking, … no objection to (elements of) the organization model being used voluntarily beyond the specified scope Crossroads Bank for Social Security 27 18/06/2001
Proposal organization model: additional requirements n n n possibility to appeal to municipality as registration authority for identity certificates possibility of separate use of identity and attribute certificates private key associated to identity certificate is saved on a secure processorchip card with at least pincode protection free use and verification of identity certificates quality and operability standards Crossroads Bank for Social Security 28 18/06/2001
Proposal of organization model: working-out n n n government publishes additional requirements CA prove that they meet the additional requirements at call for electronic identity card, the holder can have on this card a private key that is associated to an identity certificate - for which the municipal has served as registration authority - that is issued by a CA meeting the additional requirements and chosen by the holder n electronic identity card contains necessary space to store other private keys associated to attribute certificates that holder can obtain at CA of his choice Crossroads Bank for Social Security 29 18/06/2001
Proposal of organization model: working-out n private key associated to identity certificate on electronic identity card can be used to generate electronic signature into the scope of ICT-applications of the government which require an electronic signature Crossroads Bank for Social Security 30 18/06/2001
Proposal of organization model: scheme VRK CM/CP/CI (4) (7) (5) (6) (9) (10 a 2) (8) RC (10 a 1) CA (3) CA Meikäläinen Matti Bull PIN & PUK 1 -code (10 b) ERA (1) De Gemeenten Face to face identification (2), (12) (11) (13) Crossroads Bank for Social Security 31 18/06/2001
Скачать презентацию Some initiatives of the Belgian government in order
153e1f7d32c75f3498907984d0654556.ppt