310 likes | 499 Views
NemID An agile national eID for Denmark. Geneva, 6-7 December 2010. V1.00a. NemID National Electronic Identity. Introduction Evolution European Context. Geneva, 6-7 December 2010. NemID National Electronic Identity. Introduction Evolution European Context. 3.
E N D
NemID An agile national eID for Denmark Geneva, 6-7 December 2010 V1.00a
NemIDNationalElectronicIdentity • Introduction • Evolution • European Context Addressing security challenges on a global scale Geneva, 6-7 December 2010
NemID NationalElectronicIdentity • Introduction • Evolution • European Context 3 Addressing security challenges on a global scale Geneva, 6-7 December 2010
It is a National eID – not National Identity Card Addressing security challenges on a global scale Geneva, 6-7 December 2010
What we wanted to achieve..... 1 Citizen Identity Infrastructure • Public Sector • eInvoice • eGovernment • eTax Declaration • Electronic Signature • EU Directive • eID • Finance Sector • eBanking • Single Euro Payment Area (SEPA) • EU Directive on Money Laundering • EMV chip card • Private Sector • Business to Citizen • Citizen to Citizen Addressing security challenges on a global scale Geneva, 6-7 December 2010
Trying to find a solution that is accepted.... NemID Net-ID OCES I Digital SignaturePilot projects 1999-2001 2003 2004 2010 Addressing security challenges on a global scale Geneva, 6-7 December 2010
Looking for a successful solution • Ensuring that the banks and the government cooperate to build a secure infrastructure as the key to success. • - Reaching critical mass fast with the banks as a pacer. • - Ensuring user routine due to frequent use. • - Simplification of the end user communication. Same logon and signing display. • - Creation of confidence among both users and service providers. Addressing security challenges on a global scale Geneva, 6-7 December 2010
Making pragmatic choices • Accepting that fast up-take is critical to return on investment • Accept wisdom is that about 70% coverage is the ‘tipping -point’ for 3rdaparty uptake • Setting realistic goals • enabling 80% of the population with 80% of their needs is a healthy starting point for efficient technology models • Always enabling evolution of the architecture to fulfill new needs Addressing security challenges on a global scale Geneva, 6-7 December 2010
An agile solution – general considerations 9 All sections of the community No need for card-reader Fast to deploy No more difficult than a lottery scratch-card Low lifecycle cost Addressing security challenges on a global scale Geneva, 6-7 December 2010
A secure solution • Security • Backed by PKI • Revocable • Upgradable later • Legally binding e-signatures • Reducing Risk • Easily Scalable • National Scale examples • Proven Technology • Demonstrable high uptake • Successful business model Addressing security challenges on a global scale Geneva, 6-7 December 2010
Looking at Norway as successful example Over 2 million users (70%+ of adult population) 1.3 million PKI secured transactions each day Qualified Certificates stored centrally released by OTP Technology Infrastructure operated by Addressing security challenges on a global scale Geneva, 6-7 December 2010
Bank ID daily usage status Number of PKI Authentications and Signings per day (over last 3 years)
NemID - The eventual choice • Private / Public Partnership • Centrally Stored PKI Certificates • Accessed by OTP challenge, initially using TANs for low cost and fast growth • Accepted by eGov, Private Sector and banks Addressing security challenges on a global scale Geneva, 6-7 December 2010
NemID - solution components Enrolment NemID User ID Password Keycard Keycard End User Self-service and support NemID website Log-in and signing Online Banking Applet Retrieval Other Data Public Services Other Data Log-in signing Data to website Addressing security challenges on a global scale Geneva, 6-7 December 2010
NemID authentication Addressing security challenges on a global scale Geneva, 6-7 December 2010
Public impact • NemID is an important element of the government’s strategy for digitalization • Increases and improves the services offered by the public sector • Educates all citizens to join the “Digital Super League ’ • Enhances other digital initiatives such as: • Digital deed Registration (Registration of loan in properties) • Single sign-on (NemLogin) • Document Box • Sundhed.dk (medical records) • Borger.dk (central portal to all registered data) Addressing security challenges on a global scale Geneva, 6-7 December 2010
Public impact • Citizens are ready to serve themselves • 3.2 million Danes signed on skat.dk to see their advance tax statement • Since NemID is born with critical mass it increases the authorities' incentive to develop new and better self-service solutions. Addressing security challenges on a global scale Geneva, 6-7 December 2010
NemID in the public sector Adgang med NemID Bestil NemID Addressing security challenges on a global scale Geneva, 6-7 December 2010
NemID in the finance sector Addressing security challenges on a global scale Geneva, 6-7 December 2010
Advantages for the banks • Improved image as contributor to national infrastructure • Impact on legislative framework • Public co-financing • Common preparedness and increased competence on security Addressing security challenges on a global scale Geneva, 6-7 December 2010
Advantages for the banks Enhanced customer "training” allows banks to realize efficiency gains and minimize support costs Product development of new services Improved business opportunities because the security infrastructure now facilitates new commerce transactions both in the public and private sector. Addressing security challenges on a global scale Geneva, 6-7 December 2010
NemID commercials • 3 tier strategy • NemID in production July 1st 2010 • Full roll out by end of 2010 – 3.4 million Danish netbank users • As of Sept. 2nd: > 1 million users; > 3.5 million transactions Addressing security challenges on a global scale Geneva, 6-7 December 2010
NemID National Electronic Identity • Introduction • Evolution • European Context 24 Addressing security challenges on a global scale Geneva, 6-7 December 2010
Keycard evolution For all basic users Multiple solutions… • eToken • Mobile OTP Addressing security challenges on a global scale Geneva, 6-7 December 2010
NemID – On-line banking Bank-specific solutions with a generic solution in development Addressing security challenges on a global scale Geneva, 6-7 December 2010
NemID - next phase Signing and archiving • Employment contracts • Mileage allowance • Customer contracts • Amendments to existing agreements • Termination of leases Phase One is concentrating on log-in and identification Phase Two will address digital signing Addressing security challenges on a global scale Geneva, 6-7 December 2010
Multiple levels of assurance • Customers have different needs for security solutions • Some want high assurance • Many want convenience • Usage with existing application lookup • Pricing levels will reflect assurance standards and liability Addressing security challenges on a global scale Geneva, 6-7 December 2010
Nem ID National Electronic Identity • Introduction • Evolution • European Context Addressing security challenges on a global scale Geneva, 6-7 December 2010
Current EU trend towards eIDs • Problems with State issuance of eID credentials • State programs always have long delays • Reluctance to ‘share’ chip space with 3rd parties • Liability • Need to maintain state/citizen separation for privacy • Advantages of private organisations • Agility, innovation and drive • Promotes citizen choice and opt-in • Capability for branding • Multi applications In line with the Digital Agenda for Europe Geneva, 6-7 December 2010 Addressing security challenges on a global scale 30
Thank You Any questions ?
Jon Shamah jon.shamah@nets.eu NETS eSecurity Haavard Martinsens vei 54, N-0045 OSLO