1 / 23

Digital signatures in Denmark OCES 2.0

Digital signatures in Denmark OCES 2.0. Boosting trust in the digital single market: The role of e-signature 9-10 November 2011, Poland. Charlotte Jacoby Senior adviser, Master of law Centre for Digital Signature Danish Agency for Digitisation. Agency for Digitisation Ministry of Finance.

oihane
Download Presentation

Digital signatures in Denmark OCES 2.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital signatures in DenmarkOCES 2.0 • Boosting trust in the digital single market: The role of e-signature • 9-10 November 2011, Poland Charlotte Jacoby Senior adviser, Master of law Centre for Digital Signature Danish Agency for Digitisation

  2. Agency for DigitisationMinistry of Finance • Due to the inauguration of the new Danish government and changes in political areas, OCES and e-signature now resides in the Ministry of Finance • By 3. October 2011 The National IT and Telecom Agency was closed, tasks moved to The Danish Agency for Governmental Management • By 31. October 2011 The Danish Agency for Governmental Management was closed and two new Agencies formed. Tasks now in Danish Agency for Digitisation

  3. Agenda • Background, ICT policy and principles • National esignature standard OCES 1.0 • National esignature standard OCES 2.0 – NemID • How does it work? • Status today

  4. Government globalisation strategy • At the latest in2012 it should be possible to perform all relevant written communication between companies, citizens and the public sector digitally. • Fremgang, fornyelse og tryghed, april 2006

  5. Goals for reforming the public sector • Productivity and efficiency • Coherent infrastructure • Digital communication

  6. The Danish esignature history NemID OCES I – Digital Signature Qualified Certificate Pilots 2000 2003 2004 2010

  7. OCES legal framework • OCES Agreement with governmental agency • State owned OCES Certificate Policies • requirements for the public key infrastructure • level of security applied for the digital signature • CP’s part of agreement • Agency for Digitasation supervisory authority • Audit - annual report to the supervisory authority including external system audit of the CA • CA liable for the content of the certificate unless the CA can prove that the CA has not acted negligently or intentionally

  8. Goal and foundation of the OCES project • OCES = Public Certificates for Electronic Services • Goal: • A general open, scalable and transparent security infrastructure based on PKI • Controlled by the state and operated by private Certificate authorities (CA) • Foundation: • Defining state-owned Certificate Policies (CP) • An open architecture based on international standards – OCES CP’s • EU-Tender with a public private partnership in mind • Establishing a non-discrimination approval process for potential OCES CA’s

  9. OCES Certificates • Issued as: • Personal certificates – PID (a unique number related to civil registration number) • Employee certificates – RID/CVR (Employee number/Central company number) • Business certificates – CVR (Central company number) • Device certificates – CVR (Central company number + deviceID) • Used for: • Access control - Logon • Secrecy - Encryption of e-mails • Signature for e-mails, documents and web-sites (non-repudiation)

  10. Roles of interested parties • OCES CPs • Supervision OCES CA OCESagreement Develop. infrastructure Agencyfor Digitisation DanID Dialogue DanishStandard Association Commercialagreement Coordinating and recommendations PKIservices Guidance, monitoring, marketingetc. Public sector Private companies Vendors Citizens

  11. OCES 1.0 – a good start • March 2003 – July 2010: • More than 1.88 million OCES 1.0 digital signatures were issued • Of these around 354.000 employee certificates among 132.000 companies/public authorities • Many public and some private services

  12. Examples of electronic services using digital signatures (OCES 1.0 and 2.0) • Sundhed.dk – the public sector’s health portal • The National Tax Authority • The State Education Fund • The City of Copenhagen • Borger.dk – A portal for citizens used by all local authorities • “danmark” – the private Danish health insurance company • “Virk.dk” – the common public sector portal for companies (potential 250.000 companies) • ATP - the Danish supplementary labour market pension fund • The Ministry of Education: Central Education Admission Portal • Digital post – public electronic mailbox • “Eboks” - private electronic mailbox

  13. OCES 2.0 Tender demands • Economy of the solution • Security • User friendliness and mobility • Public as clear sender/owner • Further penetration • Functionality at least as today • Continuity for services and easy migration for users

  14. New agreement (august 2008) • All citizens can still order and use digital signatures and get competent support free of charge • Companies and public authorities can order and use up to three employee certificates free of charge • Public authorities can receive certificates for a five year period

  15. OCES 2.0 - NemID NemID is the new national digital signature NemID used for log-on, signing and secure e-mail Access to online banking in all Danish Access to a large number of public services NemID use from any computer NemID based on 2-factor security Private service providers use NemID Mobility  Security  Penetration  User- Friendly  Frequent Use

  16. OCES 2.0 - NemID • Centrally securely stored private keys • Access with 2-factor authentification independant of pc • Something you know (password) • Something you have (one time password) • CA certificates • 2048 – 4096 bits RSA • SHA256 • End user certificates • 2048 bits RSA • SHA256 • CRL’s and OCSP

  17. Common use of infrastructure DanID Netbank Tax Larger penetration Larger effiency potential Frequent use Remember password OCES Signatures OTP Server Netbank Signatures Applet

  18. End user registration – based on requirementsfrom law on money laundry and terror funding Identity known - Code card sent to registered CPR-address Netbank Identity unknown - Activation password and code card sent to registered CPR-address CA/DanID NemID.nu Physical presence – On site issuance handover of Activation password and code card Citizen service centres Tax centres

  19. Tax authorities OTP-server Publicly financed Internet Citizen Signature server HSM Helpdesk

  20. NemID Penetration • Penetration status today • 3,000,000+ active users • Supported by all major government sites • Supported by all banks for ebanking • Around 1.500 new users per day • Around 140 private service provider agreements • 1,000,000 transactions per day average • More than 450 transactions since 1st July 2010

  21. References and links

  22. ??? www.nemid.nu cj@itst.dk

More Related