1 / 26

The Southampton Pathfinder for Smart Cards in public services

The Southampton Pathfinder for Smart Cards in public services. SmartPath. Sean Dawtry Corporate IT Consultant Southampton City Council E-mail s.dawtry@southampton.gov.uk Tel 023 8083 2983. Agenda. Overview of SmartPath Principles Project Scope PKI How Does it Work Main Partners

paulos
Download Presentation

The Southampton Pathfinder for Smart Cards in public services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Southampton Pathfinder for Smart Cards in public services

  2. SmartPath • Sean Dawtry • Corporate IT Consultant • Southampton City Council • E-mail s.dawtry@southampton.gov.uk • Tel 023 8083 2983

  3. Agenda • Overview of SmartPath • Principles • Project Scope • PKI • How Does it Work • Main Partners • Issues • The Future

  4. Overview • Develop Robust/Resilient Security Infrastructure for Electronic Service Delivery. • Though Development of PKI • Build Around Existing SmartCities Scheme • Available from Kiosks, PCs in Libraries • 6000 Citizens

  5. Principles • Bridge Digital Divide • Through SmartCard • Secure • Needed Real World Application • Housing Repairs • Portability and Interoperability

  6. Scope • Business Process Development • SmartCities • Housing • PKI/Certificate Management • Infrastructure Development • System Design • Integration • With Back Office • SmartCities • Secure Portal • Intuitive User Interface

  7. PKI • PKI (Public Key Infrastructure) • Enables users of a unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. • The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.

  8. Digital Certificate • A digital certificate is an electronic “passport" that establishes your credentials when doing business or other transactions on the Web. • It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key, and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. • Some digital certificates conform to a standard, X.509.

  9. Digital Certificate • Can be held • Web Browser • USB Token • Smartcard

  10. CA and RA • Certificate Authority • Organisation responsible for issuing and revoking certificates • Registration Authority • Organisation responsible for performing the registration process and verifies the identification of the individual

  11. CA and RA • Southampton City Council • currently performs the CA function. • Smartcities • Currently performs the RA function • Both are currently one in the same

  12. CP and CPS • Certificate Policy • Lays down the CA’s legal obligations • Liabilities • Holders obligations • Certificate Practice Statement • Details the processes by which the PKI will be managed i.e. Physical Controls, Personnel Controls, backup and recovery

  13. CP and CPS • How do they relate • The Certificate Policy generally states WHAT is to be adhered to. The Certificate Practice Statement states HOW it will be adhered to

  14. Verification • Meets Office of the E-Envoy’s authentication framework • Applicant must produce two forms of approved documents to verify identification

  15. Benefits of PKI • Entity Authentication • Verifies the Identity of a person or organisation • Data Confidentiality • Ensures transmitted data is secure • Data Integrity • Ensures that data is not tampered with in Transit

  16. Benefits of PKI • Non Repudiation • Neither party can deny transaction ever took place • Privilege Management • Policies that govern access to sensitive data

  17. Why PKI • E-Government programme opens up more data to more people • Could be sensitive • Need to ensure interest of all parties are taken into consideration • Important to know who is at the ‘other end’ • Prevention of fraud

  18. Certificate Request is granted and CMS authorised to encode card Create X509 Certificate CMS FTP Entrust ‘Get Access’ Account Created Entrust Poller CMS Informed if request is invalid Check CRM to Determine Valid user Account created within the Card Management System Certificate Request is created and stored in FTP Directory Poller Checks for new requests frequently Registration Citizen Registers

  19. BEA Weblogic Server CA Entrust ‘Get Access’ Server SCC Back office Systems ‘Get Access’ acts as a proxy server for resources from SCC application server through firewall e.g. Housing Repairs Certificate is copied to Cryptographic Store in Web Browser ‘Get Access’ Server confirms that certificate is valid and performs authentication process Cardholder inserts card and PIN All communication between BEA Weblogic and the user occurs through the firewall and the ‘Get Access’ Server Authentication Web Client

  20. Authentication Data Entrust ‘Get Access’ Server SCC Once completed Data Flush takes place to remove the certificate from the browser

  21. Lost/Stolen/Blacklisted Cards • Card Loss Report • Smartcities Creates a ‘Hotlist’ • ‘Hotlist’ Sent to SmartPath • Checked – Certificate and Account Revoked • New Card Requested if Necessary • Registration Process Begins

  22. Issues • Take Up • Hindsight is a good thing • Public Perception • ‘Leading Edge’ • Some Components ‘volatile’ • 2 pence pieces! • Jammed in Card Readers • Certificate Practice/Policies • Lots of work

  23. Main Partners • ECSoft • Primary Integration Partner • Entrust • PKI • Security and Authentication • Smartcities/SchlumbergerSema • Smartcards and Smartcard Integration

  24. The Future • Develop Key Components as a Product that Could Implemented Elsewhere • Share Documents • Certificate Practice Statement • Certificate Policy • Design Documents • Add more Services • Requiring higher security levels • Revenues and Benefits • Secure Payments (in and out) • Social Care

  25. The Future • Develop as a National model • Integrate With UK-Online • Obtain T-Scheme Approval

More Related