Embed Size (px)
Citation preview
1
The Portuguese Interoperability Framework applied to thePortuguese Citizen Card Project
AMA – Agency for Public Services ModernizationUMIC - Knowledge Society Agency
May 9th 2007
Agenda
• Introduction
• The Portuguese Interoperability Framework
• Citizen Card Project
2
IntroductionInteroperability in Portugal (until recently…)
Major obstacles identified by UMIC for implementing e-Gov services:
• Legacy and Isolated Information Systems, with specific developments, without any normalization, making difficult to provide online services
• Data Format and meaning distinct and incompatible between different public administration databases
• Different authentication and authorization systems for accessing services
• There was no organization focus on implementing cross-ministry process (focus on citizen needs)
• When providing e-services there is not an easy way to provide e-payments for the citizen
• Re-implementation of the same software several times in different public organizations
• Among others…
IntroductionInteroperability in Portugal (until recently…)
Some of the problems are interoperability issues...
• Each public agency uses its one data model
• It did not exist a canonical data model: very difficult to implement cross services (e.g., change of address)
Semantic InteroperabilitySemantic Interoperability
• There is no Physical Shared communication infrastructure for the public administration (there are SEVERAL!!)
• There was no technical agreement or platform for integration between systems (only “point-to-point” ad hoc integration)
• It did not exist a secure and legal platform for “e”-authentication of citizens
• No Shared e-payment system for the citizen…
Technical InteroperabilityTechnical Interoperability
• Services and processes focus on “inside”, not developed on citizen business episodes
• There was no Inter-ministerial Interoperability committee
Organizational Organizational InteroperabilityInteroperability
3
Public Organization
Systems
Public Organization
Systems
Public Organization
Systems
Public Organization
Systems
Public Organization
Systems
Public Organization
Systems
Public Organization
Systems
Interoperability FrameworkConceptual architecture
Contact-CenterFace-to-faceE-Gov Sites and Portals
(e-services)
Interoperability Framework (FSC)- Central Component-
AuthenticationSuppliers
ToolkitAPI
ToolkitAPI
ToolkitAPI
ToolkitAPI
ToolkitAPI
ToolkitAPI
ToolkitAPI
Web Services
XML
Web
Se
rvic
es
Pres
enta
tion
Laye
rIn
tero
pera
bilit
y an
d se
rvic
es
Laye
r
Back
-end
La
yer
Public Organization Systems
Interoperability FrameworkConceptual architecture
Interoperability Framework (FSC)- Central Component- Authentication
Supplier
Toolkit
API
XML
Web
Se
rvic
esAuthentication
Identity Federation
User Management
E-Services Management
Process Workflow and services orchestration
Transaction engine
Messaging engine
Payment Engine
Infrastructure management
Authentication
Management and administration
IdentityFederation
Canonical Data Mapping
Central vs. Local l(multiplatform)
E-Services Management SLA ManagementMessaging and
transaction support
4
The Portuguese Citizen Card Project
• Roadmap Overview
• The Portuguese Citizen Card
• The Interoperability in action
Portuguese Citizen Card ProjectRoadmap
3,5 months
9 months 2 years1,5 months 2,5 months
Proof of Concept ImplementationVision and Goals Solutions Selection
Fev 2007
Pilot andRoll-Out
Project Management
Jun 2005 Jan 2006
Demonstrate Specify Implement ImproveThink
5
Portuguese Citizen CardWhat is it?
This is a citizenship certificate in two ways. It is aphysical document that allows the visual identification of a citizen and it is also a
digital document that allows the citizen to identify himself/herself and to electronically sign documents.
It replaces 5 ID Cards:• National Identity Card• Tax Card• Social Security Card• Voters Card• Health Care Card
Portuguese Citizen Card Front
• Card (ID-1 type) in polycarbonate with several security standard mechanisms (three-level control – visual, light detection, laboratory detection)
• The Front of the Citizen’s Card has the specific information about the ID of his owner
Chip
Document Nº and Civil Identification Number
MLI (Multiple Laser Image)
Signature Expiry Date
Name
SurnameDate of Birth
Photo
Sex, Height, Nationality
Braille for visual impaired
Optical variable ink
DOVID (Diffractive Optically Variable Image
Device)
6
Portuguese Citizen Card Back
Card Version Number
Machine Readable Zone
Parents names
Social Security NumberHealth NumberTax Number
DOVID in holograms (Diffractive Optically Variable Image Device)
Portuguese Citizen CardChip
• Chip JavaCard, Samsung S3CC9TC, with 72Kb of EEPROM to applications and data• Main applications:
– IAS – application that assures the authentication and electronic signature – EMV-CAP - application that assures one-time-passwords by alternative channels (e.g., phone)– Match-on-Card - application that verifies biometric data and fingerprints
IAS
Applications
Match-On-Card
Biometric Templates of Fingerprints
EMV-CAP
Card Data Structure(every data that is visible in the
face and back of the Card)
Personal Data Area
Picture
Adress
Citizen’s Data
Digital Certificate – Qualified Signature
Digital Certificate - Authentication
PIN ProtectedPublic AccessNon Available
Legenda
7
Portuguese Citizen CardStandards
• The Citizen’s Card follows the ECC standards and the best practices of the e-ID System:
Card:•ISO/IEC 9798 (device-authentication/Secure messaging); •ISO 7810;•ISO 7811;•ISO 7811;•ISO 7816;•ISO 10373;•ISO/IEC 10373;•EN 742:1993;•CECC 90000;•MIL STD-883C;•Pr CEN/TS 15480 1,2 (European Citizen Card - draft);•ICAO 9303 (travel documents);
Chip:•ISO/IEC 7810•ISO 7816;•ISO/IEC 14443;•Java Card/GP (Java cards, ISO/IEC 7501-3 (ICAO))
•CEN / TC 2254;•CWA 15264;•CWA 14890;•ISO/IEC 19794-2: Finger Minutiae data;•ISO/IEC 19794-4,5 : Finger Image data;•ISO/IEC 19784 – BioAPI;•ISO/IEC 19785 – CBEFF;•ISO/IEC 24727•EMV
Biometrics:•ISO/IEC/JTC 1 SC 37;•ISO/IEC 7816-11;•ISO/IEC FCD 19794-2 (fingerprint minutiae);
•ISO/IEC 19784-1 BioAPI;•ISO/IEC 19785-1 Common Biometric Exchange formats (CBEFF) - Part 1: Data Element Specification.
PKI, Certificates e Digital Signature:
•ISO/IEC 7816-15;•CWA 14890 - CEN/ISSS Workshop on the electronic signature (Area K);
•CWA 15264 (eAuthentication);•CWA 14167 (Multipart);•PKCS#1, PKCS#3 , PKCS#7, PKCS#8, PKCS#10, PKCS#11, PKCS#12, PKCS#15.
Portuguese Citizen CardInformation Systems Conceptual Model
PKI
Interoperability Framework
Platform
Card Lifecycle System
Card Personalization System
EMV-CAP Validation
System
Public Entities Systems
• Card Lifecycle System, responsible for the enrollment and renewal of the Cards, for the delivering, card cancelling, activation and revocation of the digital certificates and citizens support.
• Card Personalization System, responsible for the physical personalization, data writing, digital Certificates (authentication and Qualified Digital Signature) of the card and the chip applications. It is also responsible for the transport of the Card to the enrolment and delivering Card offices and for the envoi of the letter with the PIN/PUK to the citizen
• PKI, responsible for the digital certificates of the Citizen’s Card
• EMV-CAP Validation System, responsible for the centralized validation of the citizen’s authentication, with authentication tokens created in the chip EMV-CAP application
• Public Entities Systems, this are the Public Bodies Systems that have all the citizen’s data in separate
8
FSC
Card Personalization
CommunicationFacilitator SW
Legend:Systems supporting the Portuguese Citizen Card
Interoperability Framework Platform
Legend:Systems supporting the Portuguese Citizen Card
Interoperability Framework Platform
EMV CAPCommunicationFacilitator SW
EMV CAPCommunicationFacilitator SW
PKI forCitizen Card
CommunicationFacilitator SW
PKI forCitizen Card
CommunicationFacilitator SW
“Citizen Card Office”
ClerkCitizen
Card LifecycleManagement
CommunicationFacilitator SW
“Citizen Card Office”
ClerkCitizen
“Citizen Card Office”
ClerkCitizen
Card LifecycleManagement
CommunicationFacilitator SW
Delivery
PIN´s Card
Delivery
PIN´s Card
Located on each Organism Existing Systems of Information
CivilIdentificationCommunicationFacilitator SW
FinanceCommunicationFacilitatorSW
Social SecurityCommunicationFacilitatorSW
HealthCommunicationFacilitatorSW
Located on each Organism Existing Systems of Information
CivilIdentificationCommunicationFacilitator SW
FinanceCommunicationFacilitatorSW
Social SecurityCommunicationFacilitatorSW
HealthCommunicationFacilitatorSW
Portuguese Citizen CardInteroperability Framework Platform
PKI
Frameworkde Serviços
Comuns
Sistema de Ciclo de Vida do Cartão
Sistema de Personaliz
ação do Cartão
Sistema de ValidaçãoEMV-CAP
Sistemasdos
Organismos
Envolvidos
Portuguese Citizen CardInteroperability Framework Platform
PKI
Frameworkde Serviços
Comuns
Sistema de Ciclo de Vida do Cartão
Sistema de Personaliz
ação do Cartão
Sistema de ValidaçãoEMV-CAP
Sistemasdos
Organismos
Envolvidos
• The Interoperability Framework Platform is responsible for :
• Technical, syntactic and semantic integration of the public administration systems
• Identity Federation, ensuring that each organism keeps only the departmental identification of the citizen and allowing cross ministry processes
• Electronic Authentication and Authorization of the citizen
• Processes Orchestration
• Security and auditing
FSC
Card Personalization
CommunicationFacilitator SW
Legend:Systems supporting the Portuguese Citizen Card
Interoperability Framework Platform
Legend:Systems supporting the Portuguese Citizen Card
Interoperability Framework Platform
EMV CAPCommunicationFacilitator SW
EMV CAPCommunicationFacilitator SW
PKI forCitizen Card
CommunicationFacilitator SW
PKI forCitizen Card
CommunicationFacilitator SW
“Citizen Card Office”
ClerkCitizen
Card LifecycleManagement
CommunicationFacilitator SW
“Citizen Card Office”
ClerkCitizen
“Citizen Card Office”
ClerkCitizen
Card LifecycleManagement
CommunicationFacilitator SW
Delivery
PIN´s Card
Delivery
PIN´s Card
Located on each Organism Existing Systems of Information
CivilIdentificationCommunicationFacilitator SW
FinanceCommunicationFacilitatorSW
Social SecurityCommunicationFacilitatorSW
HealthCommunicationFacilitatorSW
Located on each Organism Existing Systems of Information
CivilIdentificationCommunicationFacilitator SW
FinanceCommunicationFacilitatorSW
Social SecurityCommunicationFacilitatorSW
HealthCommunicationFacilitatorSW
9
AFIS
Portuguese Citizen CardAsk for new Card
Citizen CardOffice
Card Life Cycle IS
Ask for new Card
Citizen
Interoperability Platform (FSC)
Justice IS
Social Sec. IS
Finance IS
Health IS Voter IS
Life Cicle
Photo + Fingerprint+ Signature
AFIS
Portuguese Citizen CardAsk for new Card
Provide current card + Biographic data
Provide temporary document
Interoperability Platform (FSC)
Ask for current numbers
Confirm Current Data &
Federate Citizen ID
Record Data on system
Ciclode Vida
Justice IS
Social Sec. IS
Finance IS
Health IS Voter IS
Citizen CardOffice
Card Life Cycle IS
Ask for new Card
Citizen
Life Cicle
Photo + Fingerprint+ Signature
Fingerprint match
10
AFIS
Portuguese Citizen CardAsk for new Card
Citizen
Card Personalization
Provide Data
Citizen CardOffice
Card Life Cycle IS
Send card
Send Pin Letter
PostDelivery Pin-letter
Ask for the card
Deliver the Card
Life Cicle
PKI EMVCertificate activation
Provide current card + Biographic data
Provide temporary document
Interoperability Platform (FSC)
Ask for current numbers
Confirm Current Data &
Federate Citizen ID
Record Data on system
Ciclode Vida
Justice IS
Social Sec. IS
Finance IS
Health IS Voter IS
Citizen CardOffice
Card Life Cycle IS
Ask for new Card
Life Cicle
Photo + Fingerprint+ Signature
Fingerprint match
The Portuguese Interoperability Framework applied to thePortuguese Citizen Card Project
AMA – Agency for Public Services ModernizationUMIC - Knowledge Society Agency
May 9th 2007
