Presentation is loading. Please wait.

Presentation is loading. Please wait.

2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)"— Presentation transcript:

1 2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

2 2-Jun-15 2 The scenario About 15.000.000 of National Services Card (CNS) About 2.500.000 of Electronic Identity Card (CIE) Development of e-Health services, payment services (EMV non-compliant) and electronic document interchange. Large use of digital signature (qualified signature) that can be installed in eID smart cards.

3 2-Jun-15 3 Electronic Identity Card (CIE) Italian Electronic Identity Card (CIE) is a plastic ID1 format “hybrid” card with a chip and an optical memory band. On the front of the card, the layout has an upper zone for personal data and photo of the holder, and a lower zone – ICAO MRZ (Machine Readable Zone) – for the automatic reading of the same data, codified on three lines and printed in OCRB, readable with specific devices. On the back side, besides other personal data, there is the microchip, an optical memory stripe (only for security purposes, not for data storage) and a security hologram. The microchip is ISO/IEC 7816 compliant with an EEPROM of 64k (new project). In the future will be possible to implement contactless functionalities.

4 2-Jun-15 4 National Services Card (CNS) It ’ s a set of rules. It ’ s issued by a public administration. It will be used to access online services issued by public administration and private sector. It cannot be used for personal identification (there aren ’ t physical security characteristics). The smart card used for digital signature are CNS compliant. Specific services can be installed in the smart card (fidelity card, contactless services, parking, etc.).

5 2-Jun-15 5 Software libraries Free file system. Free software libraries interfacing the smart card. Free software libraries to use the online services (server side). These libraries will be “open source”.

6 2-Jun-15 6 WHAT DOES INTEROPERABILITY MEAN IN EID ? Interoperability: “The capability to communicate, execute programs, or transfer data among various functional units in a manner that requires the user to have little or no knowledge of the unique characteristics of those units” (ISO/IEC 2382-01). In EID, the logical flow is: owner, validity of eid, digital identity, access, authorizations, logging, privacy aspects must be strongly guaranteed.

7 2-Jun-15 7 EID INTEROPERABILITY (1) Some considerations about “interoperability”, a term adopted in different circumstances. There are many kinds of “interoperability”: technical, bridge, standard, service, etc. When many options are included in the specifications of interoperability, the probability of its functioning are reduced. We should avoid keep the level of interoperability at a low level. The real world makes this level quickly useless.

8 2-Jun-15 8 EID INTEROPERABILITY (2) The European experience in electronic signature highlighted obstacles to be removed before getting to a full interoperability. We have the EU Directive (1999/93/EC), some technical specifications, dozen of standards and a 1% interoperability. To avoid making the wrong choice, a different way should be opened. ECC (CEN/TS 15480) is a good starting point.

9 2-Jun-15 9 EID INTEROPERABILITY (3) The first step is defining the desired type of interoperability. The idea that “the standards emerge from the market” is revealed wrong. A better approach is the “mixed” one, like that adopted for the e-passport, supported by the precise commitment of the European Commission on the aspects of inter-change on trust levels. Liberty Alliance, Federated TLS, Cardspace are good approaches. Their use should be placed in the EU frame as a duty and not as an option. In this case, some countries could observe that the option does not protect the already done investments.

10 2-Jun-15 10 Italian models for the delivery of online services The Italian CIE and CNS work in the same way on the front-office side, but they have two different ways of interacting with the back-office. When services are delivered directly through a three- level architecture (client, web services, database), SSLv3 is used with authentication procedures depending on the specific kind of application. In the case of services delivered in a “distributed” way, the security architecture adopts SAML. A relevant project involving the Italian Regions is ICAR (Regional Applicative Cooperation Infrastructure).

11 2-Jun-15 11 An example: ICAR (SAML) Source: Francesco Meschia

12 2-Jun-15 12 Evolution of interoperability in Europe (1) In Europe there is a large number of identity management projects. In Europe there is a large number of applicative cooperation. What is the reason? Which of them, after their conclusion, will have the value and strength of becoming the “European model”?

13 2-Jun-15 13 Evolution of interoperability in Europe (2) A possible road map could be:  ECC for the smart card and the services “card based” structure.  An architecture for the trust chain (a common format should be chosen).  The authentications should be established.  The organization model for delivery of services should be chosen.  A European Directive should be issued.

14 2-Jun-15 14 Conclusion and suggestions (1) The experience of Directive 1999/93/EC though that the market does not tell the rules allowing everyone exchanging data. The political, legal, cultural and technological complexity of new Europe will lead to adopt the excellent indications of the EU Commission in a non omogeneus way on the technical level. This situation encourage the acceptance of compromise in technological realizations.

15 2-Jun-15 15 Conclusion and suggestions (2) In Europe, the EID has more than 20 different implementations (Modinis report). To make IDs interoperable, a precise EU address should establish in a clear way:  The relevant data for the identity of the person (fiscal code, e- mail address, serial number, social security number, etc.)  Which services are wanted  Who is the subject authorizing the procedure (e-procurement, change address, e-payments, etc.) Digital signature is watching us!

16 2-Jun-15 16 Contact Institutional Web-site: www.cnipa.gov.it For further information, please contact: manca@cnipa.it

Download ppt "2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)"

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012)

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)
European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.

European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.
ProAssist ® complex assistance services management system Global Assistance & INGENIUM Praha.

ProAssist ® complex assistance services management system Global Assistance & INGENIUM Praha.
EESTONIA open government in practice Nele Leosk 3 April, Tunis.

EESTONIA open government in practice Nele Leosk 3 April, Tunis.
Security Infrastructure and National Patient Summary Mats Hagner. Project Manager Carelink AB

Security Infrastructure and National Patient Summary Mats Hagner. Project Manager Carelink AB
CEF Building Blocks Joao RODRIGUES FRADE

CEF Building Blocks Joao RODRIGUES FRADE
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Setting Processes for Electronic Signature 1 The ”W-SPES Project” and the “Leuven Report on the Electronic Signatures Directive” – Putting the Project.

Setting Processes for Electronic Signature 1 The ”W-SPES Project” and the “Leuven Report on the Electronic Signatures Directive” – Putting the Project.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, 16.3. – 17.3. 2015.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
CLXMGCS.ppt Why Smart Cards System Overview Card Architecture Why CardLogix Smart Cards Overview FY 2001.

CLXMGCS.ppt Why Smart Cards System Overview Card Architecture Why CardLogix Smart Cards Overview FY 2001.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.

European Signatures versus Global SignaturesRome, 7 April, 2003 EESSI open specifications and interoperability The state of the art in Italy Giovanni Manca.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict 2010. All rights.

Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.

Similar presentations

Ads by Google