The Portuguese Interoperability Framework applied to the Portuguese Citizen Card Project
AMA – Agency for Public Services Modernization UMIC - Knowledge Society Agency
May 9th 2007
Agenda
•Introduction
• The Portuguese Interoperability Framework
• Citizen Card Project
1 Introduction Interoperability in Portugal (until recently…)
Major obstacles identified by UMIC for implementing e-Gov services:
• Legacy and Isolated Information Systems, with specific developments, without any normalization, making difficult to provide online services • Data Format and meaning distinct and incompatible between different public administration databases • Different authentication and authorization systems for accessing services • There was no organization focus on implementing cross-ministry process (focus on citizen needs) • When providing e-services there is not an easy way to provide e-payments for the citizen • Re-implementation of the same software several times in different public organizations • Among others…
Introduction Interoperability in Portugal (until recently…)
Some of the problems are interoperability issues... Organizational Technical Interoperability Semantic Interoperability Interoperability
• There is no Physical • Each public agency uses • Services and processes Shared communication its one data model focus on “inside”, not infrastructure for the developed on citizen public administration business episodes (there are SEVERAL!!) • It did not exist a canonical data model: • There was no technical very difficult to • There was no Inter- agreement or platform for implement cross services ministerial integration between (e.g., change of address) Interoperability systems (only “point-to- committee point” ad hoc integration) • It did not exist a secure and legal platform for “e”- authentication of citizens • No Shared e-payment system for the citizen…
2 Interoperability Framework Conceptual architecture
E-Gov Sites and Portals Face-to-face Layer (e-services) Contact-Center Presentation Presentation
Web Services
Interoperability Framework (FSC) Authentication Web Web
-Central Component- Services Suppliers Layer
XML
Toolkit Toolkit Toolkit Toolkit Toolkit Toolkit Toolkit Interoperability services and API API API API API API API Public Public Public Public Public Public Public Organization Organization Organization Organization Organization Organization Organization Systems Systems Systems Systems Systems Systems Systems Layer Back-end
Interoperability Framework Conceptual architecture
Interoperability Framework (FSC) -Central Component- Authentication Process Workflow and Supplier User Management Authentication services orchestration Web Web Services Authentication E-Services Identity Messaging engine Management Federation Management and administration Infrastructure Transaction Payment management engine Engine
XML
Toolkit Identity Canonical Data Central vs. Federation Mapping Local l(multiplatform) E-Services Messaging and SLA Management Management transaction support
API
Public Organization Systems
3 The Portuguese Citizen Card Project
• Roadmap Overview
• The Portuguese Citizen Card
• The Interoperability in action
Portuguese Citizen Card Project Roadmap
Think Demonstrate Specify Implement Improve
Jun 2005 Jan 2006 Fev 2007
1,5 months 3,5 2,5 months 9 months 2 years months
Project Management
Solutions Pilot and Vision and Goals Proof of Concept Implementation Selection Roll-Out
4 Portuguese Citizen Card What is it?
It replaces 5 ID Cards: • National Identity Card •Tax Card • Social Security Card •Voters Card • Health Care Card
This is a citizenship certificate in two ways. It is a physical document that allows the visual identification of a citizen and it is also a digital document that allows the citizen to identify himself/herself and to electronically sign documents.
Portuguese Citizen Card Front
• Card (ID-1 type) in polycarbonate with several security standard mechanisms (three-level control – visual, light detection, laboratory detection)
• The Front of the Citizen’s Card has the specific information about the ID of his owner
Optical variable ink Braille for visual impaired Name Chip Surname Date of Birth Sex, Height, Nationality Document Nº and Civil Identification Number Photo MLI (Multiple Laser Image) DOVID (Diffractive Optically Variable Image
Signature Expiry Date Device)
5 Portuguese Citizen Card Back
Parents names Card Version Number Social Security Number Tax Number Health Number DOVID in holograms (Diffractive Optically Variable Image Device)
Machine Readable Zone
Portuguese Citizen Card Chip
• Chip JavaCard, Samsung S3CC9TC, with 72Kb of EEPROM to applications and data • Main applications: – IAS – application that assures the authentication and electronic signature – EMV-CAP - application that assures one-time-passwords by alternative channels (e.g., phone) – Match-on-Card - application that verifies biometric data and fingerprints
Applications Citizen’s Data IAS Biometric Templates of Fingerprints EMV-CAP Picture Match-On-Card Adress Card Data Structure Legenda (every data that is visible in the face and back of the Card) PIN Protected Personal Data Area Public Access Non Available Digital Certificate – Qualified Signature Digital Certificate - Authentication
6 Portuguese Citizen Card Standards
• The Citizen’s Card follows the ECC standards and the best practices of the e-ID System:
Card: Chip: Biometrics: •ISO/IEC 9798 (device- •ISO/IEC 7810 •ISO/IEC/JTC 1 SC 37; authentication/Secure messaging); •ISO 7816; •ISO/IEC 7816-11; •ISO 7810; •ISO/IEC 14443; •ISO/IEC FCD 19794-2 (fingerprint •ISO 7811; •Java Card/GP (Java cards, ISO/IEC minutiae); •ISO 7811; 7501-3 (ICAO)) •ISO/IEC 19784-1 BioAPI; •ISO 7816; •CEN / TC 2254; •ISO/IEC 19785-1 Common Biometric •ISO 10373; •CWA 15264; Exchange formats (CBEFF) - Part 1: •ISO/IEC 10373; •CWA 14890; Data Element Specification. •EN 742:1993; •ISO/IEC 19794-2: Finger Minutiae data; •CECC 90000; •ISO/IEC 19794-4,5 : Finger Image data; •MIL STD-883C; •ISO/IEC 19784 – BioAPI; PKI, Certificates e Digital •Pr CEN/TS 15480 1,2 (European •ISO/IEC 19785 – CBEFF; Citizen Card - draft); •ISO/IEC 24727 Signature: •ICAO 9303 (travel documents); •EMV •ISO/IEC 7816-15; •CWA 14890 - CEN/ISSS Workshop on the electronic signature (Area K); •CWA 15264 (eAuthentication); •CWA 14167 (Multipart); •PKCS#1, PKCS#3 , PKCS#7, PKCS#8, PKCS#10, PKCS#11, PKCS#12, PKCS#15.
Portuguese Citizen Card Information Systems Conceptual Model
• Card Lifecycle System, responsible for the enrollment and renewal of the Cards, for the delivering, card cancelling, activation and revocation of the digital Card certificates and citizens support. Personalizati • Card Personalization System, responsible for the on System physical personalization, data writing, digital Certificates Card (authentication and Qualified Digital Signature) of the card PKI Lifecycle and the chip applications. It is also responsible for the System transport of the Card to the enrolment and delivering Card Interoperabilit offices and for the envoi of the letter with the PIN/PUK to y Framework the citizen Platform • PKI, responsible for the digital certificates of the Citizen’s EMV-CAP Public Card Validation Entities • EMV-CAP Validation System, responsible for the System Systems centralized validation of the citizen’s authentication, with authentication tokens created in the chip EMV-CAP application • Public Entities Systems, this are the Public Bodies Systems that have all the citizen’s data in separate
7 Sistema de Personaliz ação do Sistema de Cartão Ciclo de PKI Vida do Framework Cartão Portuguese Citizen Card de Serviços Sistemas Comuns Sistema de dos Validação Organismo EMV-CAP s Envolvidos Interoperability Framework Platform
Legend: Systems supporting the Portuguese Citizen Card Card Delivery Interoperability Framework Platform Personalization
PIN´s Card
Card Lifecycle Communication Communication EMV CAP Management Facilitator SW Facilitator SW “Citizen Card Office” Communication Communication PKI for Facilitator SW Facilitator SW Citizen Card Citizen Clerk FSC
Civil Health Finance Social Identification Communication Communication Security Communication FacilitatorSW FacilitatorSW Communication Facilitator SW FacilitatorSW
Located on each Organism Existing Systems of Information
Sistema de Personaliz ação do Sistema de Cartão Ciclo de PKI Vida do Framework Cartão Portuguese Citizen Card de Serviços Sistemas Comuns Sistema de dos Validação Organismo EMV-CAP s Interoperability Framework Platform Envolvidos
• The Interoperability Framework Platform is responsible for : • Technical, syntactic and semantic Legend: integration of the public administration Systems supporting the Portuguese Citizen Card systems Card Delivery Interoperability Framework Platform Personalization • Identity Federation, ensuring that each
PIN´s Card organism keeps only the departmental identification of the citizen and allowing Card Lifecycle Communication Communication EMV CAP cross ministry processes Management Facilitator SW Facilitator SW “Citizen Card Office” • Electronic Authentication and Communication Communication PKI for Authorization of the citizen Facilitator SW Facilitator SW Citizen Card Citizen Clerk FSC • Processes Orchestration
Civil Health Finance Social Identification Communication Communication Security • Security and auditing Communication FacilitatorSW FacilitatorSW Communication Facilitator SW FacilitatorSW
Located on each Organism Existing Systems of Information
8 Portuguese Citizen Card Ask for new Card
Ask for new Card AFIS Justice Social Finance Health IS Voter IS IS Sec. IS IS Photo + Fingerprint+ Signature Citizen Card Office Card Life Cycle IS
Life Cicle Citizen Interoperability Platform (FSC)
Portuguese Citizen Card Ask for new Card
Fingerprint Ask for new Card match AFIS Justice Social Finance Health IS Voter IS IS Sec. IS IS Photo + Fingerprint+ Signature Citizen Card Office Card Life Provide current card + Cycle IS Biographic data Record Data on system Ask for current Confirm numbers Current Provide temporary document Data & Federate CicloLife deCicle Vida Citizen ID Citizen Interoperability Platform (FSC)
9 Portuguese Citizen Card Ask for new Card
Fingerprint Ask for new Card match AFIS Justice Social Finance Health IS Voter IS IS Sec. IS IS Photo + Fingerprint+ Signature Citizen Card Office Card Life Provide current card + Cycle IS Biographic data Record Data on system Ask for current Confirm numbers Current Provide temporary document Data & Federate CicloLife deCicle Vida Citizen ID Citizen Delivery Pin-letter Interoperability Platform Post (FSC)
Provide Ask for the card Send Pin Letter Data Citizen Card Office Card Life Send card Card Deliver the Card Cycle IS Personalization
Life Certificate activation PKI EMV Cicle
The Portuguese Interoperability Framework applied to the Portuguese Citizen Card Project
AMA – Agency for Public Services Modernization UMIC - Knowledge Society Agency
May 9th 2007
10