Date post: | 28-Dec-2015 |
Category: |
Documents |
Upload: | geraldine-cox |
View: | 223 times |
Download: | 3 times |
1
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Aleš Pelan, M.Sc.Directorate for e-Government and Administrative Processes Ministry of Public Administration
SI-TSA
Certification service and electronic identification – PKI in Slovenian government
Ministry of Public Administration
www.mju.gov.si, e: [email protected] Tržaška cesta 21, 1000 Ljubljana t: 01 478 83 30, f: 01 478 83 31
Republic of Slovenia
2
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Content:Content:
• Name and surname of the holder • Unique number• Public key • E-mail address• ......
Digital Certificate
Digital CertificateDigital Certificate = Presents a modern alternative to old fashioned forms of identification
Certified by the certificate authority
DN: cn=Ales Pelan, ou=certificates, o=state-institutions,c=si
Serial #: 8391037Start: 15/7/2008 14:20End: 15/7/2013 14:50E-mail: [email protected]:
CA DN: ou=SIGOV-CA, c=SI
3
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Legal Bases for Digital Certificates
• Electronic Commerce and Electronic Signature Act (2001, novel in 2004)
• Decree on Conditions for Electronic Commerce and Electronic Signing
• Personal Data Protection Act
• Secret Data Protection Act
• CA Policy (public and internal part of rules)
4
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
• Regulated in ECESA (electronic, digitaly signed form)
• Managed by Ministry of Higher Education, Science and Technology
• Basis for Certificate-based e-services in Slovenia (instead of cross-certification)
• 5 CSP’s issuing qualified certificates:• SI*CA (CA at MPA)• HALCOM CA• AC NLB• POŠTA CA• SI-MoD-CA
Register of CSP’s (Certificate Service Providers)
5
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
SlovenianGovernmental
Certification Authority
Slovenian General
Certification Authority
SI*CASI*CA
6
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Slovenian
Country Signing Certification AuthoritySlovenia
SI-TSA
Time Stamping Authority
SI*CASI*CA
7
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Encryption/decryption
Digital signature Authentication Secure delete Web communication e-mail
Web communication (SSL, TLS)
e-mail (S/MIME) Digital signature Authentication
Usage
Valid for 5 years No automatic
extension of validity
Validity of keys• 3 years en./de.,
signature• 5 years
authentication Automatic extension of
validity Keeping of decryption
keys
Characteristics
Enterprisecertificates
Web certificates
Types of digital certificates
privatepublicprivate private
public public
8
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Types of digital certificates
Enterprise certificates:• employees• organizational units• servers• TSA systems
Web certificates :• employees• organizational units• servers• code signers• OCSP responders
Public administration
Enterprise certificates :• employees• organizational units• servers
Web certificates:• employees• organizational units • servers• code signers• citizens
Natural and legal persons
9
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
SIGEN-CA public directory (digital certificates & CRL)
c=si
firma1
ou=companies
firma2 firma3
…
ou=individualsou=companies-web
firma1 firma2 firma3
… …
X500.gov.si(LDAP, HTTP access)
o=state-institutions
ou=sigen-ca
10
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Levels of access:- data acquisition- data validation
serial number ofdigital certificate
holder’s ID number
holder’s tax number
ID number of legal person
tax number of legal person
Connectional table
2345680712012 1103986715158 95962158 5874483000 282328012345680812017 1903969500853 32542186 5874483000 282328012345680912011 0104971500476 89159659 1358561000 337147892345681012014 0504953500645 16186575 1358561000 337147892345681112019 5119645002051 98783653 1358561000 337147892345681212013 2307976500283 11745889 5874424000 400168032345681312018 1403966500019 25978977 5874424000 40016803…
Access for services:- legal basis- agreement
Data of certificate holders andlegal persons
11
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Applicant
SIGOV-CA
Referencenumber
Authorizationcode
DC holder
Registrationauthority
PolicyApplication
SIGEN-CA
Registration authority SI*CA
12
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Legal
persons
Public
Admini-
stration
Registration authority SI*CA
Administrativeunits (68)
Tax offices (24)
MPA
Citizens Embassies &Consulates (45)
13
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
SI*CA certificates in e-services
• e-Government (e-SPA, OSS, e-taxes, Intrastat, e-notary, e-reporting, e-geodetic data, e-farm …)
• e-banking (Abanet, e-Banka Celje, DBS NET, Bank@Net, Dh-Plus, E-LON, KaD.Net …)
• e-businesses (SiOL, Elektro Ljubljana, Mobitel, miniMAX, EBA …)
• other (e-student, M servis …)
14
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
SI-TSA (Slovenian Time-Stamp Authority)
Trusted time stamp is an electronically signed certificate from a certifying authority that confirms data content at the stated time.
SI-TSA• Issuing trusted time stamps for applications;• Intended for public administration institutions and bussinesses (agreement);• Interface: Web service (SOAP) and RFC 3161 ASN.1 service.
15
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
CSCA-SI (Country Signing Certification Authority - Slovenia)
• EU Member States must issue passports with Biometric identifiers (facial image) after 28 August 2006 - Council Regulation No 2252/2004 of 13 December 2004;
• Countries in Visa waiver Permanent Program had to fulfill the same requirement till 26 October 2006;
• Biometric data stored on a contactless radio chip and digitaly signed;
• CSCA-SI issues digital certificates for Document Signers in Slovenia;
• Operational since June 2006.
16
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Bussiness issues
• PKI – one of infrastructural services at MPA
• availability of services:• free services for government and citizens• paylable services for legal persons (16.000 contracts,300.000 EUR of yearly income)
• maintanance costs:• usually as a percentage of purchase price• monthly cost per CA approx. 5.000 EUR (covering HW and SW for core CA and RA services; no costs for business premises, common infrastructure and employees included)
17
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Critical success factors
• suitable internal organization• compulsory policy documents (CP, CPS…)• pre-defined standard procedures • strict division of responsibilities/roles• min two employees per role• trained stuff (min 9 persons for 8 roles to be correctly covered)
• integration of certificates in e-services:
• test PKI environment• tool for creating dig. signatures (XML/PDF)• CA certificates in web browsers (IE,FF…)
18
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
And the future?
• web RA• autoregistration• identification by Post
• m-PKI• certificates on mobile phones
• CVCA-SI• e-passports with fingerprints• CVCA -> DV -> IS
• e-ID• e-gov functionality (digital certificates)• project currently on-hold
19
MINISTRSTVO ZA JAVNO UPRAVO
04/19/23
Any further questions:
Additional information: http://www.gov.si/ca/eng/index.htm