The Southampton Pathfinder for Smart Cards in public services
description
Transcript of The Southampton Pathfinder for Smart Cards in public services
© Southampton City Council Sean Dawtry – Southampton City Council
The Southampton Pathfinder for Smart Cards in public services
© Southampton City Council Sean Dawtry – Southampton City Council
SmartPath
• Sean Dawtry• Corporate IT Consultant• Southampton City Council• E-mail [email protected]• Tel 023 8083 2983
© Southampton City Council Sean Dawtry – Southampton City Council
Agenda
• Overview of SmartPath• Principles • Project Scope• PKI• How Does it Work• Main Partners• Issues• The Future
© Southampton City Council Sean Dawtry – Southampton City Council
Overview
• Develop Robust/Resilient Security Infrastructure for Electronic Service Delivery.
• Though Development of PKI
• Build Around Existing SmartCities Scheme
• Available from Kiosks, PCs in Libraries
• 6000 Citizens
© Southampton City Council Sean Dawtry – Southampton City Council
Principles
• Bridge Digital Divide
• Through SmartCard
• Secure
• Needed Real World Application– Housing Repairs
• Portability and Interoperability
© Southampton City Council Sean Dawtry – Southampton City Council
Scope
• Business Process Development– SmartCities– Housing– PKI/Certificate Management
• Infrastructure Development
• System Design
• Integration– With Back Office– SmartCities
• Secure Portal
• Intuitive User Interface
© Southampton City Council Sean Dawtry – Southampton City Council
PKI
• PKI (Public Key Infrastructure)– Enables users of a unsecured public network such as
the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
– The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.
© Southampton City Council Sean Dawtry – Southampton City Council
Digital Certificate
• A digital certificate is an electronic “passport" that establishes your credentials when doing business or other transactions on the Web.
• It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key, and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.
• Some digital certificates conform to a standard, X.509.
© Southampton City Council Sean Dawtry – Southampton City Council
Digital Certificate
• Can be held– Web Browser
– USB Token
– Smartcard
© Southampton City Council Sean Dawtry – Southampton City Council
CA and RA
• Certificate Authority– Organisation responsible for issuing and
revoking certificates
• Registration Authority– Organisation responsible for performing
the registration process and verifies the identification of the individual
© Southampton City Council Sean Dawtry – Southampton City Council
CA and RA
• Southampton City Council – currently performs the CA function.
• Smartcities– Currently performs the RA function
• Both are currently one in the same
© Southampton City Council Sean Dawtry – Southampton City Council
CP and CPS
• Certificate Policy– Lays down the CA’s legal obligations – Liabilities– Holders obligations
• Certificate Practice Statement– Details the processes by which the PKI will be
managed i.e. Physical Controls, Personnel Controls, backup and recovery
© Southampton City Council Sean Dawtry – Southampton City Council
CP and CPS
• How do they relate– The Certificate Policy generally states
WHAT is to be adhered to. The Certificate Practice Statement states HOW it will be adhered to
© Southampton City Council Sean Dawtry – Southampton City Council
Verification
• Meets Office of the E-Envoy’s authentication framework
• Applicant must produce two forms of approved documents to verify identification
© Southampton City Council Sean Dawtry – Southampton City Council
Benefits of PKI
• Entity Authentication– Verifies the Identity of a person or organisation
• Data Confidentiality– Ensures transmitted data is secure
• Data Integrity– Ensures that data is not tampered with in Transit
© Southampton City Council Sean Dawtry – Southampton City Council
Benefits of PKI
• Non Repudiation– Neither party can deny transaction ever took place
• Privilege Management– Policies that govern access to sensitive data
© Southampton City Council Sean Dawtry – Southampton City Council
Why PKI
• E-Government programme opens up more data to more people
• Could be sensitive
• Need to ensure interest of all parties are taken into consideration
• Important to know who is at the ‘other end’
• Prevention of fraud
© Southampton City Council Sean Dawtry – Southampton City Council
Registration
Create X509 Certificate
Citizen Registers
CMS
Account created within the Card Management System
Certificate Request is granted and CMS authorised to encode card
Entrust Poller
Poller Checks for new requests frequently
CMS Informed if request is invalid
FTP
Certificate Request is created and stored in FTP Directory
Check CRM to Determine Valid user
Entrust ‘Get Access’ Account Created
© Southampton City Council Sean Dawtry – Southampton City Council
Authentication
Cardholder inserts card and PIN
Certificate is copied to Cryptographic Store in Web Browser
Entrust ‘Get Access’
Server
CA
‘Get Access’ Server confirms that certificate is valid and performs authentication process
Web Client
‘Get Access’ acts as a proxy server for resources from SCC application server through firewall e.g. Housing Repairs
All communication between BEA Weblogic and the user occurs through the firewall and the ‘Get Access’ Server
BEA Weblogic
Server
SCC Back office
Systems
© Southampton City Council Sean Dawtry – Southampton City Council
Entrust ‘Get Access’
Server
Data
SCC
Once completed Data Flush takes place to remove the certificate from the browser
Authentication
© Southampton City Council Sean Dawtry – Southampton City Council
Lost/Stolen/Blacklisted Cards
• Card Loss Report– Smartcities Creates a ‘Hotlist’
– ‘Hotlist’ Sent to SmartPath
– Checked – Certificate and Account Revoked
– New Card Requested if Necessary
– Registration Process Begins
© Southampton City Council Sean Dawtry – Southampton City Council
Issues
• Take Up– Hindsight is a good thing– Public Perception
• ‘Leading Edge’– Some Components ‘volatile’
• 2 pence pieces!– Jammed in Card Readers
• Certificate Practice/Policies– Lots of work
© Southampton City Council Sean Dawtry – Southampton City Council
Main Partners
• ECSoft– Primary Integration Partner
• Entrust– PKI– Security and Authentication
• Smartcities/SchlumbergerSema– Smartcards and Smartcard Integration
© Southampton City Council Sean Dawtry – Southampton City Council
The Future
• Develop Key Components as a Product that Could Implemented Elsewhere
• Share Documents – Certificate Practice Statement– Certificate Policy– Design Documents
• Add more Services– Requiring higher security levels
• Revenues and Benefits• Secure Payments (in and out)• Social Care
© Southampton City Council Sean Dawtry – Southampton City Council
The Future
• Develop as a National model
• Integrate With UK-Online
• Obtain T-Scheme Approval
© Southampton City Council Sean Dawtry – Southampton City Council