TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
E id strategy potii kozlov ang 20 03_2015
1. EFPE 2015 10-12 June, Międzyzdroje,1
Oleksandr Potij, JSC «Institute of Information Technology»
Yurii Kozlov, State Company «Information Centre of Department of Justice»
Yurii Gorbenko, JSC «Institute of Information Technology»
2. EFPE 2015 10-12 June, Międzyzdroje,2
Terminology
The mission
Basic principles of the Strategy
Main goals and problems of the strategy
Expected results
Benefits of implementing
Concept of eID-infrastructure in Ukraine
Priority actions to implement the Strategy
3. EFPE 2015 10-12 June, Międzyzdroje,3
The mission of Strategy – to create such infrastructure in the
state, in order to provide citizens with free access to
information and electronic trust services using Internet from
different sources – governmental, private, from other
individuals and beyond national borders – with reduced risk of
stealing personal (private) data or fraud. It also means low
probability of losing access to critical important services and
data, without necessity of managing several accounts and
passwords.
4. EFPE 2015 10-12 June, Międzyzdroje,4
Problematic issues
Lack of a single national identification mechanism for
individuals
Lack of reliable and stable system of electronic interaction
among state information resources
Oddness and lack of coordination among information
systems working-outs that process the identification date.
Lack of registry officials of government and legal entities
Gaps in the regulatory framework for the security
authentication mechanisms and mechanisms for their
support.
System of electronics services is not comfortable and easy
for users.
5. EFPE 2015 10-12 June, Międzyzdroje,5
Security
Flexibility
Interoperability
Privacy and data protection
Economy and ease of technical solutions
6. EFPE 2015 10-12 June, Międzyzdroje,6
Building of national eID-infrastructure
Providing the interoperability of eID-infrastructure
Creating confident state and motivating citizens to
use electronic trust services
Providing the sustainable Development of national
eID-infrastructure and electronic trust services
7. EFPE 2015 10-12 June, Międzyzdroje,7
On-line transactions security
Effectiveness of interaction between citizens,
business and authorities in a cyberspace
Simplifying the use of electronic services
Trust surrounding
Privacy of personal and other data
Opportunity to choose among various technical
solutions
Innovative development of society
8. EFPE 2015 10-12 June, Międzyzdroje,8
Quantitative measures of implementation
National Strategy for electronic identification Ukraine
in the period 2015-2019 years
65%
of economically active population using electronic identification
for electronic services
At least 8.000.000
population of 16 to 45 years old received an electronic
identification
100%
officials of the state government received means of electronic
identification
At least 10.000 active points of confirming the identity of individuals
100% standards harmonized areas of electronic identification
At least 2
large-scale international projects for interoperability with
Ukraine
9. EFPE 2015 10-12 June, Międzyzdroje,9
Benefits for citizens
Benefits for business
Benefits for state (government)
Security
Effectiveness
Confidence
Privacy
Innovations
10. EFPE 2015 10-12 June, Międzyzdroje,10
Archetype of eID
Structure
• Operating level
• Level of providing interoperability
• Level of exploitation
• Functional and application level
Processes
• Identification
• Authentication
• Authorization
• Mediation
11. EFPE 2015 10-12 June, Międzyzdroje,11
The overall structure of e-government
Identification and authentication through the Unified State Portal of administrative services
Structure of electronic
identification
Users
Identification andIdentification and
authentication of users andauthentication of users and
workersworkers
Identification andIdentification and
authentication ofauthentication of
information systemsinformation systems
Verification of identificationVerification of identification
datadata
Transport
networks
Identification data of
individuals
Identification data of
individuals and officials
IS electronic interaction
of government
information resources
Unified State Portal
of administrative
services
ITS subjects of
interaction
central level
ITS subjects of
interaction
local level
SSDR SSR
12. EFPE 2015 10-12 June, Międzyzdroje,12
User
service providers of
electronic identification
e-services
provider
User
User
User
The only identifier
Sector ID
BankID
National eID
Mobile ID
Trust Services
e-services
provider
The archetype
13. EFPE 2015 10-12 June, Międzyzdroje,13
Governance andGovernance and
AccountabilityAccountability
ActivitiesActivities::
Policy/Rule/Requirements/DevelopmentPolicy/Rule/Requirements/Development
AccreditationAccreditation
CertificationCertification
Assessment/AuditAssessment/Audit
RolesRoles::
Community of InterestCommunity of Interest
Accreditation BodyAccreditation Body
Certification BodyCertification Body
Assessors/AuditorsAssessors/Auditors
InteroperabilityInteroperability
ActionsActions::
Stds. DevelopmentStds. Development
Spec. DevelopmentSpec. Development
ExchangeExchange
RolesRoles::
Standards Development BodyStandards Development Body
Specification Development BodySpecification Development Body
Interoperability ProvidersInteroperability Providers
Administration andAdministration and
OperationsOperations
Actions:Actions:
RedressRedress
RecoveryRecovery
Enterprise GovernanceEnterprise Governance
Internal AuditInternal Audit
Service OptimizationService Optimization
Updates (Periodic & Event Based)Updates (Periodic & Event Based)
FunctionalFunctional
ActionsActions::
RegistrationRegistration
Manage registration detailsManage registration details
AuthenticationAuthentication
AuthorizationAuthorization
Trans. IntermediationTrans. Intermediation
Corporate governanceCorporate governance
RolesRoles::
UsersUsers
Identity ProvidersIdentity Providers
Credential Service ProvidersCredential Service Providers
Registration AuthoritiesRegistration Authorities (RA)(RA)
IntermediariesIntermediaries (IDP)(IDP)
Attribute ProvidersAttribute Providers (AP)(AP)
Relying PartiesRelying Parties (RP)(RP)
MediatorMediator
The structure
14. EFPE 2015 10-12 June, Międzyzdroje,14
RegistrationRegistrationRegistrationRegistration
OperatingOperating
registrationregistration
datadata
OperatingOperating
registrationregistration
datadata
AuthenticationAuthenticationAuthenticationAuthentication AuthorizationAuthorizationAuthorizationAuthorization Mediation inMediation in
the transactionthe transaction
Mediation inMediation in
the transactionthe transaction
Receiving andReceiving and
processingprocessing
applicationsapplications
CheckingChecking
force identityforce identity
CheckingChecking
force identityforce identity
VerificationVerification
of identityof identity
VerificationVerification
of identityof identity
Record-Record-
keepingkeeping
Record-Record-
keepingkeeping
CreatingCreating
credentialscredentials
CreatingCreating
credentialscredentials
ReleaseRelease
credentialscredentials
ReleaseRelease
credentialscredentials
EnablingEnabling
credentialscredentials
EnablingEnabling
credentialscredentials
StoringStoring
credentialscredentials
StoringStoring
credentialscredentials
Receiving theReceiving the
authenticationauthentication
requestrequest
Record-Record-
keepingkeeping
Record-Record-
keepingkeeping
Receiving theReceiving the
AuthorizationAuthorization
requestrequest
VerificationVerification
of attributesof attributes
VerificationVerification
of attributesof attributes
Decision-Decision-
makingmaking
Decision-Decision-
makingmaking
Record-Record-
keepingkeeping
Record-Record-
keepingkeeping
AnonymizationAnonymizationAnonymizationAnonymization
Using aliasesUsing aliasesUsing aliasesUsing aliases
EnsuringEnsuring
exchangeexchange
EnsuringEnsuring
exchangeexchange
CancellationCancellationCancellationCancellation
Renewal /Renewal /
ReplacementReplacement
Renewal /Renewal /
ReplacementReplacement
Record-Record-
keepingkeeping
Record-Record-
keepingkeeping
VerificationVerification
of credentialsof credentials
VerificationVerification
of credentialsof credentials
Decision-Decision-
makingmaking
Decision-Decision-
makingmaking
CorporateCorporate
governancegovernance
CorporateCorporate
governancegovernance
Initiation ofInitiation of
serviceservice
deliverydelivery
Initiation ofInitiation of
serviceservice
deliverydelivery
Legal andLegal and
contractualcontractual
regulationregulation
Legal andLegal and
contractualcontractual
regulationregulation
FinancialFinancial
aspectsaspects
FinancialFinancial
aspectsaspects
Security andSecurity and
AuditingAuditing
Security andSecurity and
AuditingAuditing
CooperationCooperation
with externalwith external
componentscomponents
CooperationCooperation
with externalwith external
componentscomponents
InfrastructureInfrastructure
ManagementManagement
InfrastructureInfrastructure
ManagementManagement
ControlControl
characteristicscharacteristics
ControlControl
characteristicscharacteristics
RegistrationRegistration
on websiteon website
RegistrationRegistration
on websiteon website
Processes of Mediation in the transaction Mediation in the transaction
15. EFPE 2015 10-12 June, Międzyzdroje,15
Stakeholders
State Fiscal service of Ukraine
Central Election Comission
State Migration service of Ukraine
Pension Fund of Ukraine
Ministry of Defense of Ukraine
Ministry of Justice of Ukraine
Ministry of Health of Ukraine
Ministry of Education and Science of UkraineState Agency for Electronic Governance
of Ukraine
Ministry of Economic development and
Trading of Ukraine
16. EFPE 2015 10-12 June, Międzyzdroje,16
LEVEL 1
LEVEL 2
LEVEL
3
LEVEL 4
Verification of Identity
Presentation of
Identity Information
No identity
Proofing
Risk extremely high Risk mitigated Low risk Minimal risk
Risks from
effect of false
identification
Assurancelevelofelectronicidentification
Legacy
Passwor
d
Mobile
2FA
OTP
Operate
token РКІ
Mobile
token РКІ
Token
+ pw
Program
tokens РКІ
ОТР
Verification of Identity
Weak
Authentication
Secure
Authentication
Strong
Authentication
Strict
authentication
*****
Means of
checking
identity force
Specifications of
authentication
17. EFPE 2015 10-12 June, Międzyzdroje,17
Interaction
participants
Identity proofing Guaranty level
Individuals
Depend on type of
transaction
missing /
High/ Very high
Depend on transaction
type
Representatives of legal
entities
Needed Very high
Officials of the state
authorities
Needed Very high
Information systems Needed Very high
18. EFPE 2015 10-12 June, Międzyzdroje,18
Determination of the government agency responsible for implementing the
Strategy
Development of the plan for the Strategy implementation
Accelerating the implementation of electronic services for citizens and
businesses
Informing citizens and businesses about threats in cyberspace
Modeling risk of electronic identification, electronic trust services and
interoperability standards
Implementing the responsibility of suppliers and users of electronic services
Promotion of electronic trust services among the population and business
International cooperation
Introduction of alternative ways of adapting eID-infrastructure across the
country
19. EFPE 2015 10-12 June, Międzyzdroje,19
I II III IV
2015
I II III IV
2016
I II III IV I II III IV
2017 2018
I II III IV
2019
Pilot project
eID-card
Pilot project
Bank-ID
Pilot project
Mobile-ID
Priority services
SW РКІ based - eID
performanceanalysisof
pilotprojects
Voluntary recognition of schemes еID in EU
Compulsory recognition
of schemes еID in EU
The normative
definition
eID schemes
Definition of
authorized ОВВ
Definition of the legal
status of eID-card
Harmonization of standards
Integration with the EU pilot project for
interoperability