Title of the Presentation

1
The Project.
CERTISERV CERTIfied communication for secure
eGovernment SERVices in Europe eConsultation

• The CERTISERV project enables public authorities
  to interact withall their counterparts
  electronically in a secure, trusted and seamless
  way.
• Supported by the European Union within the eTEN
  programme, CERTISERV is based on existing
  products and open standards.
• A customized system is pilotedat three European
  sites (Bremen, Bologna, Sheffield) being
  openfor other sites to join.
• The system consists of a common middleware
  (Governikus) that connects different service
  providers and is responsible for central
  functionalities
• The second part of the system isa client
  application that enables secure message handling
• The CERTISERV system can be linked to existing
  certified emailing services.
• The CERTISERV client application serves as a
  messaging tool for secure communication based on
  the OSCI standard (Govello).
• A broad range of applications for online services
  (HTTP, Java, XML) can be realized whereas data
  collected via web-forms eitherare transmitted to
  the addressed public unit or directly processed
  automatically.
• The services to be validated dohave the
  potential to provide a comprehensive
  European-wide system architecture for secure
  communication and transactionwith digital
  signatures.
• Contact bremen online services
• Frank SchipplickAm Fallturm 928209
  BremenGermanyphone 49-421-20495-24e-mail
  fs_at_bos-bremen.deweb www.certiserv.org

Case Study Background In the current climate of
moving to more levels of eDemocracy and
eParticipation, many examples of Statutory
Consultation already exist where Local
Authorities and Government agencies need to
formally consult with other stakeholders on
their activities and plans. Given the judicial
nature of many of these existing consultation
mechanisms, there is the need to proof that the
consultees have been consulted and did reply with
contributions to the debate. There is generally a
Legal basis for the introduction of these legacy
systems. Examples vary in the significance of
the consultation and upon the security required
to ensure that a duty has been carried out, and a
differing degree of risk associated with the
consultation process. For example, consultation
on what passengers feel about changes to public
transport may be fairly loose, that if the
consultees identity has not been verified, the
end outcome is not likely to result in great
damage occurring. But at the other end of the
scale, real damage may occur - for example in
consultations regarding health and safety issues
with the Statutory Bodies responsible.

• Key Facts of the Project
• The main objective was to provide a secure,
  tamper-proof, receipted messaging service that
  would facilitate eConsultation processes.
• It should be sufficiently user friendly to allow
  for the inclusion of mass audiences as excluding
  users serves to widen the existing democratic
  divide.
• The solution in this case consisted of the
  ability to compose a signed and cryptographically
  sealed pack of information for the consultation
  exercise.
• The participants in the consultation are
  registered by the Registration Authority (RA) and
  issued
• Notification of the consultation exercise is sent
  via a standard email or communicated / published
  as an internet URL.
• Through the URL, the information pack is
  collected by the participants and decrypted.
• The participant then takes part in the
  consultation, returning any responses in the
  package.
• Their responses are signed and encrypted back to
  the returning officer responsible for the
  consultation exercise.

2
CERTISERV Solution Description
Sheffield - eConsultation

• CERTISERVsolves requirements from existing and
  evolving legis-lation including
• Europe
• Directive 1993/93/EC
• Directive 1995/46/EC
• Directive 2002/58/EC
• eEurope Action Plan 2005
• National (excerpt)
• Electronic signatures(DE, I, UK)
• Privacy (DE, I, UK)
• Long term archiving (I only)
• Certified email services(I only)
• Selected References (Germany)
• Various federal states incl. Baden-Wurttemberg,
  Bavaria, Berlin, Bremen, Hamburg, Hesse, Lower
  Saxony, North Rhine-Westphalia, Thuringia
• Various municipalities incl. Düsseldorf, Hanover,
  Ulm, Wolfsburg
• Federal institutions incl. Ministry of the
  Interior, Department for Economy and Labour,
  Administration Court, Finance Court, Patent and
  Trademark Office, Aviation Office

• In order to set up the consultation itself, the
  required documents (eForms, documents and other
  supporting objects) must be prepared in bulk
• An individual OSCI message item is created for
  each participant, containing the consultation
  package which has been signed with the Returning
  Officers certificate and encrypted to the voters
  individual public key.
• At the time of the release of the required
  documents, the bulk set of OSCI messages are
  relayed to the message store for the collection
  of the end users.
• Once the ballot papers exist in the central
  mailbox store, end user consultation can
  commence. The end user voting process can for the
  kiosk environment also uses the CERTISERV
  software components to generate the secure
  environment necessary.
• The consultation process at the kiosk is as
  follows
• The users approach the kiosk and authenticate
  themselves by inserting their smartcard into the
  reader on the kiosk and providing a PIN number.
• Once authenticated, the user is taken to a secure
  mailbox area where they may select from any
  available ballot papers in the mailbox.
• The required consultation is selected and
  retrieved from the secure mailstore. The package
  (in this example an eForm) is decrypted using the
  voters private key from the smartcard and the
  signature of the eForm is validated to be that of
  the Returning Officer.
• Then the eForm is completed by the end user and
  afterwards signed with the participants public
  key, encrypted to the Returning Officer only by
  using his public key and securely carried to the
  secure mailbox.