© Southampton City Council Sean Dawtry – Southampton City Council

Implementing a PKI

The Southampton Pathfinder for Smart Cards in public services

© Southampton City Council Sean Dawtry – Southampton City Council

Agenda• Overview of SmartPath

• Principles

• Project Scope

• The Process

• How Does it Work

• Progress

• Major Issues

• The Future

© Southampton City Council Sean Dawtry – Southampton City Council

Overview

• Develop Robust/Resilient Security Infrastructure for Electronic Service Delivery.

• Though Development of PKI

• Build Around Existing SmartCities Scheme

• Available from Kiosks, PCs in Libraries

• 6000 Citizens

© Southampton City Council Sean Dawtry – Southampton City Council

Principles

• Bridge Digital Divide

• Through SmartCard

• Public Access Points

• Needed Real World Application– Housing Repairs

• Portability and Interoperability– Java 2 Enterprise Edition– XML

© Southampton City Council Sean Dawtry – Southampton City Council

Scope

• Business Process Development– SmartCities– Housing– PKI/Certificate Management

• Infrastructure Development

• System Design

• Integration– With Back Office– SmartCities

• Secure Portal

• Intuitive User Interface

© Southampton City Council Sean Dawtry – Southampton City Council

Process

• Select Systems Integrator– S-CAT

• Phase One– Logical Architecture– Supplier Selection– High Level Physical Architecture

• Phase Two– Define Physical Infrastructure – Integration Definition– Public Consultation

© Southampton City Council Sean Dawtry – Southampton City Council

Process• Phase 2

– Design of Processes• Housing repairs• SmartCities Registration• Certificate Management

• Phase 3– Software Development

– Infrastructure Installation

– Integration

– Testing

– Implementation

© Southampton City Council Sean Dawtry – Southampton City Council

How Does It Work

• Registration– Certificate Request Posted from SmartCities to FTP

Server

– Certificate Server Regularly Polls for Requests

– FTP Request to Certificate Server

– Check in CRM to Confirm Housing Tenant

– Certificate and User Account Created

– FTP Back to SmartCities

– Card Encoded with Certificate Ready for Use

© Southampton City Council Sean Dawtry – Southampton City Council

How Does It Work

• Login Process– Card Inserted Inserted Reader

– PIN Unlocks Necessary Keys

– Certificate Copied From the Card to Cryptographic Store in Microsoft IE 5

– Java Applet Synchronises Certificate with User Account

– Confirmation of Account Entry in Security/Policy Server

– Access to Specified Resources via Proxy Server through Firewall• Housing Repairs

– Upon Completion Cryptographic Store is Flushed

– Ready For Next User

© Southampton City Council Sean Dawtry – Southampton City Council

How Does It Work

• Lost/Stolen/Blacklisted Cards– Card Loss Report– SmartCities Creates a ‘Hotlist’– ‘Hotlist’ Sent to SmartPath– Checked – Certificate and Account Revoked– New Card Created if Necessary– Registration Process Begins

© Southampton City Council Sean Dawtry – Southampton City Council

Progress

• Currently in Final Phase of Testing

•Due to Complete 29th April

•Delays Due to•Need to Replace Security Infrastructure Supplier

•Issues Relating to Card/Browser Synchronisation

•Key Member of Staff on Jury Service for 2 Weeks

© Southampton City Council Sean Dawtry – Southampton City Council

Major Issues

• Coordinating Multiple Partners

• Level of Work Required on Certificate Policies– Certificate Policy – Certificate Practice Statement

• Integration Between Smart cards and Web Browser ‘Don’t Believe the Hype’

© Southampton City Council Sean Dawtry – Southampton City Council

The Future

• Develop Key Components as a Product that Could Implemented Elsewhere

• Share Documents – Certificate Practice Statement– Certificate Policy– Design Documents

• Develop as a National model

• Integrate With UK-Online

• Obtain T-Scheme Approval

© Southampton City Council Sean Dawtry – Southampton City Council