Entering the system

by Valeriy Konjavskij

Valeriy Konjavskij
Chair of Pan-Russian Centre for Computing and Information Technology

Fundamentals:
1. A society can be considered computerized if the computer based production share (software, electronic documents) of its GDP is significant (about 10-15%);
2. The e-government is a computerized system (a set of interoperable information systems), which provides a secure interaction between citizens and the public administration. We cannot consider the e-government a social system. It is necessary, however, to achieve social functions within a technical system;
3. The technical system must first ensure a data processing system to the relationships that are established in society, rather than trying to change them. The attempt to change social relations on the grounds of the idea that “it is more convenient for the computer centre” appears at least unwarranted;
4. In the processes of computerized interaction safety is a fundamental characteristic. It is guaranteed only by technology;
5. Information technology ensuring the safety of technical systems depends considerably from the economic and social objectives to be achieved with the help of the technical system itself and from the relationships which are in place.

Trust can only be given to the party of the interaction that is, in one way or another, known. It is not possible to trust an anonymous party. Before the interaction starts, the party must identify and authenticate itself, and then the identification must be verified. Validation is a relative concept. One thing can be validated compared to another, it is not possible to validate in itself. Thus in the authentication process must involve at least two parties.
If these parts are A and B:
- А can be validated compared to B;
- B can be validated compared to A;
- Parts A and B can be validated to each other: mutual validation. The higher the level of protection of a party the more it is trustworthy. If a party has no protection it can only be taken at its word, but the verification of authentication is possible only when the party is protected.
If A is a person and B is a computer system of the computerized society, then the alternatives listed above are the only possibility of validation in a computerized society.

The digital signature and the authorization of citizens in e-government systems
In the analysis of the applicability of the various authorization mechanisms (identification / authentication) for the purpose of e-government, it is relatively less important the choice of the type of identifier than the motivation of the type of services that can be provided to the citizen who “was authorized” in a mode or another.
In fact, many citizens already have instruments of identification such as payment cards issued by banks, social cards[1], universal electronic card[2], USB-identifiers, Tm-identifiers, fingerprints, mobile phone number, e-mail login and password and many others. Through the authorization based on these instruments the citizen receives many services, which are often essential. The citizen can manage their bank account, enter home or office, open their safe to take or store personal documents.
The situation is different when the citizen turns to the public administration. In this case it is not enough to identify with a key that opens the front door. A passport[3] is required to get a driver's license, a diploma or to register a property right. As a rule, electronic resources in e-government systems belong to public administration and they may be “owned” by the citizen only with regard to personal information. Generally, citizens have the right to access to something of their own, however, a passport is required to change their rights or express a will. In the latter case, more stringent methods of authorization are applied because the expression of the will and the change of rights can have consequences not only for the citizen who is a party in the relationship, but also for many other members of civil society. To identify with respect to an information service against the payment of a fee to know what time and from where a train leaves, a call from a telephone is enough. On the contrary, to enter a train timetable into a computer system the signature of an officer is required; otherwise there would be serious problems. These two cases do not differ in the content of the data, but rather in the “direction”: from the system or towards the system. Only when the ownership and authenticity of the documents certifying the right verified, it is possible to change the content of data in the system such as property and personal information of citizens. The ownership of a particular right by a person has a significant effect on the rights of others. It is specifically for this reason that the expression of will, the change of the rights and personal information are secured in the computer system only upon presentation of documents that certify the content of the information. The authenticity of signature on paper is determined by visual, instrumental methods and by criminology. The objective is to ascertain the authenticity of the will of the citizen. In the digital world the role of the signature is carried out by a cryptographic conversion called EDS: electronic digital signature. The authenticity of the electronic signature is secured from the secure environment in which the process of signature occurs. Therefore, the signature is authentic when it is set in a protected computer. It is not enough to use certificates for electronic signature, it is also necessary that the computer itself is protected. This requirement is ensured by procedures for verifying the correctness of the installation. A computer can be protected only when is a protected and secure operating system installed and ensured the isolation of the software environment. Usually, for this purpose the so-called “boot-protected module” (in Russian Amdz) is used, a complex and costly system. The alternative is the possibility of creating a secure connection session, consisting of a secure operating system and a minimum set of software loaded from a special support ensuring the integrity of its contents: the “protected session tool” (in Russian Sods). The final cost of this solution is three times less expensive than the use of Amdz. There are no other known methods to create a secure environment for the electronic signatures.
For the purposes of e-government different authorization methods can be used. A person is entitled to choose which method of authorization is suitable to obtain data from the system in a simple, economical and reliable manner. The situation is different when it comes to entering data into the system of e-government. These data should be authorized, that is signed, and must come from a secure system.
The following data must come from a secure system:
- User’s data and data to change the registration information (personal information);
- Data containing expressions of will of the citizen;
- Data on changes of rights;
- Data containing information about legal facts.
These data should be signed in protected systems or in secure sessions as follows:
- If a safe interaction is guaranteed, every kind of service can be provided;
- if the safety of the interaction is not guaranteed, only services whose risks meet certain requirements can be provided. They must be:
a) eligible for the system of e-government;
b) acceptable to the citizen.
Only in a secure environment can services be provided, namely:
- An expression of the will of the citizen;
- Property management;
- Personal information management.
Only in a secure environment it is possible to guarantee the interaction between connected subsystems, civil servants and the systems of e-government.

The infrastructure of authentication resulting from the above requirements and the requirements of the portal access creation.
Civil servants use computers equipped with “secure boot modules” or “secure session tools”.
If people use “boot protected modules” or “secure session tools” they can have full access to e-government services.
In all other cases, citizens are required to register to secure terminals of e-government (infomat, ATMs, post offices, etc.).
In the act of registering the mechanism of identification chosen by the citizen shall be defined as well as the list of services that the citizen can receive.

[1] Multifunctional personal cards issued to people on welfare (the retired worker, the disabled, etc.). These cards identification codes, personal information, social and health security number, etc.

[2] Ambitious and expensive plan of electronic card which will replace for Russian citizens a series of documents such as identity card, health card, payment card, etc.

[3] The (National) Passport for Russian citizens is comparable to an identity card not valid to expatriate.