DRV e-services for Individuals and Institutions

Download Report

Transcript DRV e-services for Individuals and Institutions

DRV e-services for
Individuals and
Institutions
ISSA European Network Technical Seminar on
efficient e-services in Social Security
Warsaw, 24th of May 2012
Dr. Jens Bruhn
Deutsche Rentenversicherung Bund
Datenstelle der Rentenversicherungsträger
Coordinator for A1 Data Exchange
DRV e-services  Overview
Overview
1. Introduction
2. Requirements on e-services for Individuals
3. e-services for Individuals
4. Services for Institutions
5. Summary
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
2
DRV e-services  1. Introduction
1. Introduction
The demand for e-services for individuals and institutions at Deutsche
Rentenversicherung (DRV) arises from the high number of customers and
the deep integration into the German social security system.
Approx. 57 million customers (2012)
Various relationships with national and international partner institutions
Advantages of e-services for
Customers: Time saving, convenience, availability
Institutions: Quality improvement, runtime- and cost reduction
DRV: Quality improvement, runtime- and cost reduction
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
3
DRV e-services  2. Requirements on e-Serivces for Individuals
2. Requirements on e-Serivces
Success factors of e-services for individuals must be addressed in order
to reach acceptance and usage by customers.
Security
 Trust
Understandability & Usability
 Convenience
Barrier-free Implementation
 Access & Participation
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
4
DRV e-services  2. Requirements on e-Serivces  Security
Security
Security is a critical success criteria which needs to be fulfilled as
necessary requirement first.
Confidentiality
 Trust
Integrity
 Trust
Availability
 Acceptance
 Confidentiality requires user authentication as precondition!
 Legal regulations and guidelines must be fulfilled!
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
5
DRV e-services  3.The German nPA
The German nPA
German personal identity card
supports digital authentication.
Available since Nov. 2010
6 to 8 million issues per year
Valid for 10 years  2020 complete replacement of former PA
Electronic elements
Digital biometric information
Photo
Fingerprints (optional)
Accessible by dedicated German institutions
Qualified electronic signature
 Prepared, but not yet available
Electronic identity (eID)
 Deactivation possible
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
6
DRV e-services  3.The German nPA  Authentication with eID
Authentication with eID
Core aspects of eID-application.
Requirements
Activation of eID on nPA
Availability of card reader
AusweisApp (Win, Linux, OSX)
Browser with internet access
Authentication functionality
Provision of personal information
Service provider-specific pseudonym
Basic principle: Possession and Knowledge
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
7
DRV e-services  3.The German nPA  Authentication with eID
Authentication with eID (2)
Overview of eID-based authentication process.
eID-Service
User
Service Provider
1
2
3
TLS-based communication
TLS-based communication
4
5
6
AusweisApp
Browser
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
8
DRV e-services  4. DRV e-Services for Individuals
4. DRV e-Services for Individuals
DRV provides a set of e-services as part of its website.
No electronic authentication
Appointment scheduling
eID-based authentication
Information services
Signature-based authentication
Information services
Application services
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
9
DRV e-services  4. DRV e-Services for Individuals  Information Services
Appointment Scheduling (eTermin)
Appointment scheduling service provided without any authentication
requirements.
Electronic request for appointment
Agreement on date and time
Personal information requested by service
Authentication during appointment
Available as mobile application
No security risks regarding personal data
 No demand for digital authentication
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
10
DRV e-services  4. DRV e-Services for Individuals  Information Services
Information Services
Information services require user authentication as they provide read
access to personal information.
Information on retirement account
State and forecast
Information provided in PDF
Renteninformation
Rentenauskunft
…
Access to personal information
Confidentiality must be guaranteed
eID- or signature-based authentication supported
 No data manipulation
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
11
DRV e-services  4. DRV e-Services for Individuals  Application Services
Application Services (eAntrag)
Application services require authentication and declarations of intent as
their usage will have legal impact (e.g., application for a pension).
Various types of applications supported
Legal impact of application submission
 Declaration of intent required
Declaration of intent through signature
Currently not possible with nPA
Support for third-party signature cards
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
12
DRV e-services  4. DRV e-Services for Individuals  Personal Data
Personal Data
Personal data services require user authentication. Additionally, a
signature could be required.
Change of residence information
eID required
Change of bank account information
Direct debit
eID required
Pension payment
Signature required
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
13
DRV e-services  5. Services for Institutions
5. Services for Institutions
DRV provides various types of services to different partner institutions.
Advantages
Time- and cost efficiency
Process automation
Enhanced data quality through avoidance of media disruption
General policy
Access through German governmental networks or other secure networks
Account management by master user at partner institution
Selected service examples
Infrastructure services: DSRV-Web-Postfach
Generic information services for multiple institutions: eSolution
Special information services for multiple institutions: E101-/A1-database
Dedicated services: Familiengerichte
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
14
DRV e-services  5. Services for Institutions  Infrastructure Services
Infrastructure Services
Infrastructure services are provided in order to enable the collaboration of
institutions, e.g., through the support for file transfer.
Example: DSRV-Web-Postfach
File transfer service
Web-based user interface
Foundation for higher-level services
Usage on national and international level
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
15
DRV e-services  5. Services for Institutions  Generic Information Services
Generic Information Services
Generic information services provide information on insured persons to
authorized institutions.
Example: eSolution
Directory service for basic information on insured persons
Insurance number
Subject of lookups
Name
Address
Responsible pension insurance institute
Accessible for German administration
Available since Sep. 2010
Approx. 90k lookups per month, upward trend
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
16
DRV e-services  5. Services for Institutions  Special Information Services
Special Information Services
Special information services fulfill information demands in a specific
context or application domains.
Example: E101-/A1-database
Storage of information on E101-/A1-forms
where German legislation is not applicable
Goals
avoid and disclose abuse of social benefits
fight illegal employment
Access limited to dedicated institutions
Web-based user interface
Information transfer by European partners
through DSRV-Web-Postfach possible
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
17
DRV e-services  5. Services for Institutions  Dedicated Services
Dedicated Services
Dedicated services are realized and provided to address individual needs
of collaborations with partner institutions.
Example: Interface for family court
Pension rights adjustment in case of divorce
Information need of court during divorce proceeding
Provision of programmatic interface to DRV for
Submission of information requests
Transfer of information
Deep integration into court software
Outlook: Transfer of court decision to DRV
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
18
DRV e-services  6. Summary
6. Summary
High potential of e-services due to high number of individual customers
and collaborations with partner institutions
Requirements on e-services for individuals  Critical factor: Security
Authentication through eID and qualified digital signature
Declaration of intent through qualified digital signature
DRV e-services for individuals
DRV e-services for institutions
Dr. Jens Bruhn – DRV e-services for Individuals and Institutions – ISSA European Network Technical Seminar on efficient e-services in Social Security – Warsaw , 24th of May 2012
19
Thank you!