The public key infrastructure (PKI) is a set of hardware, software, people, policies and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. The PKI infrastructure uniquely binds public keys with respective user identities by means of a certificate authority (CA) trusting digital identities through the registration and issuance process. Depending on the assurance level of the binding, this may be carried out by software at a CA or under human supervision. The PKI role that assures this binding is called the registration authority (RA) that ensures the non-repudiation process. Italian Ministry of Defence (MoD) is a registered certification authority in the public registry of accredited certifiers by the IT national center for coordination of Public Administrations (AgID).
The Joint C4 Command of Defense (C4D), the Certification Center of PKI Qualified Signature and Authentication, provides to military and civil personnel a service timestamps for temporal validation of digitally signed electronic documents with qualified digital signatures. It provides also the Multiservice Defense Card (CMD), an electronic photo identity document, provided with CA digital certificates. The CMD is a smart-card pre-printed by the Government Printing Office (IPZS), which has all the security requirements that make identity unique (holograms, inks, etc.).
The card is intended for both online and offline identification and lasts ten years. As part of the process of computerization and digitization of the Public Administrations (PA), with the adjustment and practical and legal modernization of the Multiservice Defense Card (CMD) and Public Key Infrastructure (PKI), the MoD has initiated the arrangements for the implementation of a strong user authentication system to allow secure access to information systems (guaranteeing the exercise of functions relating to the 'profile' of each user) to ensure both the operation and the digital signature functionality for electronic documents.
The management of this Digital Identity Infrastructures enables the strong-authentication access to the deployed e-services in a single sign-on (SSO) framework. MoD PKI infrastructure has been centralized in 2014 and today represents the shared infrastructure used by the three national Armed Forces (Army, Navy, Air) and CMD has also been made available to other national Governmental Bodies (PA) to optimize costs and resources. MoD PKI is based on international standard and is compliant with NATO PKI infrastructure. For all the above-mentioned reasons PKI and CMD represent a security strategic infrastructure for MoD organization and intends to play the role of PKIService Provider , mainly about CMD infrastructure and “qualified” Digital Signature. MoD plans to be part of the national “Public system for the Digital Identity Management of citizens” (SPID) project as the Identity Provider for the employees of PA to give access to e-government services.
The Italian Ministry of Defence manage all the program with particular regard to technical, financial and organizational aspects. Stakeholders and Users sign Agreement with MoD to define roles and responsibilities in using the services and overall, to dela with costs issues.
All the administration need to manage the citizens and personnel digital identity to have unique mean of identification and support the access to available e-services.
CMD infrastructure using the MoD PKI is used by the Ministry of Foreign Affairs, the agID (IT national governmental coordinator), the Rural Ministry, International cooperation and Development Agency.
MoD provides all the technical and financial support to the infrastructure.
Technology:
The solution is redundant to guarantee availability and data disaster recovery and is a layered infrastructure using virtualisation technologies. The solution has been realized in SOA architectures so that is scalable through the possibility to develop new web services almost on demand to make available new services. MoD infrasructure is implementing international standards and proprietary standard software (CMS) to be reused by other interested public organizations. Licensing model is set-up on commercial Agreement.
Certain components and services can be downloaded here: http://www.pkiff.difesa.it/