Turin Web Certification (CertificaTO)

Normal 0 14 The City of Turin has designed and released on April 2009 a fully functional e-service allowing citizens to issue and print from their pc registry personal certificates with the same legal validity of the ones directly printed on watermarked paper by a municipal counter. The solution enabled by the use of 2D barcode technology solves the legal constraints that regulate e-certificates issuing and provides citizens with an efficient service to avoid time spent at municipal offices. Moreover it opens the door to a wide range of new e-services enabling public administration to issues legal document by a web based low cost implementation.

Policy Context

Policy context has been very important in this project and it is related to national law about registry personal certificates. On line certification service has to provide documents with the same legal validity of the ones directly printed on watermarked paper by a municipal office. The solution enabled by the use of 2D barcode technology solves these legal constraints and opens the door to a wide range of new e-services enabling public administration to issue legal documents by a web based implementation. The PDF417 technology solved integrity and authenticity issues related to the registry personal certificates and obtained this way the approval of the prefect’s office, the State's representative in Italian province.

Description of target users and groups

Providing this e-services for citizens, CertificaTO reduces the time spent waiting at municipal front office. In Italy each citizen must record his/her demographic information in the registry database maintained by the municipality where the citizen lives or where he/she has the main residence. In order to present instances, foreseen by Italian law, citizens are requested to provide one or more type of registry personal certificates, in order to prove their personal data as the residence address, the family composition or the marital status. Only the municipality that stores the data can issues these certificates and the citizens have to go to demographic office, waiting their turn, to obtain a printed copy of the needed certificates. Now with CertificaTO, the City of Turin provides citizens with the possibility to issue and print a personal certificate from their pc and with the same legal validity offered by the certificates issued by the municipal offices. This investment gives also other benefits, like to avoid queues if you don’t have internet connection and you still have to go to the counter and to involve registry office public employees in more complex back end activities instead of counter repetitive tasks.

Description of the way to implement the initiative

The aim of the project was clearly to develop a new web based service allowing citizens to print registry personal certificates from their pc, but fully equivalent to the ones provided by municipal registry offices. There are several objectves related with this main goal:
·    To simplify citizen relationship with the local public administration, providing the way to complete a bureaucratic activity staying at home and saving time otherwise spent to go to a municipal office.
·    To provide a secure and identified access to personal data
·    To guarantee the same legal validity of the office side printed certificates, developing a printable electronic watermark able to certify the document issuing process.
·    To provide a web based system to verify the personal certificates issued by CertificaTO.
·    To reduce the number of people attending daily at public counters in order to increase the citizen satisfaction.
·    To reduce the time spent by public employees working at Registry Office to issue a personal certificate and at the same time to increase their efficiency in other activities.

A citizen, registered on the official City of Turin website, accesses in a secure way to CertificaTO service and the system, based on his tax code, a unique alphanumeric string that identifies univocally a citizen in Italy, shows the list of his family components, himself included. Then the citizen selects the familiy component for whom he wants to issue the certificate and, based on this choice, the system lists the certificates that can be issued.
    Once the citizen has selected the needed certificate, the system prompts the user with a limited list of possible uses foreseen for that certificates. The type of use identifies whether the applicant has to apply to the document a duty stamp, so the system drives the user to complete the issuing process typing the identification code of the duty stamp. Finally the system shows the last page where the citizen can downlaod and print the registry personal certificate provided in a PDF file.
    The developed system, to provide this service and to be compliant with the Italian legal contraints about electronic certificates issuing, must implement very strict requirements, listed below:
·    Strong Identification of the user
·    Security in the authentication process
·    Check of the eligibility of the applicant to request a Registry certificate for a third person, in order to avoid the possibility to ask a certificate for someone that is not part of his/her family unit.
·    Guarantee that a certificates can be issued, based on the applicant current data (for example if a user is single, he/she can’t issue a marriage certificate).
    These requirements are mainly tied to service provisioning, but there are other important aspects that should be taken into account: the certificate is provided in an electronic format, so an advanced user can easily modify the original certificate and print a false document.  Moreover the certificates issued by CertificaTO are printed at user side, so the paper used hasn’t any kind of watermark or official stamps that can certify the validity of the certificate and the issuing source.  These considerations set other two importants requirements:
·    The need to providy integrity check for the data reported in the certificate
·    The gurantee of authenticity.

Each of these requirements has been analysed and solved, with the approval of local authorities.

Technology solution

Normal 0 14

CertificaTO system has been thought and developed following some basic technical requirements:

1. To fully separate the business logic from the presentation logic.
2. To provide scalability to the web based service.
3. Not to duplicate the complex business logic that provides the personal data printed in the certificates.
4. To provide reusable components, both for the module accessing registry data and the module providing the printable watermark.

To ensure a solution for all these requirements, the software architecture has been designed thinking each component as an autonomous system able to provide a service based on a known interface. The orchestration of the components is managed by the core system, which provides also the user interface and the internal logging system.

The two most important components of the system are the Registry enquiry system, that provides access to personal data stored in the Registry database and the component of the PDFGenerator system that is in charge to create a printable electronic watermark.

The Registry enquiry system is a web service that has been designed in order to
· To decouple the web based service from the internal municipal system
· To provide a scalable solution to access the Registry database without affecting the internal system
· To simplify the access to the personal data hiding the complexity of the Registry system
· To provide all the information needed to issue the certificates

The major hurdle to overcome during the development of this component has been to design the correct output data format. In fact, each personal certificate has a specific layout with well defined text printed in a specific position of the document, a variable number of lines and other constraints. The solution provided consists of a description of the output not by content, but by line to be printed in the document. This means that the XML description of the certificate describes the sequence of the lines that should be printed, hiding the complexity to understand the content of the personal data and the knowledge of some specific text required to be printed in the final document.

The PDFGenerator component is a standalone service that is in charge to create the PDF document. This is the key component of the whole system because it implements the   solution adopted to certify the integrity and issuing entity of the printed certificates. This solution is called electronic watermark as it replaces the watermarked paper, lacking since the document is printed at user side and not in a public office. The electronic watermark, as we said, is a sequence of five 2D barcodes realized with the PDF417 symbology.

About security requirements, solutions adopted are the following.

- Strong identification of the user
A citizen who wants to use CertificaTO service must be registered on Torinofacile www.torinofacile.it, the web portal for services. In this way citizen identification and access data privacy are guaranteed.

- Security in the authentication process
Citizen logging on TorinoFacile to access services must insert username, password and the CIP code over an SSL channel, so that the whole interaction security is guaranteed.

- Eligibility of the applicant
CertificaTO service records the tax code of the identified user and then uses it to query registry database to retrieve information about citizen and his personal family unit. Identified user can require a certificate either for him or for a familiar of his personal family unit. Requesting user identification is activated for each certificate request, as well as the holder if different from the requesting user. This verifying mechanism guarantees for the whole duration of session impossibility of user identification alteration and respect of membership tie to family unit, in the case of different holder.

- Certificate issuing guarantee
Required certificate issuing is guaranteed by the logic of the backoffice system which provides registry personal data to CertificaTO service. This logic is exactly the same used by the internal registry system of the City of Turin which supply all the functionalities used by public employees working in the municipal offices. For this reason a user can request certificate, through on line certification service, only if that certificate can be released by an employee at municipal registry counters.

- Integrity and authenticity of the certificate
The issued certificate is provided in a PDF format file that doesn’t guarantee itself the integrity of the certificate nor the authenticity. In order to give to the e-certificates the same legal validity offered by ones issued by municipal officials, CertificaTO adopted the well known technology based on 2D barcodes and realized a solution called electronic watermark. The printed certificate issued by CertificaTO must report on the left side a sequence of 4 stacked barcodes that codify the time stamp, provided by a Time Stamping Authority, of the data reported in the certificate.     

CertificaTO provides also a web based service to verify the electronic watermark, printed on the certificate. The verification service requires the use of electronic devices as a scanners or common barcode optical readers.

Technology choice: Standards-based technology

Main results, benefits and impacts

Normal 0 14

As we said, the e-service is fully functional and it is available from April 2009. The expected results of this service can be grouped into two set: short period results, that can be already analysed, and long period results. The first set is gathered from the satisfaction of the citizens, measurable both in terms of quantity, expressed by the number of certificates issued, and quality thanks to a voting system available at the end of the service, once the certificate has been downloaded.

In the first three months of use, April-June, more then 1500 unique citizens used the service and about 50 certificates per day have been issued. The service was judged by about 400 citizens and the 99% reported a positive feedback, only 1% evaluated the service as sufficient, while none reported a negative feedback.

About the long period , it is not yet possible to provide some results. These evaluations will be carried out at the end of this year and will be based on the decrease in the number of issued certification at public counters of the registry department, the amount of time saved by public employees in doing the repetitive job of issuing the certificates, and finally through the satisfaction expressed by citizen who need to go to demographic office to complete more complex services (citizens attending the demographic offices can express their satisfaction about the service and about public employee competency, by typing on a touch screen device available in front of each counter desk).

CertificaTO is based on the idea that municipalities can provide via web citizens with secure electronic documents, that’s the way the on line issue of registry personal certificates can be considered the first application of this concept and can be widely extended to other documents. This means a relevant societal significance, as citizen relationship with local public administration is really improved when it’s possible to avoid going to municipal offices to obtain a document and when people without internet connection find less queues at registry offices and save time.

Track record of sharing

Normal 0 14

Fully separated business logic, system scalability and web service based architecture give to this project the chance to be easily adapted and reused in other contexts and in other municipalities. Implementation problems could be related to existing registry systems, as web services implementation of registry enquiry component has to be adapted each time to local registry system and depends on the complexity of the existing IT environment. The entire project has been designed and developed in 6 months, and it’s possible to estimate from 1 month on (depending on the complexity of existing registry system) to make it available in a different municipality. This is possible thank's to the web service WSDL (Web Service Definition Language) that regulates the communication with the existing registry systems.

Normal 0 14 Solution adopted, approved by the Turin prefect’s office, could be used in other online services each time the City of Turin will have the need to provide citizen with an electronic document, whose printed version must guarantee integrity and authenticity constraints. Moreover, the City of Turin has started to disseminate this solution describing the technical solution adopted and the organisational process needed to set up CertificaTO. Currently other 5 local public administrations are working on this solution in order to provide the same online service to their citizens. This proves how CertificaTO has been well esteemed from other municipalities other than from citizens.

 

Lessons learnt

Normal 0 14

Normal 0 14

Three main lessons have been learned from this project. The first one is related to the opportunity to invest in bringing on line traditional counter services. This investment gives many benefits, like, as said before, the chance to avoid going to municipal offices to obtain a document, to avoid queues if you don’t have internet connection and you still have to go to the counter and to involve registry office public employees in more complex back end activities instead of counter repetitive tasks. The second lesson is related to the security aspects and the 2D barcode encoding used. CertificaTO adopted the PDF417 technology to solve integrity and authenticity issues related to the registry personal certificates, obtaining this way the approval of the prefect’s office (the State's representative in Italian province). The third and last lesson is related to citizens response to this kind of projects. This case taught that people that live and work in our cities are ready to these innovations, as shown from the short period effects: many people use it and they are enthusiastic.

Scope: Local (city or municipality)