Post on 26-Jun-2015
description
,
Jan van Arkel Co-Chairman eEurope Smart Card
Charter
Smart Card Charter & the Helsinki Public ID conference April 4-5 2002
The
The eEurope Smart Card Charter: aim, deliverables and status report
Status overview on European e-ID cards
Targets for this conference
Agenda
“An Information Society for all”
Bring every citizen, school, business and administration on-line - quickly!
Create a digitally literate and entrepreneurial Europe
Ensure an inclusive information society
2002 Objectives
Action LinesA cheaper, faster, secure Internet
1) Cheaper and faster Internet access2) Faster Internet for researchers and students3) Secure networks and smart cards
Investing in people and skills4) European youth into the digital age5) Working in the knowledge-based economy6) Participation for all in the knowledge-based economy
Stimulate the use of the Internet7) Accelerating e-commerce8) Government online: electronic access to public services9) Health online10) European digital content for global networks11) Intelligent transport systems.
2002
Contribute to mass deployment of Smart Cards
Europe Identify the barriers for mass deployment and
help in bringing those barriers down. Focus on:
- 4 application area’s
- multi-functionality
- end user acceptance
- a number of more technical aspects
eESC Mission
Setting up of a network of interested
stakeholders
Carry out Dissemination program
Defining Common Specifications
(end of term deliverable)
Demonstrators & large scale deployment
eESC action lines
> 350 organisations involved > 1000 people on mailing list > 70 meetings a year 250 people hands-on participating
Building & maintaining the network
Steering Committee
(working group chair persons plus relevant group representatives)
SCC Organisation
Secretariat
Trailblazers
High Level Group
Logical structure Comm. Specs.
SECURITY/PP
TB3
USER / REQ S
TB8
GOVERN-MENT
TB10
HEALTH
TB11
PAYMENTS
TB5
PUBLIC TRANSPORT
TB9
PUBLIC ID, AUTHENTICATION, ELEC. SIGNATURE
MULTI APPLICATION PLATFORM MULTI APPLICATION PLATFORM
GENERIC CARD READERSGENERIC CARD READERS CONTACTLESS CARDS CONTACTLESS CARDS TB6TB4
TB7
TB1, TB2, TB12
GLOBALINTEROPERABILITY
FRAMEWORK
GIFAPPLICATIONS
GENERIC FUNCTIONS
Issuer
Contentprovider
User
Applic.provider
Accessprovider
R&CAuthority
Basic roles and processes
Issuer
Contentprovider
User
Applic.provider
Accessprovider
R&CAuthority
Issuer
Contentprovider
User
Applic.provider
Accessprovider
R&CAuthority
Issuer
Contentprovider
User
Applic.provider
Accessprovider
R&CAuthority
Interoperability
- eGovernment - e-Payment - Health - public transport
4 main application areas
European Union: 375 million people + Candidate countries: 500 million people
- eGovernment - e-Payment - Health - public transport
4 main application areas
Functionality of a national e - ID card/digital access
Mutual authentication card and infrastructure
Verification cardholder identity (pin, biometrics)
Provision of trust (digital signature)
Travel Document within the EC
Carrier for drivers license & other official documents
Supporting in general e-Government functionality
Able of supporting services from the private sector
BiometriBiometricscs
PersoPersonal nal datadata
• Country codeCountry code
• National ID # National ID #
• SurnameSurname
• Given nameGiven name
• Gender Gender
• Date of birth Date of birth
• Place of birthPlace of birth
• NationalityNationality
• IdentifyersIdentifyers/URL'/URL'
PKIPKI
e-ID cards top 3 1. Brunei
400K, personal data, biometrics and PKI
2. Malaysia
1M 19 M, personal data, biometrics and PKI
3. Japan
1M 100 M in 2004, data, PKI, Pin
e-ID cards in EU Policy decision has been made for national digital ID or Public Services card by: Austria, Belgium, Finland, Ireland, Italy, Netherlands, Portugal, Spain, Sweden
Relevant national legislation already in place in: same countries exept Portugal
Public Service card will be chipcard: Austria, Belgium, Finland, Ireland, Italy, Netherlands, Portugal, Spain, Sweden, UK (if applied will be a chipcard), Germany (see pilot in Bremen)
Public Key technology Will support PKI for authentication and non- repudiation purposes? France and Ireland no final decision yet, other countries: Yes
Will support PKI for non –repudiation? Same answer
Will support encryption facilities for end- user?
Yes: Finland, UK No: Italy, Spain, Under discussion: Ne, Be, Irl
Pilot projects and nat. roll-out EU
Pilot projects are active in:
Italy, Belgium, Netherlands, France,
National roll-out is under way in:
Sweden (100 K cards issued) Finland ( 12 K cards issued) Italy (15 K cards issued)
Roll out completed: None
Pre-conference conclusions on ID-cards
National ID cards in Europe are definitely on their way
The ID service will be in support of the eGovernment domain (and sometimes also in the privaty domain)
Multi application is still an unsolved issue
The cards will use PKI in support of authentication and digital signature
CHV will be on the basis of PIN and in some countries biometrics
Pre-conference conclusions on ID-cards (2)
Middle of the road ICC contact technology
Heavy piloting but small scale roll-outs as yet
Heavy risk of different solutions and non – interoperability (as is the case in domains of e-Purse and European Health cards)
Targets for the Conference
Information exchange on national developments in domain of e-ID
Establishing interest in realising pan-European interoperability of identification, authentication and digital signature function in Public Domain
Organising input (requirements & solutions) into the Smart Card Charter Common Specifications
Examples of joint functional requirements
1. Card Issuing Government (CI) is responsible for reliable I, A of Cardholder
2. CI is responsible for the QC(s) for Card Authentication, CHV and Signature
3. I and A data and functions are open for general use
4. There should be a 3 key pair infrastructure for I/A, Signature and confidentiality
5. Key generation and storage on board the card
Examples of joint functional requirements
6. CI holds ‘key’ for applications on card (at issuance or post issuance)
7. CI responsible for overall CMS
8. Trust is a must to generate interoperability
9. ………
10.………
(a) Each APP prepares Certificate for User Authentication separately
Card certificate
HealthInsurance
AP
Electronic purseSP
User certificate
CI
RC
Electronic purseAP
CA 1 CA 2
CA 0
Health Insurance SP
HospitalSP
User certificate
Demerit
APP Download (DL)APP DL
Issues card certificate
Issues Card certificate
Merit
Each APP requires
resources, such as certificate,
separately
②Data processing
①User authenticationEach APP
must prepare PKI separately.
Each APP can manage
users separately.
Small effect on existing NICSS-
Framework
No connection is required between
AP's F/W
(b) User authentication by common Certificate for all APP
Card certificate
HealthInsurance
AP
Electronic purseSP
User certificate
CI
RC
Electronic purseAP
CA 1 CA 2
CA 0
Heath InsuranceSP
HospitalSP
Demerit
APP DL APP DL
Issues User certificateIssues card certificate
Merit
NICSS-Framework newly needs to administrate
certificate for user authentication.
②Data processing
①User authentication
No APP needs to prepare each
Certificate
Only small amount of
resources, such as certificate, are necessary.
(c) Authentication of Card and User in common by Card Certificate
HealthInsurance
AP
Electronic purseSPCI
RC
Electronic purseAP
Health Insurance SP
HospitalSP
Demerit
APP DL APP DL
Issues card certificate( also used as user certificate )
Merit
②Data processing
① User authentication
No APP needs to prepare
Certificate
Card certificate
Smallest amount of resources,
such as certificate, are
necessary.
APP must define I/F or others so that card certificates can be
used by APP.
ID Cards in the Netherlands
Policy decisions are there
Legislation in place
eID card in ID 1 format since Oct 2001
Pilot sites (Delft, Rotterdam) have delivered
Large scale pilot (Eindhoven) with PKI (without biometrics) under construction
National roll-out eNIK? 2006?