41842798
-
Upload
chanduchandran -
Category
Documents
-
view
217 -
download
0
Transcript of 41842798
-
8/11/2019 41842798
1/30
fedict 2008. All rights reserved
Legal aspectsBelgian electronic identity card
Samoera Jacob s November 2008
-
8/11/2019 41842798
2/30
fedict 2008. All rights reserved 2
>
Content of the eID> Digital certificates
> eID and privacy
-
8/11/2019 41842798
3/30
fedict 2005. All rights reserved 3
Legal aspects
Belgian electronic identity card
Content of the eID
-
8/11/2019 41842798
4/30
fedict 2005. All rights reserved 4
Content of the eID
> From a visualpoint of view, the
information shown will be the sameas on the present identity card:
name
first 2 Christian names
first letter of third Christian name
nationality
place and date of birth
sex
place of issue
start and end dates of validity card number
owners photograph
owners signature
National Register Number
Visualidentification
of the owner
-
8/11/2019 41842798
5/30
-
8/11/2019 41842798
6/30
fedict 2005. All rights reserved 6
authentication
data capture
signature
Content of the eID
-
8/11/2019 41842798
7/30
fedict 2005. All rights reserved 7
Content of the eID
PIN protected Use without PIN
ID ADDRESS
authentication
digital signature
RRN SIGN RRN SIGN
PKI IDENTITY
private
private
public
public
authentication
data capture
signature
-
8/11/2019 41842798
8/30
fedict 2005. All rights reserved 8
Content of the eID
eID as a tool (mean) to read efficiently, without mistakes identification data.
takes time
unefficient
prone to error
fast
efficient
exact copy
-
8/11/2019 41842798
9/30
fedict 2005. All rights reserved 9
Content of the eID
-
8/11/2019 41842798
10/30
fedict 2005. All rights reserved 10
authentication
data capture
signature
Content of the eID
-
8/11/2019 41842798
11/30
fedict 2005. All rights reserved 11
Content of the eID
eID as a tool for strong authentication (in the electronic world)
Hi Jan !
Hi Peter !
physical world online world
-
8/11/2019 41842798
12/30
fedict 2005. All rights reserved 12
Content of the eID
!! The PIN usage for authentication is done ONCE until card is removed !!
-
8/11/2019 41842798
13/30
fedict 2005. All rights reserved 13
authentication
data capture
signature
Content of the eID
-
8/11/2019 41842798
14/30
fedict 2005. All rights reserved 14
!! The PIN usage for signature is requested each
time for a signature !!
-
8/11/2019 41842798
15/30
fedict 2005. All rights reserved 15
Content of the eID
> Belgian ID card Act of 19 July 1991
(amended by Act of 25 March 2003 tointroduce electronic identity cards)
> Article 6 2 : other content can only be
added by law. No intention to have a data
container -> access key model> eID valid for 5 years
> 24/7 helpdesk in case of loss, theft,
destruction
-
8/11/2019 41842798
16/30
fedict 2005. All rights reserved 16
eID : the access key model home banking, onlineopening of accounts,
proof of membership
SSO,
Healthcare
e.g. SIS
drivers licence
student cards, e-learning,
e-commerce
http://images.google.be/imgres?imgurl=www.linuxdevices.com/files/misc/ciit-pda.jpg&imgrefurl=http://www.linuxdevices.com/news/NS6770596476.html&h=261&w=308&prev=/images%3Fq%3D%2522pda%2522%26svnum%3D10%26hl%3Dnl%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8http://images.google.be/imgres?imgurl=aivwww.rug.ac.be/Onderzoeksbeleid/techno2002/imgs/univlogobw.gif&imgrefurl=http://aivwww.rug.ac.be/Onderzoeksbeleid/techno/&h=188&w=227&prev=/images%3Fq%3D%2522universiteit%2522%26start%3D20%26svnum%3D10%26hl%3Dnl%26lr%3D%http://www.kuleuven.ac.be/kuleuven/index.htm -
8/11/2019 41842798
17/30
fedict 2005. All rights reserved 17
Legal aspects
Belgian electronic identity card
Digital certificates
-
8/11/2019 41842798
18/30
fedict 2005. All rights reserved 18
Digital certificates
> eID contains two digital certificates:
one for electronic signature
one for authentication
-
8/11/2019 41842798
19/30
fedict 2005. All rights reserved 19
Digital certificates
> European Directive 1999/93/EC of the European
Parliament and of the Council of 13 December 1999 ona Community Framework for Electronic Signatures.
> The two main objectives: free internal market for electronic signatures and certification
services (all electronic signatures, all certification services, all
signature products) legal effect of electronic signatures (under certain conditions, for
specific purposes, with many exceptions)
-
8/11/2019 41842798
20/30
fedict 2005. All rights reserved 20
Digital certificates
> Authorisation (mandatory) is forbidden, accreditation
(voluntary) is allowed, supervision is obliged.
> General principle: legal effect + admissibility as evidence
for all electronic signatures.
> Second principle: certain electronic signatures get the
same legal effect as hand-written signature.
-
8/11/2019 41842798
21/30
fedict 2005. All rights reserved 21
Digital certificates
> Liability for CSP
> Respect of Data Protection Directive
> National law determines in which fields electronic
documents and electronic signatures can be used
> Standardization work to clarify the requirements of the
annexes of the Directive
-
8/11/2019 41842798
22/30
fedict 2005. All rights reserved 22
Digital certificates
> Belgian E-Sign act of 20 October 2000 on the
introduction of telecommunication means and the use ofelectronic signatures
> Evidence; non-discrimination principle
> New article 1322, 2 Civil law,
For the purpose of this article, a signature can also mean data in
electronic form which can be attributed to a certain person and
which demonstrate the integrity of the content of the document
-
8/11/2019 41842798
23/30
fedict 2005. All rights reserved 23
Digital certificates
> Belgian CSP act of 9 July 2001 to create a legal
framework for the usage of electronic signatures andcertification services
> Article 4 5:
The qualified electronic signature is the only type of signature
that will automatically be given the same legal value as ahandwritten signature. A qualified signature is an advanced
electronic signature based on a qualified certificate and
produced by a secure signature creation device.
-
8/11/2019 41842798
24/30
fedict 2005. All rights reserved 24
Digital certificates
> Digital certificates on Belgian eID cards
Issued by an accredited Cerification Authority
Allow signatures with same legal value as handwritten
signatures
> Signature function not activated for minors
> Authentication and signature data not activated if citizendoes not want to
-
8/11/2019 41842798
25/30
fedict 2005. All rights reserved 25
Legal aspects
Belgian electronic identity card
eID and privacy
-
8/11/2019 41842798
26/30
fedict 2005. All rights reserved 26
eID and privacy
> Visual control of the eID
Only obliged to show the eID in restricted cases (legal
authorities such as police)
Article 1 Royal Decree 25 March 2003 on electronic
identity cards
-
8/11/2019 41842798
27/30
fedict 2005. All rights reserved 27
eID and privacy
> Electronic control of the eID
Strictly regulated, only by Royal Decree
Article 6 4 ID card Act
-
8/11/2019 41842798
28/30
-
8/11/2019 41842798
29/30
fedict 2005. All rights reserved 29
eID and privacy
> Rights as a citizen
Access right to data on eID and data in National
Register of identification data (via eID, via
municipality)
Correction right (mistakes or incomplete information)
Information right
Everyone who accessed data in National Register of
identification data during last 6 months
-
8/11/2019 41842798
30/30
fedict 2005. All rights reserved 30
> Questions
> Samoera Jacobs