,

Jan van Arkel Co-Chairman eEurope Smart Card

Charter

Smart Card Charter & the Helsinki Public ID conference April 4-5 2002

The

The eEurope Smart Card Charter: aim, deliverables and status report

Status overview on European e-ID cards

Targets for this conference

Agenda

“An Information Society for all”

Bring every citizen, school, business and administration on-line - quickly!

Create a digitally literate and entrepreneurial Europe

Ensure an inclusive information society

2002 Objectives

Action LinesA cheaper, faster, secure Internet

1) Cheaper and faster Internet access2) Faster Internet for researchers and students3) Secure networks and smart cards

Investing in people and skills4) European youth into the digital age5) Working in the knowledge-based economy6) Participation for all in the knowledge-based economy

Stimulate the use of the Internet7) Accelerating e-commerce8) Government online: electronic access to public services9) Health online10) European digital content for global networks11) Intelligent transport systems.

2002

Contribute to mass deployment of Smart Cards

Europe Identify the barriers for mass deployment and

help in bringing those barriers down. Focus on:

- 4 application area’s

- multi-functionality

- end user acceptance

- a number of more technical aspects

eESC Mission

Setting up of a network of interested

stakeholders

Carry out Dissemination program

Defining Common Specifications

(end of term deliverable)

Demonstrators & large scale deployment

eESC action lines

> 350 organisations involved > 1000 people on mailing list > 70 meetings a year 250 people hands-on participating

Building & maintaining the network

Steering Committee

(working group chair persons plus relevant group representatives)

SCC Organisation

Secretariat

Trailblazers

High Level Group

Logical structure Comm. Specs.

SECURITY/PP

TB3

USER / REQ S

TB8

GOVERN-MENT

TB10

HEALTH

TB11

PAYMENTS

TB5

PUBLIC TRANSPORT

TB9

PUBLIC ID, AUTHENTICATION, ELEC. SIGNATURE

MULTI APPLICATION PLATFORM MULTI APPLICATION PLATFORM

GENERIC CARD READERSGENERIC CARD READERS CONTACTLESS CARDS CONTACTLESS CARDS TB6TB4

TB7

TB1, TB2, TB12

GLOBALINTEROPERABILITY

FRAMEWORK

GIFAPPLICATIONS

GENERIC FUNCTIONS

Issuer

Contentprovider

User

Applic.provider

Accessprovider

R&CAuthority

Basic roles and processes

Issuer

Contentprovider

User

Applic.provider

Accessprovider

R&CAuthority

Issuer

Contentprovider

User

Applic.provider

Accessprovider

R&CAuthority

Issuer

Contentprovider

User

Applic.provider

Accessprovider

R&CAuthority

Interoperability

- eGovernment - e-Payment - Health - public transport

4 main application areas

European Union: 375 million people + Candidate countries: 500 million people

- eGovernment - e-Payment - Health - public transport

4 main application areas

Functionality of a national e - ID card/digital access

Mutual authentication card and infrastructure

Verification cardholder identity (pin, biometrics)

Provision of trust (digital signature)

Travel Document within the EC

Carrier for drivers license & other official documents

Supporting in general e-Government functionality

Able of supporting services from the private sector

BiometriBiometricscs

PersoPersonal nal datadata

• Country codeCountry code

• National ID # National ID #

• SurnameSurname

• Given nameGiven name

• Gender Gender

• Date of birth Date of birth

• Place of birthPlace of birth

• NationalityNationality

• IdentifyersIdentifyers/URL'/URL'

PKIPKI

e-ID cards top 3 1. Brunei

400K, personal data, biometrics and PKI

2. Malaysia

1M 19 M, personal data, biometrics and PKI

3. Japan

1M 100 M in 2004, data, PKI, Pin

e-ID cards in EU Policy decision has been made for national digital ID or Public Services card by: Austria, Belgium, Finland, Ireland, Italy, Netherlands, Portugal, Spain, Sweden

Relevant national legislation already in place in: same countries exept Portugal

Public Service card will be chipcard: Austria, Belgium, Finland, Ireland, Italy, Netherlands, Portugal, Spain, Sweden, UK (if applied will be a chipcard), Germany (see pilot in Bremen)

Public Key technology Will support PKI for authentication and non- repudiation purposes? France and Ireland no final decision yet, other countries: Yes

Will support PKI for non –repudiation? Same answer

Will support encryption facilities for end- user?

Yes: Finland, UK No: Italy, Spain, Under discussion: Ne, Be, Irl

Pilot projects and nat. roll-out EU

Pilot projects are active in:

Italy, Belgium, Netherlands, France,

National roll-out is under way in:

Sweden (100 K cards issued) Finland ( 12 K cards issued) Italy (15 K cards issued)

Roll out completed: None

Pre-conference conclusions on ID-cards

National ID cards in Europe are definitely on their way

The ID service will be in support of the eGovernment domain (and sometimes also in the privaty domain)

Multi application is still an unsolved issue

The cards will use PKI in support of authentication and digital signature

CHV will be on the basis of PIN and in some countries biometrics

Pre-conference conclusions on ID-cards (2)

Middle of the road ICC contact technology

Heavy piloting but small scale roll-outs as yet

Heavy risk of different solutions and non – interoperability (as is the case in domains of e-Purse and European Health cards)

Targets for the Conference

Information exchange on national developments in domain of e-ID

Establishing interest in realising pan-European interoperability of identification, authentication and digital signature function in Public Domain

Organising input (requirements & solutions) into the Smart Card Charter Common Specifications

Examples of joint functional requirements

1. Card Issuing Government (CI) is responsible for reliable I, A of Cardholder

2. CI is responsible for the QC(s) for Card Authentication, CHV and Signature

3. I and A data and functions are open for general use

4. There should be a 3 key pair infrastructure for I/A, Signature and confidentiality

5. Key generation and storage on board the card

Examples of joint functional requirements

6. CI holds ‘key’ for applications on card (at issuance or post issuance)

7. CI responsible for overall CMS

8. Trust is a must to generate interoperability

9. ………

10.………

(a) Each APP prepares Certificate for User Authentication separately

Card certificate

HealthInsurance

ＡＰ

Electronic purseSP

User certificate

ＣＩ

ＲＣ

Electronic purseＡＰ

CA 1 CA 2

CA 0

Health Insurance SP

HospitalSP

User certificate

Demerit

APP Download (DL)APP DL

Issues card certificate

Issues Card certificate

Merit

Each APP requires

resources, such as certificate,

separately

②Data processing

①User authenticationEach APP

must prepare PKI separately.

Each APP can manage

users separately.

Small effect on existing NICSS-

Framework

No connection is required between

AP's F/W

(b) User authentication by common Certificate for all APP

Card certificate

HealthInsurance

ＡＰ

Electronic purseSP

User certificate

ＣＩ

ＲＣ

Electronic purseＡＰ

CA 1 CA 2

CA 0

Heath InsuranceSP

HospitalSP

Demerit

APP DL APP DL

Issues User certificateIssues card certificate

Merit

NICSS-Framework newly needs to administrate

certificate for user authentication.

②Data processing

①User authentication

No APP needs to prepare each

Certificate

Only small amount of

resources, such as certificate, are necessary.

(c) Authentication of Card and User in common by Card Certificate

HealthInsurance

ＡＰ

Electronic purseSPＣＩ

ＲＣ

Electronic purseＡＰ

Health Insurance SP

HospitalSP

Demerit

APP DL APP DL

Issues card certificate（ also used as user certificate ）

Merit

②Data processing

① User authentication

No APP needs to prepare

Certificate

Ｃａｒｄ certificate

Smallest amount of resources,

such as certificate, are

necessary.

APP must define I/F or others so that card certificates can be

used by APP.

ID Cards in the Netherlands

Policy decisions are there

Legislation in place

eID card in ID 1 format since Oct 2001

Pilot sites (Delft, Rotterdam) have delivered

Large scale pilot (Eindhoven) with PKI (without biometrics) under construction

National roll-out eNIK? 2006?