1 / 45

eID: the Belgian Electronic Identity Card

eID: the Belgian Electronic Identity Card. Jan Deprest Vlaanderen – OND-MVG – 28-06-2005. e-government. What is e-Government ?. NOT : about government HOWEVER : it is about the government’s customers citizens businesses civil servants. e-Government principles. total solution

arnie
Télécharger la présentation

eID: the Belgian Electronic Identity Card

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. eID: the Belgian Electronic Identity Card Jan Deprest Vlaanderen – OND-MVG – 28-06-2005

  2. e-government

  3. What is e-Government ? NOT : about government HOWEVER : it is about the government’s customers • citizens • businesses • civil servants

  4. e-Government principles • total solution • transparent (hide the internal organisation) • “I will say it only once” - Unique Data Source (Virtual Government) • limit the administrative formalities • no extra cost • Privacy • no digital divide

  5. USER MGT OTHERAUTHORITIES OTHERINSTITUTIONS PORTAL www.belgium.be FEDMAN FPS FPS FPS FPS Architecture & building blocks SECURITY & PRIVACY AUTHENTIC SOURCES UME Connected government

  6. A new ID-card with the format of a bank card and a powerful chip eID - basics

  7. Signature tool Purpose eID project Proof of identity • To give Belgiancitizens an electronic identity cardenabling them toauthenticate themselves towards diverse applications and to putdigitalsignatures

  8. Which information ? • From avisualpoint of view the same information will be visible as on the current identity card : • the name • the first two Christian names • the first letter of the thirdChristian name • the nationality • the birth place and date • the sex • the place of deliveryof the card • the begin and enddata of thevalidityof the card • the denomination and number of the card • the photo of the holder • the signatureof the holder • the identification number of the National Register • Identical functionality to current identity card Visual identificationof the holder

  9. Which information ? • From anelectronicpoint of view the chip will containthe same information as printed on the card, filled up with : • the identity and signature keys • the identity and signature certificates • the accredited certification service furnisher • information necessary for authentication of the card and securizationof the electronic data • the main residence of the holder • (Currently) no encryption certificates • No biometric data (yet) • No electronic purse • No storage of other data Electronicidentificationof the holder

  10. Distribution eID : how and where ? (5) VRK VRK CM/CP/CI (4) (8) (6) CA (9) National Register (10a) ECA (3) Bull Bull (7) Municipality (10b) (1) Meikäläinen De The municipalities Matti PIN & PUK1-code Face to face identification (11) (2) (12) (13)

  11. eID,welcome to the e-world ! eID - chip

  12. Contents of the chip PKI IDENTITY ID ADDRESS authentication digital signature RRN SIGN RRN SIGN

  13. eID : the main e-functionalities data capture authentication digital signature

  14. Data capture • faster data capture data can be read directly from the card and stored in a particular system • more accurate data capture no more manual re-entrying  less error-prone process • more efficient data capture faster processing of information

  15. eID : the main e-functionalities data capture authentication digital signature

  16. Authentication • log on to websites (SSO) access control container park library swimming pool …

  17. eID : the main e-functionalities data capture authentication digital signature

  18. hash Alice Alice Alice Signature 1. Compose message 3. Generate signature 5. Collect certificate 2. Compute hash 4. Collect signature 6. Send message Matching triplet? 7 6 1 1 6 hash CRL 8 2 2 5 4 5 3, 4 3 Alice Bob 1. Receive message3. Check CRL/OCSP5. Fetch public key 7. Compute reference hash 2. Inspect certificate4. Check certificate6. Fetch signature 8. Hash, signature, public keymatch?

  19. Public Key Infrastructure eID - PKI

  20. SelfSign Belgium Root RootSign Belgium Root Citizen CA Gov CA ARL CRL CRL CRL Elec Sign Data Crypt Client Auth Admin CA Hierar Admin Cert Admin Card Admin Client Cert Object Cert Server Cert Trust Hierarchy Admin Auth/Sign

  21. Belgium Root CA Citizen CA Citizen CA Auth Sign Crypt Certificates • Citizen’s certificates & keys • Authentication Certificate & key pair (1024 bits) • provide strong authentication (access control) • web site authentication • single sign-on (login) • etc. • Signature Certificate & key pair (1024 bits) • provide non repudiation (electronic signature equivalent to handwritten signature) • Document Signing • Form Signing • etc. • (Encryption Certificate & key pair) • foreseen at a later stage • private key backup/archiving

  22. Trust Services XKMS Register Request Population Registry Municipality CPS SLA CA Factory Citizens Secure Sites Auth/Sign Validate OCSP

  23. Let’s make use of the power of the eID ! eID - toolkit

  24. eID-toolkits • Two toolkits are under development : • GUI + PKCS#11 libraries : reading, printing, validating and visualising the contents of the eID chip • authentication proxy : easy authentication on multiple platforms • Purpose is to hide internal card changes • Labeling should be straightforward if applications use toolkits • Both toolkits are free of charge • Distribution through federal portal (http://www.belgium.be/fedict  Projecten  eID) RELEASED

  25. eID-toolkits

  26. eID-toolkits : Identity

  27. eID-toolkits : library

  28. eID-toolkits : Certificates

  29. eID-toolkits : Card & PIN

  30. eID-toolkits : Options

  31. eID - labelling

  32. eID compliance label • Requirements: • For citizens: get confidence in practices of service providers regarding eID usage (e.g. privacy) • For service providers: demonstrate best practices are indeed applied regarding eID usage (e.g. fraud) • Inspired from two industry standards • : eCommerce sites • : eTransaction systems • Lot’s of auditors available • For service providers: easy to extend a WebTrust/SysTrust accreditation to be eID compliant • For auditors: easy to extend a WebTrust/SysTrust license to become an eID compliance agent • Fast & Rather cheap compared to other schemes • Not mandatory (but no eID liability otherwise) Trust Services

  33. eID-label • Labelingprocedure • card readers • applications creating trust for citizens, a legal basis for the government and branding for enterprises Based on industry standards : • Currently being worked out in cooperation with Banksys, CBSS

  34. Only the developers’ creativity will limit the usage of the eID card. eID - applications

  35. Home & Work • Office tools • e-mail • login (local PC & network) • logon (other services) • data & program confidentiality • forms • ...

  36. Administration • Federal • TAX-ON-WEB • VAT • DIV • … • Municipalities • marriage • house • kids • school • library • swimming pool • container parks • …

  37. Telecom • Telephony • reloadable & account cards • GSM cards ==> UMTS/i-mode • Television • Pay-TV • decryption cards • Post • registered Mail over internet • Internet • VOIP (voice over IP) • i-mode

  38. Finance • Identification • netbanking (userID/Tokens) • loket (bank agency) • insurance contract (signature) • Payment • credit cards • debit cards • electronic purse

  39. Healthcare • Insurance • MediCard (contract) • Hospital • private data (hospital card, etc) • health/emergency data (blood group, etc) • Reembursement • SIS card • pharmacy • doctors

  40. Transport • Public transport • ticketing • in-flight entertainment • Parking • access • tolling • Gas & Fuel • fuel cards • loyalty cards

  41. Retail & Delivery • Loyality Programs • points collection • online gift selection • Payment Credit • contract signature • payment system (domiciliation) • Home Delivery • online orders • data capture & digital signature

  42. The sky is the limit ! driver’s licence healthcare home banking, online opening of accounts, … student cards, e-learning, … … proof of membership SSO, … e-commerce

  43. Q&A

  44. Th@nk you !

More Related