1 / 17

Belgian EID Card

Belgian EID Card. Derette Willy eID program manager. 15/12/2004. Agenda. Role of Steria in the project Actual status of the Roll out Different actors Global planning The Belpic Project Use of the eID card Contents of the EID Card The trusted CA Hierarchy The Trusted Services

diamond
Télécharger la présentation

Belgian EID Card

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Belgian EID Card Derette Willy eID program manager 15/12/2004

  2. Agenda • Role of Steria in the project • Actual status of the Roll out • Different actors • Global planning • The Belpic Project • Use of the eID card • Contents of the EID Card • The trusted CA Hierarchy • The Trusted Services • Mutual Authentication SSL V3 • Realisations – How to Use – Quick Scan

  3. Identity Card of Steria 8400 employees of which 230 in Belux 987 M € revenue (2003) of which 36 M€ in Belux Public Government 30% Manufacturing Utilities Transport 30% Managed Services 50% Consulting 10% Systems Integration 50% Banking & Insurance 25% Telecom 15% Core businesses Markets Belux: MS: 34 % ; SI: 60% ; C: 6 % Belux: Public: 48%, Industry: 25 % Finance: 27 %

  4. BELPIC project: role of Steria Design of architecture (central and local) Software Development modifications on mainframe new application servers PC’s in the municipalities Infrastructure delivery (central and local) Project management

  5. BELPIC project: actors / planning RA/Infrastrucutre Card & CA setup Pilot (11) Roll Out infrastructure GO roll out Prep. Site Surveys Installation & training Operational fase Contract 2002 2003 2004 12/06 2005 Jan … … Dec Jan … Jun … Dec Jan … Mar … Jul … Jan 7months T0 T0 + 2M T0 + 7M T0 + 5Y A B C T0+ 3M T0+ 5M

  6. BELPIC project Aim of Belpic-project Give Belgian citizens an electronic identity card enabling them to authenticate themselves towards diverse applications and to put digital signatures Chip contains the same information as printed on the card (name, first names, nationality, birth place and date, sex, validity of the card, photo, signature, identification number) filled up with: Certificates (signature, authentication) The main residence of the holder No other information on the card is allowed! Proof of identity & Signature tool No Encryption

  7. Use of e-ID Customer identification (data capture) No errors Very fast (Complete) Identity information => Profiling Strong authentication Universal solution (advantage for the customer) SSO (Single sign on) => one authentication server “State of the art” (= Replacement of the token) / No pin mailers Signature Anywhere, anytime. Simplicity ( token) Non repudiation Encryption No encryption for the moment (foreseen at a later stage) Private key backup & archiving issue

  8. BELPIC Contents of EID Card   Certificates  Private keys  Pin Code Housekeeping Activate & Unblock PUK1/2 Cert_Cit-Auth Prik_Cit-Auth Pin code PUK1/3 Prik_Cit-Sign Cert_Cit-Sign  eID identity data Cert_CA-Cit Cert_RRNAS ID S (ID+ADR+PH) ID = Ident) Cert_CA-Root Public keys ADR  ADR = adres Role 7 PubK_CA-Role Photo PH = hash photo PuK_Base Prik_Base WDe/2002

  9. - Cert_RRNAS - Cert_RRNDMZ - (Cert_XKMS) The trusted CA hierarchy Globalsign Top Root CA Selfsigned Belgium Root Signed Belgium Self Signed Selfsigned eID Citizen CA Government CA Administration CA Forthcoming CA • Signature (1024 bits) - Cert_Role-7 ? - Authentication (1024 b) - Cert_SAW-Enc - Cert_SAW-Sign eID WDe/2002

  10. Trusted Services NationalRegister • Registration Control & Registration Certificate Request Certification Authority Municipality 1 • Authentication OCSP Or CRL Authentication & Signature CRL Validation 2 Secure Sites Citizens

  11. Hash Algorithm Hash Algorithm Hash Encrypted Hash Encrypted Hash Digitally Signing a Message Sender Receiver Network Hash Hash = ? Encryption Sender’s Private key 13 13 WDe/2002 Sender’s Public Key Digital Signature

  12. SSL v3 Mutual Authentication Connect to server (server name) Acknowledge presence Sending of challenge (RND) Server encrypts with its Private key Send back with Certificate chain Check cert. Validity & server name If OK notify server Server sends challenge Browser encrypts with private key Of authentication certificate (PIN code) Encrypted challenge +certificate chain (authent. Certificate only if chain NA) Server checks (OCSP-CRL) If ok notify user Agree on session key Browser generates key & encrypt with Pub. Key server. Sent to server. Secure Store Secure Store Cert_Cit-Auth CertChain_Server Web Server User

  13. How using? • Steria has developed modules / methods for • Getting User Identity: Name, First Name, Gender, Birth date, Birth place, Nationality, National Register Number, Address, Photo. • Authenticating Card Holder: Authentication with the authentication private key of the card holder. • Signing Data: Signing data by the Card with the non-repudiation private key of the card holder. • Applications • Stand Alone Application • Client/Server Application • Light Client : Browser application • PC Emulation to a central environment

  14. Examples: Stand-alone application

  15. How using?

More Related