1 / 21

eID System Overview: Challenges and Innovations in Citizen Identity Management

This document presents a comprehensive analysis of the electronic ID (eID) card system implemented in Warsaw in March 2012, focusing on various eID card types, including those for citizens, children, and foreigners. It highlights the key components of the system, such as PKI data, citizen identity verification, and authentication protocols. Additionally, the report discusses the significant increase in issued certificates from 2003 to 2011, the role of public and private sector collaboration, and the challenges faced in adapting to rising demands for biometric features.

onslow
Télécharger la présentation

eID System Overview: Challenges and Innovations in Citizen Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. eid and setup of CA Gert roeckx March 2012 Warsaw

  2. eID Card Types Citizens Kids Foreigners eID card Kids-ID Foreigners’ card

  3. eID Card Content PKI- data Citizen Identity Data ID ADDRESS Authentication Signature RRN SIGNATURE RRN SIGNATURE Root CA CA RRN 140x200 Pixels 8 BPP 3.224 Bytes RRN = National Register number

  4. Issued certificates Total 2003-2011: 34 MIO

  5. Issued certificates 800 K 700 K 600 K 500 K 400 K 300 K 200 K 100 K 01 02 03 04 05 06 07 08 09 10 11 12

  6. OCSP request 07-’11

  7. OCSP request avg/day 2011 180 K 160 K 140 K 120 K 100 K 80 K 60 K 40 K 20 K 01 02 03 04 05 06 07 08 09 10 11 12

  8. Secrets of success • Card for every citizen • Value added for all the actors • Use of eid by gov as a starting multiplier effect • Joined collaboration of public & private

  9. GOV <-> citizen / business Tax-on-Web Ehealth / Social insurance

  10. Business <-> citizen • Banking

  11. eID Certificates Hierarchy Belgium Root CA GlobalSign Admin CA Citizen CA Foreigners ’ CA Government CA CRL CRL CRL CRL Card Admin Cert Admin Auth Cert Sigining Cert Auth Cert Sigining Cert Code Sign Cert RRN Cert Server Cert Card Administration: update address, rekey , store certificates,… Certificates for Government web servers, signing citizen files, public information,…

  12. Policy • CPS (Certificate Practice Statement) = legal document that describes how the CA manages the certificates it issued • CP (Certificate Policy) = document that describes the roles & responsibilities & liability of the different actors • These documents should be agreed (accepted, signed,…) befor the 1 certificate is issued !

  13. IT services • Change – Incident - Capacity management • Demand has increased during past years • OCSP , # certificates • EU demands additional feature (Biometric) • Need of procedures to cope with change in demand • Correct handling of changes, incidents and capacity are the cornerstones of a successful IT service

  14. Security • A PKI is based on TRUST • Challenging Internet environment • A strong rigorous Security Policy is enforced • For example • Both external and internal access is controlled • Physical access only by dual presence • Design of the PKI, off-lineCA’s , …

  15. SLA • Service level agreement • Resultsfrom the business case of the eID • Guarantees the quality of the service • MonitoringControlObjects • OCSP, CRL • Certificateissuance • DefinedKPI’s • SLA forlife ? • If the business case changes • Adapt the service • Adapt the SLA

  16. Auditing & accreditation • WebTrust of CA • SAS 70 • ISO 27002 • National & European law requirements

  17. Thank you ! Gert.roeckx@certipost.com www.certipost.com

More Related