Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building Applications for the Belgian eID card Introduction.

Similar presentations


Presentation on theme: "Building Applications for the Belgian eID card Introduction."— Presentation transcript:

1 Building Applications for the Belgian eID card Introduction

2 Building applications for the Belgian eID Vergelijking SIS en eIK memory card naam + natNR verzekeringstatus - beveiliging door apps PVC gewone bedrukking synchrone kaart uitgereikt door imv smart card naam + natNR - adres foto digitale handtekening zelf-beveiliging polycarbonaat speciale bedrukking asynchrone kaart uitgereikt door RRN

3 Building applications for the Belgian eID OS and applications on the card Multi-application JavaCard applet 1 JavaCard Virtual Machine JavaCard FrameWork 3rd party classes card OS and functions applet 2 applet 3 JavaCard

4 Building applications for the Belgian eID OS and applications on the card Multi-application JavaCard ID JavaCard Virtual Machine JavaCard FrameWork 3rd party classes card OS and functions JavaCard

5 Building applications for the Belgian eID 2 Data Sets on the card ID address authentication key + certificate digital signature key + certificate signed by RRN PKCS#15 data structure

6 Building applications for the Belgian eID 2 Data Sets on the card ID address authentication digital signature signed by RRN eID specific data

7 Building applications for the Belgian eID File Hierarchy on the Card Note: This diagram shows the files and directories as they exist on the card.

8 Building applications for the Belgian eID PKCS#15 logical data structure Note: This diagram shows the logical links between the PKCS#15 objects. certificates belonging to the card holders private keys PIN to activate authentication or signature keys

9 Building applications for the Belgian eID Application Areas 1.DATA CAPTURE 2.IDENTIFICATION & AUTHENTICATION 3.ELECTRONIC SIGNATURE

10 Building Applications for the Belgian eID card Tools and SDK

11 Building applications for the Belgian eID FedICT eID software

12 Building applications for the Belgian eID FedICT eID software Microsoft Windows –CryptoAPI CSP for Internet Explorer, Outlook,.NET, … OS neutral standards –PKCS#11 for Linux, MacOSX, Windows and Sun Solaris Java OpenCard Framework

13 Building applications for the Belgian eID FedICT eID SDK The main goals of the FedICT eID SDK are: To provide an easy way to retrieve the identity information from any version of a Belgian Identity Card To automate and hide all validation mechanisms To provide an easy to use interface to reduce the integration time in applications self-sufficient; as an example, all identity functions will automatically –select the right application before reading the identity file –ensure they are not interrupted in the middle of a file read –interpret the contents of a file based on the card version

14 Building applications for the Belgian eID FedICT eID SDK API Dev. Platform CActiveXJava application Java applet Java C Visual Basic Delphy.NET VBA, VBscript Perl Web app

15 Building applications for the Belgian eID FedICT eID SDK Each function returning signed data always checks the signature, toghether with the integrity of the whole certificate chain. The function returns the status of the signature check (long) the global status of the certificate validation (long) for each certificate –the certificate –the certificates label –the individual checking status –the individual validation status –the individual policy used: OCSP or CRL

16 Building applications for the Belgian eID FedICT eID SDK BEID_Init() – set OCSP and CRL policy BEID_Exit() BEID_GetID() BEID_GetAddress() BEID_GetPicture() BEID_GetRawData() BEID_SETRawData() read straight from a card validate the content and return the parsed, interpreted result to the application create or work with a binary copy of the public data

17 Building applications for the Belgian eID FedICT eID SDK BEID_BeginTransaction() BEID_EndTransaction() BEID_SelectApplication() BEID_ReadFile() BEID_WriteFile()

18 Building applications for the Belgian eID FedICT eID SDK BEID_VerifyPIN() BEID_ChangePIN() BEID_GetStatusPIN() BEID_GetVersionInfo() BEID_SendAPDU()

19 Building applications for the Belgian eID FedICT eID SDK Sample code in Visual Basic Set RetStatus = EIDlib1.Init("", 0, 0, lHandle) If (RetStatus.GetGeneral = 0) Then Set RetStatus = EIDlib1.GetID(MapColID, CertifCheck) strName = MapColID.GetValue("Name") Label1.Caption = strName End If 'Set RetStatus = EIDlib1.GetAddress(MapColAddress, CertifCheck) 'strStreet = MapColAddress.GetValue("Street") Set RetStatus = EIDlib1.Exit()

20 Building applications for the Belgian eID Microsoft: eID support today Middleware Windows 98,Me,NT 4.0, 2000, XP Windows logon Possible but requires custom GINA logon module Office Full support in Office 2003 Internet Explorer Full support SSL in 5.5 and above Web Sites ASP and ASP.NET SSO with Federal Portal Applications Can do signing and data capture

21 Building applications for the Belgian eID Microsoft: eID toolkits Managed C++ class.NET class Address.NET class Identity.NET class Card Your client FedICT eidlib FedICT CSP Microsoft add-on public toolkits

22 Building applications for the Belgian eID Microsoft: eID toolkits.NET wrapper and samples for eID API XAdES.NET library and documentation.NET cookbook with code for authentication service of Federal Portal QUEST documents: legal, technical and practical implementation guidelines for advanced electronic signature with qualified certificates

23 Building Applications for the Belgian eID card Card Readers and Terminals

24 Building applications for the Belgian eID PC/SC Cards, readers and computers made by different manufactures work together. Device independent APIs Resource management to allow multiple applications to share multiple smartcard devices with potentially multiple card slots.

25 Building applications for the Belgian eID PC/SC User Applications System Services 3rd party DLLs SDKSDK Hardware Drivers for IFD DDKDDK Smart Card Reader Driver Library Driver Smart Card Aware Apps SCSP PC/SC Resource Manager Common Dialog CryptoAPI SCCP

26 Building applications for the Belgian eID PC/SC OS support Windows –from Windows 98 and higher –W98 and NT4 require installation of the SmartCard Base Components –also in Windows CE and search for smartcard base components Linux and MacOSX use PC/SC Lite

27 Building applications for the Belgian eID PC/SC and PIN-pad readers PC/SC has no provisions for PIN-pad card readers public eID middleware (CSP and PKCS#11) allows plug-in extensions for PIN-pad readers specifications are available on the FedICT web site it is up to a vendor or distributor to provide these extensions for their hardware

28 Building applications for the Belgian eID Device Classification Class 1Class 2Class 3Class 4Class Connectionunconnectedconnected PC/SC Connected (PC/SC) PIN entrykey pad- UILCD display(LED)LED (buzzer) LCD display buzzer Embedded Crypto Device X---X Embedded software Firmwarefirmware progr/downl ExampleVasco tokensISABEL reader Cherry keyb.Xiring XiPass ACS ACR80 FINREAD

29 Building applications for the Belgian eID Kaartlezer voor PocketPC SIS+SAM eID …

30 Building applications for the Belgian eID Mobiele terminals Compact 12,5 x 7,5 x 1,5 cm Light 123 gram Non-Volatile Memory read/store/synchronize Connects to any PC 2 AAA batteries programmable in C SIS approved

31 Building applications for the Belgian eID Low-cost SIS+SAM /eID reader

32 Building applications for the Belgian eID Gewone kaartlezers (class 2)

33 Building applications for the Belgian eID PIN-pad readers Class 3 switches to PIN pad directly connected to the reader

34 Building Applications for the Belgian eID card Thin Clients

35 Building applications for the Belgian eID PC-based Thin Clients PC based fat client thin client sw works with USB card readers no modifications required at application level card readers PC/SC driver must be installed on the client and the server closest to standard PC configuration application eID libs PC/SC frame PC/SC driver thin client SW PC/SC frame PC/SC driver device redirection

36 Building applications for the Belgian eID Real Thin Clients Real thin client thin client HW works with USB card readers no modifications required at application level card readers PC/SC driver must be installed on the client and the server PC/SC driver for embedded OS on thin client not always available or installation not always possible application eID libs PC/SC frame PC/SC driver thin client HW PC/SC frame PC/SC driver device redirection

37 Building applications for the Belgian eID Real Thin Clients Real thin client thin client HW works with RS232 card readers no modifications required at application level card readers PC/SC driver must be installed on the client and the server PC/SC driver for embedded OS on thin client not always available or installation not always possible (1) older combinations of terminal server/Citrix dont support device redirection so PC/SC API cannot be used application eID libs thin client HW port redirection real RS232 virtual RS232

38 Building applications for the Belgian eID FedICT software and thin clients FedICT software uses PC/SC to communicate with card reader and card in some thin client environments PC/SC is not available solution: read the card via another channel and use the FedICT library to interpret, verify and parse the read binary copy of the ID card

39 Building applications for the Belgian eID FedICT software and thin clients 1.read data files as blobs straight from card 2.push blobs in FedICT library 3.result = parsed data + exact copy of the blobs + OK/NOK address ID application FedICT libs RS232 lib for card reader Windows COM: port API 1 2 3

40 Building applications for the Belgian eID Thin Clients very often only RS232 on older thin client power supply issues (PIN pad with display) PC/SC not always supported sometimes communication via network sockets recent Citrix Metaframe supports PC/SC older Citrix can use RS232 redirection dumb terminals -> use central eID data capture & verification server on Win/Linux

41 Building applications for the Belgian eID Thin Clients dont confuse support for smart card logon with support for smart cards at application level ! for electronic signature: consider that key strokes (PIN entry) is sent from client to server over the network for simple data capture (ID, address, photo) there are no real issues


Download ppt "Building Applications for the Belgian eID card Introduction."

Similar presentations


Ads by Google