Presentation on theme: "European Electronic Identity Practices Country Update of Belgium Speaker: Maes F. Date: 25 May 2005."— Presentation transcript:
European Electronic Identity Practices Country Update of Belgium Speaker: Maes F. Date: 25 May 2005
CA organisation Responsible CA organisation: Certipost The background of the organisation (private/public): 50/50 (Joint-venture National Post & National PTT) Description of the existing CA infrastructure (e.g. registration authority, card factory etc):
Status of National legislation on eID Are eID specific regulations enacted and in place? Yes (EU DigSig law + eID Legislation) Name and date of the regulation(s): Main elements of the regulatory system regarding: –Official Ref Certificate Practice Statement @ ”status.eid.belgium.be”
Status of National deployment of eID Name of the project: BELPIC Plans, piloting or implementation? Full roll-out to all citizens > 12years Is the card obligatory? Yes Starting date of issuance: Sept 27th 2004
Status of National deployment of eID Envisioned total number of cardholders:8.5 Mi (excl foreigners) Number of cards/certificates issued by 23-05- 2005: 584.573 (1.169.146 certs) Number of inhabitants: 10.3 Mi Yearly growth rate (percentage): Expected number of cards/eID certs by end of 2009: 8 Mi cards/ 16 Mi certs
Status of national deployment of eID Basic functionalities of the eID card: - official ID document: Yes - European travel document: Yes - support of on-line access to e-Services: Yes Validity period of the card/certificates: 5 years
Status of national deployment of eID Price in Euros of the cards: - for the citizen: €10,00 + Local Tax - for the card issuer: €10,00 - price for the card reader and software: €20,00 - any additonal costs for the user/relying party: None From whom and how may the citizen obtain the end/user packages Pc suppliers
Basic ID function What cardholder data is electronically stored in the card: - national identifier - family name, given name - sex - date of birth - nationality - Address - Photograph
Basic ID function Are these data elements in a dedicated data file? Yes - Is the file ’openly accessible’? Yes - If not, how is the file protected? PIN or Biometrics - Does the data file comply with the ICAO LDS? No Is the personal data (also) held in a certificate? Yes (RRn Number + Last & first name)
Basic Authentication function What Cardholder Verification mechanism is used: - PIN? Yes - Biometrics? Not yet (only the photograph file exist) - If Yes, what biometrics? Will be in line with ICAO - If No, is introduction of biometrics envisioned? Yes Is there a PKI supported cardholder authentication mechanism? Yes, X509 V3 based Is there a mutual device authentication mechanism? Yes
Basic Signing function Is a PKI supported signing mechanism (certificate and keypair) present for e- transaction services (non –repudiation)? Yes, equivalent to handwritten signature
eID based services What kind of services (include examples) are accessible to cardholders based on acceptance of the cards / eID Certificates: Tax on web, My Data, e-registered letter,... Total number of eID based services accessible by cardholders by 31.10.2004: Inventory being made Goal (in numbers/ percentage) of eID based services to be accessible to cardholders by the end of 2007: Initiatives popping up all over the place
eAuthentication Business models; financial What are the Charging/Revenue mechanisms? OCSP on SLA basis What charges are levied for use of the card? Case-by-case Is there a charge for checking certificates and if so who pays for this? Only for businesses Has a cost benefit analysis been compiled for the eID scheme? If yes what are the main conclusions? No
eAuthentication Business models; public/private partnership Are non government bodies allowed to use the IAS or other card functions in support of their services? Is the card a multi-application smart card? Yes/No –If No, are there any plans for this and in what timeframe? –If Yes, what percentage of the deployed card base is multi-application smart card enabled? 99% –If Yes, are additional services (other than core IAS) loaded pre-issue or post issue or both? Not decided yet
eAuthentication Business models; public/private partnership What is the level of usage of supported services (number of transactions per card per year)? What is the approach to and experience with card branding? - folders and radio spots
eAuthentication Business models; cross border usage Are there agreements with other national smart card issuers for mutual recognition of cards? (Status of Memorandum of Understanding (MOU) with other CAs) –If Yes, what countries are concerned and when was agreement made? –If Yes, what is the current level of usage (average number of cross-border transactions per card used cross-border per year for each of the countries and services concerned)?
Other Interoperability issues What is the level of Current Compliance with each of the following international standards or group activities (Full/Planned/None): –CWA eAuthentication (under development): –CWA 14890 Secure Signature creation device: –CEN 224 –15 European Citizen Card (under development): –ISO/IEC JTC1 SC 37 biometric standards: –ISO/IEC JTC1 SC 17 IS 24727 (under developmment): –ICAO recommendations: If none or planned, what is the respective target date for compliance?
Current use and plans in Biometrics (if applicable) Technical solution(s): –Signature, Fingerprint, Face Recognition, Hand Geometry –Iris, Retina, Voice Recognition Type of project(s): –Evaluation, Pilot for Trial, Working application Application areas: –Border Control, Immigration –Driver License, National ID, Healthcare, Voter registration –VPN –Physical access –Computer logon –Local government services (please specify)
Next plans Complete the roll-out Card applet version 2 Implementation of Biometrics
Lessons learned so far Communication to the citizen Availability of card readers Folow-up technical evolution Consolidate of the Now-how
Porvoo Group cooperation issues List of issues to be overcome and recommended Porvoo Group members actions that would support accelerated deployments: Complete and clear info to all citizens, young and old Mandatoy card Card reader for citizen & police forces/border control
More information www.eid.belgium.beWeb-pages for the project/eID issues: www.eid.belgium.be email: email@example.com Thank You!