Presentation is loading. Please wait.

Presentation is loading. Please wait.

Belgian EID Card 15/12/2004 Derette Willy eID program manager.

Published byAshlee Griffith Modified over 8 years ago

Similar presentations

Presentation on theme: "Belgian EID Card 15/12/2004 Derette Willy eID program manager."— Presentation transcript:

1 Belgian EID Card 15/12/2004 Derette Willy eID program manager

2 2 Agenda  Role of Steria in the project  Actual status of the Roll out o Different actors o Global planning  The Belpic Project  Use of the eID card  Contents of the EID Card  The trusted CA Hierarchy  The Trusted Services  Mutual Authentication SSL V3  Realisations – How to Use – Quick Scan

3 3 Managed Services 50% Systems Integration 50% Core businessesMarkets Public Government 30% Manufacturing Utilities Transport 30% Banking & Insurance 25% Telecom 15% Consulting 10% Identity Card of Steria 8400 employees of which 230 in Belux 987 M € revenue (2003) of which 36 M€ in Belux Belux: Public: 48%, Industry: 25 % Finance: 27 % Belux: MS: 34 % ; SI: 60% ; C: 6 %

4 4 BELPIC project: role of Steria Design of architecture (central and local) Software Development modifications on mainframe new application servers PC’s in the municipalities Infrastructure delivery (central and local) Project management

5 5 Card & CA setupPilot (11) GO roll out RA/Infrastrucutre 2002 Jan …… Dec 2003 Jan … Jun … Dec 12/06 Jan 2004 … Mar … Jul Roll Out infrastructure Contract … 2005 Jan 7 months Prep.Site Surveys Installation & training T0 T0 + 2MT0 + 7M Operational fase T0 + 5Y T0 + 3M T0 + 5M ABC BELPIC project: actors / planning

6 6

7 7

8 8 BELPIC project Aim of Belpic-project Give Belgian citizens an electronic identity card enabling them to authenticate themselves towards diverse applications and to put digital signatures Chip contains the same information as printed on the card (name, first names, nationality, birth place and date, sex, validity of the card, photo, signature, identification number) filled up with: Certificates (signature, authentication) The main residence of the holder No other information on the card is allowed! Proof of identity & Signature tool No Encryption

9 9 Use of e-ID Customer identification (data capture) No errors Very fast (Complete) Identity information => Profiling Strong authentication Universal solution (advantage for the customer) SSO (Single sign on) => one authentication server “State of the art” (= Replacement of the token) / No pin mailers Signature Anywhere, anytime. Simplicity (  token) Non repudiation Encryption No encryption for the moment (foreseen at a later stage) Private key backup & archiving issue

10 10 ID ADR Photo PUK1/2 ADR = adres ID = Ident ) PH = hash photo Cert_Cit-Auth Cert_Cit-Sign Pin code     PUK1/3 BELPIC Contents of EID Card Cert_CA-Cit Cert_RRNAS Prik_Cit-Auth Prik_Cit-Sign PubK_CA-Role Private keysCertificates Public keys Prik_Base Pin Code Housekeeping Activate & Unblock eID identity data PuK_Base Role 7 WDe/2002 Cert_CA-Root S (ID+ADR+PH)

11 11 The trusted CA hierarchy Globalsign Top Root CA Selfsigned Belgium Root Signed Belgium Self Signed eID Citizen CA - Signature (1024 bits) - Cert_SAW-Enc - Authentication (1024 b) Government CAAdministration CAForthcoming CA - Cert_SAW-Sign - Cert_RRNAS - Cert_RRNDMZ - (Cert_XKMS) - Cert_Role-7? WDe/2002 Selfsigned eID

12 12 Trusted Services Registration Authentication Secure Sites Municipality OCSP Or CRL Certification Authority Citizens National Register Control & Registration Authentication & Signature Validation CRL Certificate Request 1 2

13 13 Digitally Signing a Message Hash Encryption Sender’s Private key Encrypted Hash Digital Signature Hash Algorithm Network Hash Algorithm Encrypted Hash = ? SenderReceiver Sender’s Public Key WDe/2002

14 14 Web Server User SSL v3 Mutual Authentication Connect to server (server name) Acknowledge presence Sending of challenge (RND) Server encrypts with its Private key Send back with Certificate chain Check cert. Validity & server name If OK notify server Server sends challenge Browser encrypts with private key Of authentication certificate (PIN code) Encrypted challenge +certificate chain (authent. Certificate only if chain NA) Server checks (OCSP-CRL) If ok notify user Agree on session key Browser generates key & encrypt with Pub. Key server. Sent to server. Secure Store Cert_Cit-Auth CertChain_Server

15 15 How using? Steria has developed modules / methods for Getting User Identity: Name, First Name, Gender, Birth date, Birth place, Nationality, National Register Number, Address, Photo. Authenticating Card Holder: Authentication with the authentication private key of the card holder. Signing Data: Signing data by the Card with the non-repudiation private key of the card holder. Applications Stand Alone Application Client/Server Application Light Client : Browser application PC Emulation to a central environment

16 16 Examples: Stand-alone application

17 17 How using?

Download ppt "Belgian EID Card 15/12/2004 Derette Willy eID program manager."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
(n)Code Solutions A division of GNFC

(n)Code Solutions A division of GNFC
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict 2010. All rights.

Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
SESSION D: What You Know - What You Have - What You Are: The Role of Hardware Technologies to Provide Identity Assurance BELGIUM’s Experience Washington.

SESSION D: What You Know - What You Have - What You Are: The Role of Hardware Technologies to Provide Identity Assurance BELGIUM’s Experience Washington.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google