Belgian EID Card 15/12/2004 Derette Willy eID program manager.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
(n)Code Solutions A division of GNFC
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Online Security Tuesday April 8, 2003 Maxence Crossley.
Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
SESSION D: What You Know - What You Have - What You Are: The Role of Hardware Technologies to Provide Identity Assurance BELGIUM’s Experience Washington.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Digital Signatures. Electronic Record 1.Very easy to make copies 2.Very fast distribution 3.Easy archiving and retrieval 4.Copies are as good as original.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
CSCI 6962: Server-side Design and Programming
Chapter 31 Network Security
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Configuring Directory Certificate Services Lesson 13.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Chapter 21 Distributed System Security Copyright © 2008.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Building Security into Your System Bill Major Gregory Ponto.
Windows 2000 Certificate Authority By Saunders Roesser.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar
1 Thuy, Le Huu | Pentalog VN Web Services Security.
Digital Signatures and Digital Certificates Monil Adhikari.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
PKI Services for CYPRUS STOCK EXCHANGE Kostas Nousias.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Electronic Banking & Security Electronic Banking & Security.
Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.
Secure Sockets Layer (SSL)
Using SSL – Secure Socket Layer
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
Security in ebXML Messaging
X-Road as a Platform to Exchange MyData
Electronic Payment Security Technologies
National Trust Platform
Presentation transcript:

Belgian EID Card 15/12/2004 Derette Willy eID program manager

2 Agenda  Role of Steria in the project  Actual status of the Roll out o Different actors o Global planning  The Belpic Project  Use of the eID card  Contents of the EID Card  The trusted CA Hierarchy  The Trusted Services  Mutual Authentication SSL V3  Realisations – How to Use – Quick Scan

3 Managed Services 50% Systems Integration 50% Core businessesMarkets Public Government 30% Manufacturing Utilities Transport 30% Banking & Insurance 25% Telecom 15% Consulting 10% Identity Card of Steria 8400 employees of which 230 in Belux 987 M € revenue (2003) of which 36 M€ in Belux Belux: Public: 48%, Industry: 25 % Finance: 27 % Belux: MS: 34 % ; SI: 60% ; C: 6 %

4 BELPIC project: role of Steria Design of architecture (central and local) Software Development modifications on mainframe new application servers PC’s in the municipalities Infrastructure delivery (central and local) Project management

5 Card & CA setupPilot (11) GO roll out RA/Infrastrucutre 2002 Jan …… Dec 2003 Jan … Jun … Dec 12/06 Jan 2004 … Mar … Jul Roll Out infrastructure Contract … 2005 Jan 7 months Prep.Site Surveys Installation & training T0 T0 + 2MT0 + 7M Operational fase T0 + 5Y T0 + 3M T0 + 5M ABC BELPIC project: actors / planning

6

7

8 BELPIC project Aim of Belpic-project Give Belgian citizens an electronic identity card enabling them to authenticate themselves towards diverse applications and to put digital signatures Chip contains the same information as printed on the card (name, first names, nationality, birth place and date, sex, validity of the card, photo, signature, identification number) filled up with: Certificates (signature, authentication) The main residence of the holder No other information on the card is allowed! Proof of identity & Signature tool No Encryption

9 Use of e-ID Customer identification (data capture) No errors Very fast (Complete) Identity information => Profiling Strong authentication Universal solution (advantage for the customer) SSO (Single sign on) => one authentication server “State of the art” (= Replacement of the token) / No pin mailers Signature Anywhere, anytime. Simplicity (  token) Non repudiation Encryption No encryption for the moment (foreseen at a later stage) Private key backup & archiving issue

10 ID ADR Photo PUK1/2 ADR = adres ID = Ident ) PH = hash photo Cert_Cit-Auth Cert_Cit-Sign Pin code     PUK1/3 BELPIC Contents of EID Card Cert_CA-Cit Cert_RRNAS Prik_Cit-Auth Prik_Cit-Sign PubK_CA-Role Private keysCertificates Public keys Prik_Base Pin Code Housekeeping Activate & Unblock eID identity data PuK_Base Role 7 WDe/2002 Cert_CA-Root S (ID+ADR+PH)

11 The trusted CA hierarchy Globalsign Top Root CA Selfsigned Belgium Root Signed Belgium Self Signed eID Citizen CA - Signature (1024 bits) - Cert_SAW-Enc - Authentication (1024 b) Government CAAdministration CAForthcoming CA - Cert_SAW-Sign - Cert_RRNAS - Cert_RRNDMZ - (Cert_XKMS) - Cert_Role-7? WDe/2002 Selfsigned eID

12 Trusted Services Registration Authentication Secure Sites Municipality OCSP Or CRL Certification Authority Citizens National Register Control & Registration Authentication & Signature Validation CRL Certificate Request 1 2

13 Digitally Signing a Message Hash Encryption Sender’s Private key Encrypted Hash Digital Signature Hash Algorithm Network Hash Algorithm Encrypted Hash = ? SenderReceiver Sender’s Public Key WDe/2002

14 Web Server User SSL v3 Mutual Authentication Connect to server (server name) Acknowledge presence Sending of challenge (RND) Server encrypts with its Private key Send back with Certificate chain Check cert. Validity & server name If OK notify server Server sends challenge Browser encrypts with private key Of authentication certificate (PIN code) Encrypted challenge +certificate chain (authent. Certificate only if chain NA) Server checks (OCSP-CRL) If ok notify user Agree on session key Browser generates key & encrypt with Pub. Key server. Sent to server. Secure Store Cert_Cit-Auth CertChain_Server

15 How using? Steria has developed modules / methods for Getting User Identity: Name, First Name, Gender, Birth date, Birth place, Nationality, National Register Number, Address, Photo. Authenticating Card Holder: Authentication with the authentication private key of the card holder. Signing Data: Signing data by the Card with the non-repudiation private key of the card holder. Applications Stand Alone Application Client/Server Application Light Client : Browser application PC Emulation to a central environment

16 Examples: Stand-alone application

17 How using?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.