Presentation is loading. Please wait.

Presentation is loading. Please wait.

EID: the Belgian Electronic Identity Card Jan Deprest Vlaanderen – OND-MVG – 28-06-2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "EID: the Belgian Electronic Identity Card Jan Deprest Vlaanderen – OND-MVG – 28-06-2005."— Presentation transcript:

1 eID: the Belgian Electronic Identity Card Jan Deprest Vlaanderen – OND-MVG – 28-06-2005

2 e-government

3 What is e-Government ? NOT : about government HOWEVER : it is about the government’s customers citizens businesses civil servants

4 e-Government principles > total solution > transparent (hide the internal organisation) > “I will say it only once” - Unique Data Source (Virtual Government) > limit the administrative formalities > no extra cost > Privacy > no digital divide

5

6 Architecture & building blocks SECURITY & PRIVACY FEDMAN UME OTHER AUTHORITIES OTHER INSTITUTIONS FPS Connected government Connected government PORTAL www.belgium.be PORTAL www.belgium.be AUTHENTIC SOURCES USER MGT

7 eID - basics A new ID-card with the format of a bank card and a powerful chip

8 Purpose eID project Proof of identity Signature tool > To give Belgian citizens an electronic identity card enabling them to authenticate themselves towards diverse applications and to put digital signatures

9 Which information ? > From a visual point of view the same information will be visible as on the current identity card : the name the first two Christian names the first letter of the third Christian name the nationality the birth place and date the sex the place of delivery of the card the begin and end data of the validity of the card the denomination and number of the card the photo of the holder the signature of the holder the identification number of the National Register > Identical functionality to current identity card Visual identification of the holder

10 Which information ? > From an electronic point of view the chip will contain the same information as printed on the card, filled up with : the identity and signature keys the identity and signature certificates the accredited certification service furnisher information necessary for authentication of the card and securization of the electronic data the main residence of the holder > (Currently) no encryption certificates > No biometric data (yet) > No electronic purse > No storage of other data Electronic identification of the holder

11 Distribution eID : how and where ? Municipality Face to face identification DeThe municipalities (1) (2) (12) National Register (3) VRK CM/CP/CI (4) CA ECA Bull (7) (8) (5) (9) (6) Meikäläinen Matti PIN & PUK1-code (10b) (10a) (11) (13)

12 eID - chip eID, welcome to the e-world !

13 Contents of the chip ID ADDRESS authentication digital signature RRN SIGN RRN SIGN RRN SIGN RRN SIGN PKIIDENTITY

14 eID : the main e-functionalities authentication data capture digital signature

15 Data capture > faster data capture data can be read directly from the card and stored in a particular system > more accurate data capture no more manual re-entrying  less error-prone process > more efficient data capture faster processing of information

16 eID : the main e-functionalities authentication data capture digital signature

17 Authentication log on to web sites (SSO ) container park library access control … swimming pool

18 eID : the main e-functionalities authentication data capture digital signature

19 Signature 1. Receive message 3. Check CRL/OCSP 5. Fetch public key 7. Compute reference hash 2. Inspect certificate 4. Check certificate 6. Fetch signature 8. Hash, signature, public key match? Matching triplet? CRL Alice hash Bob 3, 4 2 1 7 6 5 8 1. Compose message3. Generate signature5. Collect certificate 2. Compute hash4. Collect signature6. Send message Alice hash Alice 1 2 3 54 6

20 eID - PKI Public Key Infrastructure

21 Trust Hierarchy Card Admin Cert Admin Client Auth Elec Sign Data Crypt Client Cert Admin CA Hierar Admin CRL Citizen CA CRL Gov CA CRL SelfSign Belgium Root ARL RootSign Belgium Root Server Cert Object Cert AdminAuth/Sign

22 Certificates > Citizen’s certificates & keys Authentication Certificate & key pair (1024 bits) provide strong authentication (access control) web site authentication single sign-on (login) etc. Signature Certificate & key pair (1024 bits) provide non repudiation (electronic signature equivalent to handwritten signature) Document Signing Form Signing etc. (Encryption Certificate & key pair) foreseen at a later stage private key backup/archiving AuthSign Citizen CA Belgium Root CA Crypt Citizen CA

23 Trust Services Request Auth/SignValidate Register Population Registry Secure Sites Municipality XKMS OCSP CA Factory Citizens CPSSLA

24 eID - toolkit Let’s make use of the power of the eID !

25 eID-toolkits > Two toolkits are under development : GUI + PKCS#11 libraries : reading, printing, validating and visualising the contents of the eID chip authentication proxy : easy authentication on multiple platforms > Purpose is to hide internal card changes > Labeling should be straightforward if applications use toolkits > Both toolkits are free of charge > Distribution through federal portal (http://www.belgium.be/fedict  Projecten  eID) RELEASED

26 eID-toolkits

27 eID-toolkits : Identity

28 eID-toolkits : library

29 eID-toolkits : Certificates

30 eID-toolkits : Card & PIN

31 eID-toolkits : Options

32 eID - labelling

33 eID compliance label > Requirements: For citizens: get confidence in practices of service providers regarding eID usage (e.g. privacy) For service providers: demonstrate best practices are indeed applied regarding eID usage (e.g. fraud) > Inspired from two industry standards : eCommerce sites : eTransaction systems  Lot’s of auditors available For service providers: easy to extend a WebTrust/SysTrust accreditation to be eID compliant For auditors: easy to extend a WebTrust/SysTrust license to become an eID compliance agent  Fast & Rather cheap compared to other schemes  Not mandatory (but no eID liability otherwise) Trust Services

34 > Labeling procedure card readers applications creating trust for citizens, a legal basis for the government and branding for enterprises Based on industry standards : > Currently being worked out in cooperation with Banksys, CBSS eID-label

35 eID - applications Only the developers’ creativity will limit the usage of the eID card.

36 Home & Work > Office tools e-mail login (local PC & network) logon (other services) data & program confidentiality forms...

37 Administration > Federal TAX-ON-WEB VAT DIV … > Municipalities marriage house kids school library swimming pool container parks …

38 Telecom > Telephony reloadable & account cards GSM cards ==> UMTS/i-mode > Television Pay-TV decryption cards > Post registered Mail over internet  Internet VOIP (voice over IP) i-mode

39 Finance > Identification netbanking (userID/Tokens) loket (bank agency) insurance contract (signature) > Payment credit cards debit cards electronic purse

40 Healthcare > Insurance MediCard (contract) > Hospital private data (hospital card, etc) health/emergency data (blood group, etc)  Reembursement SIS card pharmacy doctors

41 Transport > Public transport ticketing in-flight entertainment > Parking access tolling > Gas & Fuel fuel cards loyalty cards

42 Retail & Delivery > Loyality Programs points collection online gift selection > Payment Credit contract signature payment system (domiciliation) > Home Delivery online orders data capture & digital signature

43 The sky is the limit ! home banking, online opening of accounts, … proof of membership SSO, … healthcare driver’s licence student cards, e-learning, … … e-commerce

44 Q&A

45 Rue Marie Thérèse 1/3 Maria-Theresiastraat 1/3 Bruxelles 1000 Brussel TEL +32 2 212 96 00 FAX +32 2 212 96 99 info@fedict.be www.belgium.be/fedict Th@nk you !

Download ppt "EID: the Belgian Electronic Identity Card Jan Deprest Vlaanderen – OND-MVG – 28-06-2005."

Similar presentations

What is. Digital Certificate It is an identity.

What is. Digital Certificate It is an identity.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
© fedict 2008. All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.

© fedict All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.

SPD1 Improving Security and Access to Network with Smart Badge Eril Pasaribu CISA,CISSP Security Consultant.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Security and Interoperability Danny De Cock January 16th, 2012 Moldova Slides: godot.be/slidesgodot.be/slides.

Security and Interoperability Danny De Cock January 16th, 2012 Moldova Slides: godot.be/slidesgodot.be/slides.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Some initiatives of the Belgian government in order to stimulate E-government Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg.

Some initiatives of the Belgian government in order to stimulate E-government Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict 2010. All rights.

Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.
SESSION D: What You Know - What You Have - What You Are: The Role of Hardware Technologies to Provide Identity Assurance BELGIUM’s Experience Washington.

SESSION D: What You Know - What You Have - What You Are: The Role of Hardware Technologies to Provide Identity Assurance BELGIUM’s Experience Washington.

Similar presentations

Ads by Google