European Electronic Identity Practices

Slides:



Advertisements
Similar presentations
Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, Tom Kinneging.
Advertisements

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.
FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Mr. Aivars Paegle, Legal manager at The Register of Enterprises of the Republic of Latvia, Juridical Division Workshop on Single Institution for Registration.
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
Residents’ register service under the Ministry of the Interior
European Electronic Identity Practices Country Update of Finland Speaker: Päivi Pösö Date:
12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone:
EGovernment Vision, Policies and Implementations in Austria Prof. Dr. Reinhard Posch CHIEF INFORMATION OFFICER.
Digital Identity Group May GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.
E- passports Erik Poll Digital Security Group Radboud University Nijmegen.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Nairobi, Kenya 29-31October Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.
European Electronic Identity Practices Country Update of …………… Speaker: Date:
European Electronic Identity Practices Country Update of Belgium Speaker: Maes F. Date: 25 May 2005.
Update on European Citizen Card: Part 4 Kristina Unverricht Consumer Council of DIN, Germany Chairperson of ANEC Information Society Working Group October.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.
Follow up after Porvoo-6 in Rome - The resolutions from Porvoo 6 Tapio Aaltonen Director, CA-services Population Register Centre Finland.
Joint workshop of Porvoo and GCF hosted by the Porvoo 7 meeting May , Reykjavik, Iceland moderated by Jan van Arkel, co–chair Porvoo acting chair.
1 Automatic Border Passage at Amsterdam Airport Schiphol ACM ICPC, November 16th 2002 Art de Blaauw, manager projects.
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)
European Electronic Identity Practices Country Update of Norway Speaker: Sverre Bauck Date:
FIT3105 Smart card based authentication and identity management Lecture 4.
Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.
Ronny Depoortere January 16th, 2012 Chisinau. Identification – Business Case The ability to uniquely identify citizens and foreign residents is the corner.
Estonia e(m)-ID and e-services Towards cross-border services Seth Lackman, ITL.
SESSION D: What You Know - What You Have - What You Are: The Role of Hardware Technologies to Provide Identity Assurance BELGIUM’s Experience Washington.
Civil Registry Agency of the Ministry of Justice, Georgia Georgian ID card Mikheil Kapanadze.
P O L I C E D E P A R T M E N T  Biometric passport – Passport Act – Issuing a biometric passport – Development project  Biometric Passport To Biometric.
European Electronic Identity Practices Country Update of Spain Date: 26 May 2005.
National Smartcard Project Work Package 8 – Security Issues Report.
COUNTRY XXX European Electronic Identity Practices Country Update of XXX Speaker: Date: 11 May 2006.
European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Update on WS eAuthentication status Jan van Arkel Co-Chairman eEurope Smart Card Charter Ambassador CEN/ISSS WS eAuthentication.
PRESENTATION OF ETSI © ETSI All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.
Copyright 次世代 IC カードシステム研究会 C 1 Nagaaki OHYAMA Tokyo Institute of Technology Chair of NICSS National ID card in Japan May Provoo (Reykjavik,
Renesas Electronics America Inc. © 2010 Renesas Electronics America Inc. All rights reserved. Secure MCU REA FAE Training – June A Rev
Synthesis of the Eurosmart’ Technical Day on eID interoperability Bruno Rouchouze, ID SG Convenor Porvoo 12, Grosseto - Italy.
Harmonisation of electronic Identities for the European Citizen Jan van Arkel, co- chair Porvoo group, May 11, 2006 Ljubljana.
ISSA European Network Technical Seminar on efficient e-services in Social Security Warsaw, 24 th of May 2012 Dr. Jens Bruhn Deutsche Rentenversicherung.
How can the SMART card help in new channels?
Special Publication : Interfaces for Personal Identity Verification Jim Dray NIST NPIVP Workshop March 3, 2006.
Slovenian Governmental Certification Authority Dr. Aleš Dobnikar Government Centre for informatics of the Republic of Slovenia 4th Business and Government.
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
Smart Card Technology & Features
The Porvoo Group Tapio Aaltonen Director, CA-services, co- chair Porvoo Group Population Register Centre Finland.
DICOM and ISO/TC215 Hidenori Shinoda Charles Parisot.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
European Electronic Identity Practices CEN TC224 WG15 European Citizen Card Standard Speaker: L. Gaston AXALTO Date: 26 May 05.
1 ISO/IEC JTC1/SC37 Standards A presentation of the family of biometric standards October 2008.
EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.
The German eID and eIDAS
European Electronic Identity Practices Country Update of Estonia Speaker: Ivar Jung Date:
E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.
Giesecke & Devrient The DIN Standard and PKCS#15 Common Usage for Signature Cards? Gisela Meister
Bulding blocks of e- government Ingmar Pappel. Bulding blocks of e-government  Personal Code  Digital Identity  Digital signature  X-Road  Organizations.
The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.
Various aspects and proceedings on interoperability in Europe
eIDAS in Europe, eID in The Netherlands & Germany
Digitally Signed Legislation in Estonia
European Citizens’ Initiative, Commission regulation proposal Focus on IT aspects Jérôme Stefanini DIGIT.B.2 05/06/2018.
HIMSS National Conference New Orleans Convention Center
Laur Mägi Department of Information Systems and Document Management
E-identities (and e-signatures)
Presentation transcript:

European Electronic Identity Practices Country Update of Portugal Speaker: Anabela Pedroso anabela.pedroso@umic.pt Date: 3 November 2006

1. Status of National legislation on eID Are eID specific regulations enacted and in place? Almost! Currently the new Law for Portuguese Citizen Card is on Portuguese Parliament for discussion and approval

2. CA organisation Responsible CA organization: Ministry of Justice – Information Technology Institute for Ministry of Justice (ITIJ) The background of the organization: Public Organization responsible for implementing and running IT in Ministry of Justice Card/ Certificate issuer: Ministry of Justice – Portuguese Registration Centre for Citizens and Enterprises ( DGRN- Direcção-Geral de Registos e Notariado) No. of certificates stored on the eID chip: 2 certificates are available for the citizen (authentication and signature) What access mechanism is used for each private key: Private key is stored in the chip, in a high secure environment. The chip is in a EAL5+ certification process

3. Status of National deployment of eID Is the eID card obligatory: yes Number of inhabitants: 10 millions Number of eID cards issued as of October 2006: 0 Number of certificates activated: 0 Yearly growth rate (percentage): N/A The expected number of eIDcards by the end of 2007: 200.000

3. Status on National deployment of eID Basic functionalities of the eID card: Official national ID document? Yes European travel document? Yes eServices? Authentication and signature Other? Authentication throw multiple channels (using one-time-password application) Match-on-the-card application Offline data transfer (some are PIN protected – e.g., address) Validity period of the card/certificates: 5 years

3. Status of national deployment of eID The price of the card in euros: - for the citizen: In study - for the card issuer: In study - price for the card reader and software: In study - any additional costs for the user/relying party: In study From whom and how can the citizen obtain the end/user packages: In 2007: only the State will provide these packages (in Identification Registration Offices, Ministry of Justice) After 2007: these packages will be available in retail stores (e.g., supermarkets, …)

3.1. Portuguese eID Citizen Card SPECIMEN Substitutes 5 National Id Cards: Identity Card Tax Card Social Security Card Health Services User Card Voters Card

MLI (Multiple Laser Image) Citizen Card Front Phisical suport (ID-1 format) in policarbonate with several phisical security mechanisms (3 levels of control) The front of the Card olds specific information about the identification of the citizen Variable Optical Ink Micro Relive (Braille) Surname SPECIMEN Given Name Chip Date of Birth Sex, High, Nationality Document Nº and Id Nº Photo MLI (Multiple Laser Image) DOVID (Elemento Difractivo Opticamente Variável) Signature Validity Date

Citizen Card Back SPECIMEN The back olds specific information of the other sectorial id documents (Taxes, Social Security and Health). Machine Readable Zone (MRZ). Parents Version Nº SPECIMEN Social Security Nº Tax Nº Health User Nº DOVID in Holographic Filet Machine Readable Zone

Citizen Card Chip Chip JavaCard, Philips, 72Kb EEPROM for applications and data. Several security mechanisms, in the algorithm and encriptation and in the protection against atacks (EAL5+ certification , based in International Common Criteria standard) EMV compliant (partnership with Banks in the distribuiton of commun readers to the citizens) JavaCard 2.2.1 16-bit RISC CPU Core True Random Number Generator Crypto-Engine: 3DES, AES, RSA, etc… MD5, SHA-1, SHA-256 386Kb ROM 72Kb EEPROM 2Kb Crypto-RAM Atacks protection: Side-channel attacks (SPA/DFA) Invasive attacks Advanced fault attacks EMV Compliant

4. Interoperability issues What is the level of Current Compliance with each of the following international standards or group activities (in Full / Planned / None): CWA 15264 (eAuthentication): Compliant CWA 14890 (eSign) : Compliant CEN/TS 15480 1,2 (European Citizen Card): Compliant ISO 19794 Biometric Data Interchange Format Part 2: Finger Minutiae Data: Compliant ISO 24727 1,2,3 (ICC programming interfaces): Compliant ICAO 9303 (travel documents): Compliant, where mandatory – e.g., Portuguese Citizen Card does not have Radio Frequency interface

4. 1 Citizen Card Use of Standards Besides ECC standards ECC, The Citizen Card follows the best practices in eID: Biometria: ISO/IEC/JTC 1 SC 37; ISO/IEC 7816-11; ISO/IEC FCD 19794-2 (fingerprint minutiae); ISO/IEC 19784-1 BioAPI; ISO/IEC 19785-1 Common Biometric Exchange formats (CBEFF) - Part 1: Data Element Specification. Chip: ISO/IEC 7810 ISO 7816; ISO/IEC 14443; Java Card/GP (suporte de Java cards, ISO/IEC 7501-3 (ICAO)) CEN / TC 2254; CWA 15264; CWA 14890; ISO/IEC 19794-2: Finger Minutiae data; ISO/IEC 19794-4,5 : Finger Image data; ISO/IEC 19784 – BioAPI; ISO/IEC 19785 – CBEFF; ISO/IEC 24727 EMV Card: ISO/IEC 9798 (device-authentication/Secure messaging); ISO 7810; ISO 7811; ISO 7816; ISO 10373; ISO/IEC 10373; EN 742:1993; CECC 90000; MIL STD-883C; Pr CEN/TS 15480 1,2 (European Citizen Card - draft); ICAO 9303 (travel documents); PKI, Certificados e Assinaturas Digitais: ISO/IEC 7816-15; CWA 14890 - CEN/ISSS Workshop on the electronic signature (Area K); CWA 15264 (eAuthentication); CWA 14167 (Multipart); PKCS#1, PKCS#3 , PKCS#7, PKCS#8, PKCS#10, PKCS#11, PKCS#12, PKCS#15.

5. eAuthentication cross border usage and harmonisation Are there agreements with other national smart card issuers (either per country or bi-lateral) for mutual recognition of cards? Status and targets of these agreements and timetable how to proceed: Currently we are on informal contacts with several countries

6. Next steps in your country? January 2007: Pilot Phase of Portuguese Citizen Card (in Azores islands) Summer/Autumn 2007: Project Roll-out beginning in other municipalities 2007: PORVOO 11 in Portugal!!! During 2008: All country and portuguese consulates around the world

Cartão de Cidadão The Chip: Internal Applications and Data Principal “resident” applications: IAS – Responsible for the operations of authentication and electronic signature EMV-CAP – Responsible for the generation of one-time-passwords for alternative communications channels (e.g., telephone) Match-on-Card – Responsible for the biometric verification of the finger tips Aplications Citizen Data IAS Biometric Template of Fingertip EMV-CAP Photo Match-On-Card Adress Legend: Identification data of the Citizen (the same as the visible data on the card) PIN Protection Public Access Area for personal use of the Citizen Not Accessible Digital Certificate for Signature Digital Certificate for Authentication

7. Future of eID What is expected of the eID in the future? Catalyst for the complete availability of e-services to the citizen and enterprises: Eg. in the near futur: - Change of address - Medical Doctor Appointment scheduling - Bank account subscription - Enterprise creation - Apply for the University …

7. Future of eID What is expected from the Porvoo Group in the future? (Cooperation with groups, permanent workingroups within Porvoo Group etc.) Cooperation with Interoperability Groups Cooperation in Pan-European public services

8. More information Web-pages on eID issues: www.cartaodocidadao.pt www.ucma.gov.pt www.umic.pt email: anabela.pedroso@umic.pt Thank You!

Portugal City of Coimbra Spring 2007 Next Porvoo Meeting Portugal City of Coimbra Spring 2007

Coimbra, capital of portuguese knowledge Coimbra, capital of portuguese knowledge. 3th ancient University in Europe

European Electronic Identity Practices Country Update of Portugal Speaker: Anabela Pedroso anabela.pedroso@umic.pt Date: 3 November 2006