Presentation is loading. Please wait.

Presentation is loading. Please wait.

European Electronic Identity Practices

Published byJeffry Bradley Modified over 9 years ago

Similar presentations

Presentation on theme: "European Electronic Identity Practices"— Presentation transcript:

1 European Electronic Identity Practices
Country Update of Portugal Speaker: Anabela Pedroso Date: 3 November 2006

2 1. Status of National legislation on eID
Are eID specific regulations enacted and in place? Almost! Currently the new Law for Portuguese Citizen Card is on Portuguese Parliament for discussion and approval

3 2. CA organisation Responsible CA organization: Ministry of Justice – Information Technology Institute for Ministry of Justice (ITIJ) The background of the organization: Public Organization responsible for implementing and running IT in Ministry of Justice Card/ Certificate issuer: Ministry of Justice – Portuguese Registration Centre for Citizens and Enterprises ( DGRN- Direcção-Geral de Registos e Notariado) No. of certificates stored on the eID chip: 2 certificates are available for the citizen (authentication and signature) What access mechanism is used for each private key: Private key is stored in the chip, in a high secure environment. The chip is in a EAL5+ certification process

4 3. Status of National deployment of eID
Is the eID card obligatory: yes Number of inhabitants: 10 millions Number of eID cards issued as of October 2006: 0 Number of certificates activated: 0 Yearly growth rate (percentage): N/A The expected number of eIDcards by the end of 2007:

5 3. Status on National deployment of eID
Basic functionalities of the eID card: Official national ID document? Yes European travel document? Yes eServices? Authentication and signature Other? Authentication throw multiple channels (using one-time-password application) Match-on-the-card application Offline data transfer (some are PIN protected – e.g., address) Validity period of the card/certificates: 5 years

6 3. Status of national deployment of eID
The price of the card in euros: - for the citizen: In study - for the card issuer: In study - price for the card reader and software: In study - any additional costs for the user/relying party: In study From whom and how can the citizen obtain the end/user packages: In 2007: only the State will provide these packages (in Identification Registration Offices, Ministry of Justice) After 2007: these packages will be available in retail stores (e.g., supermarkets, …)

7 3.1. Portuguese eID Citizen Card
SPECIMEN Substitutes 5 National Id Cards: Identity Card Tax Card Social Security Card Health Services User Card Voters Card

8 MLI (Multiple Laser Image)
Citizen Card Front Phisical suport (ID-1 format) in policarbonate with several phisical security mechanisms (3 levels of control) The front of the Card olds specific information about the identification of the citizen Variable Optical Ink Micro Relive (Braille) Surname SPECIMEN Given Name Chip Date of Birth Sex, High, Nationality Document Nº and Id Nº Photo MLI (Multiple Laser Image) DOVID (Elemento Difractivo Opticamente Variável) Signature Validity Date

9 Citizen Card Back SPECIMEN
The back olds specific information of the other sectorial id documents (Taxes, Social Security and Health). Machine Readable Zone (MRZ). Parents Version Nº SPECIMEN Social Security Nº Tax Nº Health User Nº DOVID in Holographic Filet Machine Readable Zone

10 Citizen Card Chip Chip JavaCard, Philips, 72Kb EEPROM for applications and data. Several security mechanisms, in the algorithm and encriptation and in the protection against atacks (EAL5+ certification , based in International Common Criteria standard) EMV compliant (partnership with Banks in the distribuiton of commun readers to the citizens) JavaCard 2.2.1 16-bit RISC CPU Core True Random Number Generator Crypto-Engine: 3DES, AES, RSA, etc… MD5, SHA-1, SHA-256 386Kb ROM 72Kb EEPROM 2Kb Crypto-RAM Atacks protection: Side-channel attacks (SPA/DFA) Invasive attacks Advanced fault attacks EMV Compliant

11 4. Interoperability issues
What is the level of Current Compliance with each of the following international standards or group activities (in Full / Planned / None): CWA (eAuthentication): Compliant CWA (eSign) : Compliant CEN/TS ,2 (European Citizen Card): Compliant ISO Biometric Data Interchange Format Part 2: Finger Minutiae Data: Compliant ISO ,2,3 (ICC programming interfaces): Compliant ICAO 9303 (travel documents): Compliant, where mandatory – e.g., Portuguese Citizen Card does not have Radio Frequency interface

12 4. 1 Citizen Card Use of Standards
Besides ECC standards ECC, The Citizen Card follows the best practices in eID: Biometria: ISO/IEC/JTC 1 SC 37; ISO/IEC ; ISO/IEC FCD (fingerprint minutiae); ISO/IEC BioAPI; ISO/IEC Common Biometric Exchange formats (CBEFF) - Part 1: Data Element Specification. Chip: ISO/IEC 7810 ISO 7816; ISO/IEC 14443; Java Card/GP (suporte de Java cards, ISO/IEC (ICAO)) CEN / TC 2254; CWA 15264; CWA 14890; ISO/IEC : Finger Minutiae data; ISO/IEC ,5 : Finger Image data; ISO/IEC – BioAPI; ISO/IEC – CBEFF; ISO/IEC 24727 EMV Card: ISO/IEC 9798 (device-authentication/Secure messaging); ISO 7810; ISO 7811; ISO 7816; ISO 10373; ISO/IEC 10373; EN 742:1993; CECC 90000; MIL STD-883C; Pr CEN/TS ,2 (European Citizen Card - draft); ICAO 9303 (travel documents); PKI, Certificados e Assinaturas Digitais: ISO/IEC ; CWA CEN/ISSS Workshop on the electronic signature (Area K); CWA (eAuthentication); CWA (Multipart); PKCS#1, PKCS#3 , PKCS#7, PKCS#8, PKCS#10, PKCS#11, PKCS#12, PKCS#15.

13 5. eAuthentication cross border usage and harmonisation
Are there agreements with other national smart card issuers (either per country or bi-lateral) for mutual recognition of cards? Status and targets of these agreements and timetable how to proceed: Currently we are on informal contacts with several countries

14 6. Next steps in your country?
January 2007: Pilot Phase of Portuguese Citizen Card (in Azores islands) Summer/Autumn 2007: Project Roll-out beginning in other municipalities 2007: PORVOO 11 in Portugal!!! During 2008: All country and portuguese consulates around the world

15 Cartão de Cidadão The Chip: Internal Applications and Data
Principal “resident” applications: IAS – Responsible for the operations of authentication and electronic signature EMV-CAP – Responsible for the generation of one-time-passwords for alternative communications channels (e.g., telephone) Match-on-Card – Responsible for the biometric verification of the finger tips Aplications Citizen Data IAS Biometric Template of Fingertip EMV-CAP Photo Match-On-Card Adress Legend: Identification data of the Citizen (the same as the visible data on the card) PIN Protection Public Access Area for personal use of the Citizen Not Accessible Digital Certificate for Signature Digital Certificate for Authentication

16 7. Future of eID What is expected of the eID in the future?
Catalyst for the complete availability of e-services to the citizen and enterprises: Eg. in the near futur: - Change of address - Medical Doctor Appointment scheduling - Bank account subscription - Enterprise creation - Apply for the University

17 7. Future of eID What is expected from the Porvoo Group in the future? (Cooperation with groups, permanent workingroups within Porvoo Group etc.) Cooperation with Interoperability Groups Cooperation in Pan-European public services

18 8. More information Web-pages on eID issues: Thank You!

19 Portugal City of Coimbra Spring 2007
Next Porvoo Meeting Portugal City of Coimbra Spring 2007

20 Coimbra, capital of portuguese knowledge
Coimbra, capital of portuguese knowledge. 3th ancient University in Europe

21 European Electronic Identity Practices
Country Update of Portugal Speaker: Anabela Pedroso Date: 3 November 2006

Download ppt "European Electronic Identity Practices"

Similar presentations

Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging.

Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, Tom Kinneging.
Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Mr. Aivars Paegle, Legal manager at The Register of Enterprises of the Republic of Latvia, Juridical Division Workshop on Single Institution for Registration.

Mr. Aivars Paegle, Legal manager at The Register of Enterprises of the Republic of Latvia, Juridical Division Workshop on Single Institution for Registration.
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
Residents’ register service under the Ministry of the Interior

Residents’ register service under the Ministry of the Interior
European Electronic Identity Practices Country Update of Finland Speaker: Päivi Pösö Date: 26.5.2005.

European Electronic Identity Practices Country Update of Finland Speaker: Päivi Pösö Date:
12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone: 077 8683 6764.

12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone:
EGovernment Vision, Policies and Implementations in Austria Prof. Dr. Reinhard Posch CHIEF INFORMATION OFFICER.

EGovernment Vision, Policies and Implementations in Austria Prof. Dr. Reinhard Posch CHIEF INFORMATION OFFICER.
Digital Identity Group May 2012. GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.

Digital Identity Group May GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.
E- passports Erik Poll Digital Security Group Radboud University Nijmegen.

E- passports Erik Poll Digital Security Group Radboud University Nijmegen.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Nairobi, Kenya 29-31October 2007 1 Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.

Nairobi, Kenya 29-31October Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
European Electronic Identity Practices Country Update of Belgium Speaker: Maes F. Date: 25 May 2005.

European Electronic Identity Practices Country Update of Belgium Speaker: Maes F. Date: 25 May 2005.
Update on European Citizen Card: Part 4 Kristina Unverricht Consumer Council of DIN, Germany Chairperson of ANEC Information Society Working Group October.

Update on European Citizen Card: Part 4 Kristina Unverricht Consumer Council of DIN, Germany Chairperson of ANEC Information Society Working Group October.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April,2007 1 Paula Ortiz López Spanish Data Protection Agency.

Respecting Privacy in Global Networks/ Guernsey, Wednesday 11 th April, Paula Ortiz López Spanish Data Protection Agency.

Similar presentations

Ads by Google