1. ,
Smart Card Charter & the
Helsinki Public ID conference
April 4-5 2002
Jan van Arkel
Co-Chairman eEurope Smart Card
Charter
The
2. Agenda
The eEurope Smart Card Charter: aim,
deliverables and status report
Status overview on European e-ID cards
Targets for this conference
3. “An Information Society for all”
2002 Objectives
Bring every citizen, school, business and
administration on-line - quickly!
Create a digitally literate and entrepreneurial
Europe
Ensure an inclusive information society
4. Action Lines
A cheaper, faster, secure Internet
1) Cheaper and faster Internet access
2) Faster Internet for researchers and students
3) Secure networks and smart cards
Investing in people and skills
4) European youth into the digital age
5) Working in the knowledge-based economy
6) Participation for all in the knowledge-based economy
Stimulate the use of the Internet
7) Accelerating e-commerce
8) Government online: electronic access to public services
9) Health online
10) European digital content for global networks
11) Intelligent transport systems.
2002
5. eESC Mission
Contribute to mass deployment of Smart Cards
Europe
Identify the barriers for mass deployment and
help in bringing those barriers down.
Focus on:
- 4 application area’s
- multi-functionality
- end user acceptance
- a number of more technical aspects
6. eESC action lines
Setting up of a network of interested
stakeholders
Carry out Dissemination program
Defining Common Specifications
(end of term deliverable)
Demonstrators & large scale deployment
7. Building & maintaining
the network
> 350 organisations involved
> 1000 people on mailing list
> 70 meetings a year
250 people hands-on participating
8. Steering Committee
SCC Organisation
(working group chair persons plus relevant group representatives)
Secretariat
Trailblazers
High Level Group
9. Logical structure Comm. Specs.
TB3
S
E
CURI
T
Y/
PP
TB8
US
E
R
/
RE
Q
S
TB10
GOVERN-MENT
TB11
HEALTH
TB5
PAYMENTS
TB9
PUBLIC
TRANSPORT
GIF
TB1, TB2, TB12
APPLICATIONS
GLOBAL
INTEROPERABILITY
FRAMEWORK
GENERIC FUNCTIONS
PUBLIC ID, AUTHENTICATION, ELEC. SIGNATURE
TB7
MULTI AAPPPPLLIICCAATTIIOONN PPLLAATTFFOORRMM
TB4 TB6
GGEENNEERRIICC CCAARRDD RREEAADDEERRSS CCOONNTTAACCTTLLEESSSS CCAARRDDSS
10. Basic roles and processes
Issuer
User
Content
provider
Applic.
provider
Access
provider
R&C
Authority
12. 4 main application areas
- eGovernment
- e-Payment
- Health
- public transport
13. European Union: 375 million people
+ Candidate countries: 500 million people
14. 4 main application areas
- eGovernment
- e-Payment
- Health
- public transport
15. Functionality of a national
e - ID card/digital access
Mutual authentication card and infrastructure
Verification cardholder identity
(pin, biometrics)
Provision of trust (digital signature)
Travel Document within the EC
Carrier for drivers license & other official documents
Supporting in general e-Government
functionality
Able of supporting services from the private
sector
17. e-ID cards top 3
1. Brunei
400K, personal data, biometrics and
PKI
2. Malaysia
1M 19 M, personal data,
biometrics and PKI
3. Japan
1M 100 M in 2004, data, PKI,
Pin
18. e-ID cards in EU
Policy decision has been made for
national digital ID or Public Services
card by: Austria, Belgium, Finland,
Ireland, Italy, Netherlands, Portugal,
Spain, Sweden
Relevant national legislation already in
place in: same countries exept Portugal
Public Service card will be chipcard:
Austria, Belgium, Finland, Ireland, Italy,
Netherlands, Portugal, Spain, Sweden, UK (if
applied will be a chipcard), Germany (see pilot in
Bremen)
19. Public Key technology
Will support PKI for authentication and non-repudiation
purposes? France and Ireland
no final decision yet, other countries: Yes
Will support PKI for non –repudiation?
Same answer
Will support encryption facilities for end-user?
Yes: Finland, UK
No: Italy, Spain,
Under discussion: Ne, Be, Irl
20. Pilot projects and nat. roll-out EU
Pilot projects are active in:
Italy, Belgium, Netherlands, France,
National roll-out is under way in:
Sweden (100 K cards issued)
Finland ( 12 K cards issued)
Italy (15 K cards issued)
Roll out completed: None
21. Pre-conference conclusions
on ID-cards
National ID cards in Europe are definitely on
their way
The ID service will be in support of the
eGovernment domain (and sometimes also
in the privaty domain)
Multi application is still an unsolved issue
The cards will use PKI in support of
authentication and digital signature
CHV will be on the basis of PIN and in some
countries biometrics
22. Pre-conference conclusions
on ID-cards (2)
Middle of the road ICC contact technology
Heavy piloting but small scale roll-outs as yet
Heavy risk of different solutions and non –
interoperability (as is the case in domains of
e-Purse and European Health cards)
23.
24. Targets for the Conference
Information exchange on national
developments in domain of e-ID
Establishing interest in realising
pan-European interoperability of
identification, authentication and digital
signature function in Public Domain
Organising input (requirements &
solutions) into the Smart Card Charter
Common Specifications
25. Examples of joint functional
requirements
1. Card Issuing Government (CI) is
responsible for reliable I, A of Cardholder
2. CI is responsible for the QC(s) for Card
Authentication, CHV and Signature
3. I and A data and functions are open for
general use
4. There should be a 3 key pair infrastructure
for I/A, Signature and confidentiality
5. Key generation and storage on board the
card
26. Examples of joint functional
requirements
6. CI holds ‘key’ for applications on card (at
issuance or post issuance)
7. CI responsible for overall CMS
8. Trust is a must to generate interoperability
9. ………
10.………
27. (a) Each APP prepares Certificate for User Authentication separately
Card
certificate
②Data processing
Health
Insurance
AP
Electronic purse
SP
User
certificate
CI
RC
Electronic purse
AP
CA 0
CA 1 CA 2
Health Insurance
SP
Hospital
SP
User
certificate
Demerit
APP Download (DL) APP DL
Issues card certificate
Issues Card certificate
Merit
Each APP requires
resources, such as
certificate, separately
①User authentication
Each APP must
prepare PKI
separately.
Each APP can
manage users
separately.
Small effect on existing
NICSS-Framework
No connection is
required between
AP's
F/W
28. (b) User authentication by common Certificate for all APP
Card
certificate
②Data processing
Health
Insurance
AP
Electronic purse
SP
User
certificate
CI
RC
Electronic
purse
AP
CA 0
CA 1 CA 2
Heath Insurance
SP
Hospital
SP
Demerit
APP DL APP DL
①User authentication
Issues Issues card certificate User certificate
Merit
NICSS-Framework newly
needs to administrate
certificate for user
authentication.
No APP needs to
prepare each Certificate
Only small amount of
resources, such as
certificate, are necessary.
29. (c) Authentication of Card and User in common by Card Certificate
Health
Insurance
AP
RC
Electronic purse
SP CI
Health Insurance
SP
Electronic
purse
AP
Hospital
SP
Demerit
APP DL APP DL
Issues card certificate
(also used as user certificate )
Merit
②Data processing
① User authentication
No APP needs to
prepare Certificate
Card
certificate
Smallest amount of
resources, such as certificate,
are necessary.
APP must define I/F or others so
that card certificates can be used by
APP.
30. ID Cards in the Netherlands
Policy decisions are there
Legislation in place
eID card in ID 1 format since Oct 2001
Pilot sites (Delft, Rotterdam) have
delivered
Large scale pilot (Eindhoven) with
PKI (without biometrics) under
construction
National roll-out eNIK? 2006?
Notas del editor
<number>
Thank you Mr chairman for those nice words of introduction.
And may I add that I consider this an honor to address the OMNIcard delegates.
And though it is a little late in the year I wish you a very prosperous year, personal and business wise.
Now we had already a very good start, introducing the Euro. It went perfect as far as I can see.
And last year we had the year 2K, the millennium, went OK as well.
I know that some people are already worrying, what can we introduce next year, without to many problems.
I would like to the smart card European wide introduced. But I fear that will not be the case. Because there is a problem with the smart card,
Either the people are not smart enough to see that a smart card is really smart, or the people are smart and it’s the card, though called smart that needs improvement. Probably both, but as I cannot alter the people I am focusing on the cards.
And that basically what the smart card charter is all about. Trying to accelerate and harmonize development and usage of smart cards across Europe.
For we have a vision. Has to do with Europe and just like Euro we want smart cards to become THE access mechanism for the Information society. Provide trust, security. convenience. That’s basically what the Smart Card Charter is all about.
Relations with eEurope,
CEN, ETSI
R & D projects,
IDA,
Biometrics harmonization activity.
eCommerce project,
Our own clustering
High level group
Relations with eEurope,
CEN, ETSI
R & D projects,
IDA,
Biometrics harmonization activity.
eCommerce project,
Our own clustering
High level group
Relations with eEurope,
CEN, ETSI
R & D projects,
IDA,
Biometrics harmonization activity.
eCommerce project,
Our own clustering
High level group