Belgian EID Card 15/12/2004 Derette Willy eID program manager.
-
Upload
ashlee-griffith -
Category
Documents
-
view
225 -
download
0
Transcript of Belgian EID Card 15/12/2004 Derette Willy eID program manager.
![Page 1: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/1.jpg)
Belgian EID Card
15/12/2004
Derette Willy eID program manager
![Page 2: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/2.jpg)
2
Agenda
Role of Steria in the project
Actual status of the Roll out
o Different actors
o Global planning
The Belpic Project
Use of the eID card
Contents of the EID Card
The trusted CA Hierarchy
The Trusted Services
Mutual Authentication SSL V3
Realisations – How to Use – Quick Scan
![Page 3: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/3.jpg)
3
ManagedServices
50%
SystemsIntegration
50%
Core businesses Markets
PublicGovernment
30%
Manufacturing Utilities
Transport30%
Banking&
Insurance25%
Telecom15%
Consulting10%
Identity Card of Steria
8400 employees of which 230 in Belux987 M € revenue (2003) of which 36 M€ in Belux
Belux: Public: 48%, Industry: 25 %Finance: 27 %
Belux: MS: 34 % ; SI: 60% ; C: 6 %
![Page 4: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/4.jpg)
4
BELPIC project: role of Steria
Design of architecture (central and local)
Software Developmentmodifications on mainframenew application serversPC’s in the municipalities
Infrastructure delivery(central and local)
Project management
![Page 5: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/5.jpg)
5
Card & CA setup
Pilot (11)
GO roll out
RA/Infrastrucutre
2002
Jan … … Dec
2003
Jan … Jun … Dec
12/06
Jan
2004
… Mar … Jul
Roll Out infrastructure
Contract
…
2005Jan
7 months
Prep. Site SurveysInstallation &
training
T0 T0 + 2M T0 + 7M
Operational fase
T0 + 5Y
T0 + 3M T0 + 5M
AA BB CC
BELPIC project: actors / planning
![Page 6: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/6.jpg)
6
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
30
/08
/20
04
6/0
9/2
00
4
13
/09
/20
04
20
/09
/20
04
27
/09
/20
04
4/1
0/2
00
4
11
/10
/20
04
18
/10
/20
04
25
/10
/20
04
1/1
1/2
00
4
8/1
1/2
00
4
15
/11
/20
04
22
/11
/20
04
29
/11
/20
04
6/1
2/2
00
4
13
/12
/20
04
20
/12
/20
04
27
/12
/20
04
3/0
1/2
00
5
10
/01
/20
05
17
/01
/20
05
24
/01
/20
05
31
/01
/20
05
% Gemeenten Installatie
% Gemeenten Basculement
![Page 7: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/7.jpg)
7
![Page 8: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/8.jpg)
8
BELPIC project
Aim of Belpic-project Give Belgian citizens an electronic identity card enabling them
to authenticate themselves towards diverse applications and to put digital signatures
Chip contains the same information as printed on the card (name, first names, nationality, birth place and date, sex, validity of the card, photo, signature, identification number) filled up with:
Certificates (signature, authentication)
The main residence of the holder
No other information on the card is allowed!
Proof of identity & Signature toolNo Encryption
![Page 9: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/9.jpg)
9
Use of e-ID
Customer identification (data capture)No errorsVery fast (Complete) Identity information => Profiling
Strong authenticationUniversal solution (advantage for the customer)SSO (Single sign on) => one authentication server“State of the art” (= Replacement of the token) / No pin mailers
SignatureAnywhere, anytime.Simplicity ( token)Non repudiation
EncryptionNo encryption for the moment (foreseen at a later stage)Private key backup & archiving issue
![Page 10: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/10.jpg)
10
ID
ADR
Photo
PUK1/2
ADR = adres
ID = Ident)
PH = hash photo
Cert_Cit-Auth
Cert_Cit-Sign
Pin code
PUK1/3
BELPIC Contents of EID Card
Cert_CA-Cit
Cert_RRNAS
Prik_Cit-Auth
Prik_Cit-Sign
PubK_CA-Role
Private keysCertificates
Public keys
Prik_Base
Pin Code Housekeeping
Activate & Unblock
eID identity data
PuK_Base
Role 7
WDe/2002
Cert_CA-RootS (ID+ADR+PH)
![Page 11: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/11.jpg)
11
The trusted CA hierarchyThe trusted CA hierarchyGlobalsign Top Root CA
Selfsigned
Belgium Root SignedBelgium Self Signed
eID Citizen CA
- Signature (1024 bits)
- Cert_SAW-Enc
- Authentication (1024 b)
Government CA Administration CA Forthcoming CA
- Cert_SAW-Sign
- Cert_RRNAS
- Cert_RRNDMZ
- (Cert_XKMS)
- Cert_Role-7 ?
WDe/2002
Selfsigned
eID
![Page 12: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/12.jpg)
12
Trusted Services
• Registration
• Authentication
Secure Sites
Municipality
OCSP
Or
CRL
Certification Authority
Citizens
National Register
Control &Registration
Authentication& Signature
Validation
CRL
Certificate Request
1
2
![Page 13: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/13.jpg)
13
13
13
Digitally Signing a Message
Hash Hash
Encryption
Sender’s Private key
Encrypted
Hash
Digital Signature
Hash Algorithm
Network
Hash Algorithm
Encrypted
Hash
Hash
= ?
Sender Receiver
Sender’s Public KeyWDe/2002
![Page 14: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/14.jpg)
14
Web ServerUser
SSL v3 Mutual Authentication
Connect to server (server name)
Acknowledge presence
Sending of challenge (RND)
Server encrypts with its Private key
Send back with Certificate chain
Check cert. Validity & server name
If OK notify server
Server sends challenge
Browser encrypts with private key
Of authentication certificate (PIN code)
Encrypted challenge +certificate chain
(authent. Certificate only if chain NA)
Server checks (OCSP-CRL)
If ok notify user
Agree on session key
Browser generates key & encrypt with
Pub. Key server. Sent to server.
Secure StoreSecure Store
Cert_Cit-AuthCertChain_Server
![Page 15: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/15.jpg)
15
How using?
Steria has developed modules / methods forGetting User Identity: Name, First Name, Gender, Birth date, Birth place, Nationality, National Register Number, Address, Photo.Authenticating Card Holder: Authentication with the authentication private key of the card holder.Signing Data: Signing data by the Card with the non-repudiation private key of the card holder.
ApplicationsStand Alone ApplicationClient/Server ApplicationLight Client : Browser applicationPC Emulation to a central environment
![Page 16: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/16.jpg)
16
Examples: Stand-alone application
![Page 17: Belgian EID Card 15/12/2004 Derette Willy eID program manager.](https://reader036.fdocuments.in/reader036/viewer/2022062320/56649f555503460f94c78ef4/html5/thumbnails/17.jpg)
17
How using?
PC ClientClient / Server
application
Stand Alone PCRich Client
BrowserLight Client
Terminal Emulation
Central ServerMicrosoft, Unix, Mainframe