January 2011 ETSI Security Workshopdocbox.etsi.org/.../S2_ELECTRONIC_SIGNATURES/... · operators of...
Transcript of January 2011 ETSI Security Workshopdocbox.etsi.org/.../S2_ELECTRONIC_SIGNATURES/... · operators of...
January 2011ETSI Security Workshop
CEN/TC224: Standards for eBusiness and eGovernment
Dominique LescribaaCEN TC 224 ChairmanGIE Cartes Bancaires
CEN/TC 224 General information
Title
Personal identification, electronic signature, cards and their related systems and
operations
History
TC 224 was set up in 1990 and has initially produced standards in the area of general
card characteristics and technologies, user interface, inter-sector electronic purse,
telecommunications integrated circuit cards and terminals, surface transport
2
telecommunications integrated circuit cards and terminals, surface transport
applications
In 2003 and 2005, CEN/TC 224 has extended its scope to e-signature and
e-government
Since 2010, develop some biometric standards
Base objective
To define the necessary standards to be used to perform the desired level of
commercial interoperability for machine readable cards, related device interfaces and
operations in Europe
Business, European Government and consumers needs
Increase confidence in business relation and e-administration:Electronic commerceElectronic Signature Framework (new EC mandate)
Reinforce societal and citizen security in Europe (new EC mandate)
Reinforce the identification of European citizen:
3
Enlargement of the European UnionAutomatic border-crossing,Biometric application interoperability
Interoperable public transport applications
Confidence of consumers in respect of security, privacy, quality andergonomics, requirement for people with special needs
Business Environment5.2 Billion Smart Cards Shipped in 2009
Europe represents near 60% of IC cards of the world market
Number of application sectors (banking, telecommunications, healthcare, transport, pay TV, retail shopping, access control, E -Government, border control...)
4
retail shopping, access control, E -Government, border control...)
Parties involved: � Industry of cards and related
devices, � cryptographic and security
developers,� operators of the various
application sectors,� Public authorities, Consumers� …
CEN TC 224 Standardisation needsSince 1990, more than 60 standards were adopted
Confidence of consumers in respect of security, quality and ergonomics
Stable and reliable electronic signature
Authenticate the authorized entity
Reinforce the identification of
European citizen
5
To define the necessary standards to be used to perform the desired level of commercial interoperability in Europe, considering its very significant position in
the international market.
Protect personal data and privacy
Harmonise some payments
related transactions
International cooperation and liaisons with TC224
ISO/IEC/JTC1 SCs•SC 17 (cards and related application)���� contact less cards, Passports, visas…
•SC 27 (Security of Information)���� Common criteria, Electronic
signature, Protection of personal data, crypto…•SC 31 (Automatic Indentification)����RFID
UIT
6
CEN TC 224ETSI(TC ESI…)
EPCVISA/MASTERCARD
Global PlatformANEC
ISO TC 68financial transactions
����RFID•SC 37 (Biometric) ���� Biometric
To help protect your privacy, PowerPoint prevented this external picture from being automatically downloaded. To download and display this picture, click Options in the Message Bar, and then click Enable external content.
WG 15European Citizen
Card
Working groups of CEN/TC 224
WG 6User Interface
WG 11Surface Transport
Applications
7
L. GASTONFRANCE
WG 16Smart cards used as
secure signature creation devices
G. MEISTERGERMANY
To be reactivated in 2011
K. PHILIPPGERMANY
WG 17Protection Profiles
in thecontext of e-Sign
C. SUTTERGERMANY
WG 18Interoperability of
Biometrics recorded data
N. DELVAUXFRANCE
Focus on some activities (programme of work of WG6)
WG 6 User Interface: group currently reactivated
following the expression of new needs
Accessibility standards to be potentially revised:
EN 1332-4 : Identification card systems - Man-machine interface - Part 4: Coding of user
8
EN 1332-4 : Identification card systems - Man-machine interface - Part 4: Coding of user
requirements for people with special needs
EN 1332-3: Identification card systems - Man-machine interface - Part 3: Keypads
EN 1332-5: Identification card systems - Man-machine interface - Part 5: Raised tactile
symbols for differenciation of application on ID-1 cards
Focus on some activities (programme of work of WG11)
WG 11 Transport Applications
Two main standards already developed within the WG11 and soon
revised:EN1545-1: Identification cards system – Surface Transport Applications – Part 1:
elementary data types, general code lists and general data elements
9
elementary data types, general code lists and general data elements
EN1545-2: Identification cards system – Surface Transport Applications – Part 2:
transports’ and travel’s payments related data elements and code lists
Integration of the EU-IFM project and complete data based elements
in this revision
Focus on some activities (programme of work of WG15)
WG 15 European Citizen Card
TS 15480-1 ECC physical, electrical, and transport protocol characteristics (under
revision)
TS 15480-2 ECC logical data structures and security services (under revision)
10
TS 15480-3 ECC interoperability using an application interface (under publication)
TS 15480-4 Recommendations for ECC insurance, operation and use (under progress)
Future part 5: Overview of ECC standard and implementation guidelines (under progress)
Focus on some activities (programme of work of WG16)
WG 16 Smart cards used
as Secure Signature Creation Device:
Two main standards developed within the group:EN 14890-1: Application Interface for smart cards used as Secure Signature Creation
Devices - Part 1: Basic services
EN 14890-2: Application Interface for smart cards used as Secure Signature Creation
11
EN 14890-2: Application Interface for smart cards used as Secure Signature Creation
Devices - Part 1: Basic services
New amendments to EN 14890-1/2 regarding:
• New algorithm e.g. AES for Secure Messaging
• New formally and cryptographically proven password based authenticationprotocols e.g. PACE• New formally proved privacy protocols e.g. for online Id management
• Allgnements related to Web services and cards
Focus on some activities( ~ 15 Protection profiles in development in WG17)
WG 17 Protection Profiles in the context
of e-Signature
Ongoing conversion into TS/EN of CWA 14169 on protection profile (PP)
for a secure signature creation device (generally recognised standard in
the European Decision): priority of the European Mandate on Electronic
Signature
Conversion into TS/EN of CWA 14167 on security requirements for
trustworthy systems managing certificates for electronic signatures
12
trustworthy systems managing certificates for electronic signatures
(generally recognised standard in the European Decision): priority of the
European Mandate on Electronic Signature
+ incorporation of additional requirements such as server signing
Protection Profile
== > coordinated work with ETSI TC ESI
Drafting of an EN for a PP on signature creation and verification
application
(PP SVA/PP SVA)
Drafting of an EN for a PP on Device Authentication
Focus on some activities (programme of work of WG18)
WG 18 Interoperability of Biometrics Recorded Data: officially
launched in November 2010
Two Technical Specifications under development to comply with the
European Commission requirements for interoperability and security of
exchange at a European scale
13
Harmonisation and interoperability of slap-ten print capture for Biometrics
Application profiles of international standards to satisfy European biometrics requirements
for automatic cross-boarding equipment
For further actions
Contact your National Standardization Organisation and joint TC 224 team!
TC 224 contact points and National contact point in France
14
[email protected]@afnor.org
Thank you for your attention!