Stork 2.0 Member States Eids January 2015

STORK 2.0 Member States eIDs (January 2015)

The Large Scale Pilot STORK 2.0 pilots cross-border interoperability of electronic identities. See www.eid-stork2.eu for further information on STORK 2.0 and the pilots.

In the pilots an interoperability architecture covering 19 EU and EEA Member States will be tested. To provide an overview of the size and impact the project can reach, the list below shows which national electronic identities one can use across Europe when using STORK.

Country

eID Token(s) QAA1

Website / Logo Validity of the eID cards certificates stored in official

eID tokens of the MS

AT

Brgerkarte e-card

Health insurance card

4

www.buergerkarte.at

5 years Brgerkarte ACOS

Profession cards (public officials lawyers, notaries, pharmacists, etc.), student service card, etc.

4

1 Member States have different security levels for their eID. These are mapped to STORK Quality Authentication Assurance (QAA) levels. The QAA levels range from 1 for low assurance (e.g. username-password) up to 4 for high assurance (e.g. smartcard with qualified certificate). More information about STORK QAA is available here:D2.3 Quality Authenticator

Scheme https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=577; D2.4 Mapping of the national authentication levels of the

new Member States to the STORK QAA levels https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=1876; Mapping of national

QAA levels of new MS to STORK QAA https://www.eid-stork2.eu/index.php?option=com_jdownloads&Itemid=107&view=viewdownload&catid=7&cid=77; D3.2 QAA

Status Report https://www.eid-stork2.eu/index.php?option=com_jdownloads&Itemid=107&view=viewdownload&catid=7&cid=31.

Country

eID Token(s) QAA1



Handy-Signatur

Mobile eID

4

BE

BELPIC2

National ID card

4

http://eid.belgium.be/

10 years except for the Kids-ID, which is only 3 years.

Kids-ID

PIN code for authentication can only be requested by the parents as of the age of 6.

4

Foreign Residence Card 4

CH

SuisseID 3 3

http://www.suisseid.ch/

3 years (one year if the token is purchased for one year only)

2 Belgium is not yet acting as Credential Provider (a C-PEPS has not yet been deployed as part of BE national STORK infrastructure) and therefore BELPIC smartcard is not yet interoperable with other STORK MS (Note: will be operational before end 2013).

3 The SuisseID solution currently offers QAA3. Changes in the delivery process of the token have been initiated in order to achieve QAA 4, but the changes are delayed.

Country

eID Token(s) QAA1



CZ

MojeID4

http://www.mojeid.cz/

It should be possible to use certificates stored on commercial USB token or smartcard to login into mojeID

account

Certificates issued by CZ accredited certification authorities have validity 1 year. However, the user could use for login into mojeID account also certificates specified in this list of other certification authorities: http://packages.ubuntu.com/precise/all/ca-certificates/filelist.

Generally, the validity of certificate depends on particular certification authority.

The list of certificates is available for users of mojeID here:

https://www.mojeid.cz/page/1865/casto-kladene-otazky/#certificates

DE5

Neuer Personalausweis

National ID card (introduced November 2010)

4

BSI Web

Basically there are two certificates. One of them, the Card-Signer ist tied to the production of the ID-Card and valid for a maximum of 10 years (the ID-cards life-span).

4 MojeID IdP Internet service operated by CZ.NIC Association. It fits to QAA level 2 or level 3 at the moment and its been designed for federated authentication services. CZ.NIC aims to increase the QAA level to 4 as well as to implement SAML 2.0 protocol for communication between MojeID and ISPs. Athe moment, mojeID is used by various e-Services operators, including

local administrations and public libraries.

5 Germany does not participate in STORK 2.0. Information from Germany has not been updated since 2012.

Country

eID Token(s) QAA1



The other, the one for the service provider (the authorization certificate, http://www.personalausweisportal.de/EN/Government/Technology/Certificates/Certificates_node.html ) is valid only for a few days and has to be constantly renewed.

There is a possibility to load certificates for a qualified electronic signature onto the ID-Card. (now in testing: http://www.bundesdruckerei.de/en/798-sign-me ). Currently D-Trust offers them for a year; then they have to be loaded and paid again. Ultimately it depends on the respective service provider.

Other certificates for the qualified electronic signatures (and these are contrary to our ID-Card contact-based chips) are in use in some administrations and some branches; they are valid up to 5 years. It depends on the respective service provider.

Country

eID Token(s) QAA1



EE

ID-kaart

National ID card

4

www.id.ee

Validity of the certificates depends on eID token: - digi-ID 3 years - Mobile ID private 5 years - Mobile ID public 3 years, will be 5 years next year - ID-card issued before 2007 3 years - ID-card issued after 2007 5 years

Mobiil-ID

Mobile eID

4

Digi-ID 4

www.id.ee

ES

DNIe - Documento Nacional de Identidad Electrnico

National ID card

4

www.dnielectronico.es

The electronic certificates stored in the national identity card, DNI-e (the official eID token), are valid for 30 months

80 different types of Soft Certificates from various CAs. http://forja-ctt.administracionelectronica.gob.es/webdav/site/ctt-map/users/soporte_afirma/public/@FirmaV5p0_ANEXO_PSC.pdf

3 or 4

depending on the

supportin

g

Country

eID Token(s) QAA1



device for the QC

(soft file or

HW toke

n)

FNMT-CERES - Fbrica Nacional de Moneda y Timbre (CA of the Royal Mint)

http://www.cert.fnmt.es/

CATCert- Agncia Catalana de Certificaci (CA of the Government of Catalonia)

http://www.catcert.net/web/cat/inici/home.jsp

ACCV- Autoritat de Certificaci de la Comunitat Valenciana (CA of the Government of Valencia):

http://www.accv.es/default_default.htm

IZENPE (CA of the Government of the Basque Country)

http://www.izenpe.com/s15-5218/es/

AC Camerfirma (CA of the Chamber of Commerce):

http://www.camerfirma.com/

Country

eID Token(s) QAA1



ANF AC - Asociacin Nacional de Fabricantes - Autoridad de Certificacin: (CA of the national association of IT manufacturers)

http://www.anf.es/

ANCERT - Agencia Notarial de Certificacin (CA of the Public Notaries)

http://www.ancert.com/

Firma Profesional (CA for Professional Bodies)

http://www.firmaprofesional.com

ACA- Autoridad de Certificacin de la Abogaca (CA of the Lawyers)

http://www.cgae.es/especial/acaredabogacia/acaredabogacia.htm

SCR- Servicio de Certificacin de los Registradores (CA of the Land Registres):

http://www.scregistradores.com/index.html

Banco de Espaa http://pki.bde.es/dpc.htm

Banco Santander http://www.gruposantander.com/certificados/QualifiedWG10/dpc_v1.0.pdf

Country

eID Token(s) QAA1



CGCOM (Colegio de Medicos)

https://certificacion.cgcom.es/

EDICOM http://acedicom.edicomgroup.com/es/contenidos/practicasyPoliticas/punto1.htm

GISS http://www.seg-social.es/prdi00/groups/public/documents/binario/128

193.pdf

HEALTHSIGN

http://www.healthsign.org/

Ministerio de Defensa

http://www.defensa.gob.es/Galerias/info/servicios/pki_mdef/ficheros/Declaracion_Practicas_Certific

acion_MINISDEF.pdf

Ministerio de Empleo y Servicios Sociales

http://ca.mtin.es/mtin/DPCyPoliticas

SESCAM http://sescam.jccm.es/pki/dpc/dpc.pdf

Country

eID Token(s) QAA1



SIGNE http://www.signe.es/signe-ac/dpc

FI 6

Finnish Electronic ID card (FINEID) for citizens ID card, travelling document and smart card with Qualified Certificates

4

http://www.fineid.fi/

Information not available

FR

Digital certificates from ChamberSign France (The French Chamber of Commerce Certification Authority)

3

http://www.chambersign.fr/en/

France does not issue eID cards yet. But by decree, the duration of the authentication and qualified electronic signature certificates stored in tokens is 3 years. Certificates can be renewed for another 3 year

6 Finland does not participate in STORK 2.0. Finnish PEPS closed down on 30th of June 2012. Information from Finland has not been updated since 2012.

Country

eID Token(s) QAA1



period within the same eID token.

GR

Official eID does not exist but there is a Digital Signature-Authentication Card offered for Services that is issued based on ID card information (Hellenic Public Administration Root CA).

4

www.yap.gov.gr

5 years

The same certificate can be used both for authentication and for signing

Soft Certificates for Digital Signature-Authentication that is issued based on ID card information (Hellenic Public Administration Root CA)

3

User Name, password for registered users in the National Government Portal based on the ID card information http://www.ermis.gov.gr/portal/page/portal/ermis/whyRegister

2,1 www.ermis.gov.gr

IS

Certificates on privately issued debit cards.

4

https://innskraning.island.is

4 years, not issued any more

Country

eID Token(s) QAA1



Certificates on privately issued on white labelled cards.

4


1 year

Certificates issued Mobile phone SIM cards.

4


5 years

Strengthened IceKey: Kennitala (Social security no.), strong password + OTP used for federated authentication of users to both governmental and private websites. An authentication service run by Registers Iceland based on information from the national citizen registry.

3


No limit

Country

eID Token(s) QAA1



IceKey: Kennitala (Social security no.), strong password used for federated authentication of users to both governmental and private websites. An authentication service run by Registers Iceland based on information from the national citizen registry

2


No limit

IT7

Carta didentit elettronica

National ID card

4

www.servizidemografici.interno.it

Duration of the certificates stored in official eID tokens (both Authentication and Qualified signature certificates) is 3 years. Certificates can be renewed 1 time (for another 3 years) within the same eID token, by means of on-line procedures.

Carta Nazionale dei Servizi

National service card

4

CNIPA Web

www.progettocns.it www.progettocns.it

The card may be issued by different providers, such as Infocert (http://www.infocert.it), Aruba PEC (http://www.pec.it), a.s.o., and thus it may present

different formats, like or

7 Italy is putting in place in 2015 a new e-identity architecture - named SPID, Public Service for Digital Identity that will change the current scenario.

Country

eID Token(s) QAA1



, a.s.o.

LT

Personal Identity Card (citizen eID)

National ID card (the new Lithuania ID Card was introduced in 2009)

Travel document according to ICAO requirements (contactless chip with biometric data)

Contact chip - two certificates:

identification/authentication and qualified e.signature

4

www.nsc.vrm.lt

www.eid.lt

www.dokumentai.lt

3 years (Card valid 10 years)

Civil servants eID card

Two certificates:

identification/authentication and qualified e.signature

3

3 years

LU

Smart Card 4

www.luxtrust.lu

Authentication and signature certificates are valid for 3 years

Country

eID Token(s) QAA1



Signing stick

4

www.luxtrust.lu


Signing Server Certificate 3

www.luxtrust.lu


eID 4

www.eid.lu


NL

2/3

Username/password

U/PW and sms token

(not connected to STORK infrastructure yet)

https://www.digid.nl/index.php?id=1&L=1

The duration of certificates stored on eHerkenning (eRecognition) tokens (PKI-o) is 3 years.

1/2/3/4

Username/password

U/PW and sms token

PKI-certificate

http://www.eherkenning.nl/

Country

eID Token(s) QAA1



PT

Carto de Cidado

Portuguese Citizen Card

4

www.cartaodecidadao.pt

5 years

SK National eID card

4

http://www.minv.sk/?obcianske-preukazy

There are four different certificates on eID cards:

1. Authentication certificate valid for 10 years

2. QES certificate valid for 61 months (5 years and 1 month)

3. Signature certificate valid for 10 years

4. Encryption certificate - valid for 10 years

SE

ID-card

3

http://www.telia.se/privat/katalog/VisaProdukt.do?channelId=-

76442&tabId=0&OID=1537014385&type=PRODUCT

Soft (eID) certificates are valid 2 years and eID on smartcards are normally valid 5 years. The mobile eID is also valid 3 years.

Country

eID Token(s) QAA1



>

3

http://www.nordea.se/Privat/Internet%2boch%2btelef

on/e-legitimation/207904.html

3 Mobile eID http://www.nordea.se/Privat/Vardagstjnster/Mobila+tjnster/Mobilt+BankID+-+e-

legitimationen+fr+mobiler+och+surfplattor/1578282.html

3

http://www.handelsbanken.se/shb/INeT/IStartSv.nsf/FrameSet?OpenView&navid=z2_privattjanster&sa=/shb/INeT/ICentSv.nsf/Default/q12B237B49536B2BFC1256CBB00494CF4

3 Soft certificate

http://www.lansforsakringar.se/privat/bank/internet_o_telefon/kom_igang/bankid/sidor/default.aspx

3 Soft certificate

http://www.sparbankenoresund.se/privat/internet_och

Country

eID Token(s) QAA1



_telefon/internetbanken/bankid/Sidor/default.aspx

3 Soft certificate

Hard certificate

Mobile eID

http://www.swedbank.se/privat/internet-och-telefontjanster/bankid-(e-legitimation)/index.htm

3 Soft certificate

http://www.ikanobank.se/FAQ_Internetbanken

3 Soft certificate

http://www.skandiabanken.se/hem/Internetbanken1/BankID/

3 Soft certificate

http://www.danskebank.se/sv-se/privat/Hembanken/Sakerhet/Hur-vi-skyddar-dig/Pages/BankID.aspx

Country

eID Token(s) QAA1



3 Hard certificate

Mobile eID

http://www.seb.se/pow/default.asp

3 Mobile eID

http://www.alandsbanken.se/

3 Soft certificate

http://www.icabanken.se/att-anvanda-icabanken/e-legitimation/#/att-anvanda-icabanken/e-

legitimation/tekniska-krav/

3 Soft certificate

https://internetbanken.sparbankensyd.se/BankIDLogin/Sidor/login.aspx?ReturnUrl=%2fSidor%2fWelcome.aspx

SI

Qualified Certificate SIGOV-CA 3 or 4

http://www.sigov-ca.si/

5 years

Country

eID Token(s) QAA1



Qualified Certificate SIGEN-CA 3

http://www.sigen-ca.si/

Qualified Certificate POTArCA 3 or 4

http://postarca.posta.si/

Qualified Certificate HALCOM-CA 3 or 4

http://www.halcom-ca.si

Qualified Certificate AC NLB 3 http://www.nlb.si/acnlb

TR

Turkish Electronic ID Card 4

www.ekds.gov.tr

10 years

UK

Yorkshire Authentication Project 3

Soft Certificate

X509 Certificate

Website currently not available. Not official eID. Certs that will be issued for STORK 2.0 pilots will be used only during the STORK 2.0 pilot phase (possible validity of certificates 3 years not yet been confirmed)

GOV.UK Verify https://www.gov.uk/government/publications/introduci Currently in public beta with

Country

eID Token(s) QAA1



ng-govuk-verify/introducing-govuk-verify access to 3 UK Government services. Intention to provide interoperability with eIDAS Regulation in 2016.

Project co-funded by the European Commission under the CIP ICT Policy Support Programme

Copyright by the STORK 2.0-eID Consortium

OLE_LINK3

Stork 2.0 Member States Eids January 2015

Documents

Transcript of Stork 2.0 Member States Eids January 2015