8 e id en security

1

17 September 200517 September 2005Slide Slide 11Belgian eID Card, Technical OverviewBelgian eID Card, Technical Overview

© K.U.Leuven/ESAT/COSIC, http://www.esat.kuleuven.be/cosic© K.U.Leuven/ESAT/COSIC, http://www.esat.kuleuven.be/cosic

The Belgian eID Cardin a Nutshell

Danny De Cock Danny De Cock [email protected]@esat.kuleuven.be

Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT)Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT)Computer Security and Industrial Cryptography (COSIC)Computer Security and Industrial Cryptography (COSIC)

Kasteelpark Arenberg 10Kasteelpark Arenberg 10BB--3001 Heverlee3001 Heverlee

BelgiumBelgium

Presented by: Prof. Bart Preneel



Why Introducing an eID card?Why Introducing an eID card?Every Belgian citizen gets a tool toEvery Belgian citizen gets a tool to

Authenticate him/herself via email, SSL/TLS,…Authenticate him/herself via email, SSL/TLS,…Create digital signatures equivalent with handwritten signaturesCreate digital signatures equivalent with handwritten signatures, e.g., to sign , e.g., to sign contracts electronicallycontracts electronically

BenefitsBenefitsNationNation--wide PKI reduces need to deploy closed user group PKIswide PKI reduces need to deploy closed user group PKIsAvoids updating legislation referring to handwritten signaturesAvoids updating legislation referring to handwritten signaturesImproved security and confidence in remote transactionsImproved security and confidence in remote transactionsSimplification of administrative tasks throughSimplification of administrative tasks through

Faster data captureFaster data captureHomeHome--government: consult your own files with the government, fill outgovernment: consult your own files with the government, fill out tax declarations,…tax declarations,…

Digital signatures protect electronic contentDigital signatures protect electronic contentCertificates link digital signatures to citizensCertificates link digital signatures to citizensThe new EID card is smaller than the previous ID cardThe new EID card is smaller than the previous ID cardAddress changes do not necessitate a issuing a new eID cardAddress changes do not necessitate a issuing a new eID card

RisksRisksPrivacyPrivacyMarket distortionMarket distortionInteroperability at European levelInteroperability at European level

2



What is a Belgian eID card?What is a Belgian eID card?The digital version of the previous ID cardThe digital version of the previous ID cardBank cardBank card--sized plastic card depicts the citizen’ssized plastic card depicts the citizen’s

Photo, Full name, Gender, Handwritten signature, Nationality, Photo, Full name, Gender, Handwritten signature, Nationality, Place and Date of birth, Card and National Number,…Place and Date of birth, Card and National Number,…

The chip on the eID card contains the citizen’sThe chip on the eID card contains the citizen’sIdentity data and addressIdentity data and addressIdentity and signing certificates (and key pairs),…Identity and signing certificates (and key pairs),…

The chip can be used toThe chip can be used toAuthenticate information (e.g., for invoices)Authenticate information (e.g., for invoices)Generate digital signatures equivalent to handwritten signaturesGenerate digital signatures equivalent to handwritten signatures(e.g., for contracts)(e.g., for contracts)

The card is valid for 5 yearsThe card is valid for 5 yearseID card certificates valid for up to 5 yearseID card certificates valid for up to 5 years



Quick Summary Belgian eIDQuick Summary Belgian eIDInitiated in 1999, massive rollout started end of October 2004, Initiated in 1999, massive rollout started end of October 2004,

currently about 1.4 million cards produced and 1 million currently about 1.4 million cards produced and 1 million eID cards activatedeID cards activated588 of the 589 municipalities already activate eID cards588 of the 589 municipalities already activate eID cardseID card can be used to eID card can be used to

Authenticate the cardholderAuthenticate the cardholderCreate digital (nonCreate digital (non--repudiation) signaturesrepudiation) signaturesCapture citizen data electronicallyCapture citizen data electronicallyVisually identify the citizenVisually identify the citizen

Chip contains administrative data (photo, address, Chip contains administrative data (photo, address, cardholder identity, national number,…)cardholder identity, national number,…)Card is valid for 5 years after productionCard is valid for 5 years after productionAll Belgian citizens (+12 years) will have obtained an eID All Belgian citizens (+12 years) will have obtained an eID card by end of 2009card by end of 2009

3



Who gets an eID card?Who gets an eID card?A new eID card is issued toA new eID card is issued to

New inhabitantsNew inhabitantsEvery youngster at the age of 12Every youngster at the age of 12People changing from one address to another in the local People changing from one address to another in the local municipalitymunicipalityReplace a lost, stolen, damaged or expired (Replace a lost, stolen, damaged or expired (e)IDe)ID cardcardAdjust the citizen’s pictureAdjust the citizen’s pictureEvery citizen who asks to replace his/her old ID cardEvery citizen who asks to replace his/her old ID cardEvery citizen who changes his/her name, gender,…Every citizen who changes his/her name, gender,…

Everyone older than 14 must carry his/her (Everyone older than 14 must carry his/her (e)IDe)ID cardcardSpecific groups who requested a priority:Specific groups who requested a priority:

Medical doctors, lawyers, eID software companies,…Medical doctors, lawyers, eID software companies,…



Belgium issuing eID cardsBelgium issuing eID cardsMore than More than 6000 cards 6000 cards produced and produced and activated per activated per working day working day during nationduring nation--wide wide deploymentdeployment

4500 cards 4500 cards produced and produced and issued per issued per month during month during pilot phasepilot phase

588 out of 589 588 out of 589 municipalities municipalities issue eID cardsissue eID cards

4



Typical evolution of an eID CRLTypical evolution of an eID CRLCRLs follow CRLs follow the lifecycle the lifecycle of the eID of the eID cards they cards they covercover

The CA stops The CA stops issuing issuing certificates certificates referring to a referring to a particular particular CRL if it CRL if it becomes too becomes too largelarge

The graph The graph reflects the reflects the evolution of evolution of the eID cards the eID cards following a following a CRL for CRL for which no new which no new certificates certificates are issuesare issues

Frequently updated graphs available at http://www.godot.be



Today’s eID Card ApplicationsToday’s eID Card ApplicationseGovernmenteGovernment

Official document requestsOfficial document requestsMarital status, Birth Marital status, Birth certificate,…certificate,…

Access to RRN databaseAccess to RRN databaseOnline votingOnline voting

eTaxeTaxTax form declarationTax form declaration

eJusticeeJusticeElectronic submission of Electronic submission of conclusions in court casesconclusions in court cases

eAccesseAccessClient authentication for Client authentication for web serversweb serversAccess control, e.g., Access control, e.g., container park, library, container park, library, swimming pool,…swimming pool,…

eCommerceeCommerceOnline opening of new accountOnline opening of new accountDigital Rights ManagementDigital Rights ManagementQualified signatureQualified signature

Contract signingContract signing

eBankingeBankingOnline mortgage requestOnline mortgage request

eMaileMailRegistered mailRegistered mailAuthenticated emailAuthenticated email

eAdministrationeAdministrationData captureData captureCar registrationCar registration

5



Questions?Questions?Belgian eID card information on the Internet

http://eid.belgium.behttp://www.rijksregister.fgov.behttp://www.fedict.behttp://www.belgium.behttp://www.cardreaders.be

Test cards can be ordered athttp://www.eid-shop.be

Source code examples are available athttp://www.belgium.be/zip/middleware_source_code_nl.htmlhttp://www.belgium.be/zip/middleware_source_code_fr.html

Myself [email protected]://godot.be

Yourself https://www.mijndossier.rrn.fgov.behttps://www.mondossier.rrn.fgov.behttps://www.meindossier.rrn.fgov.be

keywords: “godot eID”

Documents

8 e id en security