Embed Size (px)
Citation preview
Synthesis of the Eurosmart’Technical Day on eID interoperability
Bruno Rouchouze, ID SG Convenor
Porvoo 12, Grosseto - Italy
Eurosmart in brief
• Eurosmart is an international non-profit association founded in 1995 and located in Brussels.
• Eurosmart represents 25 companies of the smart security industry for multi-sectors applications and includes : manufacturers of smart cards, semiconductors, terminals, equipment for smart cards system integrators, application developers and issuers.
• Eurosmart member companies represent 75% of the worldwide shipment of cards
From Smart Cards to Smart Secure Devices
Eurosmart is acknowledged as the “Voice of the Smart Security Industry”
• Security is the core of the smart security industry activities
• The role of Eurosmart is to make sure that security is well positioned and valued
The Smart & Secure World in 2020 a Vision Paper by Eurosmart
• Reflection of a representative panel of experts
• Present the future applications and market trends in 13 years
• Explain the characteristics of the smart security technology family to the general public
Smart Secure Devices will help our lives become easier, safer and more enjoyable,
while protecting our privacy
Before 2020…i2010!• The i2010 Initiative: A European society for Growth
and Employment - Adopted by the EC (June 05)
• The eGovernment Ministerial Declaration – Manchester (Nov. 05)
• The i2010 eGovernment Action Plan– Aligning its objectives with the Manchester Declaration– Adopted by the Council (June 06)
• Ministerial Declaration approved unanimously in Lisbon (Sept. 07)– 4 priorities:
• Cross-border interoperability• Reduction of administrative burdens• Inclusive eGovernment• Transparency & democratic engagement
Current Landscape Europe
Not launched
New gen Deployed/launched
Chipless/ cardID1 high end
Countries with no ID cards
Status Countries Start issuing
Voluntary
Running projects
Finland
Belgium
Austria
Estonia
Sweden
Italy
Portugal
Spain
2003
2004
2004
2004
2005
2005
2006
2006
Outlook UK
Poland
Germany
France
…
2008/9
2008/9
2008/9
2008/9
eID Large Scale Pilot – 2007/2010
• A European Commission initiative for European Members States
• Objective: Have a full interoperability between 6 MS for eID for eGovernment pan-european services
• Should be based on Standards & Open technologies
Eurosmart wants to share its expertise and its know-how
Targets of EU eID
EU eID
Increase the quality and accessibility of public services
Improve security for government services security, ID documents, and enrolment process
European Citizen Card (ECC) is the key to the virtual town hall*.
Harmonized data- and security architecture in the EU-area.
Pick out services with clear added-values to Citizens & Governments
Cost reduction in administration
* The Data is running around, not the citizen
On-Line Services
Government
Citizen Enterprise
G2C
G2B
B2C
Regulated Services• Tax computation• Registration• eVoting
Regulated Information• Tax on input• Certificates of exports• Public tender
On-Line Trading• Internet Market• Internet Auction
G2G
Business to Customer
Gov
ernm
ent t
o Ci
tizen
Government to Business
EURODACGovernment to Government: SIS, VIS
PrivatePrivate Local GovernmentLocal Government
NationalNational EU-WideEU-Wide
Local income tax Education Social Services Access to amenities
Access to voting systems Tax services for self employed Authentication for health services Authentication for social services
Cross border services Support of travel and health documents Authentication of entitlement to services
The four pillar approach
Physical and logical ID for 3rd party uses Authentication on-line Financial transactions Legal transactions Company ID
ECC Interopeability Framework
• First European Standardized solution for e-Government• Based on Open Interfaces enabling different
implementations• The mechanisms are under adoption by ISO• Compatible with different e-ID Management Systems• Preserves the investments by providing a migration path• Stress is put on Privacy and Accessibility features• Framework proposed for electronic Health Insurance
Card• Proof of the concept validated by Onom@Topic Project
eID Interoperability using the ECC
• The interoperability is achieved with 4 keys features– A common set of card commands and data
structures specified in the ECC part 2 and ISO 8716 compliant
– A core of IAS protocols and algorithms from prEN 14890 with specific provisions for privacy
– A middleware based on Open Interfaces which makes any ECC look the same for the external applications
– The definition of ECC profiles: eGovernment card, National ID Card, Traveling ICAO defined in part 4
It’s the most secure in the world
I bought a new lock…SAFE
Pan-European security only achievable if all eID implementations are equally strong
• Cyber criminals & terrorists will attack the weakest link in the European defense chain
• Member states should evaluate and compare security levels of all national implementations
• eID should be evaluated by independent expert labs with international recognition Common Criteria must be used
Conclusions for 2007 (1)• Combination of interoperability & security mixed
with Privacy is the European goal for cross border services on eID– Technical interoperability needs international accepted and
proofed standards
• Standards & Products exist for a full secured interoperability– CEN ECC & ISO/IEC 24727 need only additional 8 months
for its completeness– Countries with the vision of upcoming eGov services should
follow the three standards for IAS ( CEN TC 224 WG16), eID cards and for Middleware ( both CEN TC 224 WG 15)
The solution for European interoperability and an important step for a worldwide interoperability
by following international standards, governments can reduce time to market, financial efforts and technical risks at the national level
Conclusions for 2007 (2)
• National and European approaches can and must mixed – Countries with running projects and issued
government service cards can follow the Middleware- Standards CEN European Citizen Standard part 3 based on ISO/IEC 24727 as transition vehicle for interoperability in the EU
• The proposed Eurosmart’ approach is:– Compatible with already deployed solutions and with
coming ones
– In line with the objectives of Manchester (2005) and Lisbon (2007) declarations
An unique scheme for all European eID requirementsbased on CEN & ISO Standards
eDriving License
eHealth
eID
eGovernment
eVehicle Registration
Parker IV,Christopher J.
Armed Forces of theUnited States
Issue Date
2000SEP19Expiration Date
2003SEP18
Active Duty
Air Force
Geneva Conventions Identification Card
Rank
SSGTPay Grade
E5
ISO 24727
ECC - 3
ECC - 3
ECC - 3
NationalMiddleware
NationalMiddleware
ISO 24727
