Docstoc

Conference on Interoperable European ID

Document Sample
Conference on Interoperable European ID Powered By Docstoc
					Conference on Interoperable European ID Haikko, Finland 3-5 April 2002

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

1. Trailblazer , Public Identity 2. Requirements for European Public EID-card's Issuers, Supporting PKI and Certificate contents

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

1. Trailblazer 1, Public Identity Goals

• Minimum requirements for electronic public identity tokens.On the basis
of these requirements, other member states can recognise the public identity token issued in member states. • Member states must be able to read and verify a public identity token. The goal is to produce a recommendation on how this should be done. • Recommandations for secure data interchange in connection with the public identity token.

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 1

The Smart Card as a Public Identity Token choice for the platform of the Public Identity Token • Anatural
• Other platforms can be envisaged for the future • Asymmetric cryptography and Public Key Infrastructure (PKI)

• The primary function of the certificate in a PKI is to identity a person
• The certificate is the actual digital counterpart of the visual identity document
2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 2

Electronic Identity Card (EID-card)
• A smart card based token, containing private keys and corresponding public key certificates. Optionally, the card may also contain a visual identity document.

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 3

• For electronic identification and authentication to public and private
on-line services • For qualified electronic signatures conforming to the EU directive • Optionally for confidentiality services, enabling encryption of data transmitted over a network • Optionally as an official travel document within the EU (requires that the smart card based Public Identity token also contains a visual identity document)

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 4

The requirements are divided into three areas
• Requirements for the issuing of EID-cards • Requirements for the PKI supporting the EID-cards • Requirements for certificate contents

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 4

Requirements for the issuing of EID-cards
Organization issuing EID-cards • The “card issuer” and the CA can be different organization
• The visual identity information and the certificate identity information must not be in conflict with each other

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 5 EID-cards and Qualified Certificates
• Must be issued as Qualified Certificates in the sense of the EU-Directive • Issuer MUST comply with the ETSI Qualified Certificate Policy • ETSI TS 101 456 contains all the requirements for an issuer of qualified certificates

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 6

Registration procedures
• The Issuer is responsible for identifying the card holder before
issuing the certificates • Service provider shall verify the identity by appropriate means in accordance with national law • The identity shall be checked against a physical person directly

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 7
Information content of a certificate
• The name of the Certification Authority issuing the certificate • The name of the certificate holder • The unique identifier of the certificate holder • The period of validity of the certificate • The serial number of the certificate information on the certificate policy used the purpose of the certificate • Other technical information necessary for the use of the certificate

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 8

Liability of the Card Issuer
• Issuer ensures that the certificates have been created by using the procedures presented in the certificate policy and certification practice statement • The Issuer is liable for damage caused to any entity or legal or natural person who reasonably relies on the certificate, or the optional visual identity document on the EID-card.

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 9 Responsibility for protecting the EID-card
• The card holder has to take care of his EID-card in accordance with the Terms of Use stipulated in the contract between the card holder and the Issuer

Other applications on an EID-card
• Downloading of an application should be protected by digital signature • The placing of additional applications on an EID-card and the termination of the use of the applications is something between the card holder and the service provider

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 10
The requirements on the supporting PKI
• The relying party must be able to judge the trustworthiness of the certificate issuer
• The relying party must be able to obtain all the information needed for the validation of the certificate

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 10

• Obtaining and reading the certificate
• Obtaining and protecting the CA certificate • Obtaining certificate status information

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre

Requirements for EID-card's Issuers, Supporting PKI and Certificate contents 10
The data content of certificates
• To ensure interoperability between different issuers of EID-cards and their relying parties. • It is not necessary that all certificates contain the same information content. • Minimum data content needs to be defined, which MUST be followed by all complying issuers, and which MUST be supported by all complying applications

2.4.2002 Voitto Kiviharju http://www.fineid.fi

The Leading Information Centre