490 likes | 629 Views
Smart Card Vision 2002. Henry J F Ryan eESC Secretary. Outline. The high level objectives eEurope Smart Card Charter Vision and Organization Standardization Requirements Global Interoperability Framework Demonstrators European Standards Actions/Plans More information.
E N D
Smart Card Vision 2002 Henry J F Ryan eESC Secretary
Outline • The high level objectives • eEurope Smart Card Charter • Vision and Organization • Standardization Requirements • Global Interoperability Framework • Demonstrators • European Standards Actions/Plans • More information
The high level objectives “An Information Society for all” 2002 • Bring every citizen, school, business and administration on-line - quickly • Create a digitally literate and entrepreneurial Europe • Ensure an inclusive information society
Action Lines 2002 • A cheaper, faster, secure Internet • 1) Cheaper and faster Internet access • 2) Faster Internet for researchers and students • 3) Secure networks and smart cards • Investing in people and skills • 4) European youth into the digital age • 5) Working in the knowledge-based economy • 6) Participation for all in the knowledge-based economy • Stimulate the use of the Internet • 7) Accelerating e-commerce • 8) Government online: electronic access to public services • 9) Health online • 10) European digital content for global networks • 11) Intelligent transport systems.
The intelligent key to quality of life in the information society eEurope Smart Cards: a standards based open initiative www.eeurope-smartcards.org
eESC Vision • Empower the individualto access resources in the physicalworld and over networks, anytime, anywhere with adequateprivacy and security • Raise the prospect of smart card technology to a mainstreamcomputing platform for trust services by: • Harmonizing smart card based infrastructures across sectors by building a consensus for minimum compatibility. • Stimulating inter-sector cooperation to encourage interoperability
Open Interact Close Basic Process
Authenticate Sign Complete professional process Open Identify Interact Order Close
eESC action lines • Setting up of a network of interested stakeholders: trailblazers, liaisons • Defining Common Specifications / Requirements (end of 2002 deliverable) • Dissemination program: website, open meetings, conferences, articles, newsletter • Demonstrators & large scale deployment
Smart Card Shipments Jan - Jul 2001 Smart Card Unit (M) Shipments – Eurosmart, Cartes 2001 Segment Memory uProcessor Banking 10 75 Health Care 5 6 Telecom 550200 Transport 10 5 Pay TV / IT 0.5 10 Others 20 11 590.5 307
The eESC Network • > 350 organisations involved • > 1000 people on mailing list • > 70 meetings a year • 250 active participants
eESC Organisation High Level Group Steering Committee (working group chair persons plus relevant group representatives) Secretariat Trailblazers
eESC Trailblazers 1 Public Identity 2 Identification & Authentication 3 Protection Profiles, security certification 4 Generalized card reader 5 e-payments (including purse, credit/debit, m-commerce) 6 Contactless Smart Cards 7 Multi-application systems 8 User requirements 9 Public Transport 10 e-Government 11 Health 12 Advanced Electronic Signature
S E C U R I T Y / P P USER / REQ S TB9 TB10 TB5 TB11 TB3 TB8 PUBLIC TRANSPORT GOVERN-MENT PAYMENTS HEALTH APPLICATIONS GIF GLOBAL INTEROPERABILITY FRAMEWORK GENERIC FUNCTIONS TB1 TB2 TB12 PUBLIC ID,AUTHENTICATION, ELEC. SIGNATURE MULTIAPPLICATION PLATFORM TB7 GENERIC CARD READERS TB4 CONTACTLESS CARDS TB6 eESC Working Group Structure
eESC Deliverables Logical Structure eEsc Common Specifications Global I-A-S Interop. Framework (GIF) Demon-strators(eEpoch, Netc@rds) Trail-blazers NICSS Requirements and Standards / Industry Specifications
Global Interoperability Framework • GIF is an aid to ensure interoperability • within and between smart card communities • focused on IAS for Internet applications • It provides models which can ensure • cost sharing between stakeholders • low entry level for new services • differentiation at all levels of the business value chain • use of off-line and on-line resources • secure transactions in internet applications • scope for more advanced services • international collaboration
R&CAuthority Issuer User Access provider Content provider Applic. provider Basic roles and processes • Card Community processes side • Issuing, identification management • Life cycle management (cards, infrastructure) • Business issues • E-Community processes side • Daily use / delivery / interaction • Content management • Creative challenges
Framework Structure IAS-Framework E-community Smart card community Interoperability
IOP - Prerequisite Protocols Additional Applications 4 3 IAS 2 PKI /security Human Interface Platform 1 Connectivity
Interoperability via … • Functional IOP arrangements • user - access provider interface • access provider - application provider interface • local smart card community interface to foreign smart card community • Technical IOP building blocks • IOP adapter • PKI adapter
4 4 3 3 3 PKI PKI 2 2 2 1 1 application application card card connectivity connectivity 0 0 4 4 PKI PKI 3 3 3 2 2 2 IOP adapter IOP adapter PKI adapter 1 1 application application infrastructure infrastructure connectivity connectivity 0 0 Host smart card community Host smart card community Technical IOP
PKI PKI PKI PKI Human Interface Human Interface Human Interface Human Interface Scenario ID Card layer Infra. layer Applic. layer Certificate Connectivity Connectivity Connectivity Connectivity IOP #0 On-us On-us On-us On-us Platform Platform Platform Platform IAS IAS IAS IAS IOP #1 Not-on-us On-us On-us Not-on-us Additional Applications Additional Applications Additional Applications Additional Applications IOP #2 Not-on-us On-us Not-on-us Not-on-us Card Layer Not-on-us Card Layer Not-on-us Card Layer Card Layer IOP #3 On-us On-us Not-on-us On-us Infrastructure Layer Infrastructure Layer Infrastructure Layer Infrastructure Layer Not-on-us Application Layer Not-on-us Application Layer Application Layer Application Layer IOP scenarios
Adapters • IOP Adapter (for IAS purpose) • Generalised card reader (i.e. multi applications and operating systems) • Business rules and conditions (i.e. how to handle an IAS request from a particular ‘not-on-us’ card) • PKI Adapter • Verification mechanism for • Building blocks certificates • User/card holder certificates • Trust relationship between ‘on-us’ and ‘not-on-us’ CA via e.g. • Hierarchical certifications of CA’s • Bridge validation authority between CA’s
Implementing GIF • Steps to get IAS Interoperability • research for hooks in the basic (internet) process • define local IAS - requirements • define functional boxes • define data • buy / modify building blocks • Implementation: research of the ‘drivers’ • test (set of) building blocks • introduce and implement pilot • evaluate • enlarge / enrol • Top down • policies • management • operations
Demonstrators • Netc@rds • eEpoch
The Netc@rds project • Trans European Health Services proof of entitlement • Cross border access to health services • eE111/128 as proof of entitlement to care • on and off- line usage of smartcards & IT networks • build upon existing national Health card schemes • Participating: Austria, Belgium, France, Germany, Greece • Large scale cross border demonstrators
The eEpoch project • Demonstrating the SCC targets and goals • Interoperability + multi aplication on a Pan- European level • Focus on domain of e-Government • Supporting Public ID, strong authentication • Supporting Digital signature (5.1 level) • On basis of Multi Application Platform • Using Generic (FINREAD compliant) Cardreader • Not only demonstrator, also nucleus for national developments
eEpoch Specific Focus Dissemination and Exploitation CA CA CA Application Services ID/Authentication E-Sign Services Multifunctional Platform & Technology Building Blocks eEpoch specific interoperability elements
What would it look like? • Basis: Common European Access card • Reliable personal data • Authentication mechanism (PIN, Biometrics) • Certificates for Authentication & non repudiation • Encryption facilities • Multi application secure applet downloading
Personal data • Country code • National ID # • Surname • Given name • Gender • Date of birth • Place of birth • Nationality • Identifyers/URL' Biometrics PKI
Benefits for Europe • European awareness at citizen level (like Euro currency) • Trust and confidence for government and end-user • Access to e-Government services • Fraud prevention and control (on-line and off-line) • Reliability checking of on-line information
Standards Action Areas • Standardization Goals - Building trust - Enhancing usablity - Improving access - Deploying interoperable applications & services • eESC 2002 deliverables- Surveys, Reports, White papers - Contribution to standards - Implementation guidelines - Dissemination activities - Pilot project(s) - other ... • Standardization Process in Parallel - sources from standards and industry consortia - inputs to CEN/ISSS, ETSI, EESSI and others
TB 1: Public Identity Objectives Plan for a common European Citizen Digital ID Document. • Deliverables (drafts available) • 1: Inventory of legislation and practice regarding identities • 2: Common specifications for public identity and identification • 3: Guidelines for citizen certificates • Standards Partnership/Input to: • Trailblazer 2 and hence CEN/ISSS WS/E-Sign • CEN/ISSS WS/EC (eWallet) • CEN/ISSS TC 224/WG11 • ISO/IEC JTC1 SC17 WG3
TB 2: ID and Authentication Objectives • Co-ordinate with other Trailblazers to identify the functional requirements related to each individual Trailblazer • respond to such functional requirements • identify technology requirements and a methodology for the scope areas of other Trailblazers • Deliverables • 1: inventory of existing smart card based PKI implementations with priority to Public Identity (available) • 2: definition of a common platform for functional interoperability • 3: provide technology guidance in response to TB1 requirements • 4: accommodate additional requirements from other trailblazers (in relation to Deliverable 2) on first come, first served basis. Standards Partnership/Input to: EESSI
TB 3: PPs, Security Certification • Objectives Promote and facilitate the adoption of the Common Criteria • (CC) - ISO/IEC 15408 standard through the Smart Card Industry for • the evaluation and the certification of products and systems, to provide • trust and confidence to the smart card users • Deliverables • 1: List of current issues in using Common Criteria • 2: Proposal of possible solutions • 3: Proof of concept • 4: Promotion and education around Common Criteria • Establish a communication and education plan • Implementation of promotion and education Standards Partnership/Input to: Common Criteria Board
TB 4: Generalised SC Reader • Objectives Propose an architecture and a set of technical specifications for a secure IC card reader to be used in e-commerce and related IC card based applications on open networks • Standards Partnership/Input to: • CEN/ISSS WS/Embedded FINREAD • EESSI Area K • ETSI SCP
TB 5: e-Payment and m-Payment • Objectives Enable broad adoption of smart cards as a means of secure payment, and ensure interoperability across channels, sectors and borders • Deliverables • 1: EMV migration synchronization and Open Networks • 2: eEuro implementation and Continental Roll out • 3: Report on e- and m-payments convergence • Standards Partnership/Input to: • CEN/ISSS WS/EC • ETSI m-Commerce • ETSI SCP
TB 6: Contactless Smart Cards • Objectives Promote the use of contactless smart card technology by creating an Industrial Offer matching the End User needs Deliverables • 1: Technical foundations: interoperability, security, certification • 2: Educational and promotional efforts • 3: Market development of contactless technology: roadmap for trials and deployment towards operators • 4: Definition of a common platform, roadmap for interoperability • 5: Pilots, Interoperability demonstrator, Final reports/guidelines, Catalogue • Standards Partnership/Input to: • CEN/ISSS TC224 • ETSI SCP
TB 7: Multi-Application Systems • Objectives Enlarge Citizen’s freedom of choice in the selection and management of the ICT services they wish to access using smart cards as the generic access token • Deliverables • 1: The provision of input to standardisation • new requirements for extension • the need for new topics to be addressed • 2: Implementors’ work book / toolbox • 3: Possible input for the enactment of supporting legislation • Standards Input to: • CEN/ISSS WS/Extended URI • ETSI SCP (card management scheme)
TB8: User Requirements • Objectives • Interact with and provide user requirements input to all other Trailblazers: • to ensure that the user interface and functionality of ICT systems employing smart card technology meet already identified requirements • to support Citizen aspirations, to provide systems that are attractive to Citizens • to guarantee inclusiveness for all categories of Citizen. Deliverables • 1:Work book best practice guide supporting Citizen access • 2: User requirements specification • 3: Overview of new technology – new interface issues • Standards Partnership/Input to: • CEN/ISSS TC224 WG6 • CEN/ISSS WS Extended URI • ETSI TC HF
TB 9: Public Transport • Objectives support Public Transport utilising smart card access tokens, including the need for interoperability between smart card based European transport ticketing systems • Deliverables • 1: Best Practice Guide • 2: A methodology for the specification of smart card based ticketing systems based on common sector requirements • 3: A work book/toolbox for use by implementors • 4: Modules of information (including methods, structures, roles, entities, finance models etc); of relevant legislation; and of system components (hardware/software) • Standards Partnership/Input to: • CEN/ISSS WS/FASTEST • CEN/ISSS TC224 WG11
TB 10: e-Government • Objectives • achieve definition, rationalisation and implementation of a European model for digitally performed procedures employing smart card for interfacing with Public Administration • promote more effective use of government's information resources • give access to public services and simplify on line administrative procedures that use secure smart card solutions based on standards such as electronic signature, PKI infrastructure and internet. • Deliverables • 1: Coordinate the necessary constituency • 2: collect national initiatives and feasibility studies on B to A C to A and trans-national exchange of data e-government applications • 3: organise relationships with other trailblazers re • 4: common policy and architecture for functional interoperability and standardisation process for B to A and e-procurement • 5: dissemination of findings and results Standards Partnership/Input to: IDA and CEN/ISSS
TB 11: Health • Objectives Contribute to a European wide interoperability of healthcare cards concerning • patient data as well as to health professional cards and to their usage in networks, • addressing administrative data as well as healthcare/health related data and • different functionalities, e.g. ID-card, signature card and health card • Deliverables • 1: Consensus building activities • 2: Recommendations and white papers • 3: Demonstrators and pilots • Standards Partnership/Input to: • CEN/ISSS TC 251
TB 12: Advanced ElecSignature • Objectives Provide European Citizens with Advanced Electronic Signature use, as per the European Directive, through a Smartcard based system for Internet. • Standards Partnership/Input to: • working with eEpoch, and IST Project SmartIS
eESC Steering Committee Jan van Arkel (Co-Chair) arkel@cardlife.nl Lutz Martiny (Co-Chair) lutz@martiny.org Henry J F Ryan (Secretary) henryryan@eircom.net Tapio Aaltonen, Chair TB 1 tapio.aaltonen @vrk.intermin.fi Andreas Mitrakas, Chair TB 2 andreas@globalsign.net Jean-Paul Thomasson, Chair TB 3 jean-paul.thomasson@st.com Hubert Jacquet, Chair TB 4 hubert-jacquet@cartes-ancaires.com Hervé Kergoat, Chair TB 5 hek@europay.com Andrew Roberts, Chair TB 6 andrew.roberts@st.com Lorenzo Gaston, Chair TB 7 gaston@montrouge.tt.slb.com Alan Leibert, Chair TB 8 alan@cardeurope.demon.co.uk Stefan Kissinger, Chair TB 9 stefan.kissinger@bvg.de Frédéric Tatout, Co-Chair TB10 frederic.tatout@industrie.gouv.fr David Ankri, Co-Chair TB 10 david.ankri@wanadoo.fr Jürgen Sembritzki, Chair TB 11 j.sembritzki@ztg-nrw.de David Stephenson, Chair TB 12 david.stephenson@cyber-comm.com Yves Chauvel, Telecommunications yves.chauvel@etsi.fr Joyce Blow-Darlington, Consumers joyce.blow@which.net + some observers
You are invited! • Open Steering Meeting, Madrid, 13-14 June • Theme “eESC Smart Card R&D Clustering and Standardization Links”
More Information • http://www.cenorm.be/isss • http://eeurope-smartcards.org or email • info@eeurope-smartcards.org