Eurosmart presentation on the eidas regulation
Download as PPTX, PDF5 likes2,745 views
The document discusses electronic identification and authentication standards in Europe. It provides definitions for various electronic identification and signature terms established by the EIDAS regulation. It then discusses qualifications for electronic signatures, including assurance levels for identification, authentication factors, and identity proofing required. Finally, it outlines the timeline for mutual recognition of electronic identification among EU member states required by 2019 and lists the contactless smart card technologies currently used by different European countries.
More Related Content
Similar to Eurosmart presentation on the eidas regulation (20)
Eurosmart presentation on the eidas regulation
- 2. 10/13/2016 2 Legal definition for ICT “jargon”: Electronic identification Election authentication Electronic Signature (simple, advanced, qualified) Web site authentication Electronic Time Stamping Electronic Document delivery Electronic Seal … Qualified Electronic Signature in the Cloud : AKA Server Signing Authentication level to the Cloud is becoming key Re-use of Stork results for: Authentication Assurance Level EU PKI model based on: PEPS VIDP Electronic identification + electronic authentication = EU Digital Identity Scope
- 3. 10/13/2016 3
- 4. 10/13/2016 4
- 5. 10/13/2016 5 MIIJxwYJKoZIhvcNAQcCoIIJuDCCCbQCAQExCzAJBgUrDgMCGgUAMDoGCSqGSIb3DQEHAaAtBCtUaGlzIHRleHQgd2FzIGxvYWRlZCBmcm9tIGEgcGxhaW4gdGV4dCBmaWxloIIHwDCC A9owggNDoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwgZQxFTATBgNVBAMTDEVkZW1vIFN1YiBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0BnZW1hdXRoLmNvbTELMAkGA1UEBhMC VVMxFTATBgNVBAgTDFBlbm5zeWx2YW5pYTEQMA4GA1UEBxMHSG9yc2hhbTEQMA4GA1UEChMHR2VtcGx1czESMBAGA1UECxQJTk9SQU0gUiZEMB4XDTA0MDMxODE3MjgzMVo XDTE0MDMxNjE3MjgzMVowgZMxFDASBgNVBAMTC0VkZW1vIEFsaWNlMR8wHQYJKoZIhvcNAQkBFhBpbmZvQGdlbWF1dGguY29tMQswCQYDVQQGEwJVUzEVMBMGA1UECBMM UGVubnN5bHZhbmlhMRAwDgYDVQQHEwdIb3JzaGFtMRAwDgYDVQQKEwdHZW1wbHVzMRIwEAYDVQQLFAlOT1JBTSBSJkQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALZg QPhOOF3cejp2VjWC0HrmG2xSP7s%2B2vQmfHT1D8gfpFr2f5eCJEn4GyOp4PJxLUlXRK5GheUXvFZcpX7NCR35Qhnfm978EhQ4EIBDjdhevLWsjv3oeei%2BbvzUymTHWDB0zeB5UJA0 M%2B%2BxO6%2BWluLZ16ctTkWJk9PaTvO0fpavAgMBAAGjggE5MIIBNTAhBglghkgBhvhCAQ0EFBYSQ2xpZW50IGNlcnRpZmljYXRlMAwGA1UdEwEB%2FwQCMAAwHQYDVR0OBBY EFBYpejZfj966yRyue%2BRxS4NcR9vYMIHCBgNVHSMEgbowgbeAFBnk2hBUF9dgh7OuLL11nf62RSEIoYGbpIGYMIGVMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZ hbmlhMRAwDgYDVQQHEwdIb3JzaGFtMRYwFAYDVQQDEw1FZGVtbyBSb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQGdlbWF1dGguY29tMRAwDgYDVQQKEwdHZW1wbHVzMRI wEAYDVQQLFAlOT1JBTSBSJkSCAQEwCwYDVR0PBAQDAgXgMBEGCWCGSAGG%2BEIBAQQEAwIFoDANBgkqhkiG9w0BAQQFAAOBgQByaKGrjynQMJc3lJ9ZMZyjDMy7lfcne2cVphj18 GGJpsC8dzPR4y6uNl1BQ7MrYPUV9HH0rR5Onw02wMo5bnmyiGyPPE7YvXa0US1feOI0Ls3aCyCs2wbJ2ko7Z72j2scO%2FwZH7g8LBb7%2BepFftguH92YLE1Q2MgjEZX%2Fmqv5NfDC CA94wggNHoAMCAQICAQEwDQYJKoZIhvcNAQEEBQAwgZUxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExEDAOBgNVBAcTB0hvcnNoYW0xFjAUBgNVBAMTDUV kZW1vIFJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9AZ2VtYXV0aC5jb20xEDAOBgNVBAoTB0dlbXBsdXMxEjAQBgNVBAsUCU5PUkFNIFImRDAeFw0wNDAzMTgxNzI2MzVaFw0x NDAzMTYxNzI2MzVaMIGUMRUwEwYDVQQDEwxFZGVtbyBTdWIgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9AZ2VtYXV0aC5jb20xCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3 lsdmFuaWExEDAOBgNVBAcTB0hvcnNoYW0xEDAOBgNVBAoTB0dlbXBsdXMxEjAQBgNVBAsUCU5PUkFNIFImRDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxL%2B6ZgyvWPID Sh07N8XKht0mqAyj%2BmGcTvCTtKv1JJCZIPtNjJ3T5lHSjldwLlfpuoYkQApG%2FGyo1Cox0oKlyKbD%2FsAQsFbHIIGM75xLyjeqXHO0UzkHb9RMFdNsiBuak4dV%2B3mINmzFMv7Ex4M zVcMw2G2%2F1Z%2BFEt6%2BqNqC88ECAwEAAaOCATswggE3MB0GCWCGSAGG%2BEIBDQQQFg5DQSBjZXJ0aWZpY2F0ZTASBgNVHRMBAf8ECDAGAQH%2FAgEAMB0GA1UdDgQ WBBQZ5NoQVBfXYIezriy9dZ3%2BtkUhCDCBwgYDVR0jBIG6MIG3gBRDPGZtLIsqyiRlY39t2wGlK3Z3KKGBm6SBmDCBlTELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBlbm5zeWx2YW5 pYTEQMA4GA1UEBxMHSG9yc2hhbTEWMBQGA1UEAxMNRWRlbW8gUm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0BnZW1hdXRoLmNvbTEQMA4GA1UEChMHR2VtcGx1czES MBAGA1UECxQJTk9SQU0gUiZEggEAMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwDQYJKoZIhvcNAQEEBQADgYEAuWSCUQ9%2ByUVtKCUXm4W64XePDcRIlS32nLrHv bREi7%2BMQt%2BKGtkH00eZa9wxTrp0QgVCo4H03YptQWQJgxBKb7dLB5EtFpBienrKnkfLlbdhjHZWXB03i%2FcgPjC7xgudgmooKcLWNJz7a5iOfHUf%2B3GxveRezBSa76iaRzUcM5wx ggGgMIIBnAIBATCBmjCBlDEVMBMGA1UEAxMMRWRlbW8gU3ViIENBMR8wHQYJKoZIhvcNAQkBFhBpbmZvQGdlbWF1dGguY29tMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMU GVubnN5bHZhbmlhMRAwDgYDVQQHEwdIb3JzaGFtMRAwDgYDVQQKEwdHZW1wbHVzMRIwEAYDVQQLFAlOT1JBTSBSJkQCAQIwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBg kqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEwMDkxMzE2NDY0MlowIwYJKoZIhvcNAQkEMRYEFFctKwKOBQXuRz1LPNvXWH2EHnm3MA0GCSqGSIb3DQEBAQUABIGArpBqvMgz cSYFGzEDXLU%2FMRehztIPBDuVpk8fk1KH%2Be6ZXmg1uUKiYAY5Tj3XlrMJbroH5tYb1dM7bH%2Brlp8F5lxpP1d%2FMQPc0tzFVC8XyvSahvuASjF0zXOmmuY1zYIF%2FA%2Fvsv%2FU xkjytOBZ6oow1UcNHwjhLY93cC7seT1RZ2A%3D Certificate Info Unique Serial Number, format, crypto info, validity date, usage (verif, encrypt)… Holder identification Name, mail address… Public key Issuer identification CA name, DP address… Extensions Additional standard or proprietary info Certificate Signature Using Issuer’s private key Public certificate Electronic Signature Privacy by Design within a PKI infrastructure? Public information as it is a public certificate
- 7. 10/13/2016 7
- 8. 10/13/2016 8 Upcoming US/EU free trade zone agreement - in 2013 = 649 B USD
- 9. 10/13/2016 9 national prerogative. mutual recognition unambiguity Trusted Identities in Cyberspace. and authenticate their digital identities
- 10. 10/13/2016 10
- 11. 10/13/2016 11 Application and registration. Identity proofing and verification. Binding between the electronic identification means of natural and legal persons. Enrolment eID means characteristics and design. Issuance, delivery and activation. Suspension, revocation and reactivation. Renewal and replacement. Electronic identification means management Authentication mechanism.Authentication General provisions. Published notices and user information. Information security management. Record keeping, facilities and staff, technical controls, compliance and audit. Management and organization eID LoA is based on the reliability and quality of each element* *Article 1 of Implementing Act
- 12. 10/13/2016 12 Assurance level Characterisitics and design Authentication Substantial At least two authentication factors from different categories. Can be assumed to be used only if under the control or possession of the person. Dynamic authentication. It is highly unlikely that guessing, eavesdropping, replay or manipulation of communication by an attacker with moderate attack potential can subvert the authentication mechanisms. High Level substantial, plus: Protects against duplication, tampering and attackers with high attack potential. It can be reliably protected by the person against use by others. Level substantial, plus: It is highly unlikely that guessing, eavesdropping, replay or manipulation of communication by an attacker with high attack potential can subvert the authentication mechanisms.
- 13. 10/13/2016 13
- 14. 10/13/2016 14 LEVEL 1 LEVEL 2 LEVEL 3 LEVEL 3 LEVEL 4 Token OTP Legacy Password 2FA Token + pw Token OTP + pw Token PIN PAD Token OTP (PIN + certified TEE or SE) PKI ID (PIN + SE, SIM/eSE) Weak Authentication Secure Authentication Strong Authentication Strong Authentication w/secure devices Strong Authentication w/secure devices with tamper resistance capability Risk extremely high Risk mitigated Low risk Low risk Minimal riskRisk level PKI eID (PIN) No Identity Proofing Presentation of Identity Information Verification of Identity Information Face to face registration LOW SUBSTANTIAL HIGH EnrolmentAuthenticationElectronicIDmeans Out of Regulation scope Levels of Assurance
- 15. 10/13/2016 15 eIDAS Regulation vs eIDAS token specifications Legal frame for Trusted services Electronic signature ElectronicSeal ElectronicStamp Electronic registereddelivery service Qualifiedcertificate forwebsite authentication eIDAS Regulation Perform a qualified signature Without GAP With GAP EAC V2.05 backward compatible Pseudo ID with ERA Common electronic identification : e-ID LDS Common electronic authentication: GAP Standard API to use Biometry as User Authentication method (Finger Print, Voice, Iris, Face) Legal frame for: electronic identification, authentication eIDAS token specifications TR Signature TR Physical User Authentication
- 16. 10/13/2016 16 Timeline •In line with the Implementing acts with eIDAS token specifications - July 2014-July 2016. •First pre-notification of eID: mid 2016. •Mutual recognition (voluntary) between 2 MS: mid 2017. •Obligation of Mutual recognition : 1st of January 2019. Greek P. Italian P. Latvia P. Lux. P. NL P. Slovakia P. Malta P. UK P. Estonia P. Bulgaria P. Austria P. Romania P. Directive 99/93/EC (and PPSCD)
- 17. 10/13/2016 17
- 18. 10/13/2016 18 Contact only Contactless only Hybrid Dual interface Estonia Germany eIDAS Cyprus eIDAS Netherlands (ICAO only) Slovakia (eIDAS) Poland Netherlands (privacy card) Italy Greece Eurosmart customers New projects Finland Belgium Portugal Czech Republic Luxembourg Bulgaria (EAC V2.05 / eIDAS) Malta Sweden Lithuania Latvia (IAS ECC à ICAO) Spain
- 20. 10/13/2016 20 What Eurosmart is About us Eurosmart is a non-profit association located in Brussels and representing the smart security industry. Founded in 1995, the association advocates the use of smart secure devices and smart security solutions to enhance the usability of digital services while protecting privacy and combatting fraud. The association is fully involved in political and technical initiatives as well as R&D at the European and international levels. About our members Members are manufacturers of smart cards, semiconductors, academics, laboratories and associations. They share common European root: – Annual turnover of over 15 billion euros of which over 40% is generated in Europe. – Close to 60.000 employees worldwide, of whom more than 50% work in the EU.
- 21. 10/13/2016 21 Eurosmart members What Eurosmart is Associate members
- 23. CONTACTS 23 STEFANE MOUILLE Vice-President [email protected] PIERRE-JEAN VERRANDO Director of operations [email protected] Eurosmart | Rue du Luxembourg 19-21 | 1000 Brussels | Belgium Tél. +32 2 506 88 38 FOLLOW-US