Overview of cryptovision's eid Product Offering. Presentation & Demo

Similar documents
cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH

Introduction to Electronic Identity Documents

cryptovision Enterprise product line Use Smart Cards, the smart way

The Top Four Trends in eid Technology Marco Smeja, cryptovision Mindshare 2017

cryptovision s Enterprise Solutions Brian Kowal, Guido Ringel cryptovision Mindshare 2017

Architecture 1 3. SecureToken. 32-bit microprocessor smart chip. Support onboard RSA key pair generation. Built-in advanced cryptographic functions

Market Trends and Veridos solutions for epassports & ID Documents

CREDENTSYS CARD FAMILY

Mindshare 2018 The Nine Steps to Your Company ID:

Verifying emrtd Security Controls

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

Conformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek

Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010

1. Product Overview 2. Product Features 3. Product Value 4. Comparison Chart 5. Product Applications 6. Q & A

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Identity and Authentication PKI Portfolio

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

1. Product Overview 2. Product Features 3. Comparison Chart 5. Q & A

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Strategies for the Implementation of PIV I Secure Identity Credentials

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

This paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems.

The Future of Smart Cards: Bigger, Faster and More Secure

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

Single Secure Credential to Access Facilities and IT Resources

Certification Authority

Interface. Circuit. CryptoMate

NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit

IDGo Middleware and SDK for Mobile Devices

Interagency Advisory Board Meeting Agenda, February 2, 2009

open.org Case study of XML based PKI management protocols. Tomas Gustavsson PrimeKey Solutions AB

September OID: Public Document

The epassport: What s Next?

Future Expansion for emrtd PKI Mark Joynes, Entrust

Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token

The Match On Card Technology

Secure Lightweight Activation and Lifecycle Management

@firma, Validation Platform for PKIs

Security Mechanism of Electronic Passports. Petr ŠTURC Coesys Research and Development

The EAC for MRTD. 26 January 2010

Face recognition for enhanced security.

Pro s and con s Why pins # s, passwords, smart cards and tokens fail

Dohatec CA. Export/Import Procedure etoken Pro 72K FOR USERS OF ETOKENS [VERSION 1.0]

DoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

Biometric Use Case Models for Personal Identity Verification

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

Test plan for eid and esign compliant smart card readers with integrated EACv2

Jrsys Mobile Banking Solutions

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Designing and Managing a Windows Public Key Infrastructure

SSH Communications Tectia SSH

Whitepaper: GlobalTester Prove IS

The Open Application Platform for Secure Elements.

Legal Regulations and Vulnerability Analysis

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Who s Protecting Your Keys? August 2018

Leveraging the full potential of NFC to reinvent physical access control. Friday seminar,

IBM Tivoli Directory Server

Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011

MACHINE READABLE TRAVEL DOCUMENTS

SAP Security in a Hybrid World. Kiran Kola

PRICE LIST TRUST SERVICE PRODUCTS. Price List Version 5.9 Berlin, April Copyright 2018, Bundesdruckerei GmbH. Seite 1/9

LDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

EU Passport Specification

Securing your Standards Based Services. Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri)

FiXs - Federated and Secure Identity Management in Operation

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

CERTIFICATE POLICY CIGNA PKI Certificates

Security Target Lite SK e-pass V1.0

Java Card Technology-based Corporate Card Solutions

The Open Protocol for Access Control Identification and Ticketing with PrivacY

advant power Fully scalable fully flexible advanced contactless smart card system Key applications & standards

Technical report. Signature creation and administration for eidas token Part 1: Functional Specification

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Strong Security Elements for IoT Manufacturing

Owner of the content within this article is Written by Marc Grote

Certificate Enrollment for the Atlas Platform

ID-One PIV (Type A) FIPS Security Policy. (PIV Applet Suite on ID-One Cosmo V7-n) Public Version

The Belgian eid card

August 2007 Intel Pro SSL Addendum to the Comodo Certification Practice Statement v.3.0

Helping Meet the OMB Directive

Interagency Advisory Board Meeting Agenda, Wednesday, April 24, 2013

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

AWARD TOP PERFORMER. Minex III FpVTE PFT II FRVT PRODUCT SHEET. Match on Card. Secure fingerprint verification directly on the card

TWIC / CAC Wiegand 58 bit format

INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD

SC-3 USB Token. QUICK Reference. Copyright 2007 CRYPTOCard Corporation All Rights Reserved

iclass SE Platform Solutions The New Standard in Access Control

Indeed Card Management Smart card lifecycle management system

Sphinx Feature List. Summary. Windows Logon Features. Card-secured logon to Windows. End-user managed Windows logon data

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

Short Public Report. 2. Manufacturer or vendor of the IT product / Provider of the IT-based service:

IBM KeyWorks Accelerate Development of your Secure e-business Solutions Sekar Chandersekaran IBM

cv act epasslet/eacv2-sac v1.8 Security Target

Keith Ward Northrop Grumman IT Smart Card Security Solutions June 04, 2002

German eid based on Extended Access Control v2

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

Transcription:

Presentation & Demo Benjamin Drisch, Adam Ross cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1

General Requirements Government of Utopia Utopia Electronic Identity Card Project Requirements: capable of multiple applications functional comprehensive customizable post-issuance updates shall be possible 2

Customer wish list Signature application (for egov and enterprise use) Travel document (Schengen-type) Government of Utopia Post-issuance update capabilities Fingerprint for holder identification (identification services also for private enterprises) eid with local content and access for various authorities and private enterprises 3

Demo Kit Contactless card reader 3 personalized sample cards USB flash drive with pre-configured VMWare image Fingerprint reader cryptovision eid Demo Kit 4

epasslet Suite 5

Card Solution Offering epasslet Suite - Ready-to-use Java Card applets for various eid applications - - Many appletes can be used on one card - - Easily customizable and extendable - 6

Use multiple applications from the same chip R O M EEPROM Combine PKI and many other common eid applications onto a single card Personal data Fingerprints Keys Certificates Custom data eid epki MoC Insurance Driving License ICAO Transport cryptovision epasslet Suite Core Library NXP JCOP Java Card Operating System Support for all the latest security standards and mechanisms, including BAC, EAC, SAC/PACE and enables the right security features for the desired application. 7

Mix and Match functionality as needed EEPROM R O M Includes 3 rd party biometric MoC and support for custom applications Personal data Fingerprints Keys Certificates Custom data eid epki MoC Insurance Driving License ICAO Transport cryptovision epasslet Suite Core Library NXP JCOP Java Card Operating System The same card application suite can be reused to cover a number of different document types including eid, epassport, or extended to support customer defined cards 8

Customer wish list revisited Signature application (for egov and enterprise use) Travel document (Schengen-type) Government of Utopia Post-issuance update capabilities Fingerprint for holder identification (identification services also for private enterprises) eid with local content and access for various authorities and private enterprises 9

Card profile definition Card Profile Specification Applications Data, Credentials Access rights 10

11

Introducing epasslet Sampler epasslet Sampler Tool for generating reference cards Meant to be used for card profile validation test card generation 12

epasslet Sampler 13

Use Cases signature application (for egov and enterprise use) Government of Utopia travel document (Schengen-type) post-issuance capabilities All these use cases can be configured on card with epasslet Sampler fingerprint for card holder identification (identification service also for private enterprises) eid with local content and access for various authorities and private enterprises 14

15

Smart Card Middleware Environment application smart card middleware reader smart card 16

Smart Card Middleware Approaches Client-based Smart Card Middleware Distributed Smart Card Middleware Middleware runs on the client Part on the middleware runs on a trusted served 17

18

SCalibur Environment Distributed Middleware Trusted Server Reader Card Online Service 19

SCalibur Architecture Topping: high level interface for rapid development SCalibur is some layered Cake Take the needed piece of cake and your card Trusted Device Trusted Server Filling: low level interface with more control Foundation: Core functions SDK Development Applications Online Service 20

Use Cases signature application (for egov and enterprise use) Government of Utopia travel document (Schengen-type) post-issuance capabilities All these use cases are supported by SCalibur fingerprint for card holder identification (identification service also for private enterprises) eid with local content and access for various authorities and private enterprises 21

22

sc/interface Environment Host crypto interface card interface reader smart card application middleware 23

sc/interface Architecture Applications Signature Browser E-Mail SSO-Client Admin Tool User Tool Register Tool TokenD PKCS#11 CSP Mini Driver Secure Token Interface Operating Systems Security Token sc/interface 24

Use Cases signature application (for egov and enterprise use) Government of Utopia travel document (Schengen-type) post-issuance capabilities All these use cases are supported by sc/interface fingerprint for card holder identification (identification service also for private enterprises) eid with local content and access for various authorities and private enterprises 25

26

eid projects require certificates Cards and infrastructure systems need digital certificates Certificates needed for authentication, signatures, encryption Certificates can be provided by CAmelot Certificates needed for authentication against card, card content signing, encryption 27

X.509 and Card Verifiable Certificates syntax: flexible X.509 Certificate Version Serial Number Signature Issuer Validity Subject Subject Public Key Info Authority Key Identifier Subject Key Identifier Key Usage Private Key Usage Period Policy Mappings Subject Alternative Name Issuer Alternative Name typical size: 2,000 byte person or component PC, server certificate holder inspection system or terminal certificate verifier smart card chip syntax: simple Card Verifiable Certificate Profile Identifier Certification Authority Certificate Holder Certificate Holder Authorization Validity Period Key typical size: 200 byte 28

Using cv certificates for access control» EAC allows to granularly define and restrict access for Inspection Systems (IS)» The access rights are defined in the CVCA, DV and IS certificates Card Verifiable Certificate Profile Identifier Certification Authority Certificate Holder Holder Authorization Validity Period Key Effective Authorization: AND over whole certificate chain CVCA 0 0 0 0 1 1 1 1 DV 0 0 1 1 0 0 1 1 CAmelot EACv1 DG3 DG4 0/1 0/1 Certificate Holder Authorization Template (CHAT) IS 0 1 0 1 0 1 0 1 29

CAmelot - Product Mission CAmelot provides fully modular certificate lifecycle management Registration Key Generation Request Certificate Generation EoL Provisioning Document Signing Publication 30

Use Cases signature application (for egov and enterprise use) Government of Utopia travel document (Schengen-type) post-issuance capabilities These use cases require digital certificates fingerprint for card holder identification (identification service also for private enterprises) eid with local content and access for various authorities and private enterprises 31

32

Solution Partners 33

34

Outlook Future Project Steps Post-issuance updates (process involves all parts of the system) Convergence (banking/payment, things we learned from Enterprise projects) Derived IDs based on a trusted initial document-based identity? 35

Summary Customizable With epasslet Suite, agencies will be enabled to customize existing applications and add local content Multi-application epasslet Suite cards can host various applications in parallel, including payment Standard-compliant All our solutions comply with international standards and provide proven security and interoperability Cross-platform sc/interface supports over 50 PKI cards and all major clients, Versatile SCalibur provides all common eid mechanisms and can easily integrated Java / Java Card Open platform provides transparency and prevents vendor lock-in situations 36

End Contact cv cryptovision cv cryptovision GmbH Munscheidstr. 14 45886 Gelsenkirchen Germany Tel: +49 (0) 2 09 / 1 67-24 50 Fax: +49 (0) 2 09 / 1 67-24 61 E-Mail: info(at)cryptovision.com Thank You! 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback