cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH

Similar documents
Overview of cryptovision's eid Product Offering. Presentation & Demo

cryptovision s Enterprise Solutions Brian Kowal, Guido Ringel cryptovision Mindshare 2017

The Top Four Trends in eid Technology Marco Smeja, cryptovision Mindshare 2017

Introduction to Electronic Identity Documents

Mindshare 2018 The Nine Steps to Your Company ID:

cryptovision Enterprise product line Use Smart Cards, the smart way

Market Trends and Veridos solutions for epassports & ID Documents

CREDENTSYS CARD FAMILY

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010

Conformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

Legal Regulations and Vulnerability Analysis

eidas Standardisation What are the Issues and Concerns? Overview from CEN TC 224 WG 16 ESIGN Gisela Meister

IDGo Middleware and SDK for Mobile Devices

Strategies for the Implementation of PIV I Secure Identity Credentials

Jrsys Mobile Banking Solutions

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

White Paper Implementing mobile electronic identity

FAMILY BROCHURE. Gemalto SafeNet Authenticators. Diverse Form Factors for Convenient Strong Authentication

NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit

Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011

The Gemalto offer for PKI market in Russia

How I Learned to Stop Worrying and Love the Internet of Things

Interagency Advisory Board Meeting Agenda, February 2, 2009

eidas Regulation eid and assurance levels Outcome of eias study

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

ACR1281U npa Dual Interface Reader Technical Specifications

Authentication Work stream FIGI Security Infrastructure and Trust Working Group. Abbie Barbir, Chair

Secure Lightweight Activation and Lifecycle Management

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Certification Authority

Secure Application Trend in Smartphones. STMicroelectronics November 2017

The Future of Smart Cards: Bigger, Faster and More Secure

ACR1252U. NFC Forum Certified Reader. Technical Specifications V1.03. Subject to change without prior notice.

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

AWARD TOP PERFORMER. Minex III FpVTE PFT II FRVT PRODUCT SHEET. Match on Card. Secure fingerprint verification directly on the card

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

Whitepaper: GlobalTester Prove IS

Put Identity at the Heart of Security

CEN TC 224 WG15. European Citizen Card. Brussels May 10th CEN/TC 224 WG15 European Citizen Card

ACR1251U-A1 USB NFC Reader with SAM Slot

Smart Cards. José Costa. Software for Embedded Systems. Departamento de Engenharia Informática (DEI) Instituto Superior Técnico

CONFORMITY TESTING OF EAC INSPECTION SYSTEMS

Architecture 1 3. SecureToken. 32-bit microprocessor smart chip. Support onboard RSA key pair generation. Built-in advanced cryptographic functions

New Paradigms of Digital Identity:

The Open Application Platform for Secure Elements.

How Next Generation Trusted Identities Can Help Transform Your Business

Identity and Authentication PKI Portfolio

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

Sphinx Feature List. Summary. Windows Logon Features. Card-secured logon to Windows. End-user managed Windows logon data

Multifunctional Identifiers ESMART Access

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

Life innovation with UBIVELOX

Mobile Driver s License Region IV May 24, 2017 Seattle, WA

Verifying emrtd Security Controls

eauthentication and Cross Boarder etransaction

Electronic ID in Germany. Dr. Stephan Klein Managing Director Governikus GmbH & Co. KG Logius Event

Non Person Identities After all, who cares about me? Gilles Lisimaque & Dave Auman Identification technology Partners, Inc.

eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?

MIFARE Security Evaluation Scheme

ACR1255U-J1 Secure Bluetooth NFC Reader

NFC Identity and Access Control

ACR1255 NFC Bluetooth Smart Card Reader

Mobile Identity Management

Credentialing Project Technical Architecture

Identity Ecosystem Design challenges. Wim Coulier eidas Expert Belgian Mobile ID

The Open Protocol for Access Control Identification and Ticketing with PrivacY

Security in NFC Readers

DoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics

Single Secure Credential to Access Facilities and IT Resources

EUROPEAN CAMPUS CARD ASSOCIATION. Current State-of-the-Art in Campus Card Systems

Leveraging the full potential of NFC to reinvent physical access control. Friday seminar,

SmartCards as electronic signature devices Progress of standardization. Helmut Scherzer, CEN TC224/WG16 (Editor) IBM Germany

ACR1281U-C2. Card UID Reader. Reference Manual Subject to change without prior notice.

Authentication Technology for a Smart eid Infrastructure.

PCMS. PC-linked Reader with Mass Storage.

Technical report. Signature creation and administration for eidas token Part 1: Functional Specification

Mobile: Purely a Powerful Platform; Or Panacea?

Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

Practical Attack Scenarios on Secure Element-enabled Mobile Devices

1 Introduction. dloc is a revolutionary system for managing and

Open e-id implementation for temporary and future card deployments

Electronic signature framework

Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices

IMPLEMENTING AN HSPD-12 SOLUTION

Global Mobile Biometric Authentication Market: Size, Trends & Forecasts ( ) October 2017

Past & Future Issues in Smartcard Industry

vsec:cms S-Series Introduction Release Notes Release April 27 th, 2018

The Internet of Things

Java Card Technology-based Corporate Card Solutions

Trusted Computing Group

The Digital Identity Revolution

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Fundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors

An Overview of Secure and Authenticated Remote Access to Central Sites

German eid based on Extended Access Control v2

VALIDATING E-PASSPORTS AT THE BORDER: THE ROLE OF THE PKD R RAJESHKUMAR CHIEF EXECUTIVE AUCTORIZIUM PTE LTD

vsec:cms S-Series Introduction Release Notes Release October 16 th, 2018

Beyond Payment: Secure NFC applications and their relation to RFID

Transcription:

cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1

cryptovision cryptovision Gelsenkirchen Office Vienna Office Silicon Valley Office Mexico City Subsidiary New York City 2

Trend 1: Multi-application eid Projects 3

Trend 1: Multi-application eid projects Multi-application eid cards are already there Electronic ID Card Signature Card Health Insurance Card Company card Payment Card Access Card Loyalty card 4

Prepaid SIM Registration Many countries implemented prepaid SIM registration by law Key Objectives: Assist security agencies Reduce fraud Support resolving crime Collect data on phone usage Offer value add services 5

Prepaid SIM Registration Current processes are slow, unsecure and costly: Often involves paper-based forms to be filled by applicants Identification based on traditional IDs (photocopy created) Biometric fingerprint has to be taken and stored, again Multiple 100 million pages of paper to be archived Secure process relies on telecom employees 6

Prepaid SIM Registration Use eid card to Securely identify the person Store the prepaid SIM serial number on the eid card for offline verification of registered SIM cards 7

Prepaid SIM Registration Applications User data Personal data Fingerprints Keys Certificates Additional data eid epki MoC Payment Driving License ICAO Transport Health Voting Pension Insurance Tax SIM Custom 8

Trend 1: Multi-application eid projects epasslet Suite A Java Card Applet Suite for eid document applications Provides all relevant applications from one solution Supports multi-application configurations Shared file system, inter-applet communication Post-issuance activation and applet loading possible Without losing the CC certification 9

Trend 1: Multi-application eid projects epasslet Suite v3.0 DESFire support for Ticketing/Transport Convergence with M/Chip, VSDC, CPA available eidas token functionality Improved flexibility of key and certificate provisioning Available on NXP JCOP 3 and Veridos SCE 7 (IFX)* 2 nd source option for both chip and operating system Certification at EAL 5+ to be concluded end of Q3/2017 * Functional scope may vary 10

Trend 2: Smart Cards and Mobility 11

Trend 2: Smart Cards and Mobility Part 1: Using mobile devices for eid document access Both OTS mobile hardware as well as custom build devices are used for enrolment and read-out 12

Mobile Identity Verification Many countries are looking for mobile solutions to verify citizens identity Key Objectives: Allow identity verification for police forces and emergency personnel Support (temporary) offline scenarios Non-stationary use 13

Mobile Identity Verification Use eid card to Read out eid document data Identify card holder using face and/or fingerprint matching Support Match-on-Card (for offline usage and privacy) 14

Mobile Identity Verification Terminal application based on SCalibur SDK Fingerprint/PIN management Read/Write data Read out ICAO application 15

Trend 2: Smart Cards and Mobility SCalibur v2.0.0 - cryptovision s eid middleware SDK Provides all common eid document protocols/mechanisms Easily portable due to Java Also available for mobile devices running Android Client-only and client-server settings supported All eid protocols Standard compliant Various profiles Biometrics EACv2 / TR3110 16

Trend 2: Smart Cards and Mobility Some notes on OTS general purpose mobile devices Often problematic antenna design NFC not fully usable No extended length APDUs (getting better) Not fully compliant to ISO 14443 Sometimes restricted access (ios getting better?) Mobile OSs lack generic interface for card integration 17

Trend 2: Smart Cards and Mobility Mobile devices equipped with SCalibur Image source: Credence ID 18

Trend 2: Smart Cards and Mobility Part 2: Moving eid applications to mobile platforms smart card/ eid document mobile smart card alternative More and more organizations look for mobile smart card alternatives 19

Trend 2: Smart Cards and Mobility Storing signed data and verifying it is easy only needs public key no requirements for secure execution environment Prevent cloning or storing private keys is hard Requires at least some form of trusted execution environment Ideally supported by dedicated security hardware 20

Trend 2: Smart Cards and Mobility We don t see a unified mobile solution with security hardware anytime soon There is the need for a leveled security approach with different security levels for different use case scenarios contact card contactless mobile built-in chip implant smart token TPM SGX software smart card emulation Remote CSP SIM Credentials Of Various Forms Effectively Functioning Equivalently (COVFEFE) microsd mobile key store 21

Trend 2: Smart Cards and Mobility Credential Orchestration System From the cryptovision labs Smartcard Reader Device Reader Driver (PCSC) Smartcard Middleware Applications TPM Smartcard Simulation Service Virtual Reader Driver (PCSC) Smartcard Middleware Applications Intel SGX Remote Server (HSM) Token Enclave Service Remote Connection Service Virtual Reader Driver (PCSC) Virtual Reader Driver (PCSC) Smartcard Middleware Smartcard Middleware Applications Applications Security Level Mobile Phone (ios, Android) Mobile Connection Service Virtual Reader Driver (PCSC) Smartcard Middleware Applications PFX File PFX File Service Virtual Reader Driver (PCSC) Smartcard Middleware Applications 22

Trend 2: Smart Cards and Mobility From the cryptovision labs Usage of existing smart card based applications No modification of existing use cases Virtual token module used to configure different tokens Virtual Token Module TPM SGX Remote Mobile Phone Hardware Token Virtual Token Virtual Token Virtual Token Virtual Token Virtual Token sc/interface Minidriver PKCS#11 Smartcard Logon E-Mail SSL/TLS VPN CMS 23

Trend 3: eidas 24

Trend 3: eidas What is eidas? EU regulation on electronic identification and trust services for electronic transactions Goals: amend the regulations on electronic signatures extend electronic identification improve interoperability of these services within the EU 25

Trend 3: eidas The eidas token specification Is a joint effort between ANSSI and BSI Provides interesting new features for eid documents: Authorization Extensions Enhanced Role Authentication Pseudonymous Signatures 26

Trend 3: eidas Authorization Extensions Allows for defining access to on-card data based on certificate extensions Even for future use cases not known at the time of issuance Example: Adding health data to an eid card Emergency Data R Insurance Plan R/W 27

Trend 3: eidas Enhanced Role Authentication Enables download of (short term) credentials in a secure online session Also supports new uses case and increases interoperability Example: downloading a missing credential Service Trust 28

Trend 3: eidas POSeIDAS cryptovision: card implementation on Java Card HJP: eidas for PersoSIM (Open Source eid card simulator) Governikus: eid Server, eid Client 29

Trend 4: Additional Biometric Modalities 30

Thank you for your attention! Adam Ross, Ben Drisch cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback