An Open Source eid Simulator Open Identity Summit 9th -11th September 2013



Similar documents
eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

Case Studies. National Identity Management Commission (NIMC), Nigeria eid Consulting for national ID system

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

G-Cloud 7 Service Description Document. Third Party Services. Zendesk Licences 1. Zendesk Services (Consulting) 2. Nexus Pro Licences & Services 3

MOBILE SMARTPHONES AS SECURE SIGNATURE-CREATION DEVICES

Draft Middleware Specification. Version X.X MM/DD/YYYY

Sicherheitsaspekte des neuen deutschen Personalausweises

Introducing etoken. What is etoken?

Test plan for eid and esign compliant terminal software with EACv2

Preventing fraud in epassports and eids

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Welcome to cryptovision. cv cryptovision GmbH T: +49 (0) F: +49 (0) info(at)cryptovision.com

Technical Terms and Conditions

ISO/IEC for secure mobile web applications

Entrust IdentityGuard Comprehensive

Quality Management in Open Source Projects

BUSMASTER An Open Source Tool

Full page passport/document reader Regula model 70X4M

Applying Common Criteria to a cloud type payment service

Università Degli Studi di Parma. Distributed Systems Group. Android Development. Lecture 1 Android SDK & Development Environment. Marco Picone

TLS-RSA-PSK. Channel Binding using Transport Layer Security with Pre Shared Keys

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Access Your Cisco Smart Storage Remotely Via WebDAV

Course Syllabus. 5053A: Designing a Messaging Infrastructure using Microsoft Exchange Server Key Data. Audience. At Course Completion

Chytré karty opět o rok dál...

CardOS API V3.2. Standard cryptographic interface for using applications with CardOS smart cards

Index. 1-FLYPOS hardware/firmware Technology Overview 2-FLYPOS software architecture 3-Gateway/Acquirer Interface 4-Letters of Approval

Wednesday, January 15, 14. Secure and Private Service Discovery over Low Energy Bluetooth

A Secure and Open Solution for Seamless Transit Systems

Transaction Security. Training Academy

Secure your Privacy. jrsys, Inc. All rights reserved.

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

System requirements for Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

CoSign by ARX for PIV Cards

Key & Data Storage on Mobile Devices

Technical Article. NFiC: a new, economical way to make a device NFC-compliant. Prashant Dekate

NFC Testing. Near Field Communication Research Lab Hagenberg. Gerald Madlmayr. NFC Research Lab, Hagenberg. E-Smart 2008, Sophia Antipolis

Using ModelSim, Matlab/Simulink and NS for Simulation of Distributed Systems

Whitepaper on identity solutions for mobile devices

USER GUIDE WWPass Security for Windows Logon

Mobile Printing for Business Made Easy

ID Pictures collection for Membership card of ARBH- KBHB/LFH/VHL

Cisco AnyConnect VPN Client Installation Guide for Single Factor Authentication: Windows

Integrating Mobile into Your Cross- Platform Strategy with Qt

SEEK project - Access to Secure Elements on Android. Frank Schäfer

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

HIGHSEC eid App Administration User Manual

INSTALLATION MINIMUM REQUIREMENTS. Visit us on the Web

The All-in-One Support Solution. Easy & Secure. Secure Advisor

Client System Requirements for Brainloop Secure Dataroom as of Version 8.30

Understand and Build Android Programming Environment. Presented by: Che-Wei Chang

Kerberos + Android. A Tale of Opportunity. Slide 1 / 39. Copyright 2012 yassl

Background on Elastic Compute Cloud (EC2) AMI s to choose from including servers hosted on different Linux distros

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

D Test Strategy

Middleware Release Notes

SAP NetWeaver 7.4 Planning Product Availability Matrix (Planning PAM)

Sinadura Free digital signature

An introduction to EJBCA and SignServer

VRentin Tech - A Leader in Software Testing

Transaction Security. Test Tools & Simulators

PKCS. PKCS: Public Key Cryptography Standards

SLE66CX322P or SLE66CX642P / CardOS V4.2B FIPS with Application for Digital Signature

Example of Standard API

MailStore Server 7 Technical Specifications

setup information for most domains hosted with InfoRailway.

Division of Information Technology Lehman College CUNY

Smart Card APDU Analysis

Vanilla44 New Features

NFC Near Field Communication

MaaSter Microsoft Ecosystem Management with MaaS360. Chuck Brown Jimmy Tsang

Middleware Release Notes

Frost & Sullivan. Publisher Sample

Secure Cloud and Remote Service Connections for AllJoyn Applications

5053A: Designing a Messaging Infrastructure Using Microsoft Exchange Server 2007

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Secure Cloud and Remote Service Connections for AllJoyn Applications

An NFC Ticketing System with a new approach of an Inverse Reader Mode

6. Is it mandatory to have the digital certificate issued from NICCA? Is it mandatory for the sender and receiver to have a NIC id?...

Parallels Mac Management v4.0

Lecture 26 Enterprise Internet Computing 1. Enterprise computing 2. Enterprise Internet computing 3. Natures of enterprise computing 4.

inforouter V8.0 Server & Client Requirements

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

USER GUIDE WWPass Security for (Outlook) For WWPass Security Pack 2.4

MCSE 5053/ Designing a Messaging Infrastructure and High Availability Messaging Solution Using Microsoft Exchange Server 2007

REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION. SD045 V4.1 Issue Date Page 1 Public

Hypervisor by Chronos Specifications

Using ISO/IEC for mobile devices

Microsoft Technology Practice Capability document. MOSS / WSS Building Portal based Information Worker Solutions. Overview

Supporting Smart Cards in UEFI

Secure web transactions system

Business. Easy. Made. If users know how to send an or go to a Web address, they can print with EveryonePrint

PKI Made Easy: Managing Certificates with Dogtag. Ade Lee Sr. Software Engineer Red Hat, Inc

White Paper: OSGi-based E-Health / Assisted Living

QuickTime, iphone, ipad and ipod are either registered trademarks or trademarks of Apple, Inc. in the United States and/or other countries.

edocs Strategy and Roadmap

Issues in Smart Card Development

Middleware Release Notes

High Availability of the Polarion Server

Transcription:

An Open Source eid Simulator Open Identity Summit 9th -11th September 2013 BSI Tobias Senger HJP Consulting Holger Funke

Agenda Requirements of BSI Current state Simulator Virtual Smart Card Reader Community NFC Device Planned Roadmap Next steps Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 2

Requirements: Actual state and target state Actual state Target state Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 3

Requirements: Simulator on mobile NFC device Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 4

Agenda Requirements of BSI Current state Simulator Virtual Smart Card Reader Community NFC Device Planned Roadmap Next steps Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 5

Current state: Developing new smart card protocols Time consuming: Several stakeholder: Chip developer / manufacturer COS developer Application developer Integrator Chip must be produced to work with Life cycle during development very short, living specifications Handling of various configurations (data groups, keys, etc) Handling of certificates (Extended Access Control, EAC) Need of fresh test certificates Expensive: Sample cards are expensive Several stakeholders Hardware chip must be produced Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 6

Current state: GlobalTester test tool GlobalTester Open Source test tool for smart cards and inspection systems Eclipse framework Rhino Engine Bouncy castle crypto lib Smart Card Shell Started in 2005 (www.globaltester.org) Open community (test manager, sample scripts) Closed community (commercial: test scripts, simulator) GlobalTester Prove IS / epa-r: To test the inspection system, chip must be simulated Currently implementation of BSI TR-03110 V2 Code available Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 7

Agenda Requirements of BSI Current state Simulator Virtual Smart Card Reader Community NFC Device Planned Roadmap Next steps Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 8

Current state: Software-Simulator (I) Implementation (close to Java Card) All protocols, algorithms of BSI-TR-03110 V2 ready EACv1:» Basic Access Control» Chip Authentication v1» Terminal Authentication v2» Active / Passive Authentication EACv2:» PACE / SAC» Chip Authentication v2» Terminal Authentication v2» Restricted Identification» (Qualified electronic signature) Configuration via scripts (easy to personalize different cards) Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 9

GlobalTester Architecture Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 10

Current state: Software-Simulator (II) Missing link between Software-Simulator and Terminal (IS) Current solution needs piece of hardware Comprion CLT one (commercial) Handling of ISO 14443 communication (transfer speed, modulation type, etc.) Hardware is expensive -> problem for Open Source projects Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 11

Simulator: Architecture Protocols BAC EACv1 EACv2 ISO 7816 Admin SM Keys Files AR GP Crypto Driver / Hardware Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 12

Benefits of Open Source eid Simulator Use simulator for testing eid stakeholder like eid Client developers, like Open ecard eid Server developers Solution developers, like ecommerce Use simulator to analyze protocols Adapt protocols and test consequences Experimental platform Easy to configure your eid card In future: CardInfo files (?) Easy to understand protocols Participation in eid world -> For example: Universities Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 13

Agenda Requirements of BSI Current state Simulator Virtual Smart Card Reader Community NFC Device Planned Roadmap Next steps Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 14

Open Source eid Simulator: Virtual Driver Code is implemented and tested yet Experience in several tests (e.g. interoperability tests) Simulator can be addressed via TCP/IP-Socket Hardware must be substituted: Solution: Virtual Smart Card Reader Runs in operating system as typical physical reader Runs as PC/SC device Can be addressed by typical clients (like eid clients) Handles communication between client and simulator Will be implemented by HJP for operating systems:» Microsoft Windows 7 (32 and 64 bit)» Linux (Ubuntu) (32 and 64 bit) Source Code of drivers will be published under GPL v3 Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 15

Virtual Driver in ISO-OSI layer model Application Application Presentation Presentation Session Transport SIM Session Transport Network Network Data Link Physical CLT One Data Link Physical Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 16

Simulator: Virtual Reader Driver Simulation of basic reader Only APDU handling: receive APDU and send result Standard / Comfort Reader Simulation of PIN-Pad Simulation of TR-03119 functions: EstablishPACEChannel() ModifyPIN(), Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 17

Agenda Requirements of BSI Current state Simulator Virtual Smart Card Reader Community NFC Device Planned Roadmap Next steps Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 18

Community Web site Basic information, URL is not defined yet Code versioning system (repository) First implementation (basic reader) for MS Windows First version of simulator code Support for interested users / developers Access to source code Forum Mailing list Wiki Manuals FAQ Bug / Issue tracking Communication of release plan Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 19

Community: Possible structure Leadership BSI / HJP Maintainer Maintainer Maintainer Committer Committer Committer Committer Contributor Contributor Contributor Contributor Contributor Users Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 20

Agenda Requirements of BSI Current state Simulator Virtual Smart Card Reader Community NFC Device Planned Roadmap Next steps Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 21

NFC Device Some uses cases need physical device (smart card) Hardware to simulate also physical characteristics: NFC device Use NFC interface to access simulator on smartphone / tablet Migration of simulator to NFC device Possible platforms Windows Phone Apple ios Android -> several NFC device, support, established libraries BSI has experience in Android applications with NFC: androsmex Student research projects Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 22

Agenda Requirements of BSI Current state Simulator Virtual Smart Card Reader Community NFC Device Planned Roadmap Next steps Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 23

Roadmap Project is planned for two years (at least) Lead BSI: Tobias Senger HJP Consulting: Holger Funke Start September 2013 First results will be published in 2013 Virtual Driver First implementation (basic reader) for MS Windows Simulator Code adaptions for launching needed Community Web site with basic information in 2013, Hoster for Sources NFC Device First migration of simulator in 2014 Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 24

Agenda Requirements of BSI Current state Simulator Virtual Smart Card Reader Community NFC Device Planned Roadmap Next steps Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 25

Next steps, Call for Participation Simulation of German ID card Not only focussing on eid but also on smart card in general Simulation of other applications: esign Health SIM. JOIN OUR COMMUNITY! Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 26

Questions? HJP Consulting GmbH Holger Funke Hauptstraße 35 33178 Borchen, Germany tel: +49 5251 41 77 633 fax: +49 5251 41 77 666 e-mail: holger.funke@hjp-consulting.com web: www.hjp-consulting.com Open Identity Summit 2013, An Open Source eid Simulator, Tobias Senger, Holger Funke Slide 27

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information