OECD workshop on digital identity management BELGIAN approach



Similar documents
eid Security Frank Cornelis Architect eid fedict All rights reserved

FedICT. Carte d identité électronique (BELPIC) egovernment. Architecture et stratégie. E-government. Simplification administrative

ONE SINGLE ADDRESS FOR ALL YOUR ONLINE PROCEDURES. as part of your professional activity. Business Portal

Government CA Government AA. Certification Practice Statement

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Danske Bank Group Certificate Policy

TIBCO Spotfire Platform IT Brief

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict All rights reserved

Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka

esign Online Digital Signature Service

Citizen CA Certification Practice statement

CERTIFICATION PRACTICE STATEMENT UPDATE

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Agenda. How to configure

IGI Portal architecture and interaction with a CA- online

Neutralus Certification Practices Statement

Effective use of Digital Identities and ID cards in a Government Environment

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

National Certification Authority Framework in Sri Lanka

Business Issues in the implementation of Digital signatures

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Thai Digital ID Co.,Ltd.

Business ebanking - User Sign On & Set Up

API-Security Gateway Dirk Krafzig

Authentication Levels. White Paper April 23, 2014

eid/authentication/digital signatures in Denmark

Single Sign-On: Reviewing the Field

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

Ford Motor Company CA Certification Practice Statement

D.I.M. allows different authentication procedures, from simple confirmation to electronic ID.

Guide to building a secure and trusted BYOID environment

The Belgian e-id: hacker vs developer

Electronic Citizen Identities and Strong Authentication

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

How much do you pay for your PKI solution?

Public Key Cryptography in Practice. c Eli Biham - May 3, Public Key Cryptography in Practice (13)

User Authentication. FortiOS Handbook v3 for FortiOS 4.0 MR3

Mobile OTP Issuance Existing Users Non- Roaming Flow (Private Computer)

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

Enhancing Web Application Security

WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES

Introduction to Cryptography

Security Cooperation Information Portal

Adding Digital Signature and Encryption in Outlook

POST GRADUATE DIPLOMA IN ACCOUNTING

French Justice Portal. Authentication methods and technologies. Page n 1

Contents at a Glance. 1 Introduction Basic Principles of IT Security Authentication and Authorization in

Content. Marriages and partnerships in Europe Legal provisions and ceremony The case of Belgium

GlobalSign Digital IDs for Adobe AIR Code Signing

Installing the PA 100 VM in VMware Workstation 9.x

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

Frequently Asked Questions Please read this document before using this application.

Opal SSDs Integrated with TPMs

PKI Smart Card Usage for Business-Partners Features and Requirements. Version 1.4 / August 2013

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Single Sign On for UNICORE command line clients

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

SAML for EPCS (Electronic Prescription of Controlled Substances)

IAM Application Integration Guide

Building Secure Applications. James Tedrick

The increasing popularity of mobile devices is rapidly changing how and where we

Securing Cloud Computing. Szabolcs Gyorfi Sales manager CEE, CIS & MEA

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Ubisecure. White Paper Series. e-service Maturity Model

OneLogin Integration User Guide

SEZ SEZ Online Manual Digital Signature Certficate [DSC] V Version 1.2

Server based signature service. Overview

Managed Portable Security Devices

OpenSSO: Cross Domain Single Sign On

Trouble Shooting on e-filing

RSA Secured Implementation Guide for VPN Products

Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance

Feide login (currently username/password)

Class 3 Registration Authority Charter

Remote Working Service Remote Access - VDI User Instructions

Protected Trust Directory Sync Guide

CS 356 Lecture 28 Internet Authentication. Spring 2013

Welcome to Business Internet Banking

Protect Everything: Networks, Applications and Cloud Services

Security Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -

Transcription:

OECD workshop on digital identity management BELGIAN approach FEDICT Frank LEYMAN Trondheim - 08/05/2007 Information security in Belgium > Government disposes of data: Identification data, fiscal data, data about social security > Government needs data to guarantee tasks of national interest: Organize elections, collect taxes, grant social security 2 1

Migration of data > All of these data become more and more electronic Higher Risk Theft of data Misuse of data for other purposes Easier linkage between databases More possibilities Better and more efficient use of available data Electronic handling of formalities Simplifications of procedures > Evolution towards authentic source A unique and trustworthy collection of data under the responsibility of public authorities takes care of collecting and maintaining and updating of these data. Unique data collection with quality control Performing and secured Public services address the authentic source for information Citizen/enterprise only has to give input once 3 Risk control > Juridical System of delegation by sectorial committees (created by Commission Protection of personal live environment) Service who requests knowledge on certain data movements needs authorization from sectorial committee for these data data Legal basis, task of general importance Finality and proportionality Safety measures The communication and usage of data is under the control of the sectorial committee > Organizational Safety plan for public services controlled by the sectorial committees For online user management for civil servants: safety managers > Technical Access control to applications User management civil servants, citizen and enterprises Username and password Token Electronic identity card Identification Authentification Digital signature 4 2

Possibilities > User management User-ID, password, token Combination of what you know and what you have Form of electronic signature > Electronic identity card (eid) = key to information Data capture = proof of identity Safe tool to consult information fast, efficiently and error-free Authentication Safe and trustworthy on-line authentification Electronic signature Advanced electronic signature > Applications: Public Sector Signing of digital documents On-line tax declaration (tax-on-web) On-line consulting of personal file in National Register Several applications of local authorities (change of address, request for attestations, library access cards, ) Other possibilities: E-commerce, student cards, e-banking, 5 The paper Token Federal authentication Service (FAS) based on SAML User management tool for strong authentication for public services, cities or municipalities Temporary solution until all citizen will be fully equipped with eid Registration via the Belgian portal website Security level 2: username + password + token Different Security levels: Security level 0 : Public access Security level 1 : username + Password Security level 2 : username + Password + Token Security level 3 : Elektronic identity card European Information Security Award (RSA) 6 3

Attachments Technical Building Blocks 8 4

Contents of the chip PKI IDENTITY authentication ID ID ADDRESS ADDRESS digital signature 9 Trust Hierarchy SelfSign Belgium Root ARL RootSign Belgium Root CRL Citizen CRL Gov CRL Card Hierar Client Auth Elec Sign Data Crypt Server Client Object Auth/Sign 10 5

ificates > Citizen s certificates & keys Citizen Belgium Root Citizen Authentication ificate & key pair (1024 bits) provide strong authentication (access control) web site authentication single sign-on (login) etc. Signature ificate & key pair (1024 bits) provide non repudiation (electronic signature equivalent to handwritten signature) Document Signing Form Signing etc. Auth Sign Crypt (Encryption ificate & key pair) foreseen at a later stage private key backup/archiving 11 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information