This document discusses the eEurope Smart Card Charter and the Helsinki Public ID conference. It provides an overview of the eEurope Smart Card Charter's goals of deploying smart cards across Europe and increasing interoperability. It also summarizes the status of national digital ID cards across EU member states, with some having piloted programs or small-scale rollouts underway. The conference aims to facilitate information sharing on national digital ID developments and gather input to define common specifications for cross-border interoperability of identification, authentication, and digital signatures on public smart card programs.

1. ,
Smart Card Charter & the
Helsinki Public ID conference
April 4-5 2002
Jan van Arkel
Co-Chairman eEurope Smart Card
Charter
The

2. Agenda
 The eEurope Smart Card Charter: aim,
deliverables and status report
 Status overview on European e-ID cards
 Targets for this conference

3. “An Information Society for all”
2002 Objectives
 Bring every citizen, school, business and
administration on-line - quickly!
 Create a digitally literate and entrepreneurial
Europe
 Ensure an inclusive information society

4. Action Lines
A cheaper, faster, secure Internet
1) Cheaper and faster Internet access
2) Faster Internet for researchers and students
3) Secure networks and smart cards
Investing in people and skills
4) European youth into the digital age
5) Working in the knowledge-based economy
6) Participation for all in the knowledge-based economy
Stimulate the use of the Internet
7) Accelerating e-commerce
8) Government online: electronic access to public services
9) Health online
10) European digital content for global networks
11) Intelligent transport systems.
2002

5. eESC Mission
 Contribute to mass deployment of Smart Cards
Europe
 Identify the barriers for mass deployment and
help in bringing those barriers down.
 Focus on:
- 4 application area’s
- multi-functionality
- end user acceptance
- a number of more technical aspects

6. eESC action lines
 Setting up of a network of interested
stakeholders
 Carry out Dissemination program
 Defining Common Specifications
(end of term deliverable)
 Demonstrators & large scale deployment

7. Building & maintaining
the network
 > 350 organisations involved
 > 1000 people on mailing list
 > 70 meetings a year
 250 people hands-on participating

8. Steering Committee
SCC Organisation
(working group chair persons plus relevant group representatives)
Secretariat
Trailblazers
High Level Group

9. Logical structure Comm. Specs.
TB3
S
E
CURI
T
Y/
PP
TB8
US
E
R
/
RE
Q
S
TB10
GOVERN-MENT
TB11
HEALTH
TB5
PAYMENTS
TB9
PUBLIC
TRANSPORT
GIF
TB1, TB2, TB12
APPLICATIONS
GLOBAL
INTEROPERABILITY
FRAMEWORK
GENERIC FUNCTIONS
PUBLIC ID, AUTHENTICATION, ELEC. SIGNATURE
TB7
MULTI AAPPPPLLIICCAATTIIOONN PPLLAATTFFOORRMM
TB4 TB6
GGEENNEERRIICC CCAARRDD RREEAADDEERRSS CCOONNTTAACCTTLLEESSSS CCAARRDDSS

10. Basic roles and processes
Issuer
User
Content
provider
Applic.
provider
Access
provider
R&C
Authority

11. Issuer
User
Content
provider
Applic.
provider
Access
provider
R&C
Authority
Interoperability
Issuer
User
Content
provider
Applic.
provider
Access
provider
R&C
Authority
Issuer
User
Content
provider
Applic.
provider
Access
provider
R&C
Authority

12. 4 main application areas
 - eGovernment
 - e-Payment
 - Health
 - public transport

13. European Union: 375 million people
+ Candidate countries: 500 million people

14. 4 main application areas
 - eGovernment
 - e-Payment
 - Health
 - public transport

15. Functionality of a national
e - ID card/digital access
Mutual authentication card and infrastructure
Verification cardholder identity
(pin, biometrics)
Provision of trust (digital signature)
Travel Document within the EC
Carrier for drivers license & other official documents
Supporting in general e-Government
functionality
Able of supporting services from the private
sector

16. BBiioommeettrriiccss
PPeerrssoonnaall
ddaattaa
• CCoouunnttrryy ccooddee
• NNaattiioonnaall IIDD ##
• SSuurrnnaammee
• GGiivveenn nnaammee
• GGeennddeerr
• DDaattee ooff bbiirrtthh
• PPllaaccee ooff bbiirrtthh
• NNaattiioonnaalliittyy
• IIddeennttiiffyyeerrss//UURRLL''
PPKKII

17. e-ID cards top 3
 1. Brunei
400K, personal data, biometrics and
PKI
 2. Malaysia
1M  19 M, personal data,
biometrics and PKI
 3. Japan
1M  100 M in 2004, data, PKI,
Pin

18. e-ID cards in EU
 Policy decision has been made for
national digital ID or Public Services
card by: Austria, Belgium, Finland,
Ireland, Italy, Netherlands, Portugal,
Spain, Sweden
 Relevant national legislation already in
place in: same countries exept Portugal
 Public Service card will be chipcard:
Austria, Belgium, Finland, Ireland, Italy,
Netherlands, Portugal, Spain, Sweden, UK (if
applied will be a chipcard), Germany (see pilot in
Bremen)

19. Public Key technology
 Will support PKI for authentication and non-repudiation
purposes? France and Ireland
no final decision yet, other countries: Yes
 Will support PKI for non –repudiation?
Same answer
 Will support encryption facilities for end-user?
 Yes: Finland, UK
No: Italy, Spain,
Under discussion: Ne, Be, Irl

20. Pilot projects and nat. roll-out EU
 Pilot projects are active in:
 Italy, Belgium, Netherlands, France,
 National roll-out is under way in:
 Sweden (100 K cards issued)
Finland ( 12 K cards issued)
Italy (15 K cards issued)
 Roll out completed: None

21. Pre-conference conclusions
on ID-cards
 National ID cards in Europe are definitely on
their way
 The ID service will be in support of the
eGovernment domain (and sometimes also
in the privaty domain)
 Multi application is still an unsolved issue
 The cards will use PKI in support of
authentication and digital signature
 CHV will be on the basis of PIN and in some
countries biometrics

22. Pre-conference conclusions
on ID-cards (2)
 Middle of the road ICC contact technology
 Heavy piloting but small scale roll-outs as yet
 Heavy risk of different solutions and non –
interoperability (as is the case in domains of
e-Purse and European Health cards)

24. Targets for the Conference
 Information exchange on national
developments in domain of e-ID
 Establishing interest in realising
pan-European interoperability of
identification, authentication and digital
signature function in Public Domain
 Organising input (requirements &
solutions) into the Smart Card Charter
Common Specifications

25. Examples of joint functional
requirements
1. Card Issuing Government (CI) is
responsible for reliable I, A of Cardholder
2. CI is responsible for the QC(s) for Card
Authentication, CHV and Signature
3. I and A data and functions are open for
general use
4. There should be a 3 key pair infrastructure
for I/A, Signature and confidentiality
5. Key generation and storage on board the
card

26. Examples of joint functional
requirements
6. CI holds ‘key’ for applications on card (at
issuance or post issuance)
7. CI responsible for overall CMS
8. Trust is a must to generate interoperability
9. ………
10.………

27. (a) Each APP prepares Certificate for User Authentication separately
Card
certificate
②Data processing
Health
Insurance
ＡＰ
Electronic purse
SP
User
certificate
ＣＩ
ＲＣ
Electronic purse
ＡＰ
CA 0
CA 1 CA 2
Health Insurance
SP
Hospital
SP
User
certificate
Demerit
APP Download (DL) APP DL
Issues card certificate
Issues Card certificate
Merit
Each APP requires
resources, such as
certificate, separately
①User authentication
Each APP must
prepare PKI
separately.
Each APP can
manage users
separately.
Small effect on existing
NICSS-Framework
No connection is
required between
AP's
F/W

28. (b) User authentication by common Certificate for all APP
Card
certificate
②Data processing
Health
Insurance
ＡＰ
Electronic purse
SP
User
certificate
ＣＩ
ＲＣ
Electronic
purse
ＡＰ
CA 0
CA 1 CA 2
Heath Insurance
SP
Hospital
SP
Demerit
APP DL APP DL
①User authentication
Issues Issues card certificate User certificate
Merit
NICSS-Framework newly
needs to administrate
certificate for user
authentication.
No APP needs to
prepare each Certificate
Only small amount of
resources, such as
certificate, are necessary.

29. (c) Authentication of Card and User in common by Card Certificate
Health
Insurance
ＡＰ
ＲＣ
Electronic purse
SP ＣＩ
Health Insurance
SP
Electronic
purse
ＡＰ
Hospital
SP
Demerit
APP DL APP DL
Issues card certificate
（also used as user certificate ）
Merit
②Data processing
① User authentication
No APP needs to
prepare Certificate
Ｃａｒｄ
certificate
Smallest amount of
resources, such as certificate,
are necessary.
APP must define I/F or others so
that card certificates can be used by
APP.

30. ID Cards in the Netherlands
 Policy decisions are there
 Legislation in place
 eID card in ID 1 format since Oct 2001
 Pilot sites (Delft, Rotterdam) have
delivered
 Large scale pilot (Eindhoven) with
PKI (without biometrics) under
construction
 National roll-out eNIK? 2006?