Henry J F Ryan

1
Smart Card Vision 2002

• Henry J F Ryan
• eESC Secretary

2
Outline

• The high level objectives
• eEurope Smart Card Charter
• Vision and Organization
• Standardization Requirements
• Global Interoperability Framework
• Demonstrators
• European Standards Actions/Plans
• More information

3
An Information Society for all
The high level objectives
2002

• Bring every citizen, school, business and
  administration on-line - quickly
• Create a digitally literate and entrepreneurial
  Europe
• Ensure an inclusive information society

4
Action Lines
2002
A cheaper, faster, secure Internet 1) Cheaper and
faster Internet access 2) Faster Internet for
researchers and students 3) Secure networks and
smart cards Investing in people and skills 4)
European youth into the digital age 5) Working in
the knowledge-based economy 6) Participation for
all in the knowledge-based economy Stimulate the
use of the Internet 7) Accelerating
e-commerce 8) Government online electronic
access to public services 9) Health online 10)
European digital content for global networks 11)
Intelligent transport systems.
5
The intelligent key to quality of life in the
information society eEurope Smart Cards a
standards based open initiative
www.eeurope-smartcards.org
6
eESC Vision

• Empower the individual to access resources in the
  physical world and over networks, anytime,
  anywhere with adequate privacy and security
• Raise the prospect of smart card technology to a
  mainstream computing platform for trust services
• by
• Harmonizing smart card based infrastructures
  across sectors by building a consensus for
  minimum compatibility.
• Stimulating inter-sector cooperation to encourage
  interoperability

7
Basic Process
8
Services
9
Complete professional process
Identify
Interact
Order
Open
Close
10
eESC action lines

• Setting up of a network of interested
  stakeholders trailblazers, liaisons
• Defining Common Specifications / Requirements
  (end of 2002 deliverable)
• Dissemination program website, open meetings,
  conferences, articles, newsletter
• Demonstrators large scale deployment

11
Smart Card Shipments
Jan - Jul 2001 Smart Card Unit (M) Shipments
Eurosmart, Cartes 2001 Segment Memory
uProcessor Banking 10 75 Health Care
5 6 Telecom 550 200 Transport 10
5 Pay TV / IT 0.5 10 Others 20
11 590.5 307
12
The eESC Network

• gt 350 organisations involved
• gt 1000 people on mailing list
• gt 70 meetings a year
• 250 active participants

13
eESC Organisation
High Level Group
Steering Committee (working group chair
persons plus relevant group representatives)

Secretariat
Trailblazers
14
eESC Trailblazers
1 Public Identity
2
Identification Authentication
3 Protection
Profiles, security certification
4 Generalized card reader
5
e-payments (including purse, credit/debit,
m-commerce) 6 Contactless Smart Cards

7 Multi-application systems 8 User
requirements 9 Public Transport 10
e-Government 11 Health 12 Advanced Electronic
Signature

15
eESC Working Group Structure
16
eESC Deliverables Logical Structure
eEsc Common Specifications
Global I-A-S Interop. Framework (GIF)
Demon-strators(eEpoch, Netc_at_rds)
NICSS
Trail-blazers
Requirements and Standards / Industry
Specifications
17
Global Interoperability Framework

• GIF is an aid to ensure interoperability
• within and between smart card communities
• focused on IAS for Internet applications
• It provides models which can ensure
• cost sharing between stakeholders
• low entry level for new services
• differentiation at all levels of the business
  value chain
• use of off-line and on-line resources
• secure transactions in internet applications
• scope for more advanced services
• international collaboration

18
Basic roles and processes

• Card Community processes side
• Issuing, identification management
• Life cycle management (cards, infrastructure)
• Business issues

• E-Community processes side
• Daily use / delivery / interaction
• Content management
• Creative challenges

19
Framework Structure
IAS-Framework
E-community Smart card community
Interoperability
20
IOP - Prerequisite Protocols
Additional Applications
4
3
IAS
2
PKI /security
Human Interface
Platform
1
Connectivity
21
Interoperability via

• Functional IOP arrangements
• user - access provider interface
• access provider - application provider interface
• local smart card community interface to foreign
  smart card community
• Technical IOP building blocks
• IOP adapter
• PKI adapter

22
Functional IOP
23
Technical IOP
24
IOP scenarios
25
Adapters

• IOP Adapter (for IAS purpose)
• Generalised card reader (i.e. multi applications
  and operating systems)
• Business rules and conditions (i.e. how to handle
  an IAS request from a particular not-on-us
  card)
• PKI Adapter
• Verification mechanism for
• Building blocks certificates
• User/card holder certificates
• Trust relationship between on-us and
  not-on-us CA via e.g.
• Hierarchical certifications of CAs
• Bridge validation authority between CAs

26
Implementing GIF

• Steps to get IAS Interoperability
• research for hooks in the basic (internet)
  process
• define local IAS - requirements
• define functional boxes
• define data
• buy / modify building blocks
• Implementation research of the drivers
• test (set of) building blocks
• introduce and implement pilot
• evaluate
• enlarge / enrol
• Top down
• policies
• management
• operations

27
Demonstrators

• Netc_at_rds
• eEpoch

28
The Netc_at_rds project

• Trans European Health Services proof of
  entitlement
• Cross border access to health services
• eE111/128 as proof of entitlement to care
• on and off- line usage of smartcards IT
  networks
• build upon existing national Health card
  schemes
• Participating Austria, Belgium, France,
  Germany, Greece
• Large scale cross border demonstrators
  

29
The eEpoch project

• Demonstrating the SCC targets and goals
• Interoperability multi aplication on a Pan-
  European level
• Focus on domain of e-Government
• Supporting Public ID, strong
  authentication
• Supporting Digital signature (5.1 level)
• On basis of Multi Application Platform
• Using Generic (FINREAD compliant)
  Cardreader
• Not only demonstrator, also nucleus for
  national developments

30
eEpoch Specific Focus
Dissemination and Exploitation
CA
CA
CA
Application Services
ID/Authentication E-Sign Services
Multifunctional Platform Technology Building
Blocks
eEpoch specific interoperability elements
31
What would it look like?

• Basis Common European Access card
• Reliable personal data
• Authentication mechanism (PIN, Biometrics)
• Certificates for Authentication non
  repudiation
• Encryption facilities
• Multi application secure applet downloading

32

• Personal data
• Country code
• National ID
• Surname
• Given name
• Gender
• Date of birth
• Place of birth
• Nationality
• Identifyers/URL'

Biometrics
PKI
33
Benefits for Europe

• European awareness at citizen level (like
  Euro currency)
• Trust and confidence for government and
  end-user
• Access to e-Government services
• Fraud prevention and control (on-line and
  off-line)
• Reliability checking of on-line information

34
Standards Action Areas

• Standardization Goals
• - Building trust
• - Enhancing usablity
• - Improving access
• - Deploying interoperable applications
  services
• eESC 2002 deliverables - Surveys, Reports,
  White papers - Contribution to standards -
  Implementation guidelines - Dissemination
  activities - Pilot project(s) - other ...
• Standardization Process in Parallel
• - sources from standards and industry consortia
• - inputs to CEN/ISSS, ETSI, EESSI and others

35
TB 1 Public Identity

• Objectives
• Plan for a common European Citizen Digital ID
  Document.

• Deliverables (drafts available)
• 1 Inventory of legislation and practice
  regarding identities
• 2 Common specifications for public identity and
  identification
• 3 Guidelines for citizen certificates

Standards Partnership/Input to Trailblazer 2
and hence CEN/ISSS WS/E-Sign CEN/ISSS WS/EC
(eWallet) CEN/ISSS TC 224/WG11 ISO/IEC JTC1 SC17
WG3
36
TB 2 ID and Authentication
Objectives

• Co-ordinate with other Trailblazers to identify
  the functional requirements related to each
  individual Trailblazer
• respond to such functional requirements
• identify technology requirements and a
  methodology for the scope areas of other
  Trailblazers

• Deliverables        
• 1 inventory of existing smart card based PKI
  implementations with priority to Public Identity
  (available)
• 2 definition of a common platform for functional
  interoperability
• 3 provide technology guidance in response to TB1
  requirements
• 4 accommodate additional requirements from other
  trailblazers (in relation to Deliverable 2) on
  first come, first served basis.

Standards Partnership/Input to EESSI
37
TB 3 PPs, Security Certification

• Objectives
• Promote and facilitate the adoption of the
  Common Criteria
• (CC) - ISO/IEC 15408 standard
  through the Smart Card Industry for
• the evaluation and the
  certification of products and systems, to provide
  
• trust and confidence to the smart
  card users
• Deliverables
• 1 List of current issues in using Common
  Criteria
• 2 Proposal of possible solutions
• 3 Proof of concept
• 4 Promotion and education around Common
  Criteria
• Establish a communication and education plan
• Implementation of promotion and education
• Standards Partnership/Input to Common Criteria
  Board

38
TB 4 Generalised SC Reader

• Objectives
• Propose an architecture and a set of technical
  specifications for a secure IC card reader to
  be used in e-commerce and related IC card based
  applications on open networks

Standards Partnership/Input to CEN/ISSS
WS/Embedded FINREAD EESSI Area K ETSI SCP
39
TB 5 e-Payment and m-Payment

• Objectives
• Enable broad adoption of smart cards as a
  means of secure payment, and ensure
  interoperability across channels, sectors and
  borders
• Deliverables
• 1 EMV migration synchronization and Open
  Networks
• 2 eEuro implementation and Continental Roll out
• 3 Report on e- and m-payments convergence

Standards Partnership/Input to CEN/ISSS
WS/EC ETSI m-Commerce ETSI SCP
40
TB 6 Contactless Smart Cards

• Objectives
• Promote the use of contactless smart card
  technology by creating an Industrial
• Offer matching the End User needs
• Deliverables
• 1 Technical foundations interoperability,
  security, certification
• 2 Educational and promotional efforts
• 3 Market development of contactless technology
  roadmap for trials and deployment towards
  operators
• 4 Definition of a common platform, roadmap for
  interoperability
• 5 Pilots, Interoperability demonstrator, Final
  reports/guidelines, Catalogue

Standards Partnership/Input to CEN/ISSS
TC224 ETSI SCP
41
TB 7 Multi-Application Systems

• Objectives
• Enlarge Citizens freedom of choice in the
  selection and management of the ICT services
  they wish to access using smart cards as the
  generic access token
• Deliverables
• 1 The provision of input to standardisation
• new requirements for extension
• the need for new topics to be addressed
• 2 Implementors work book / toolbox
• 3 Possible input for the enactment of
  supporting legislation

Standards Input to CEN/ISSS WS/Extended URI
ETSI SCP (card management scheme)
42
TB8 User Requirements

• Objectives
• Interact with and provide user requirements
  input to all other Trailblazers
• to ensure that the user interface and
  functionality of ICT systems employing smart card
  technology meet already identified requirements
• to support Citizen aspirations, to provide
  systems that are attractive to Citizens
• to guarantee inclusiveness for all categories of
  Citizen.
• Deliverables
• 1 Work book best practice guide supporting
  Citizen access
• 2 User requirements specification
• 3 Overview of new technology new interface
  issues

Standards Partnership/Input to CEN/ISSS TC224
WG6 CEN/ISSS WS Extended URI ETSI TC HF
43
TB 9 Public Transport

• Objectives
• support Public Transport utilising smart card
  access tokens, including the need for
  interoperability between smart card based
  European transport ticketing systems
• Deliverables
• 1 Best Practice Guide
• 2 A methodology for the specification of smart
  card based ticketing systems based on common
  sector requirements
• 3 A work book/toolbox for use by implementors
• 4 Modules of information (including methods,
  structures, roles, entities, finance models etc)
  of relevant legislation and of system components
  (hardware/software)

Standards Partnership/Input to CEN/ISSS
WS/FASTEST CEN/ISSS TC224 WG11
44
TB 10 e-Government

• Objectives
• achieve definition, rationalisation and
  implementation of a European model for digitally
  performed procedures employing smart card for
  interfacing with Public Administration
• promote more effective use of government's
  information resources
• give access to public services and simplify on
  line administrative procedures that use secure
  smart card solutions based on standards such as
  electronic signature, PKI infrastructure and
  internet.
• Deliverables
• 1 Coordinate the necessary constituency
• 2 collect national initiatives and feasibility
  studies on B to A
• C to A and trans-national exchange of data
  e-government applications
• 3 organise relationships with other
  trailblazers re
• 4 common policy and architecture for functional
  interoperability and standardisation process
  for B to A and e-procurement
• 5 dissemination of findings and results

Standards Partnership/Input to IDA and CEN/ISSS
45
TB 11 Health

• Objectives
• Contribute to a European wide interoperability of
  healthcare cards concerning
• patient data as well as to health professional
  cards and to their usage in networks,
• addressing administrative data as well as
  healthcare/health related data and
• different functionalities, e.g. ID-card,
  signature card and health card
• Deliverables
• 1 Consensus building activities
• 2 Recommendations and white papers
• 3 Demonstrators and pilots

Standards Partnership/Input to CEN/ISSS TC 251
46
TB 12 Advanced ElecSignature

• Objectives
• Provide European Citizens with Advanced
  Electronic Signature use, as per the European
  Directive, through a Smartcard based system for
  Internet.

Standards Partnership/Input to working with
eEpoch, and IST Project SmartIS
47
eESC Steering Committee
Jan van Arkel (Co-Chair) arkel_at_cardlife.nl Lutz
Martiny (Co-Chair) lutz_at_martiny.org Henry J F
Ryan (Secretary) henryryan_at_eircom.net Tapio
Aaltonen, Chair TB 1 tapio.aaltonen
_at_vrk.intermin.fi Andreas Mitrakas, Chair TB 2
andreas_at_globalsign.net Jean-Paul Thomasson,
Chair TB 3 jean-paul.thomasson_at_st.com Hub
ert Jacquet, Chair TB 4 hubert-jacquet_at_cartes-anc
aires.com Hervé Kergoat, Chair TB
5 hek_at_europay.com Andrew Roberts, Chair TB
6 andrew.roberts_at_st.com Lorenzo Gaston, Chair TB
7 gaston_at_montrouge.tt.slb.com
Alan Leibert, Chair TB 8 alan_at_cardeurope.demon.c
o.uk Stefan Kissinger, Chair TB
9 stefan.kissinger_at_bvg.de Frédéric Tatout,
Co-Chair TB10 frederic.tatout_at_industrie.gouv.fr
David Ankri, Co-Chair TB 10 david.ankri_at_wanadoo.f
r Jürgen Sembritzki, Chair TB 11
j.sembritzki_at_ztg-nrw.de David Stephenson, Chair
TB 12 david.stephenson_at_cyber-comm.com Yves
Chauvel, Telecommunications yves.chauvel_at_etsi.fr
Joyce Blow-Darlington, Consumers joyce.blow_at_which
.net some observers
48
You are invited!

• Open Steering Meeting, Madrid, 13-14 June
• Theme eESC Smart Card RD Clustering and
  Standardization Links

49
More Information

• http//www.cenorm.be/isss
• http//eeurope-smartcards.org
• or email
• info_at_eeurope-smartcards.org