Electronic Identity Cards in Europe
Ari Bouzbib
Senior Vice-President Europe
Identity & Government Programs
11th Porvoo Group Meeting
May 24-25, Coimbra
Forecasted trends for Governmental Market in 2007
 Government/Health :
ƒ e-Passport deployment in 40 countries including all Visa-waiver countries
ƒ Growing e-ID projects:
ƒ Portugal, Qatar, Morocco, joining increasing deployment in Belgium, Thailand,
Hong-Kong, Estonia, Finland, Sweden,
Oman, …
ƒ More than 300 Mu ID cards will be shipped in China in 2007, with a target of 900
Mu deployed before 2008 Olympic games
ƒ Ramping up 2nd generation e-Health in France (Sesam Vitale) and Germany
(eGK)
ƒ Eurosmart Source
08/06/2007
2
More Value for our Industry
The Smart Cards industry will further strengthen its potential
to create high-added value products and services by
introducing Smart Secure Devices.
This trend is already visible with the e-Passport:
Smart Card technology and know-how
delivering an entirely new type of product
Eurosmart Source
08/06/2007
3
New Markets will embrace the merits
of Smart Secure Devices
 Smart Secure Devices will find a natural fit whenever:
ƒ New H2H (Human-to-Human) or H2M (Human-to-Machine)
transactions will require a local, sometimes off-line
verification of the User Identity.
ƒ The fast growth of contactless technology will pave
the way for many new applications aimed at speed
and mobility.
Emerging Machine-to-Machine applications
ƒ Smart embedded modules will be the ‘brain’ in M2M
enforcing rules and taking corrective actions in the event
of errors during such transactions.
ƒEurosmart Source
08/06/2007
4
Some examples of very likely areas of growth
Retail
ƒ Check-out/Payments
ƒ Smart Bulletin-Boards
ƒ Customer Relationship Management
ƒ Logistics Management for merchants
ƒ E-Commerce
E-Citizen
ƒ Fillings and Applications
ƒ Personalized Citizen-2-Representative relationship
ƒEurosmart Source
08/06/2007
5
New shapes to follow the path of our daily lives
Three key enablers
ƒ Biometrics : «secrets» that always stay
with us
ƒ Contactless : «fast and easy»
device-reader interactions
ƒ Nanotechnologies : remove «size
constraints» to keep those Secure
Objects with us at all times
More developers will embrace Smart
Secure Devices
ƒ Internet for e-commerce
ƒ Peer to Peer collaborative networks
ƒEurosmart Source
08/06/2007
6
European eID & Gemalto
08/06/2007
7
European Citizens Card – Aims
1
 The key drivers behind the European Citizen Card concept are
opportunities to:
ƒ provide worthwhile eGovernment services that can be accessed by all European
Union citizens wherever they chose to reside in the EU => citizens’ mobility
ƒ combat global Identity Fraud => citizens’ Identity protection
ƒ address the threat of national and pan European terrorism => citizens’ security
ƒ build a more inclusive European Society => civil society development
ƒ encourage the emergence of new intra European Union services =>
administrative actions simplification
1
Derived from the contents of CEN/ISSS WS/e Authentication Vision Document “Towards an
electronic ID for the European Citizen a strategic vision” Brussels, October 3, 2004
08/06/2007
8
European Citizens Card - Benefits
 For citizens:
ƒ
ƒ
ƒ
ƒ
Simplified administrative tasks
Secure and efficient access to services
Control over personal data
Convenience (time & money savings)
 For Government:
ƒ
ƒ
ƒ
ƒ
ƒ
08/06/2007
Simple and accurate management of documents and data
Reduced administration costs
Security and confidence
Development of the information society
Transparency
9
Swedish eID: ID and Travel Document
Global Objectives
 New approach: ID & travel document in one
 Make travelling as easy as possible
 Deliver the best standard of e-Passport and national e-IDcard on the market
 Provide better services
 Make the application process easy and secure
08/06/2007
10
Swedish eID Card: Concept
 An e-ID Card containing two chips – contact and
contactless (totally separated)
 A travel document valid 5 years
 An Electronic Identity – active secure device
 Only for Swedish citizens, but non compulsory card
 The same electronic personal data as in the e-Passport
 The same process as for the e-Passport
 The same IT-system as for the e-Passport
 The project included all steps from enrolment to the
delivery of personalized product to a citizen
08/06/2007
11
Contactless Chip:
 ICAO recommendations compliant
 EU regulations compliant -> EAC
migration as per EU schedule
 Logical Data Structure
 Passive authentication
Contact Chip:
 Electronic ID and digital signature
PKI enabled with 32K memory
 PKI key pair pre-generated
 Strong authentication
 Non repudiation
Secure data storage
 Basic Access Control
No magnetic stripe nor bar code
 Type B 32K chip
Contact Chip
for eID
ISO 7816
08/06/2007
I<SWE45123456<4196103213499<<<
6103213M1004256SWE<<<<<<<<<<<8
SPECIMEN<<SVEN<<<<<<<<<<<<<<<
Contactless Chip
same as passport
ISO 14443
MRZ on the back side
12
Swedish eID Card - Project outcome to date
 Issuance started in October 2005
ƒ Sweden first in Europe to issue e-Passport
ƒ First in world to combine e-Passport functionality and National e-ID in single card
 Delivery of comprehensive e-Passport and e-ID solution
ƒ Compliant with EU and ICAO standards
ƒ Upgradeable to include EAC by 2009
 A multi-application National ID card for identification and signature as
well as cross border travel
 Significant savings – equipment, processes, systems and training
 Take up of voluntary National e-ID card because of travel functionality
but constrained because other forms of e-ID are used for e-commerce
(e.g. BankID)
08/06/2007
13
Courtesy of The National Register
Lessons Learned So Far




The legal base is important
Be very attentive to privacy concerns
Transparency is key to trust
Transparency enhances quality of data
 Interoperability: juridical and technical normalisation and partnerships
agreed before the start-up are vital
 A structured technical and situational platform for information
exchange is useful. Prototyping and monitoring are vital
 Electronic personalisation techniques somehow cultural bounded.
They need to be above any doubt and usable through standardised
interfaces
 The added value of the eID-card is key
 Information exchange platform during pilot phase
 Win-win situation for full collaboration
 Communications & resources!
08/06/2007
14
eID: next steps
 Security
ƒ Compliancy with laws (ex. digital signature)
ƒ Deployment of securing travel and border control tools for improving national security
ƒ Keep up-to-date secure eID v.s. thefts & frauds
 Citizens’ privacy
ƒ Ensure education of citizens regarding their own data
ƒ Citizens keep full control of their data with selected access to specific data
 Empower convenient services
ƒ Offer time and place independent eGovernment services to citizens
ƒ A convenient form factor for citizens and civil servants
 Automation
ƒ Make use of networks and online services
ƒ Fasten identity check by police forces and travel authorities; interoperability
ƒ Appropriate tools to verify eID cards
 Biometry
ƒ Some governments and citizens area cautious in terms of biometrics –
In the future opinions are likely to change and opposition will weaken
as the benefits become evident
ƒ Adopt biometry to eID as an additional security feature to the PIN
– PIN code will survive because biometric identification is at its best
in a secure environment rather than “everywhere”
ƒ Have the corresponding standard completed (ISO SC37)
08/06/2007
15
Conclusions(1)
 Success of National eID schemes is built on:
ƒ
ƒ
ƒ
ƒ
ƒ
Citizen trust and transparency
Individual privacy protection
Future proofed security
Interoperability
Capacity for growth
 And, crucially
ƒ The value of the eID Card to citizens in their everyday lives
 The European Citizen Card and other “tools” is creating the
technical framework to extend value beyond national borders
 Industry players are willing to support governments to help
them to achieve success
08/06/2007
16
Conclusion (2)
 Smart Cards will evolve into a broader family of Devices
ƒ More new shapes for new applications
ƒ Our virtual « digital personal attributes»
ƒ Embedded software and ultra-embedded nanotechnologies
 The only mistake to avoid for our Industry is to entertain
an endless debate about fears.
ƒ We will build the best solutions and the best value for people
to enjoy many new services
ƒ Political ownership and communication will be key to success
 Education … more Education
ƒ Preparing people to use those Smart Secure Devices is as important
as teaching them how to read and write.
08/06/2007
17
Back-Up
Ari Bouzbib
Senior Vice-President Europe
Identity & Government Programs
11th Porvoo Group Meeting
May 24-25, Coimbra
2006 Market Trends
 Mobile communication: another year of strong unit growth
ƒ Growth is driven by almost all regions and emerging countries such as India in Asia,
Middle East and Latin America
ƒ Chinese market is growing again in 2006 after a stable year in 2005
 Financial services:
ƒ Contactless payment in the US continue to deploy
ƒ EMV roll out mainly in Asia and renewal in Europe
 Transports:
ƒ Major cities in North America and Latam adopt smart cards in public
transports
 Government:
ƒ e-Passports effectively deploying in many countries
ƒ 200 M Chinese ID Cards shipped in 2006

Eurosmart Source
08/06/2007
19
Key to Trusted eGovernment Services
 Creates the link between citizen and his/her
digital identity
 Make citizen's daily life easier
 Create the right environment for more
accessible, transparent processes
 Make citizen's participation more expansive and
direct
Legally binding
08/06/2007
20
BelPIC Has Many Citizen Touch Points
Driver’s Licence
Healthcare
Student Cards
Single Sign On
08/06/2007
Home Banking
Proof of Membership
e-Commerce
21
What Citizens Are Now Asking For…
 Service delivery of 24/7 electronic counter (70% of internet users)
–
–
realise complete transactions
possibility to make and receive direct payments
 A central website or digital (forms)counter
– with access to all relevant forms and information
 A personalised service, management and control of personal
data and files
 More proactive forms of service delivery from
public authorities (within certain privacy limits).
 Public authorities to fill in all forms in advance
– (2/3 of internet users & 80% of non-users)
 Grants should be allocated proactively (80% of population)
08/06/2007
22
BelPIC Programme:
Belgian Personal Identity Card
 Initiated in July 2001
 Keystone of project to simplify administration
processes and modernise public service
 Goal to provide 9 million citizens with secure
identity document and tool for electronic signature
and authentication to access:
ƒ E-Government applications
ƒ Social security
ƒ Private sector services
 Key aims:
ƒ Building trust with citizens
ƒ Providing trusted eGovernment services
ƒ Paving the way to eDemocracy
08/06/2007
23
Some of Today’s BelPIC Applications
 E-government
Official document requests:
marriage, birth, etc
Online voting
ƒ
ƒ
 E-tax
ƒ
Tax form declaration
 E-justice
ƒ
Electronic submission of
conclusions in court cases
 E-access
ƒ
ƒ
Client authentication to web servers
Access control: library, swimming
pool, etc
 E-commerce
ƒ
ƒ
ƒ
Online opening of a new account
Digital Rights Management
Contract signing (qualified signature)
 E-banking
ƒ
 E-mail
ƒ
ƒ
Registered e-mail
Authenticated e-mail
 E-administration
ƒ
ƒ
Data capture
Car registration
 Secure Services for Seniors and
Teenagers
ƒ
ƒ
ƒ
Digital e-window (municipalities of Ghent,
Bornem, Woluwe-St-Pierre)
Forum on www.Seniorennet.be
Safer chat: for 12-15 years old
 Other Common Uses
ƒ
ƒ
ƒ
ƒ
08/06/2007
Online mortgage request
In banks: filling forms, proving ID
Public/Private access control for large
events
In companies: as a badge for access
control buildings
As a logical pass for network access
control
24
Innovative Services: eReporting of Crime
 Belgian citizens can use their eID cards to report crimes from
an electronic terminal, directly over the Internet, to the federal
police.
 The initial service allows crimes such as vandalism, shoplifting
and bicycle thefts can be reported in just a few clicks.
 The citizen reporting the crime is identified by his/her secure
eID card. The process saves significant time compared to the
traditional lengthy process of reporting crime at police stations,
which takes an average of two hours and help overcome social
apathy.
08/06/2007
25
Protecting Children: Kids eID
 Issued to children less than 12 years old.
 Kids ID serves as the national eID card for Belgian children,
and incorporates all the equivalent security and information
featured in BelPIC. Kids ID can be used as an official travel
document in many countries.
 Secondly, the cards serve to protect the child if they run into
danger. The card contains a special hotline number to notify
the next of kin if the child is lost, or has an accident.
 Last but not least, kids-ID cards can also be used for safer
access to online chat and services that require ID.
08/06/2007
26
Agenda
 European Citizen Card – a common interoperable framework
 Case Studies:
ƒ Swedish National eID Card – an ID and Travel document in one
 Key conclusions
08/06/2007
27