1 / 21

Gert roeckx March 2012 Warsaw

eid and setup of CA. Gert roeckx March 2012 Warsaw. eID Card Types. Citizens Kids Foreigners eID card Kids-ID Foreigners’ card. eID Card Content. PKI- data. Citizen Identity Data. ID . ADDRESS . Authentication. Signature. RRN SIGNATURE. RRN SIGNATURE. Root CA CA

onslow
Download Presentation

Gert roeckx March 2012 Warsaw

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. eid and setup of CA Gert roeckx March 2012 Warsaw

  2. eID Card Types Citizens Kids Foreigners eID card Kids-ID Foreigners’ card

  3. eID Card Content PKI- data Citizen Identity Data ID ADDRESS Authentication Signature RRN SIGNATURE RRN SIGNATURE Root CA CA RRN 140x200 Pixels 8 BPP 3.224 Bytes RRN = National Register number

  4. Issued certificates Total 2003-2011: 34 MIO

  5. Issued certificates 800 K 700 K 600 K 500 K 400 K 300 K 200 K 100 K 01 02 03 04 05 06 07 08 09 10 11 12

  6. OCSP request 07-’11

  7. OCSP request avg/day 2011 180 K 160 K 140 K 120 K 100 K 80 K 60 K 40 K 20 K 01 02 03 04 05 06 07 08 09 10 11 12

  8. Secrets of success • Card for every citizen • Value added for all the actors • Use of eid by gov as a starting multiplier effect • Joined collaboration of public & private

  9. GOV <-> citizen / business Tax-on-Web Ehealth / Social insurance

  10. Business <-> citizen • Banking

  11. eID Certificates Hierarchy Belgium Root CA GlobalSign Admin CA Citizen CA Foreigners ’ CA Government CA CRL CRL CRL CRL Card Admin Cert Admin Auth Cert Sigining Cert Auth Cert Sigining Cert Code Sign Cert RRN Cert Server Cert Card Administration: update address, rekey , store certificates,… Certificates for Government web servers, signing citizen files, public information,…

  12. Policy • CPS (Certificate Practice Statement) = legal document that describes how the CA manages the certificates it issued • CP (Certificate Policy) = document that describes the roles & responsibilities & liability of the different actors • These documents should be agreed (accepted, signed,…) befor the 1 certificate is issued !

  13. IT services • Change – Incident - Capacity management • Demand has increased during past years • OCSP , # certificates • EU demands additional feature (Biometric) • Need of procedures to cope with change in demand • Correct handling of changes, incidents and capacity are the cornerstones of a successful IT service

  14. Security • A PKI is based on TRUST • Challenging Internet environment • A strong rigorous Security Policy is enforced • For example • Both external and internal access is controlled • Physical access only by dual presence • Design of the PKI, off-lineCA’s , …

  15. SLA • Service level agreement • Resultsfrom the business case of the eID • Guarantees the quality of the service • MonitoringControlObjects • OCSP, CRL • Certificateissuance • DefinedKPI’s • SLA forlife ? • If the business case changes • Adapt the service • Adapt the SLA

  16. Auditing & accreditation • WebTrust of CA • SAS 70 • ISO 27002 • National & European law requirements

  17. Thank you ! Gert.roeckx@certipost.com www.certipost.com

More Related