A User-centric, Anonymous and Interoperable pan-European eID

Pavel Sekanina

September 13th, 2006

Company introduction

Description Portfolio Business Data Selected Customers

2

3

ANECT – who are we?

We are a major supplier of information and communication systems and applications relating to convergent networks, their services and security.

As a systems integrator, we are active, in particular, in the public administration, commercial and financial institutions and telecommunication operators.

We provide professional services from consultation and audits to the design of solutions and project management, the development of applications, the monitoring and maintenance of networks and ICT solutions outsourcing.

4

Our portfolio

5

…some business data

1993 - floatation of the company (20 employees)

2006 - ANECT has 200 employees in Prague, Brno (Czechland) and Bratislava (Slovakia).

CEO – Miroslav Řihák, voted Entrepreneur of the Year 2005 in the Czech Republic

6

Selected customers

Public administration Ministry of Finance, Ministry of Labor and Social affairs,

Ministry of Agriculture, Ministry of Foreign Affairs General Directorate of Customs, ÚZSVM, ČSSZ, …

Commercial sector ČP (Czech Insurance), ČP Leasing, Komerční banka,

Kooperativa Insurance DHL, ČEZ, IKEA, KIA Motors Slovakia Aliatel, Czech Telecom, Eurotel, Vodafone, …

Project

A User-centric, Anonymous and Interoperable pan-European eID

Current state Desired final state Basic schema of the solution Suggested milestones

7

Authentication, Authorization, Accounting

8

Authentication – a process where is established that Pierce Brosnan is really The Pierce Brendan Brosnan

Role - a group of users with the same type of rights Pierce Brosnan – role James Bond James Bond group: Thomas Sean Connery, Pierce Brendan

Brosnan, George Lazenby, Roger Moore, Timothy Dalton

Authorization – rights to perform certain action, usually based on the role of the person James Bond – „licence/license to kill“ editor – has right to cut out “unnecessary” scenes from the movie

Accounting – keeping track of the actions (logs)

9

Current status

Service provider centric solutions user has to obey and adjust to the rules set up by service

provider Government issued eID

Austria Belgium Estonia

Liberty alliance – identity provider consortium of private companies federated architecture circles of trust

EU activities: Modinis-IDM project Results

Inflation of identities and passwords Limited use on the international level Potential Security risk caused by user misbehavior

10

Targeted result

User centric solution Technologically neutral An architecture based on open standards “Anonymous ID” – protecting privacy of user data Standardized measure of the „strength“ of eID

e.g. username + password = “weak” - good for on-line chat 2048bit SSL + Secure token = “strong” – good for e-

Banking eID is used in the real life:

from web chats, e-Shops, e-Libraries, e-Banking to e-government communication on the international level

11

Key principles of the solution

Independent authentication and authorization To allow mixture of authentication techniques

Multiple IDs Access rights managed and stored separately

from place where access rights are executed EAD – External Authorization Database

Management of the identity base on and stored in the information systems and not in the tokens

12

Basic schema

Authorization manager

Authenticationsystem 1

Authorizationdatabase system

Application data 1

Application data 2

Usercommunication

A&Acommunication

Authenticationsystem 2

user OIDAu-ID1Au-ID2Re-ID1Re-ID2namegroup

Au-ID1

Au-ID2

Re-ID1 xx yy

Re-ID2 aa bb

Au-ID2

Au-ID2

Au-ID1

13

Suggested milestones

Interface design reuse of current standards adding of new necessary rules and missing parts

Security policy Architecture of relations between the participants

Citizens, Government agencies,

Service providers, …

Pilot consortium design verification

14

Questions (and maybe some answers )

???!

pavel.sekanina@anect.com