adam ross, ben drisch cryptovision gmbh · adam ross, ben drisch cryptovision gmbh. ... •...
TRANSCRIPT
![Page 1: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/1.jpg)
1cv cryptovision GmbH | T: +49 (0) 209.167-24 50 | F: +49 (0) 209.167-24 61 | info(at)cryptovision.com
cryptovision’s Government Solutions
Adam Ross, Ben Drischcryptovision GmbH
![Page 2: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/2.jpg)
2cryptovision‘s Government Solutions
cryptovision
cryptovisionGelsenkirchen
SubsidiaryNew York City
OfficeSilicon Valley
OfficeMexico City
Office Vienna
![Page 3: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/3.jpg)
3cryptovision‘s Government Solutions
Trend 1:Multi-application
eID Projects
![Page 4: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/4.jpg)
4cryptovision‘s Government Solutions
Trend 1: Multi-application eID projects
Multi-application eID cards are already there
Electronic ID Card Signature Card
Health Insurance Card Company card
Loyalty card
Payment CardAccess Card
![Page 5: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/5.jpg)
5cryptovision‘s Government Solutions
Prepaid SIM Registration
Many countries implementedprepaid SIM registration by law
Key Objectives:• Assist security agencies• Reduce fraud• Support resolving crime• Collect data on phone usage• Offer value add services
![Page 6: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/6.jpg)
6cryptovision‘s Government Solutions
Prepaid SIM Registration
Current processes are slow, unsecure and costly:• Often involves paper-based forms to be filled by applicants• Identification based on traditional IDs (photocopy created)• Biometric fingerprint has to be taken and stored, again• Multiple 100 million pages of paper to be archived• Secure process relies on telecom employees
![Page 7: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/7.jpg)
7cryptovision‘s Government Solutions
Prepaid SIM Registration
Use eID card to• Securely identify the person• Store the prepaid SIM serial number on the eID card for
offline verification of registered SIM cards
![Page 8: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/8.jpg)
8cryptovision‘s Government Solutions
Prepaid SIM Registration
eID ePKI MoC Driving License Transport
Health
Payment
Voting
Appl
icat
ions
Use
r dat
a
Pension Insurance CustomTax
Keys CertificatesPersonal data Fingerprints Additional data
ICAO
SIM
![Page 9: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/9.jpg)
9cryptovision‘s Government Solutions
Trend 1: Multi-application eID projects
ePasslet Suite A Java Card Applet Suite for eID document applications Provides all relevant applications from one solution Supports multi-application configurations
Shared file system, inter-applet communication
Post-issuance activation and applet loading possible Without losing the CC certification
![Page 10: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/10.jpg)
10cryptovision‘s Government Solutions
Trend 1: Multi-application eID projects
ePasslet Suite v3.0 DESFire support for Ticketing/Transport Convergence with M/Chip, VSDC, CPA available eIDAS token functionality Improved flexibility of key and certificate provisioning
Available on NXP JCOP 3 and Veridos SCE 7 (IFX)* 2nd source option for both chip and operating system Certification at EAL 5+ to be concluded end of Q3/2017
* Functional scope may vary
![Page 11: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/11.jpg)
11cryptovision‘s Government Solutions
Trend 2:Smart Cardsand Mobility
![Page 12: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/12.jpg)
12cryptovision‘s Government Solutions
Part 1: Using mobile devices for eIDdocument access
Both OTS mobile hardware as well as custom build devices are used for enrolment and read-out
Trend 2: Smart Cards and Mobility
![Page 13: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/13.jpg)
13cryptovision‘s Government Solutions
Mobile Identity Verification
Key Objectives:• Allow identity verification for police forces
and emergency personnel• Support (temporary) offline scenarios• Non-stationary use
Many countries are looking for mobilesolutions to verify citizens’ identity
![Page 14: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/14.jpg)
14cryptovision‘s Government Solutions
Use eID card to• Read out eID document data• Identify card holder using face and/or fingerprint matching• Support Match-on-Card (for offline usage and privacy)
Mobile Identity Verification
![Page 15: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/15.jpg)
15cryptovision‘s Government Solutions
Mobile Identity Verification
• Fingerprint/PIN management• Read/Write data• Read out ICAO application
Terminal application based on SCalibur SDK
![Page 16: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/16.jpg)
16cryptovision‘s Government Solutions
Trend 2: Smart Cards and Mobility
SCalibur v2.0.0 - cryptovision’s eID middleware SDK Provides all common eID document protocols/mechanisms Easily portable due to Java Also available for mobile devices running Android Client-only and client-server settings supported
All eIDprotocols Biometrics
EACv2 / TR3110
Variousprofiles
Standard compliant
![Page 17: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/17.jpg)
17cryptovision‘s Government Solutions
Trend 2: Smart Cards and Mobility
Some notes on OTS general purpose mobile devices Often problematic antenna design NFC not fully usable
No extended length APDUs (getting better) Not fully compliant to ISO 14443 Sometimes restricted access (iOS – getting better?)
Mobile OSs lack generic interface for card integration
![Page 18: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/18.jpg)
18cryptovision‘s Government Solutions
Trend 2: Smart Cards and Mobility
Mobile devices equipped with SCalibur
Image source: Credence ID
![Page 19: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/19.jpg)
19cryptovision‘s Government Solutions
Part 2: Moving eID applications tomobile platforms
More and more organizations look for mobile smart card alternatives
smart card/eID document
mobile smart card alternative
Trend 2: Smart Cards and Mobility
![Page 20: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/20.jpg)
20cryptovision‘s Government Solutions
Trend 2: Smart Cards and Mobility
Storing signed data and verifying it is easy only needs public key no requirements for secure execution environment
Prevent cloning or storing private keys is hard Requires at least some form of trusted execution environment Ideally supported by dedicated security hardware
![Page 21: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/21.jpg)
21cryptovision‘s Government Solutions
Trend 2: Smart Cards and Mobility
We don’t see a unified mobile solution with security hardware anytime soon
There is the need for a leveled security approach with different security levels for different use case scenarios
contact card
contactless
smart token
mobile
microSD
SIM
built-in
TPM
SGX
chip implant
mobile key store
software smart card emulation
Remote CSP
Credentials Of Various Forms Effectively
Functioning Equivalently
(COVFEFE)
![Page 22: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/22.jpg)
22cryptovision‘s Government Solutions
Trend 2: Smart Cards and Mobility
From the cryptovision labs
Smartcard Reader Device Reader Driver (PCSC)
SmartcardMiddleware
Applications
TPMSmartcard Simulation
ServiceVirtual Reader Driver (PCSC)
Smartcard Middleware Applications
Intel SGX Token Enclave Service
Virtual Reader Driver (PCSC)
Smartcard Middleware Applications
Remote Server (HSM)
Remote Connection
ServiceVirtual Reader Driver (PCSC)
Smartcard Middleware Applications
Mobile Phone (iOS,
Android)
Mobile Connection
ServiceVirtual Reader Driver (PCSC)
Smartcard Middleware Applications
PFX File PFX File Service
Virtual Reader Driver (PCSC)
Smartcard Middleware Applications
Security Level
Credential Orchestration System
![Page 23: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/23.jpg)
23cryptovision‘s Government Solutions
Trend 2: Smart Cards and Mobility
From the cryptovision labs
Virtu
al T
oken
Mod
ule
Virtual Token
Virtual Token
Virtual TokenTPM
SGX
Remote
Virtual Token…
sc/interface
MinidriverPKCS#11
Hardware Token
Smartcard Logon
SSL/TLS
VPN
…
Virtual TokenMobile Phone CMS
Usage of existing smart card based applications
No modification of existing use cases
Virtual token module used to configure different tokens
![Page 24: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/24.jpg)
24cryptovision‘s Government Solutions
Trend 3:eIDAS
![Page 25: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/25.jpg)
25cryptovision‘s Government Solutions
What is eIDAS?
EU regulation on electronic identification and trust services for electronic transactions Goals: amend the regulations on electronic
signatures extend electronic identification improve interoperability of these services
within the EU
Trend 3: eIDAS
![Page 26: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/26.jpg)
26cryptovision‘s Government Solutions
The eIDAS token specification
Is a joint effort between ANSSI and BSI Provides interesting new features for eID
documents: Authorization Extensions Enhanced Role Authentication Pseudonymous Signatures
Trend 3: eIDAS
![Page 27: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/27.jpg)
27cryptovision‘s Government Solutions
Authorization Extensions
Allows for defining access to on-card data based on certificate extensions
Even for future use cases not known at the time of issuance
Trend 3: eIDAS
Example: Adding health data to an eID card
Emergency Data
R
Insurance Plan
R/W
![Page 28: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/28.jpg)
28cryptovision‘s Government Solutions
Enhanced Role Authentication
Enables download of (short term) credentials in a secure online session
Also supports new uses case and increases interoperability
Trend 3: eIDAS
Example: downloading a missing credentialService
Trust
![Page 29: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/29.jpg)
29cryptovision‘s Government Solutions
cryptovision: card implementation on Java Card
HJP: eIDAS for PersoSIM (Open Source eID card simulator)
Governikus: eID Server, eID Client
Trend 3: eIDAS
POSeIDAS
![Page 30: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/30.jpg)
30cryptovision‘s Government Solutions
Trend 4:Additional Biometric
Modalities
![Page 31: Adam Ross, Ben Drisch cryptovision GmbH · Adam Ross, Ben Drisch cryptovision GmbH. ... • Biometric fingerprint has to be taken and stored, ... Simulation Service. Virtual Reader](https://reader031.vdocuments.mx/reader031/viewer/2022022514/5af6e4fa7f8b9a8d1c8f802f/html5/thumbnails/31.jpg)
31cv cryptovision GmbH | T: +49 (0) 209.167-24 50 | F: +49 (0) 209.167-24 61 | info(at)cryptovision.com
Thank you for your attention!
Adam Ross, Ben Drischcryptovision GmbH