pki: the key to electronic identity initiatives? overview of models and examples stijn bijnens, svp...
DESCRIPTION
©2005 Cybertrust. All rights reserved. Governments are in the Driver’s Seat National Initiatives: Citizen ID cards Health Cards Employee Cards of Federal and Local Governments (HSPD 12) Military Card Electronic Driver Licenses (urgent need for standard) International Initiatives: E-passports (ICAO ) Digital Tachograph (Europe)TRANSCRIPT
PKI: The Key to Electronic Identity Initiatives?Overview of models and examples
Stijn Bijnens, SVP Identity Management, Cybertrust
©2005 Cybertrust. All rights reserved. www.cybertrust.com
PKI?
Already around for a long time… Celebrating 30 years of PKI - October 26 2006
A lot of hype in 1999 – 2000 during the dot.com boomAfter the dot.com crash perceived to be :
Highly complex Not integrated in applications Issues with smartcard readers Expensive Not needed PKI == Please Kill It
But, it’s getting a second chance
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Governments are in the Driver’s Seat
National Initiatives: Citizen ID cards Health Cards Employee Cards of Federal and Local Governments (HSPD 12) Military Card Electronic Driver Licenses (urgent need for standard)
International Initiatives: E-passports (ICAO 9303-1) Digital Tachograph (Europe)
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Drivers in Government ID projects
E-government projects: Egov portals require strong authentication
• Tax on web, VAT, etc … Government employees internally
Physical Access Control Buildings, Borders, … First responders
New Applications E-ticketing in public transport
Online Age Verification Chat groups for children
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Models of deployments
OutsourceFull management of the solution 24X7 Monitoring &
Management Full hosting of
required hardware Outsources
performs registration
Co-sourceShared management of the solution Government performs
some of the tasks (i.e. registration procedures)
Outsourcer provides part of the processes and IT infrastructure
Inhouse inhouse deployment of the solution enterprise software
is used Inhouse processes
and procedures
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Examples of National ID solutions
The different models are used today by Governments. The registration process is key.
Outsource
BankID used by governmental portals in Norway
Co-source Inhouse
©2005 Cybertrust. All rights reserved. www.cybertrust.com
BBS – Bankenes BetalingsSentral AS
The Norwegian Banks’ Payments and Clearing Center Norway’s primary clearing house for financial payments Jointly owned by Norwegian banking community
Bank ID Project: Bank-common Trust for web-based Transactions
Business Requirement: Extend proven ‘transaction management’ expertise within a Web-driven
environment Provide centralized trust service for the Norwegian banking community Manage disparate range of financial and merchant organizations Facilitate broadest range of e-business transactions for multiple user
groups Initially focused on 1.6 million ‘Netbank’ users (for online payments)
©2005 Cybertrust. All rights reserved. www.cybertrust.com
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Examples
The different models are used today by Governments. The registration process is key.
Outsource
BankID used by governmental portals in Norway
Co-source Inhouse
Estonia has a public/private operational structure
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Examples
The different models are used today by Governments. The registration process is key.
Outsource
BankID used by governmental portals in Norway
Co-source
Belgian Government provides registration processes
Inhouse
Estonia has a public/private operational structure
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Example 1 : EID in BelgiumCumulative EID Certificates (After Correction)
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
Mar-03
Jun-03
Sep-03
Dec-03
Mar-04
Jun-04
Sep-04
Dec-04
Mar-05
Jun-05
Sep-05
Dec-05
Mar-06
Jun-06
Date
# of
Cer
tific
ates
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Examples
The different models are used today by Governments. The registration process is key.
Outsource
BankID used by governmental portals in Norway
Co-source
Belgian Government provides registration processes
Inhouse
Estonia has a public/private operational structure
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Inhouse solutions at Governments?
Examples : Intelligence & Defense Law enforcement
Trend we see : When it is citizen related --i.e. governments interacting with the
public– governments tend to go for a co-sourced solution :• Estonia• Belgium• Finland• SSP platform for the US Federal Government• …
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Decision Criteria
Costs Leverage a shared infrastructure :
• physical, logical• policies and procedures• accreditation
Time To Market Risk Mitigation
Project Risk Technology Risk (i.e. RSA vs. Elliptic curve) Liability of the Registrar
Use Case (general vs. specific) The more specific use the easier to outsource
©2005 Cybertrust. All rights reserved. www.cybertrust.com
Highly complex Managed services approachOn-demand certificate model
Not integrated in applications Microsoft, Adobe, …
Issues with smartcard readers More standards and off the shelf support
Expensive Economies of scale Outsourcing
Not needed Legal framework, confidentiality, non repudiation -> driven by legislation
Addressing the concerns
©2005 Cybertrust. All rights reserved. www.cybertrust.com
PKI is getting a second chance
Government are the innovators today
Large deployments are reducing the cost
Businesses are picking up the government schemes
The software industry is endorsing it...finally.
New legislation will drive the adoption