European Electronic Identity Practices

Country Update of ……………Speaker:Date:

CA organisation

• Responsible CA organisation:

• The background of the organisation (private/public):

• Description of the existing CA infrastructure (e.g. registration authority, card factory etc):

Status of National legislation on eID

• Are eID specific regulations enacted and in place? Yes/No

• Name and date of the regulation(s):• Main elements of the regulatory system

regarding:– liability– redress mechanisms– cross-border recognition – other (please specify)

Status of National deployment of eID

• Name of the project: • Plans, piloting or implementation?

• Is the card obligatory? Yes/No

• Starting date of issuance:

Status of National deployment of eID

• Envisioned total number of cardholders:• Number of cards/certificates issued by 31-10-

2004:• Number of inhabitants:• Yearly growth rate (percentage):• Expected number of cards/eID certs by end

of 2007:

Status of national deployment of eID

• Basic functionalities of the eID card:- official ID document: Yes/No - European travel document: Yes/No - support of on-line access to e-Services: Yes/No

• Validity period of the card/certificates:

Status of national deployment of eID

• Price in Euros of the cards:- for the citizen:- for the card issuer: - price for the card reader and software:- any additonal costs for the user/relying party:

• From whom and how may the citizen obtain the end/user packages

Basic ID function

• What cardholder data is electronically stored in the card: - national identifier- family name, given name - sex - date of birth - nationality - others ........

Basic ID function

• Are these data elements in a dedicated data file? Yes/No - Is the file ’openly accessible’? Yes/No - If not, how is the file protected? PIN or Biometrics - Does the data file comply with the ICAO LDS?

• Is the personal data (also) held in a certificate? Yes/No

Basic Authentication function

• What Cardholder Verification mechanism is used: - PIN? Yes/No - Biometrics? Yes/No- If Yes, what biometrics?- If No, is introduction of biometrics envisioned?

• Is there a PKI supported cardholder authentication mechanism?

• Is there a mutual device authentication mechanism?

Basic Signing function

• Is a PKI supported signing mechanism (certificate and keypair) present for e-transaction services (non –repudiation)?

eID based services

• What kind of services (include examples) are accessible to cardholders based on acceptance of the cards / eID Certificates:

• Total number of eID based services accessible by cardholders by 31.10.2004:

• Goal (in numbers/ percentage) of eID based services to be accessible to cardholders by the end of 2007:

eAuthentication Business models; financial

• What are the Charging/Revenue mechanisms?• What charges are levied for use of the card?• Is there a charge for checking certificates and if

so who pays for this?• Has a cost benefit analysis been compiled for

the eID scheme? If yes what are the main conclusions?

• Is there a study report available?

eAuthentication Business models; public/private partnership

• Are non government bodies allowed to use the IAS or other card functions in support of their services?

• Is the card a multi-application smart card? Yes/No– If No, are there any plans for this and in what

timeframe?– If Yes, what percentage of the deployed card base is

multi-application smart card enabled?– If Yes, are additional services (other than core IAS)

loaded pre-issue or post issue or both?

eAuthentication Business models; public/private partnership

• What is the level of usage of supported services (number of transactions per card per year)?

• What is the approach to and experience with card branding?

eAuthentication Business models; cross border usage

• Are there agreements with other national smart card issuers for mutual recognition of cards? (Status of Memorandum of Understanding (MOU) with other CAs)– If Yes, what countries are concerned and when

was agreement made?– If Yes, what is the current level of usage (average

number of cross-border transactions per card used cross-border per year for each of the countries and services concerned)?

Other Interoperability issues

• What is the level of Current Compliance with each of the following international standards or group activities (Full/Planned/None):

– CWA eAuthentication (under development):

– CWA 14890 Secure Signature creation device:

– CEN 224 –15 European Citizen Card (under development):

– ISO/IEC JTC1 SC 37 biometric standards:

– ISO/IEC JTC1 SC 17 IS 24727 (under developmment):

– ICAO recommendations:

• If none or planned, what is the respective target date for compliance?

Current use and plansin Biometrics (if applicable)

• Technical solution(s): – Signature, Fingerprint, Face Recognition, Hand Geometry– Iris, Retina, Voice Recognition

• Type of project(s):– Evaluation, Pilot for Trial, Working application

• Application areas:– Border Control, Immigration – Driver License, National ID, Healthcare, Voter registration– VPN– Physical access– Computer logon – Local government services (please specify)

Next plans

• ?

Lessons learned so far

• ?

Porvoo Group cooperation issues

• List of issues to be overcome and recommended Porvoo Group members actions that would support accelerated deployments:

Example: Issue: How to make it easier for the citizen to get hold of and implement end user packages?Proposed Action(s): Joint Co-op letter to PC manufacturers or relevant software providers?

More information

• Web-pages for the project/eID issues:

• email:

Thank You!