Posted By Detlef Houdeau and Chris Shire, Infineon Technologies
In this post we will shortly review various projects for eID (eGovernment services, eHealth, eDriving License) that are taking place on a national level and on an international and European level discuss cross-border programmes. We’ll explore the impact of new standards on technical requirements including security frameworks, biometric data and data management. And in summary, we will consider the challenges for the eID market from a secure semiconductor point of view.
On June 20th 2003, in the ‘Thessaloniki Declaration’, the European Council agreed upon a coherent approach within the EU for all biometric identifiers and biometric data used in all EU citizen passports, non-EU / European Economic Area (EEA) nationals and for the back office information system .
In the Council Regulation (EC) No 2252/2004, 13th December 2004, a roadmap was published and then issued by the EU Member States (EU-MS) about security features and biometrics in passports and travel documents. Since August 2006 all 27 EU-MS have switched to this new technology and now only issue passports with an embedded security microcontroller, a contactless RF interface (ISO/IEC 14443) plus at least one biometric feature, the facial image of the holder. The new generation of passports requires two fingerprint images by all EU-MS within the Schengen area to be stored – deadline for implementation being June 28th, 2009. Basic Access Control (BAC) protects the core data, while the fingerprint data is secured by Extended Access Control (EAC) security protocols, which are defined by the International Civil Aviation Organization (ICAO 9303, part 1) and the Brussels Interoperability Group (BIG), a working group under the article-6-committee.
The vanguard country for the migration to electronic Machine Readable Passports (eMRP/BAC) was Belgium, who began issuance in November 2004, followed by Sweden in October 2005, Germany in November 2005, United Kingdom in March 2006, France in April 2006, Iceland in May 2006, Austria in June 2006 and Portugal in July 2006. Frontrunners for the second-generation eMRP/EAC are Germany in November 2007 and Latvia in March 2009. The annual replacement rate of MRP with eMRPs is round 10%, with around 25 million pieces across all 27 EU-MS – meaning that from 2016, only eMRPs will be in use by European citizens.
National programmes for eID/eGovernment in Europe
An increasing number and availability of government services and a focus on decreasing identity fraud are prime goals of eID/eGovernment programs. The result is that data starts to run between the citizen and government directly. Main applications in this area would be eGovernment, eDemocracy, eVoting and eBusiness. To facilitate this process, the citizen is required to have some form of electronic identity (eID).
Eight of the 27 EU-MS will have started eID card schemes by the end of 2009. Finland started the process in 2002, Austria and Estonia in 2004, Belgium and Sweden in 2005, and most recently Spain and Italy in 2006 and Portugal in 2007.
All nine eID programs are based on two-factor authentication with a secure token (‘to have’ = identification factor) and a PIN (‘to know’ = authentication) or with Match-on-Card (‘to have’ = authentication factor). Portugal’s government for example, decided that the citizen could use either PIN or Match-on-Card for authentication.
Since 2003 a new application standard has been in development (CEN TS 15480) for identification, authentication and signing (prEN 14890) the European Citizen Card. Parallel to this standard for the secure token, a new standard (ISO/IEC 24727) is in progress, which covers the data on the token, data security, access to the data on the token, and the protocol between the token and reader that addresses the middleware on the client-PC or on the card-reader in the case of class-3 reader. Some EU-MS’s, such as France (2010/11), Germany (2010) and Poland (2011) have announced plans to implement this standard in their upcoming National eID Card programs.
Many governments define eHealth as a subset of eGovernment services, ensuring that any secure token issued must support further services. This is the case with card programmes in Austria (eCard), Italy (CNS) and Portugal (PEGASUS). Other governments have single factor authentication for eGovernment services such as in the UK (GATEWAY), The Netherlands (LIMOSA) and Norway (myPage). In this case only a PIN or password is requested via a website with no token required.
Within the EU member states there is a belief among some governments that a national electronic ID (eID) card should only be implemented after the second-generation ePassport is issued because it would use similar technology to the ePassport. There are two key reasons for this approach:
- Reuse of infrastructure, such as data capturing, PKI, IT-Network, border control systems equals increased efficiency and cost effectiveness;
- Increase security inside the Schengen area, since ID cards will be more difficult to counterfeit.
On average in Europe, about 20 percent of residents have ePassports and about 80-90 percent of residents hold ID cards. In most of the member states, ID cards are mandatory. For travelling in Europe, the ID card is the typical and most popular travel document. Therefore, to increase security at the borders, the ePassport can be an alternative to the eID card for EU residents, when the new border control process is in place.
The first example for a national eID card program was started in Sweden and included new ICAO technology; with eID/eGovernment Services on a national level, but with two physically separate devices in the card.
Sweden started the issuance of this ID1 hybrid card in October 2005.
National programmes for eHealth in Europe
Economic factors are key drivers for eHealth programs in Europe. eHealth ensures a change from paper-based data management of citizens, insurance, medical records and services, to a paperless workflow. These systems require health professionals and insurance organizations to work with digital data and based on this approach, cost reduction in operations and the reduction of fraud must be balanced with privacy and security.
A second important aspect is the political perspective – to protect human capital on a national level and improve services to the citizens.
There are two prime streams for data management in use within Europe:
- Central data management system (data on host);
- De-centralized data management system (data on secure token).
Examples for the first you can find with the UK health professional ‘spine’ card that permit access to patients electronic health records held on a secure national extranet called N3 and in the Spanish system ‘TASS’ for patients and health professionals to identify and access some health records.
Examples for the latter can be seen in France (Sesam Vitale 1G/2G), Germany (KVK, eGK), Slovenia (HIC), Poland (KUZ), and Italy (CNS) used a token to verify identity for medical insurance payments and access medical records.
In addition any data management policy the content of the data is also a characteristic of an eHealth program. Each EU-MS has to select their individual application framework.
Examples in the G5 are:
- Spain: Patients insurance data and employer;
- Italy: Patients prescription, insurance data, eSignature;
- France: Patients and clinical services: prescription, emergency data, insurance data, medical records, eSignature;
- Germany: Patients and clinical services: prescription, emergency data, insurance data, medical records, eSignature;
- UK: Clinicians access to medical records, eSignature.
Single applications with secure tokens on eHealth are currently running throughout Europe in Spain, France, Germany, Poland and Slovenia.
International standards capture electronic health records (ISO/IEC 13606), communication standards (ISO/IEC 18307), framework for identity management (ISO/IEC 24760) and on the eHealth card (CEN TC 251).
National programmes for the eDriving License in Europe
Feasibility programmes have been done in the past, for example in the Netherlands (2009), based on the new international standard for eDriving licences, ISO/IEC 18013. Discussions at transport ministries on eDriving licenses have also taken place in Spain and Sweden. The business case for an eDriving License will be defined at the national level by EU-MS and may for example be linked to driver entitlements, road tolling or traffic law infringement ‘points’, in addition for the need to identify the driver when an eID is not available.
European Programmes, with a focus on cross border services
Within the EU-MS, citizens may move freely to visit, work, study, live and retire. The services of their native state must be available to them in any location with functions provided by the local government services. To facilitate this service, different directorates and units of the European Commission have various programmes running. The following table is not a complete summary, but an impression, on the various topics the EC is working on:
- ICT/LSP STORK: (Secure idenTity acrOss boRders linKed) eID/eGovernment Services cross border project funding; started 2008 is working on electronic gateways for identity credentials to be authenticated across the EU
- ELSA: European Large Scale Action; is the program beyond STORK; starting 2010 looking at electronic identity management (eID) infrastructure More information here.
- ICT/LSP epSOS: eHealth Services cross border interoperability; funding; started 2008 has 26 members from 12 countries to develop a practical eHealth framework infrastructure that will enable secure access to patient health information patient summaries and ePrescriptions between different European healthcare systems
- PEPPOL: eSignature Services cross border; focus on B-2-B; funding; started 2008 (Pan-European Public eProcurement On-Line) has 8 countries looking at using eID for facilitate online authentication of transactions
- NetC@rd: Cross border cost reimbursement of health services; funding; started in 2004 to introduce the pilot eEHIC: electronic European Health Insurance Card (previous E111 document); application by a consortium of 15 EU-MS in 2010 see http://www.netcards.eu
- HPRO: is investigating the creation of a federated network of health professional registration; the feasibility study; by a French and Belgian consortium started in 2008 for 18months to allow free movement of clincians and recognition of their expertise by different health authorities, http://www.hprocard.eu/
- MEDEA+/BioP@ss: biometric authentication for Internet services with secure tokens, funding; started in 2008 and is looking at standardizing the European Citizen Card program www.medeaplus.org
- TURBINE: Trusted Revocable Biometric IdeNtitiEs is working on improving the quality and reliability of fingerprints for use in eID applications; started in 2008 with a consortium of 10 partner organizations http://www.turbine-project.eu
- EPAIC: An initiative and working group (The PortIDS Consortium) including Trasys and Qinetiq to increase the security at sea ports in Europe; are looking at the development of a European Port Access Identification Card.
The EU, in conjunction with programmes such as the EU IST 7th framework and EU justice directorate, fund numerous projects to improve the lives and security of it citizens. The overall implication is that there will be more effort and funding in this sector over the next decade.
Challenge for the security industry – a semiconductor point of view
The identification of new market requirements with regard to memory size, performance, interfaces and security is key. Take a look at memory size: The first generation biometric passports (in 2005) needed 32k bytes EEPROM in a contactless microcontroller to store basic data and a photo of the face. The second generation biometric passports required around 64k bytes EEPROM to store additional two finger scans and an access key in the contactless microcontroller. New national eID card programs in France (2011), Germany (2010) and Czech Republic (2011) request 100k bytes or more EEPROM to allow space for further applications, which may be loaded post issuance.
And finally, one must never forget the issue of security. Authorities are now considering the life cycles for RSA_1024 and SHA_1, with a trend away from 3key/3DES to AES. Thanks to increasingly powerful and sophisticated attacks on the basic silicon to extract keys and data, semiconductor manufacturers too must develop more powerful security devices.