A User-centric, Anonymous and Interoperable pan-European eID

1. Pavel Sekanina A User-centric, Anonymous and Interoperable pan-European eID September 13th, 2006

2. Company introduction Description Portfolio Business Data Selected Customers 2

3. ANECT – who are we? We are a major supplier of information and communication systemsand applications relating to convergent networks, their services and security. As a systems integrator, we are active, in particular, in the public administration, commercial and financial institutions and telecommunication operators. We provide professional services from consultation and audits to the design of solutions and project management, the development of applications, the monitoring and maintenance of networks and ICT solutions outsourcing. 3

4. Our portfolio 4

5. …some business data 1993 - floatation of the company (20 employees) 2006 - ANECT has 200 employees in Prague, Brno (Czechland) and Bratislava (Slovakia). CEO – Miroslav Řihák, voted Entrepreneur of the Year 2005 in the Czech Republic 5

6. Selected customers Public administration Ministry of Finance, Ministry of Labor and Social affairs, Ministry of Agriculture, Ministry of Foreign Affairs General Directorate of Customs, ÚZSVM, ČSSZ, … Commercial sector ČP (Czech Insurance), ČP Leasing, Komerční banka, Kooperativa Insurance DHL, ČEZ, IKEA, KIA Motors Slovakia Aliatel, Czech Telecom, Eurotel, Vodafone, … 6

7. Project A User-centric, Anonymous and Interoperable pan-European eID Current state Desired final state Basic schema of the solution Suggested milestones 7

8. Authentication, Authorization, Accounting • Authentication – a process where is established thatPierce Brosnan is really The Pierce Brendan Brosnan • Role - a group of users with the same type of rights • Pierce Brosnan – role James Bond • James Bond group: Thomas Sean Connery, Pierce Brendan Brosnan, George Lazenby, Roger Moore, Timothy Dalton • Authorization – rights to perform certain action, usually based on the role of the person • James Bond – „licence/license to kill“ • editor – has right to cut out “unnecessary” scenes from the movie • Accounting– keeping track of the actions (logs) 8

9. Current status Service provider centric solutions user has to obey and adjust to the rules set up by service provider Government issued eID Austria Belgium Estonia Liberty alliance – identity provider consortium of private companies federated architecture circles of trust EU activities: Modinis-IDM project Results Inflation of identities and passwords Limited use on the international level Potential Security risk caused by user misbehavior 9

10. Targeted result User centric solution Technologically neutral An architecture based on open standards “Anonymous ID” – protecting privacy of user data Standardized measure of the „strength“ of eID e.g. username + password = “weak” - good for on-line chat 2048bit SSL + Secure token = “strong” – good for e-Banking eID is used in the real life: from web chats, e-Shops, e-Libraries, e-Banking to e-government communication on the international level 10

11. Key principles of the solution Independent authentication and authorization To allow mixture of authentication techniques Multiple IDs Access rights managed and stored separately from place where access rights are executed EAD – External Authorization Database Management of the identity base on and stored in the information systems and not in the tokens 11

12. Basic schema 12

13. Suggested milestones Interface design reuse of current standards adding of new necessary rules and missing parts Security policy Architecture of relations between the participants Citizens, Government agencies, Service providers, … Pilot consortium design verification 13

14. Questions (and maybe some answers ) ! ? ? ? 14

15. pavel.sekanina@anect.com