by Maik Breilmann | Oct 25, 2023
cryptovision delivered smart card solution for the POSeIDAS project
The challenge for BSI
eIDAS is the EU regulation for digital signatures. In 2016, eIDAS replaced national laws such as the German Signature Act. eIDAS is intended to simplify the handling of digital signatures and make the entire technology more attractive. As is usual with such laws, eIDAS only sets a general framework, while the technical details are left to further regulations and standards.
The Federal Office for Information Security (BSI) and its French counterpart ANSSI are among the first to develop technical details for eIDAS. Together, they have developed an eIDAS-compliant smart token specification based on the technology of the German identity card (TR-03110): the eIDAS Token.
The BSI has also awarded a project called POSeIDAS to cryptovision, HJP Consulting and Governikus. This project is about three things:
- Implementation of an eIDAS token as smartcard
- Implementation of a software that simulates the functions of an eIDAS token.
- Implementation of an eIDAS server as a prototype
Our solution for BSI
cryptovision supplied the smart card solution for the POSeIDAS project. This is the first implementation of the eIDAS functions on a card chip. This solution uses the cryptovision product ePasslet Suite, a modular Java Card-based framework for multifunctional identity documents. ePasslet Suite, which is already used in over 20 eID projects worldwide, offers Java Card applets for passports, eID cards, electronic driving licenses, signature cards and other applications. As part of the POSeIDAS project, cryptovision enhanced the ePasslet Suite with a number of eIDAS token-specific features, including pseudonymous signatures, Chip Authentication (CA) 3 and Enhanced Role Authentication (ERA). Now that ePasslet Suite supports the full range of eIDAS token functionality, it is the first solution on the market to build eIDAS token-compliant identity documents.
HJP-Consulting was the prime contractor for the project and contributed an eIDAS token implementation in software based on its open source eID card simulator PersoSim. Governikus provided POSeIDAS with an eID server (also open source) and a corresponding eID client.
Further information
Information about the eIDAS token and POSeIDAS can be found in the article Neue Signaturgesetzgebung: Sind aller guten Dinge drei? by Klaus Schmeh, published in der Datenschutz und Datensicherheit 1/2017.
More reference from this branch
Secure solutions for digital identities
EVIDEN CREDENTIAL MANAGEMENT
EVIDEN SECURE ELEMENTS & S/W
EVIDEN SECURITY APPLICATIONS
by Maik Breilmann | Oct 25, 2023
Our middleware is an important building block in the Nigerian eID system
The challenge for Nigeria
With over 180 million inhabitants, Nigeria is the most populous country in Africa. As part of an ambitious initiative, all adult Nigerians are currently receiving electronic ID cards. These eID cards are used for numerous applications: identification, border control, digital signing, payment and more.
As Nigeria has many inhabitants, the Nigerian eID card project is one of the largest of its kind in the world. In addition to eID, NIMC has launched several other identity management projects. The goal is to build a modern citizen database that will facilitate the governance of this vast country.
Our solution for Nigeria
cryptovision plays an important role in the Nigerian eID card project. The Gelsenkirchen-based company is responsible for setting up the public key infrastructure (PKI), which is used for the card itself as well as for the card infrastructure. It is one of the largest PKIs ever built. It includes at least eight certification bodies that issue certificates to more than 100 million cardholders. The product used to operate the CAs is CAmelot from cryptovision. NIMC chose CAmelot because this solution is also suitable for very large PKIs and is also extremely flexible. In particular, CAmelot supports the CV certificates which are indispensable for electronic ID cards.
Most applications of the Nigerian eID card are realized with the cryptovision product ePasslet Suite. Five card applications are used in the first step: identity verification, authentication and signature, travel document, fingerprint verification and payment. Five more applications are planned for the near future.
More references from this branch
Secure solutions for digital identities
EVIDEN CREDENTIAL MANAGEMENT
EVIDEN SECURE ELEMENTS & S/W
EVIDEN SECURITY APPLICATIONS
by Maik Breilmann | Oct 25, 2023
cryptovision realized the identity card and the passport of Ecuador
The challenge for Ecuador
The South American state of Ecuador has proclaimed (under the patronage of several ministries) an initiative for digital administration with improved e-government services for the population. Part of this project is an electronic identity card and a new electronic passport for the country’s 16 million inhabitants. The passport is also politically important, as Ecuador wants to be included in the group of non-EU countries whose citizens are allowed to enter the Schengen area without a visa – a modern passport is absolutely necessary for this.
The ID card and passport project was initially managed by the IGM (Instituto Geográfico Militar), which has been responsible for the production of identity documents in Ecuador since the 1980s. At the moment, the Foreign Ministry of Cancillería is in charge.
Our solution for Ecuador
After IGM had had several bad experiences with eID providers, it was decided to try cryptovision again. The main reason for choosing cryptovision was that the company relies completely on open standards. A so called vendor lock-in (the customer is dependent on a certain provider, because only his solutions are compatible with the existing environment), as it happened before, was excluded from the outset.
In the meantime, cryptovision has realized the electronic identity card of Ecuador and the electronic passport there with the help of the product ePasslet Suite. The products Camelot, SCinterface and SCalibur are also used.
More references from this branch
Secure solutions for digital identities
EVIDEN CREDENTIAL MANAGEMENT
EVIDEN SECURE ELEMENTS & S/W
EVIDEN SECURITY APPLICATIONS
by Maik Breilmann | Oct 25, 2023
The PKI of the GhanaCard is one of the most modern in the world
The challenge for Ghana
With almost 30 million inhabitants, Ghana is an important city in West Africa. Thanks to political stability and numerous mineral resources, the economic situation has improved significantly in the last two decades, making Ghana one of the best developed countries in sub-Saharan Africa.
As an important project for the future, the Ghanaian government has launched an electronic identity card, the GhanaCard. The GhanaCard is a document with many applications. It can not only be used as an identity document – like any ID card – but also as a passport replacement within the West African ECOWAS region. In addition, the GhanaCard enables strong two-factor authentication – as a secure password replacement for online services. Digital signing of electronic documents is also possible with this card. With the GhanaCard it is even possible to pay – and citizens have the option of activating this function after issuing the card.
The Ghanaian government has ambitious goals for the GhanaCard. Within 12 months a total of 16 million cards are to be issued to the citizens of the country.
Our solution for Ghana
For the realization of the GhanaCard, the Ghanaian government relies on cryptovision technology. Both the software on the GhanaCard as well as the associated public key infrastructure (PKI) and the token-based access to the PKI were implemented by cryptovison. The PKI of the GhanaCard, which was developed for 16 million certificate holders, is one of the most modern certificate management systems worldwide. It comprises several certification authorities and several certificates on each card.
On 15 September 2017, Ghanaian President Nana Akufo-Addo received the first GhanaCard.
More references from this branch
Secure solutions for digital identities
EVIDEN CREDENTIAL MANAGEMENT
EVIDEN SECURE ELEMENTS & S/W
EVIDEN SECURITY APPLICATIONS
by Maik Breilmann | Oct 25, 2023
Thanks to PKIntegrated the effort for the PKI of HR could be minimized
The challenge for HR
The Hessischer Rundfunk (HR) campus in Frankfurt offers numerous cable-supported and wireless access points to the station’s local network. The same applies, albeit to a lesser extent, to other HR locations. Since such accesses often allow hackers to penetrate, they are usually protected with encryption and passwords. However, managing the numerous keys and passwords in a larger network is a tedious and confusing task that is also a nuisance for users of the access points.
With the 802.1x technology, however, there is a proven solution that enables central and user-friendly management of network access. HR decided to implement it. 802.1x is based on digital certificates and therefore requires a public key infrastructure (PKI).
Our solution for HR
Since Hessischer Rundfunk has been using the identity management solution from Micro Focus (formerly Novell) for decades, the PKI solution PKIntegrated from cryptovision was the obvious choice. This is the only solution on the market specifically designed for the identity management of Micro Focus and integrated into it. Thanks to PKIntegrated, the effort for implementing and operating the necessary PKI could be minimized.
This year the HR will be migrated from PKIntegrated to the cryptovision product CAmelot. The use of the virtual smartcard supported by the smartcard middleware SCinterface is also planned as part of a pilot operation.
More references from this branch
Secure solutions for digital identities
EVIDEN CREDENTIAL MANAGEMENT
EVIDEN SECURE ELEMENTS & S/W
EVIDEN SECURITY APPLICATIONS
