Advertisement

Using the NETC@RDS Approach as a Basis for Cross-Border Electronic Authentication

  • George Pangalos
  • Noel Nader
  • Ioannis Pagkalos
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 399)

Abstract

Many countries, European and worldwide, have increasingly issued during the last decade electronically readable identity documents to their citizens, for different purposes and applications. However, a major characteristic of all these systems is that they are basically available in a national context. For example, European citizens that move freely through the Member-States face the problem that their eIDs from their home state do not allow access to services of another Member-State in which they are temporarily present. Public Administrations are also unable to provide services to European citizens from other Member-States with the same ease and efficiency as they do to their national citizens. In order to avoid such confusing situations, cross-border services should be fully integrated in the national/regional and local information systems. It is, therefore, an important task to improve the cross-border interoperability of electronic identification and authentication systems. ENISA, the European agency for the security of computer systems and networks, recently published a report dealing with an important aspect of this problem: the security issues in cross-border electronic authentication. The report assesses the risks of electronic authentication in cross-border solutions and provides a generic implementation model. This paper describes an implementation methodology for addressing the cross-border interoperability of electronic authentication problem, based on the ENISA generic model. The proposed implementation methodology has been based on the successful NETC@RDS project approach and experience, described herein. This methodology can provide a suitable secure cross-border, multi-purpose authentication implementation based on the aforementioned generic model that can be used in various sectors.

Keywords

Electronic authentication cross border authentication security 

References

  1. 1.
    Security Issues in Cross-border Electronic Authentication - ENISA (February 2010), http://www.enisa.europa.eu/activities/identity-and-trust/privacy-and-trust/eid/xborderauth
  2. 2.
    The NETC@RDS project, http://www.netcards.eu
  3. 3.
    European Union: Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market Google Scholar
  4. 4.
    European Union: Regulation (EC) No 883/2004 of the European Parliament and of the Council of 29 April 2004 on the coordination of social security systems Google Scholar
  5. 5.
    European Union: Administrative Commission of the European Communities on Social Security for Migrant Workers – Decision No 189 of 18 June 2003 Google Scholar
  6. 6.
    European Union: Administrative Commission of the European Communities on Social Security for Migrant Workers – Decision No 190 of 18 June 2003 Google Scholar
  7. 7.
    ENISA, 2008: Mapping IDABC Authentication Assurance Levels to SAML v2.0 – Gap analysis and recommendationsGoogle Scholar
  8. 8.
    ENISA, 2009: Report on the state of pan-European eIDM initiativesGoogle Scholar
  9. 9.
    ENISA, 2009: Privacy Features of European eID Card SpecificationsGoogle Scholar
  10. 10.
    ICAO: DOC 9303 Part 1 Volume 1, Passports with Machine Readable Data Stored in Optical Character Recognition FormatGoogle Scholar
  11. 11.
    ICAO: DOC 9303 Part 1 Volume 2, Specifications for Electronically Enabled Passports with Biometric Identification Capability Google Scholar
  12. 12.
    ICAO: PKD Regulations for the ICAO Public Key Directory Google Scholar
  13. 13.
    ICAO: Memorandum of Understanding regarding Participation and Cost Sharing in the electronic Machine Readable Travel Documents ICAO Public Key Directory (ICAO PKD)Google Scholar
  14. 14.
    ICAO: PKD Procedures for the ICAO Public Key DirectoryGoogle Scholar
  15. 15.
    ICAO: ICAO PKD Terms and ConditionsGoogle Scholar
  16. 16.
    Hartmann, Körting, Käthler: A Primer on the ICAO Public Key Directory (2009)Google Scholar
  17. 17.
    Bundesamt für Sicherheit in der Informationstechnik: BSI Standard 100-1Infomation Security Management Systems (ISMS)Google Scholar
  18. 18.
    Bundesamt für Sicherheit in der Informationstechnik: BSI Standard 100-2 IT-Grundschutz MethodologyGoogle Scholar
  19. 19.
    Bundesamt für Sicherheit in der Informationstechnik: BSI Standard 100-3 Risk Analysis based on IT-GrundschutzGoogle Scholar
  20. 20.
    IDABC: Common specifications for eID interoperability in the eGovernment context, http://ec.europa.eu/idabc/en/document/6484/5938
  21. 21.
    ICT-PSP STORK: D2.1 - Framework Mapping of Technical/Organisational Issues to a Quality Scheme, http://www.eid-stork.eu/index.php?option=com_processes&Itemid=60&act=streamDocument&did=579
  22. 22.
  23. 23.
  24. 24.
  25. 25.
    CEN: CWA 15974:2009 (E) Interoperability of the electronic European Health Insurance Cards (WS/eEHIC) Google Scholar
  26. 26.
    Sušelj, M., Zuffada, R.: Netc@rds for e-EHIC - a Step Towards the Introduction of the European Health Insurance Card (2005)Google Scholar
  27. 27.
    ISO/IEC 27002 Information technology - Security techniques - Code of practice for information security managementGoogle Scholar
  28. 28.
    The NETC@RDS Security Policy, Deliverable D.5 (2011), http://www.netcards.eu
  29. 29.
    IDABC: EESSI (Electronic Exchange of Social Security Information) Website, http://ec.europa.eu/idabc/en/document/7189/
  30. 30.
    European Union: Council Regulation (EC) No 1408/71 of 14 June 1971 on the application of social security schemes to employed persons, to self-employed persons and to members of theier families moving within the Community Google Scholar
  31. 31.
    European Community: Decision No. 189 of 18 June 2003 of the Administrative Commision of the European Communities on Social Security for Migrant Workers Google Scholar
  32. 32.
    HPRO Card: Website, http://hprocard.eu
  33. 33.
    STORK: Website, http://www.eid-stork.eu
  34. 34.
    ICAO: ICAO PKD Interface SpecificationsGoogle Scholar
  35. 35.
    Council of Europe: The European Convention on Human Rights and its five Protocols, Rome 4 November 1950 Google Scholar
  36. 36.
    European Union: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Google Scholar
  37. 37.
    European Union: Directive 2005/36/EC of the European Parliament and of the Council of 7 September 2005 on the recognition of professional qualifications Google Scholar
  38. 38.
  39. 39.
    The ENED network, http://www.ened.eu

Copyright information

© International Federation for Information Processing 2013

Authors and Affiliations

  • George Pangalos
    • 3
  • Noel Nader
    • 2
  • Ioannis Pagkalos
    • 1
  1. 1.Department of Electrical and Computer EngineeringAristotle University of ThessalonikiGreece
  2. 2.Direction des Programmes, International Projects CoordinatorGIE SESAM-VitaleFrance
  3. 3.Informatics Laboratory, General Dept. Faculty of TechnologyUniversity of ThessalonikiGreece

Personalised recommendations