SlideShare a Scribd company logo
1 of 25
Download to read offline
Govt. Citizen ID
with
           TM
Java Card Platform
Emphasis on the role and relevance of Java Card and
Sun Identity Management Technologies




  Ramesh Nagappan
  Security Technologist, ISV-E
  ramesh.nagappan@sun.com
  http://www.coresecuritypatterns.com/blogs
Undisputed Market Leader in
Multi-Application Smart Cards



              Loyalty
  Corporate
                                   Finance

   Telecom                        Government/Healthcare
                                                            Armed Forces of the
                                                               United States
                                          Photograph

                                                                 Organization
                                                                     Seal




                                                                U.S. Navy
                                                               DoD Civilian
                                      Parker IV,
                                    Last name
                                    First name,J.
                                      Christopher Initial




                                                               Issue Date
                                                 Chip
                                                               September 30 2001
                                                               Expiration Date
                                                               October 1 2001



                                               Identification Card




                        Slide 2                                                    © Sun Microsystems 2009
Introduction to Java Card Technology
Security and Portability with Reliability as Core Value Proposition
• A Programmable Runtime engine for Smart cards
       > Open & Standards-based
       > Built for multi-application
       > Proven security (Enabling on-card PKI/Biometrics credentials based
         Physical/Logical Access Control)
• A future-proof platform for Smart card based services
       > Dynamic application loading
       > Test-suite enforced interoperability
       > Cryptography and Biometrics support
• A reference technology for Smart card issuers
       > Market leader in Security for Government and Citizen ID
       > Market leader in reliability for wireless, banking, ID
       > Choice of multi-sourcing – Obtain cards from multiple vendors
                                        Slide 3               © Sun Microsystems 2007
Java Card Adoption

• 6 Billion Java Card Units deployed                         SIM Cards
   > Variety of form factors                                                     Secure Flash
                                                                                       Memory

• Leader in market segments
      > Telecom (Defacto for SIM card !)
      > Banking (Payment card)                   Passports
                                                                                  USB Tokens

      > ID (Citizen/Govt/Defence/Intelligence)
      > PayTV (Cable/Dish Subscriber card)
      > Transport, Healthcare...

                                                   Smart Cards                  Contactless




                                   Slide 4                   © Sun Microsystems 2007
Java Card vs MULTOS




                Slide 5   © Sun Microsystems 2009
Java Card as Cryptographic Token
PKI enabled Smart cards
• A credit card sized computing device acts as a
  Cryptographic token.
    > Contact / Contactless cards
                                                               Standards
                                                               • ISO-7816
• Allows performing core PKI functions
    > Key generation                                           • Java Card, Multos
    > Public/Private key operations                            • Global Platform
    > PIN/Biometric authentication                             • PC/SC
    > Challenge/response authentication                        • FIPS-201/PIV, CAC
• Supports the use of Public-key infrastructure to             • PKCS#11, PKCS#15
  verify the Identity claim.
                                                               • GSM/PCS
    > PKI credential issuance.
    > Credential validation/verification via OCSP,             • EMV
       CRLs                                                      (Europay/Mastercard/Visa)
• Defends against tampering and hacking.
   > PKI/Private key protection


    Using Smart card based PKI as an Authentication Credential
                                                     Slide 6                         © Sun Microsystems 2007
Java Card as Biometric Token
Java Card based Biometric Identity                          Standards
• Matching to Physiological or Behavioral                   • INCITS 378 / CBEFF (Fingerprints)
  characteristics to identify a person.
                                                            • INCITS 379 (Iris)
    > High degree of assurance with proof of
      presence + proof of possession                        • OASIS BIAS
    > Fingerprints, Facial image/geometry, Iris             • BioAPI
      images can be stored on card.
                                                            • JavaCard BioAPI
    > Match on-card samples to live human
      samples.                                              • FIPS-201 / PIV
• Biometric templates can be stored on Smart
  card for personal identification.
    > Fingerprint template is ~200 bytes
    > Iris template is 500 bytes
• Biometric credential must be exchanged in a
  secure network channel (Trusted path)




Using Smart card based Biometrics as an Authentication Credential
                                                  Slide 7                  © Sun Microsystems 2007
Managing Govt ID Issuance Life-cycle
Identity Management life-cycle events

                                      Identity
                                    Registration



                 Identity                              Identity Enrollment &
                Termination                                Adjudication




                 Credential                                  Card/
                Maintenance                            Credential Issuance



                                  Physical & Logical
                                   Access Control


                                        Slide 8           © Sun Microsystems 2009
Managing Govt ID Issuance Lifecycle
Smartcard issuance life-cycle using Sun Identity Management Suite

                                               Demographic
                                                  Data
                    Physical
                    Access                                              Biometrics
                    Control




                                                Sun
                Logical                        IDMS
                Access
                                                                              PKI
                Control



                            Verified
                           Credentials                       Identity
                               ( Smartcard                   Proofing
                               / Biometrics)

                                                 Slide 9                     © Sun Microsystems 2009
Sun IDM Authorization Workflow
                       Hiring                         Enrollment                                     HR
                      Manager                            Officer                                    Officer
                   Approval/Denial                  Approval/Denial                            Approval/Denial


                                  Biometrics                              Identity
     Applicant                                                                                                 Card Issuance &
                             Breeder Documents                        Proofing &
    Registration                                                                                                  Activation
                                  Enrollment                          Adjudication



                                               HR                                Enrollment                                    Hiring
                                          Manager                                    Officer                               Manager
                                       Approval/Denial                        Approval/Denial                          Approval/Denial


                                                                                                 Physical &
                   Retirement /                       Credential
                                                                                               Logical Access
                   Termination                      Maintenance
                                                                                                Provisioning


• Sun IDM manages the authorization workflow and authority
  approval and denials.
• Sun IDM facilitates digitally signed approvals using Smart card
  based credentials verified against a PKI provider.
                                                               Slide 10                                        © Sun Microsystems 2009
Smart card based Credentials -
Logical Access Control




      Sun Confidential: Sun Employees and Immersion Week 2008 Partner Attendees
                                        Only.                                     11
Sun Rays In a Govt eID Environment


                                 Security
                               Manageability
                                Reliability
                                 Mobility
                                  Value


   Sun Ray supports the use of most eID and
               CAC/PIV Cards
                    Slide 12      © Sun Microsystems 2009
Logical Deployment of Sun Rays
Smartcard based authentication – Virtual/Remote Desktop/Application
environment
    PC & Thin Client users can                  Access layer                    The access tier     Each user desktop      Native protocols
    securely access their remote                controls the user               supports standard   environment runs       are used to access
    desktops & applications from                access and                      Authentication      on a virtual machine   apps.
    any location using PIV Cards.               application profiles.           mechanisms:         located in the
                                                                                                    corporate data         No modification of
                                                It maintains audit              LDAPv3                                     the OS or apps
                                                logs of user and                                    center.
    Once PIV authenticated, the                                                 Active Directory                           required.
                                                app usage.                                          All desktop and
    access tier establishes a                                                   NIS
    display connection to the user              It provides the                                     application
    device and a protocol                       display engine to the           MS Windows          communication
    connection to the back-end                  user desktop.                   Domain              remains in the
              desktop OS and                                                                        data center.
                applications.




                                                                                Combine existing    Windows XP / 2003
                                                 Secure remote                                      Desktop
                                                 access from any                authentication      Virtualization
                                     Firewall




                                                                     Firewall




                                                 location                       and authorization
                                                                                mechanisms          using Sun Rays
                                                                                using Sun IDMS      and Sun VDI
              PIV
    Credential Authentication                    Sun Access Tier                 Identity/Auth.     ESX Virtualization       Applications


        Sun Rays                                                                    Data Center
                                                                   Slide 13                                  © Sun Microsystems 2009
Sun CMT Servers: Wire-speed Security
UltraSPARC T2 offers On-chip Cryptographic Acceleration for PKI Applications

                • Sun UltraSPARC T2 offers industry-
                  leading cryptography performance for
                  PIV environments.
                   > On-chip Crypto threads virtually eliminates large
                     workloads with PKI & Cryptography.
                   > Out-performs competition on SSL and Public-key
                     crypto opertaions
                       > Over 30x greater RSA1024 performance than 2-socket IBM p510

                • Support common used ciphers for
                  Public-key encryption and secure
                  hashing functions
                   > Public-key cryptography (RSA, DSA, Diffie-Hellman, ECC)
                   > Bulk encryption (RC4, DES, 3DES, AES)
                   > Secure hash (MD5, SHA-1, SHA-256)

                                       Slide 14                © Sun Microsystems 2009
Mandatory Access Control and
Security Labels (Solaris TX)




                 Slide 15   © Sun Microsystems 2009
U.S. Department of Defense                                                  Photograph
                                                                                              Armed Forces of the
                                                                                                 United States




• Military ID and Geneva Convention Card                                                           Organization
                                                                                                       Seal




       > Common credentials for verified identity
                                                                                                  U.S. Navy
                                                                                                 DoD Civilian
                                                                        Parker IV,
                                                                      Last name
                                                                      First name,J.
                                                                        Christopher Initial



       > DoD-wide health benefits ID card
       > Physical access and manifesting
                                                                                                 Issue Date
                                                                                   Chip          September 30 2001
                                                                                                 Expiration Date
                                                                                                 October 1 2001




       > Logical access with PKI/digital signature                               Identification Card




• Well established security certification platform with numerous
cards with FIPS-140 ratings
        > High-degree of Security and Assurance
• Supports additional military branch-specific applications at
issuance and post-issuance
• Flexible to support original CAC format, CAC transitional
format and PIV format (evolution of requirements)
• Deployment: +3M active duty units. Over 12M units to date.
Issuing +30K units a day at peek war periods
                                   Slide 16          © Sun Microsystems 2009
US Federal Employee PIV Card
• Presidential Directive 12 (HSPD-12) mandated a
  Federal Government-wide smart card ID program.
      > Use of combined PKI and Biometric credentials
• Dual interfaces for both for Physical and Logical
  access
      > Secure Contact/Contactless access to target
        resources
• To date, all deployed PIV cards are Java Card
      > Conformance to Java Card 2.2.1
• By 2013 over 12 million PIV cards will have been
  issued
• The PIV model is being replicated in the US Federal
  Govt in programs such as Travel Worker Identity
  Program (TWIC), First Responder ID, Immigration
  Cards and potentially Drivers Licensees
                                     Slide 17         © Sun Microsystems 2009
Taiwan Healthcare ID
• National health insurance ID card
• Multi-application smart card
     > Identification, medical profile
       and benefits
     > E-Purse capable
     > Restricted use by other governmental
       agencies to protect privacy
• Supports open standards and
post-issuance of new applications
• 40M Java Cards deployed

                               Slide 18       © Sun Microsystems 2009
Belgium National ID
• First country in EU to deploy citizen ID
card to entire population
• Multi-application Java Card
      > Identification, e-Government Services,
        e-Voting, etc.
      > Filing Tax Returns, Birth Certs, Civil Records
      > Digital Certificates: Authentication, Digital
        Signature
           –   PKCS15 Conformance
      > Commercial Applications: e-Banking, e-
        Ticketing
• Common Criteria EAL 5+ Certified
• Deployment: 40+ Million Java CardsSlide 19             © Sun Microsystems 2009
Thailand National ID Card
• National Citizen ID card to entire population
   > Multi-application Java Card-based Smart Card
   > Personal ID, fingerprints, tax, social welfare and social
     security numbers, agricultural data and healthcare data.
   > Citizens will be able to access eGovernment services at
     e-government kiosks nationwide and by smart card
     readers integrated into desktop computers.
• 60M+ Java Cards deployed



                              Slide 20           © Sun Microsystems 2009
Oman National ID Card
• First country in Middle East to start deploying large-
scale citizen ID Card to entire population
   > Multi-application Java Card-based smart card
     > Provides positive identification with digital photograph, digital
       certificates and biometrics authentication
     > Have plans to add driver’s license, emergency medical data
       and border control applications
• Deployment: 3M+ Java Cards



                                   Slide 21             © Sun Microsystems 2009
United Arab Emirates National ID

• National Citizen ID Card to Entire Population
   > Multi-application Java Card-based Smart Card
     > Positive Identification with Digital Photograph, Digital
       Certificates and Fingerprint Biometrics Authentication
     > Enabled e-Government Services
     > Plans to add Driver’s License, Emergency Medical Data and
       Border Control Applications
• Deployment: +4.5 Million Java Cards


                                Slide 22          © Sun Microsystems 2009
Macau Government ID Card
• Multi-application Java Card-based Smart Card
     > Identification, Border Control, E-Government, E-Commence
       and Public Services Access
     > Driver's License and E-Purse Envisioned in Future
• Secure Laser Engraved Java Cards
     > Facial Image,Signature, and Fingerprint Biometrics
     > PKI/Certificates
• GlobalPlatform-compatible Card Mgt. System



                               Slide 23            © Sun Microsystems 2009
More...Java Card's Govt ID Successes
                      •UK NHS and MoD
                    •Canadian ePassports
                     •Portugal National ID
                       •Qatar National ID
                    •Azerbaijan National ID
                     •Morocco National ID
                      •Finland National ID
                        •Italy National ID
            •Queensland Australia Drivers License
   •And approximately 20 other countries exploring Java Card
                              Slide 24          © Sun Microsystems 2009
Thank You !

Ramesh Nagappan
ramesh.nagappan@sun.com
http://www.coresecuritypatterns.com/blogs



Brian Kowal
Head, Java Card Marketing & Sales
Brian.Kowal@sun.com

More Related Content

What's hot

Documentación ACL - Firewall ASA
Documentación ACL - Firewall ASADocumentación ACL - Firewall ASA
Documentación ACL - Firewall ASAcyberleon95
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
End to end ussd implementation
End to end ussd implementationEnd to end ussd implementation
End to end ussd implementationLalit Gupta
 
Understanding Digital Payments
Understanding Digital PaymentsUnderstanding Digital Payments
Understanding Digital PaymentsSantosh Potadar
 
Fine-grained Data Access Control for Collaborative Process Execution on Block...
Fine-grained Data Access Control for Collaborative Process Execution on Block...Fine-grained Data Access Control for Collaborative Process Execution on Block...
Fine-grained Data Access Control for Collaborative Process Execution on Block...EdoardoMarangone
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 
A10_CompactTrainingv5.pdf (1).pdf
A10_CompactTrainingv5.pdf (1).pdfA10_CompactTrainingv5.pdf (1).pdf
A10_CompactTrainingv5.pdf (1).pdfneoalt
 
USAT : USIM Application Toolkit
USAT : USIM Application ToolkitUSAT : USIM Application Toolkit
USAT : USIM Application ToolkitByeongweon Moon
 
GSMA OneAPI Gateway Launch Presentation
GSMA OneAPI Gateway Launch PresentationGSMA OneAPI Gateway Launch Presentation
GSMA OneAPI Gateway Launch PresentationGSMA OneAPI Gateway
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfKlausSchwegler
 
Aadhar card number
Aadhar card numberAadhar card number
Aadhar card numberaadhar_card
 
study paper on Li-Fi technology
study paper on Li-Fi technologystudy paper on Li-Fi technology
study paper on Li-Fi technologyShowrav Mazumder
 

What's hot (20)

e-SIM
e-SIMe-SIM
e-SIM
 
Documentación ACL - Firewall ASA
Documentación ACL - Firewall ASADocumentación ACL - Firewall ASA
Documentación ACL - Firewall ASA
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
 
End to end ussd implementation
End to end ussd implementationEnd to end ussd implementation
End to end ussd implementation
 
Understanding Digital Payments
Understanding Digital PaymentsUnderstanding Digital Payments
Understanding Digital Payments
 
Fine-grained Data Access Control for Collaborative Process Execution on Block...
Fine-grained Data Access Control for Collaborative Process Execution on Block...Fine-grained Data Access Control for Collaborative Process Execution on Block...
Fine-grained Data Access Control for Collaborative Process Execution on Block...
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and Privacy
 
A10_CompactTrainingv5.pdf (1).pdf
A10_CompactTrainingv5.pdf (1).pdfA10_CompactTrainingv5.pdf (1).pdf
A10_CompactTrainingv5.pdf (1).pdf
 
Smart cards
Smart cardsSmart cards
Smart cards
 
USAT : USIM Application Toolkit
USAT : USIM Application ToolkitUSAT : USIM Application Toolkit
USAT : USIM Application Toolkit
 
GSMA OneAPI Gateway Launch Presentation
GSMA OneAPI Gateway Launch PresentationGSMA OneAPI Gateway Launch Presentation
GSMA OneAPI Gateway Launch Presentation
 
ICICI iMobile
ICICI iMobileICICI iMobile
ICICI iMobile
 
Symbian Os
Symbian OsSymbian Os
Symbian Os
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
 
Wi fi technology
Wi fi technologyWi fi technology
Wi fi technology
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
 
Aadhar card number
Aadhar card numberAadhar card number
Aadhar card number
 
Mobile banking
Mobile bankingMobile banking
Mobile banking
 
Introduction to SIM and USIM
Introduction to SIM and USIMIntroduction to SIM and USIM
Introduction to SIM and USIM
 
study paper on Li-Fi technology
study paper on Li-Fi technologystudy paper on Li-Fi technology
study paper on Li-Fi technology
 

Viewers also liked

Health in the Philippines
Health in the PhilippinesHealth in the Philippines
Health in the PhilippinesRenzo Guinto
 
Making The Connection Part 2 (Government and Citizens)
Making The Connection Part 2 (Government and Citizens)Making The Connection Part 2 (Government and Citizens)
Making The Connection Part 2 (Government and Citizens)Dan Bevarly
 
G2 c mini project(sunanda,shreya,shubham)
G2 c mini project(sunanda,shreya,shubham)G2 c mini project(sunanda,shreya,shubham)
G2 c mini project(sunanda,shreya,shubham)Shreya Chaudhary
 
Introduction to e commerce
Introduction to e commerceIntroduction to e commerce
Introduction to e commerceUtomo Prawiro
 
Government Citizen Engagement Survival Guide
Government Citizen Engagement Survival GuideGovernment Citizen Engagement Survival Guide
Government Citizen Engagement Survival GuideGovLoop
 
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...Nuth Otanasap
 
E-commerce Trends from 2015 to 2016 by Divante
E-commerce Trends from 2015 to 2016 by DivanteE-commerce Trends from 2015 to 2016 by Divante
E-commerce Trends from 2015 to 2016 by DivanteDivante
 
E commerce full notes for mba
E commerce full notes for mba E commerce full notes for mba
E commerce full notes for mba karishma
 
E commerce
E commerceE commerce
E commerceGBC
 

Viewers also liked (14)

Health in the Philippines
Health in the PhilippinesHealth in the Philippines
Health in the Philippines
 
Making The Connection Part 2 (Government and Citizens)
Making The Connection Part 2 (Government and Citizens)Making The Connection Part 2 (Government and Citizens)
Making The Connection Part 2 (Government and Citizens)
 
G2 c mini project(sunanda,shreya,shubham)
G2 c mini project(sunanda,shreya,shubham)G2 c mini project(sunanda,shreya,shubham)
G2 c mini project(sunanda,shreya,shubham)
 
Introduction to e commerce
Introduction to e commerceIntroduction to e commerce
Introduction to e commerce
 
Electronic Government in the GCC Countries
Electronic Government in the GCC CountriesElectronic Government in the GCC Countries
Electronic Government in the GCC Countries
 
Government Citizen Engagement Survival Guide
Government Citizen Engagement Survival GuideGovernment Citizen Engagement Survival Guide
Government Citizen Engagement Survival Guide
 
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
Ec2009 ch07 e government e-learning e-supply chains collaborative commerce an...
 
E-commerce Trends from 2015 to 2016 by Divante
E-commerce Trends from 2015 to 2016 by DivanteE-commerce Trends from 2015 to 2016 by Divante
E-commerce Trends from 2015 to 2016 by Divante
 
E-commerce in India
E-commerce in IndiaE-commerce in India
E-commerce in India
 
E commerce full notes for mba
E commerce full notes for mba E commerce full notes for mba
E commerce full notes for mba
 
Lifts
LiftsLifts
Lifts
 
E commerce
E commerceE commerce
E commerce
 
E commerce
E commerceE commerce
E commerce
 
E commerce ppt
E commerce pptE commerce ppt
E commerce ppt
 

Similar to Government Citizen ID using Java Card Platform

Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for GovernmentCarahsoft
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
SmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technologySmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technologyOKsystem
 
Cidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 FullCidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 Fulllfilliat
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlRamesh Nagappan
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lectureynamoto
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
SmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCMSmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCMOKsystem
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationOKsystem
 
Identity systems
Identity systemsIdentity systems
Identity systemsJim Fenton
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
Mobilized Secure Login - motionQR Use Case
Mobilized Secure Login - motionQR Use CaseMobilized Secure Login - motionQR Use Case
Mobilized Secure Login - motionQR Use CasemotionQR
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCloudIDSummit
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPriyanka Aash
 

Similar to Government Citizen ID using Java Card Platform (20)

Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
User Authentication for Government
User Authentication for GovernmentUser Authentication for Government
User Authentication for Government
 
SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterprise
 
Identity Assertions Draftv5
Identity Assertions Draftv5Identity Assertions Draftv5
Identity Assertions Draftv5
 
SmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technologySmartCard Forum 2009 - New trends in smart-cards technology
SmartCard Forum 2009 - New trends in smart-cards technology
 
Sms passcode
Sms passcodeSms passcode
Sms passcode
 
Cidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 FullCidway Corporate Access 06 2009 Full
Cidway Corporate Access 06 2009 Full
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
SmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCMSmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCM
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authentication
 
Identity systems
Identity systemsIdentity systems
Identity systems
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
 
Mobilized Secure Login - motionQR Use Case
Mobilized Secure Login - motionQR Use CaseMobilized Secure Login - motionQR Use Case
Mobilized Secure Login - motionQR Use Case
 
Biometrics
BiometricsBiometrics
Biometrics
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
 

More from Ramesh Nagappan

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewRamesh Nagappan
 
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Ramesh Nagappan
 
Interoperable Provisioning in a distributed world
Interoperable Provisioning in a distributed worldInteroperable Provisioning in a distributed world
Interoperable Provisioning in a distributed worldRamesh Nagappan
 
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterSecure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterRamesh Nagappan
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Ramesh Nagappan
 
High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...Ramesh Nagappan
 
High Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyHigh Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyRamesh Nagappan
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Ramesh Nagappan
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture reviewRamesh Nagappan
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentRamesh Nagappan
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security ArchitectureRamesh Nagappan
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSORamesh Nagappan
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityRamesh Nagappan
 

More from Ramesh Nagappan (13)

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
 
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005
 
Interoperable Provisioning in a distributed world
Interoperable Provisioning in a distributed worldInteroperable Provisioning in a distributed world
Interoperable Provisioning in a distributed world
 
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterSecure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperCluster
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
 
High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...
 
High Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyHigh Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted Cryptography
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture review
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environment
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security Architecture
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSO
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
 

Recently uploaded

PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 

Recently uploaded (20)

PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 

Government Citizen ID using Java Card Platform

  • 1. Govt. Citizen ID with TM Java Card Platform Emphasis on the role and relevance of Java Card and Sun Identity Management Technologies Ramesh Nagappan Security Technologist, ISV-E ramesh.nagappan@sun.com http://www.coresecuritypatterns.com/blogs
  • 2. Undisputed Market Leader in Multi-Application Smart Cards Loyalty Corporate Finance Telecom Government/Healthcare Armed Forces of the United States Photograph Organization Seal U.S. Navy DoD Civilian Parker IV, Last name First name,J. Christopher Initial Issue Date Chip September 30 2001 Expiration Date October 1 2001 Identification Card Slide 2 © Sun Microsystems 2009
  • 3. Introduction to Java Card Technology Security and Portability with Reliability as Core Value Proposition • A Programmable Runtime engine for Smart cards > Open & Standards-based > Built for multi-application > Proven security (Enabling on-card PKI/Biometrics credentials based Physical/Logical Access Control) • A future-proof platform for Smart card based services > Dynamic application loading > Test-suite enforced interoperability > Cryptography and Biometrics support • A reference technology for Smart card issuers > Market leader in Security for Government and Citizen ID > Market leader in reliability for wireless, banking, ID > Choice of multi-sourcing – Obtain cards from multiple vendors Slide 3 © Sun Microsystems 2007
  • 4. Java Card Adoption • 6 Billion Java Card Units deployed SIM Cards > Variety of form factors Secure Flash Memory • Leader in market segments > Telecom (Defacto for SIM card !) > Banking (Payment card) Passports USB Tokens > ID (Citizen/Govt/Defence/Intelligence) > PayTV (Cable/Dish Subscriber card) > Transport, Healthcare... Smart Cards Contactless Slide 4 © Sun Microsystems 2007
  • 5. Java Card vs MULTOS Slide 5 © Sun Microsystems 2009
  • 6. Java Card as Cryptographic Token PKI enabled Smart cards • A credit card sized computing device acts as a Cryptographic token. > Contact / Contactless cards Standards • ISO-7816 • Allows performing core PKI functions > Key generation • Java Card, Multos > Public/Private key operations • Global Platform > PIN/Biometric authentication • PC/SC > Challenge/response authentication • FIPS-201/PIV, CAC • Supports the use of Public-key infrastructure to • PKCS#11, PKCS#15 verify the Identity claim. • GSM/PCS > PKI credential issuance. > Credential validation/verification via OCSP, • EMV CRLs (Europay/Mastercard/Visa) • Defends against tampering and hacking. > PKI/Private key protection Using Smart card based PKI as an Authentication Credential Slide 6 © Sun Microsystems 2007
  • 7. Java Card as Biometric Token Java Card based Biometric Identity Standards • Matching to Physiological or Behavioral • INCITS 378 / CBEFF (Fingerprints) characteristics to identify a person. • INCITS 379 (Iris) > High degree of assurance with proof of presence + proof of possession • OASIS BIAS > Fingerprints, Facial image/geometry, Iris • BioAPI images can be stored on card. • JavaCard BioAPI > Match on-card samples to live human samples. • FIPS-201 / PIV • Biometric templates can be stored on Smart card for personal identification. > Fingerprint template is ~200 bytes > Iris template is 500 bytes • Biometric credential must be exchanged in a secure network channel (Trusted path) Using Smart card based Biometrics as an Authentication Credential Slide 7 © Sun Microsystems 2007
  • 8. Managing Govt ID Issuance Life-cycle Identity Management life-cycle events Identity Registration Identity Identity Enrollment & Termination Adjudication Credential Card/ Maintenance Credential Issuance Physical & Logical Access Control Slide 8 © Sun Microsystems 2009
  • 9. Managing Govt ID Issuance Lifecycle Smartcard issuance life-cycle using Sun Identity Management Suite Demographic Data Physical Access Biometrics Control Sun Logical IDMS Access PKI Control Verified Credentials Identity ( Smartcard Proofing / Biometrics) Slide 9 © Sun Microsystems 2009
  • 10. Sun IDM Authorization Workflow Hiring Enrollment HR Manager Officer Officer Approval/Denial Approval/Denial Approval/Denial Biometrics Identity Applicant Card Issuance & Breeder Documents Proofing & Registration Activation Enrollment Adjudication HR Enrollment Hiring Manager Officer Manager Approval/Denial Approval/Denial Approval/Denial Physical & Retirement / Credential Logical Access Termination Maintenance Provisioning • Sun IDM manages the authorization workflow and authority approval and denials. • Sun IDM facilitates digitally signed approvals using Smart card based credentials verified against a PKI provider. Slide 10 © Sun Microsystems 2009
  • 11. Smart card based Credentials - Logical Access Control Sun Confidential: Sun Employees and Immersion Week 2008 Partner Attendees Only. 11
  • 12. Sun Rays In a Govt eID Environment Security Manageability Reliability Mobility Value Sun Ray supports the use of most eID and CAC/PIV Cards Slide 12 © Sun Microsystems 2009
  • 13. Logical Deployment of Sun Rays Smartcard based authentication – Virtual/Remote Desktop/Application environment PC & Thin Client users can Access layer The access tier Each user desktop Native protocols securely access their remote controls the user supports standard environment runs are used to access desktops & applications from access and Authentication on a virtual machine apps. any location using PIV Cards. application profiles. mechanisms: located in the corporate data No modification of It maintains audit LDAPv3 the OS or apps logs of user and center. Once PIV authenticated, the Active Directory required. app usage. All desktop and access tier establishes a NIS display connection to the user It provides the application device and a protocol display engine to the MS Windows communication connection to the back-end user desktop. Domain remains in the desktop OS and data center. applications. Combine existing Windows XP / 2003 Secure remote Desktop access from any authentication Virtualization Firewall Firewall location and authorization mechanisms using Sun Rays using Sun IDMS and Sun VDI PIV Credential Authentication Sun Access Tier Identity/Auth. ESX Virtualization Applications Sun Rays Data Center Slide 13 © Sun Microsystems 2009
  • 14. Sun CMT Servers: Wire-speed Security UltraSPARC T2 offers On-chip Cryptographic Acceleration for PKI Applications • Sun UltraSPARC T2 offers industry- leading cryptography performance for PIV environments. > On-chip Crypto threads virtually eliminates large workloads with PKI & Cryptography. > Out-performs competition on SSL and Public-key crypto opertaions > Over 30x greater RSA1024 performance than 2-socket IBM p510 • Support common used ciphers for Public-key encryption and secure hashing functions > Public-key cryptography (RSA, DSA, Diffie-Hellman, ECC) > Bulk encryption (RC4, DES, 3DES, AES) > Secure hash (MD5, SHA-1, SHA-256) Slide 14 © Sun Microsystems 2009
  • 15. Mandatory Access Control and Security Labels (Solaris TX) Slide 15 © Sun Microsystems 2009
  • 16. U.S. Department of Defense Photograph Armed Forces of the United States • Military ID and Geneva Convention Card Organization Seal > Common credentials for verified identity U.S. Navy DoD Civilian Parker IV, Last name First name,J. Christopher Initial > DoD-wide health benefits ID card > Physical access and manifesting Issue Date Chip September 30 2001 Expiration Date October 1 2001 > Logical access with PKI/digital signature Identification Card • Well established security certification platform with numerous cards with FIPS-140 ratings > High-degree of Security and Assurance • Supports additional military branch-specific applications at issuance and post-issuance • Flexible to support original CAC format, CAC transitional format and PIV format (evolution of requirements) • Deployment: +3M active duty units. Over 12M units to date. Issuing +30K units a day at peek war periods Slide 16 © Sun Microsystems 2009
  • 17. US Federal Employee PIV Card • Presidential Directive 12 (HSPD-12) mandated a Federal Government-wide smart card ID program. > Use of combined PKI and Biometric credentials • Dual interfaces for both for Physical and Logical access > Secure Contact/Contactless access to target resources • To date, all deployed PIV cards are Java Card > Conformance to Java Card 2.2.1 • By 2013 over 12 million PIV cards will have been issued • The PIV model is being replicated in the US Federal Govt in programs such as Travel Worker Identity Program (TWIC), First Responder ID, Immigration Cards and potentially Drivers Licensees Slide 17 © Sun Microsystems 2009
  • 18. Taiwan Healthcare ID • National health insurance ID card • Multi-application smart card > Identification, medical profile and benefits > E-Purse capable > Restricted use by other governmental agencies to protect privacy • Supports open standards and post-issuance of new applications • 40M Java Cards deployed Slide 18 © Sun Microsystems 2009
  • 19. Belgium National ID • First country in EU to deploy citizen ID card to entire population • Multi-application Java Card > Identification, e-Government Services, e-Voting, etc. > Filing Tax Returns, Birth Certs, Civil Records > Digital Certificates: Authentication, Digital Signature – PKCS15 Conformance > Commercial Applications: e-Banking, e- Ticketing • Common Criteria EAL 5+ Certified • Deployment: 40+ Million Java CardsSlide 19 © Sun Microsystems 2009
  • 20. Thailand National ID Card • National Citizen ID card to entire population > Multi-application Java Card-based Smart Card > Personal ID, fingerprints, tax, social welfare and social security numbers, agricultural data and healthcare data. > Citizens will be able to access eGovernment services at e-government kiosks nationwide and by smart card readers integrated into desktop computers. • 60M+ Java Cards deployed Slide 20 © Sun Microsystems 2009
  • 21. Oman National ID Card • First country in Middle East to start deploying large- scale citizen ID Card to entire population > Multi-application Java Card-based smart card > Provides positive identification with digital photograph, digital certificates and biometrics authentication > Have plans to add driver’s license, emergency medical data and border control applications • Deployment: 3M+ Java Cards Slide 21 © Sun Microsystems 2009
  • 22. United Arab Emirates National ID • National Citizen ID Card to Entire Population > Multi-application Java Card-based Smart Card > Positive Identification with Digital Photograph, Digital Certificates and Fingerprint Biometrics Authentication > Enabled e-Government Services > Plans to add Driver’s License, Emergency Medical Data and Border Control Applications • Deployment: +4.5 Million Java Cards Slide 22 © Sun Microsystems 2009
  • 23. Macau Government ID Card • Multi-application Java Card-based Smart Card > Identification, Border Control, E-Government, E-Commence and Public Services Access > Driver's License and E-Purse Envisioned in Future • Secure Laser Engraved Java Cards > Facial Image,Signature, and Fingerprint Biometrics > PKI/Certificates • GlobalPlatform-compatible Card Mgt. System Slide 23 © Sun Microsystems 2009
  • 24. More...Java Card's Govt ID Successes •UK NHS and MoD •Canadian ePassports •Portugal National ID •Qatar National ID •Azerbaijan National ID •Morocco National ID •Finland National ID •Italy National ID •Queensland Australia Drivers License •And approximately 20 other countries exploring Java Card Slide 24 © Sun Microsystems 2009
  • 25. Thank You ! Ramesh Nagappan ramesh.nagappan@sun.com http://www.coresecuritypatterns.com/blogs Brian Kowal Head, Java Card Marketing & Sales Brian.Kowal@sun.com