SlideShare une entreprise Scribd logo

Integrating the Belgian e-ID into Android - Gauthier Van Damme - droidcon.be 2011

tcs digital world
tcs digital world
TechnologieBusiness
1  sur  14
Télécharger pour lire hors ligne
Integrating the Belgian e-ID into Android Gauthier Van Damme Karel Wouters Danny De Cock Dries Schellekens Katholieke Universiteit Leuven ESAT/SCD/IBBT-COSIC Droidcon, 2011 ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 1 / 14
Outline 1 The Belgian e-ID card The Belgian e-ID card The open source Belgian e-ID card 2 Building a secure application on Android Secure Elements in Mobile Phones Working with Secure Elements in Android 3 Belgian e-ID for Android Belgian e-ID for Android Opportunities & pittfalls for mobile e-ID ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 2 / 14
Outline 1 The Belgian e-ID card The Belgian e-ID card The open source Belgian e-ID card 2 Building a secure application on Android Secure Elements in Mobile Phones Working with Secure Elements in Android 3 Belgian e-ID for Android Belgian e-ID for Android Opportunities & pittfalls for mobile e-ID ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 3 / 14
The Belgian e-ID card March 31st, 2003: rst Belgian e-ID cards issued Today: almost 10 million cards active Printed information provide for normal citizen identication Java Card application for secure data key storage: PKI based on X.509 v3 certicates Two key pairs per citizen are dened inside this PKI Authentication key pair for client authentication Non-Repudiation key pair for le signature Key usage is PIN protected ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 4 / 14
The e-ID Quick Key Toolset Belgian e-ID application is closed source and rigid ⇒ Open Source version developed for innovation security purposes Can be written on any Java Card Enables creation of e-ID clones Cryptographic keys of course dierent See: http://code.google.com/p/eid-quick-key-toolset/ ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 5 / 14
Outline 1 The Belgian e-ID card The Belgian e-ID card The open source Belgian e-ID card 2 Building a secure application on Android Secure Elements in Mobile Phones Working with Secure Elements in Android 3 Belgian e-ID for Android Belgian e-ID for Android Opportunities pittfalls for mobile e-ID ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 6 / 14
Secure Elements in Mobile Phones Mid-1990s: idea of Secure Element (SE) accessible by mobile phone applications → Securely store data and keys Mostly Java Cards as compatible platform Applications managed by one entity 3 Secure Element versions found today: In SIM, controlled by MNO Embedded in phone, controlled by OEM On microSD card, controlled by card distributor ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 7 / 14
Java Card 2.2.x as Secure Element Compliant to the ISO 7816 standard: Communication done through APDUs Predened le types structure Denes an extensible set of card commands Primitive subset of the Java environment: Data types: boolean, short, string, arrays Packages, classes, interfaces, and exceptions Dedicated libraries for cryptographic operations No garbage collection No multithreading Class les converted to `cap' les, loaded on Java Card → According to Global Platform specications for card management → Each applet unique AID on card ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 8 / 14
Working with Java Cards in Android 1. Develop your Java Card applet load it into the SE Load it into your SE using program of your choice (e.g. GPShell) It will respond to APDUs coming from your mobile phone e.g. Verify PIN, Sign Data, Encrypt Data, etc. 2. Have a smart card driver installed on the phone 3. Develop your android application Need library to access driver Have a SmartCardClient to initialise a smart card connection Initialise your SmartCardClient ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 9 / 14
Working with Java Cards in Android (2) Connect to your application on the smart card Start communicating with your application Don't forget to clean up smart card connection ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 10 / 14
Outline 1 The Belgian e-ID card The Belgian e-ID card The open source Belgian e-ID card 2 Building a secure application on Android Secure Elements in Mobile Phones Working with Secure Elements in Android 3 Belgian e-ID for Android Belgian e-ID for Android Opportunities pittfalls for mobile e-ID ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 11 / 14
Belgian e-ID for Android Used Giesecke Devrient secure microSD card as Java Card Used open source Smart Card driver library Source code further info found at: http://code.google.com/p/seek-for-android/ Contains: Full e-ID clone on microSD card Read functionalities Data le signing Data loading and verictation ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 12 / 14
Opportunities pittfalls for mobile e-ID Authenticated cryptographic primitives ID could enable: + Signing documents mails easily everywhere + Secure authentication to web and other servers + Visual citizen identication: visual/NFC/... + Direct picture or video watermarking + Setting up encrypted communication channels (e.g. in VoIP) Unfortunately: - No visual security measures can be implemented - In case of malware on phone: security card blocking risk → `Always-on' connection! ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 13 / 14
Future Work Current Future work: Extend e-ID for anonymous petition signing on mobile phone Use e-ID in mobile banking application Questions? Acknowledgment: Giesecke Devrient for their support Belgian Government (FEDICT) for the close collaboration ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 14 / 14

Recommandé

Chaithra
ChaithraChaithra
ChaithraChaithra abhimanyu
 
Smart card presentation Subroto das
Smart card presentation Subroto dasSmart card presentation Subroto das
Smart card presentation Subroto dasSubroto Das
 
iXGuard
iXGuardiXGuard
iXGuardTopher Jordan
 
SMART CARDS
SMART CARDSSMART CARDS
SMART CARDSsalman khan
 
CelluonMarketingProspectus041414
CelluonMarketingProspectus041414CelluonMarketingProspectus041414
CelluonMarketingProspectus041414Larry Yurdin
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemSensePost
 
Windows 8 Platform NFC Development
Windows 8 Platform NFC DevelopmentWindows 8 Platform NFC Development
Windows 8 Platform NFC DevelopmentAndreas Jakl
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali OWASP Delhi
 

Recommandé

Chaithra
ChaithraChaithra
ChaithraChaithra abhimanyu
 
Smart card presentation Subroto das
Smart card presentation Subroto dasSmart card presentation Subroto das
Smart card presentation Subroto dasSubroto Das
 
iXGuard
iXGuardiXGuard
iXGuardTopher Jordan
 
SMART CARDS
SMART CARDSSMART CARDS
SMART CARDSsalman khan
 
CelluonMarketingProspectus041414
CelluonMarketingProspectus041414CelluonMarketingProspectus041414
CelluonMarketingProspectus041414Larry Yurdin
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemSensePost
 
Windows 8 Platform NFC Development
Windows 8 Platform NFC DevelopmentWindows 8 Platform NFC Development
Windows 8 Platform NFC DevelopmentAndreas Jakl
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali OWASP Delhi
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpickidsecconf
 
Java card
Java cardJava card
Java cardRavi Jakashania
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam崇倍 洪
 
Smart Card
Smart Card Smart Card
Smart Card Liton Ahmed
 
Smart card
Smart cardSmart card
Smart cardRahul Srivastava
 
Smatcard documentation
Smatcard documentationSmatcard documentation
Smatcard documentationBhadra Gowdra
 
Smart cards
Smart cards Smart cards
Smart cards Punjab College Of Technical Education
 
Case study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarCase study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarAnuj Pawar
 
Smart cart
Smart cartSmart cart
Smart cartYashar Sabir
 
Java card technology
Java card technologyJava card technology
Java card technologyKeerthi Thomas
 
Java card
Java cardJava card
Java cardrcrahul01
 
Fido and Touch ID
Fido and Touch IDFido and Touch ID
Fido and Touch IDSteve Sidner
 
GP_Kashyap_Resume
GP_Kashyap_ResumeGP_Kashyap_Resume
GP_Kashyap_ResumeGyan Prakash Kashyap
 
Smart card
Smart cardSmart card
Smart cardSaumya Ranjan Behura
 
Smart card technology
Smart card technologySmart card technology
Smart card technologyLav Pratap
 
Smart cards
Smart cardsSmart cards
Smart cardsMir Majid
 
Digital signature certificate provider in delhi
Digital signature certificate provider in delhiDigital signature certificate provider in delhi
Digital signature certificate provider in delhieSign DSC
 
SMART CARD BASICS
SMART CARD BASICSSMART CARD BASICS
SMART CARD BASICSkajal
 
Ppt Smart Card
Ppt Smart CardPpt Smart Card
Ppt Smart CardRam Dutt Shukla
 
IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...
IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...
IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...IRJET Journal
 
Internet of things
Internet of thingsInternet of things
Internet of thingstcs digital world
 
Introduction to Android Programming - Steven Palmaers -droidcon.be 2011
Introduction to Android Programming - Steven Palmaers -droidcon.be 2011Introduction to Android Programming - Steven Palmaers -droidcon.be 2011
Introduction to Android Programming - Steven Palmaers -droidcon.be 2011tcs digital world
 

Contenu connexe

Tendances

iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpickidsecconf
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam崇倍 洪
 
Smatcard documentation
Smatcard documentationSmatcard documentation
Smatcard documentationBhadra Gowdra
 
Case study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarCase study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarAnuj Pawar
 
Smart card technology
Smart card technologySmart card technology
Smart card technologyLav Pratap
 
Digital signature certificate provider in delhi
Digital signature certificate provider in delhiDigital signature certificate provider in delhi
Digital signature certificate provider in delhieSign DSC
 
SMART CARD BASICS
SMART CARD BASICSSMART CARD BASICS
SMART CARD BASICSkajal
 
IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...
IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...
IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...IRJET Journal
 

Tendances (20)

iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpick
 
Java card
Java cardJava card
Java card
 
What is smart card on tam
What is smart card on tamWhat is smart card on tam
What is smart card on tam
 
Smart Card
Smart Card Smart Card
Smart Card
 
Smart card
Smart cardSmart card
Smart card
 
Smatcard documentation
Smatcard documentationSmatcard documentation
Smatcard documentation
 
Smart cards
Smart cards Smart cards
Smart cards
 
Case study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj PawarCase study on smart card tech. _Anuj Pawar
Case study on smart card tech. _Anuj Pawar
 
Smart cart
Smart cartSmart cart
Smart cart
 
Java card technology
Java card technologyJava card technology
Java card technology
 
Java card
Java cardJava card
Java card
 
Fido and Touch ID
Fido and Touch IDFido and Touch ID
Fido and Touch ID
 
GP_Kashyap_Resume
GP_Kashyap_ResumeGP_Kashyap_Resume
GP_Kashyap_Resume
 
Smart card
Smart cardSmart card
Smart card
 
Smart card technology
Smart card technologySmart card technology
Smart card technology
 
Smart cards
Smart cardsSmart cards
Smart cards
 
Digital signature certificate provider in delhi
Digital signature certificate provider in delhiDigital signature certificate provider in delhi
Digital signature certificate provider in delhi
 
SMART CARD BASICS
SMART CARD BASICSSMART CARD BASICS
SMART CARD BASICS
 
Ppt Smart Card
Ppt Smart CardPpt Smart Card
Ppt Smart Card
 
IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...
IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...
IRJET- Automated Face Detection and Recognition for Detecting Impersonation o...
 

En vedette

Introduction to Android Programming - Steven Palmaers -droidcon.be 2011
Introduction to Android Programming - Steven Palmaers -droidcon.be 2011Introduction to Android Programming - Steven Palmaers -droidcon.be 2011
Introduction to Android Programming - Steven Palmaers -droidcon.be 2011tcs digital world
 
Direct Marketing and Mobile: THE perfect match! -Viviane Eeckman - droidcon.b...
Direct Marketing and Mobile: THE perfect match! -Viviane Eeckman - droidcon.b...Direct Marketing and Mobile: THE perfect match! -Viviane Eeckman - droidcon.b...
Direct Marketing and Mobile: THE perfect match! -Viviane Eeckman - droidcon.b...tcs digital world
 
Nifty NFC stuff - Michaël Uyttersprot - droidcon.be 2011
Nifty NFC stuff - Michaël Uyttersprot - droidcon.be 2011Nifty NFC stuff - Michaël Uyttersprot - droidcon.be 2011
Nifty NFC stuff - Michaël Uyttersprot - droidcon.be 2011tcs digital world
 
Lessons Learned by a Freelance Android Developer - Claes buckwalter - droidco...
Lessons Learned by a Freelance Android Developer - Claes buckwalter - droidco...Lessons Learned by a Freelance Android Developer - Claes buckwalter - droidco...
Lessons Learned by a Freelance Android Developer - Claes buckwalter - droidco...tcs digital world
 
Tanguy De Lestré, Association Manager, Agoria App Alliance Belgium
Tanguy De Lestré, Association Manager, Agoria App Alliance BelgiumTanguy De Lestré, Association Manager, Agoria App Alliance Belgium
Tanguy De Lestré, Association Manager, Agoria App Alliance BelgiumEurapp
 
From idea to market in 48 hours - Steven Van Bael - droidcon.be 2011
From idea to market in 48 hours - Steven Van Bael - droidcon.be 2011From idea to market in 48 hours - Steven Van Bael - droidcon.be 2011
From idea to market in 48 hours - Steven Van Bael - droidcon.be 2011tcs digital world
 

En vedette (7)

Internet of things
Internet of thingsInternet of things
Internet of things
 
Introduction to Android Programming - Steven Palmaers -droidcon.be 2011
Introduction to Android Programming - Steven Palmaers -droidcon.be 2011Introduction to Android Programming - Steven Palmaers -droidcon.be 2011
Introduction to Android Programming - Steven Palmaers -droidcon.be 2011
 
Direct Marketing and Mobile: THE perfect match! -Viviane Eeckman - droidcon.b...
Direct Marketing and Mobile: THE perfect match! -Viviane Eeckman - droidcon.b...Direct Marketing and Mobile: THE perfect match! -Viviane Eeckman - droidcon.b...
Direct Marketing and Mobile: THE perfect match! -Viviane Eeckman - droidcon.b...
 
Nifty NFC stuff - Michaël Uyttersprot - droidcon.be 2011
Nifty NFC stuff - Michaël Uyttersprot - droidcon.be 2011Nifty NFC stuff - Michaël Uyttersprot - droidcon.be 2011
Nifty NFC stuff - Michaël Uyttersprot - droidcon.be 2011
 
Lessons Learned by a Freelance Android Developer - Claes buckwalter - droidco...
Lessons Learned by a Freelance Android Developer - Claes buckwalter - droidco...Lessons Learned by a Freelance Android Developer - Claes buckwalter - droidco...
Lessons Learned by a Freelance Android Developer - Claes buckwalter - droidco...
 
Tanguy De Lestré, Association Manager, Agoria App Alliance Belgium
Tanguy De Lestré, Association Manager, Agoria App Alliance BelgiumTanguy De Lestré, Association Manager, Agoria App Alliance Belgium
Tanguy De Lestré, Association Manager, Agoria App Alliance Belgium
 
From idea to market in 48 hours - Steven Van Bael - droidcon.be 2011
From idea to market in 48 hours - Steven Van Bael - droidcon.be 2011From idea to market in 48 hours - Steven Van Bael - droidcon.be 2011
From idea to market in 48 hours - Steven Van Bael - droidcon.be 2011
 

Similaire à Integrating the Belgian e-ID into Android - Gauthier Van Damme - droidcon.be 2011

From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...Axel Nennker
 
2024_German_eID_02_Spoofing_PACE_final.pdf
2024_German_eID_02_Spoofing_PACE_final.pdf2024_German_eID_02_Spoofing_PACE_final.pdf
2024_German_eID_02_Spoofing_PACE_final.pdf0xctrlalt
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
What is Eddystone
What is EddystoneWhat is Eddystone
What is Eddystonebfonics
 
Droidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon Berlin
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
 
Ledger Meetup Bitcoin à Tours
Ledger Meetup Bitcoin à ToursLedger Meetup Bitcoin à Tours
Ledger Meetup Bitcoin à ToursJulien Trottier
 
Towards secure smart cities: design and implementation of smart home digital ...
Towards secure smart cities: design and implementation of smart home digital ...Towards secure smart cities: design and implementation of smart home digital ...
Towards secure smart cities: design and implementation of smart home digital ...nooriasukmaningtyas
 
Smartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conferenceSmartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conferenceFilipe Mello
 
KAFA: A novel interoperability open framework to utilize Indonesian electroni...
KAFA: A novel interoperability open framework to utilize Indonesian electroni...KAFA: A novel interoperability open framework to utilize Indonesian electroni...
KAFA: A novel interoperability open framework to utilize Indonesian electroni...TELKOMNIKA JOURNAL
 
Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 James Wu
 
eSIM as Root of Trust for IoT security, João Casal
eSIM as Root of Trust for IoT security, João CasaleSIM as Root of Trust for IoT security, João Casal
eSIM as Root of Trust for IoT security, João CasalAlan Quayle
 
Emergence of IOT & Cloud – Azure by Narendra Sharma at Cloud focused 76th Dev...
Emergence of IOT & Cloud – Azure by Narendra Sharma at Cloud focused 76th Dev...Emergence of IOT & Cloud – Azure by Narendra Sharma at Cloud focused 76th Dev...
Emergence of IOT & Cloud – Azure by Narendra Sharma at Cloud focused 76th Dev...DevClub_lv
 
Biometric electronic wallet for digital currency
Biometric electronic wallet for digital currencyBiometric electronic wallet for digital currency
Biometric electronic wallet for digital currencyeSAT Publishing House
 
Brand New Web3 Wallet
Brand New Web3 WalletBrand New Web3 Wallet
Brand New Web3 Walletssuser7259e6
 
ESP32 CAM Face Detection Door Lock
ESP32 CAM Face Detection Door LockESP32 CAM Face Detection Door Lock
ESP32 CAM Face Detection Door LockIRJET Journal
 

Similaire à Integrating the Belgian e-ID into Android - Gauthier Van Damme - droidcon.be 2011 (20)

From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
From plastic to secured bits. A mobile wallet for virtual cards on the mobil...
 
2024_German_eID_02_Spoofing_PACE_final.pdf
2024_German_eID_02_Spoofing_PACE_final.pdf2024_German_eID_02_Spoofing_PACE_final.pdf
2024_German_eID_02_Spoofing_PACE_final.pdf
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 
What is Eddystone
What is EddystoneWhat is Eddystone
What is Eddystone
 
Droidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhoferDroidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon2013 key2 share_dmitrienko_fraunhofer
 
Security and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) DevicesSecurity and Authentication of Internet of Things (IoT) Devices
Security and Authentication of Internet of Things (IoT) Devices
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
Sbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphonesSbvlc secure barcode based visible light communication for smartphones
Sbvlc secure barcode based visible light communication for smartphones
 
Ledger Meetup Bitcoin à Tours
Ledger Meetup Bitcoin à ToursLedger Meetup Bitcoin à Tours
Ledger Meetup Bitcoin à Tours
 
Towards secure smart cities: design and implementation of smart home digital ...
Towards secure smart cities: design and implementation of smart home digital ...Towards secure smart cities: design and implementation of smart home digital ...
Towards secure smart cities: design and implementation of smart home digital ...
 
Smartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conferenceSmartcard Helsinki Public ID conference
Smartcard Helsinki Public ID conference
 
KAFA: A novel interoperability open framework to utilize Indonesian electroni...
KAFA: A novel interoperability open framework to utilize Indonesian electroni...KAFA: A novel interoperability open framework to utilize Indonesian electroni...
KAFA: A novel interoperability open framework to utilize Indonesian electroni...
 
Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014 Jrsys secure mobile solutions 2014
Jrsys secure mobile solutions 2014
 
eSIM as Root of Trust for IoT security, João Casal
eSIM as Root of Trust for IoT security, João CasaleSIM as Root of Trust for IoT security, João Casal
eSIM as Root of Trust for IoT security, João Casal
 
Workshop eID
Workshop eIDWorkshop eID
Workshop eID
 
Emergence of IOT & Cloud – Azure by Narendra Sharma at Cloud focused 76th Dev...
Emergence of IOT & Cloud – Azure by Narendra Sharma at Cloud focused 76th Dev...Emergence of IOT & Cloud – Azure by Narendra Sharma at Cloud focused 76th Dev...
Emergence of IOT & Cloud – Azure by Narendra Sharma at Cloud focused 76th Dev...
 
Biometric electronic wallet for digital currency
Biometric electronic wallet for digital currencyBiometric electronic wallet for digital currency
Biometric electronic wallet for digital currency
 
Brand New Web3 Wallet
Brand New Web3 WalletBrand New Web3 Wallet
Brand New Web3 Wallet
 
ESP32 CAM Face Detection Door Lock
ESP32 CAM Face Detection Door LockESP32 CAM Face Detection Door Lock
ESP32 CAM Face Detection Door Lock
 
Senior iOS Developer
Senior iOS DeveloperSenior iOS Developer
Senior iOS Developer
 

Plus de tcs digital world

AmbientTalk, a scripting language for Android devices - Dries Harnie, VUB - d...
AmbientTalk, a scripting language for Android devices - Dries Harnie, VUB - d...AmbientTalk, a scripting language for Android devices - Dries Harnie, VUB - d...
AmbientTalk, a scripting language for Android devices - Dries Harnie, VUB - d...tcs digital world
 
Adobe Air for mobile, is it really easy? - Jürgen Coetsiers & Tom Janssens, T...
Adobe Air for mobile, is it really easy? - Jürgen Coetsiers & Tom Janssens, T...Adobe Air for mobile, is it really easy? - Jürgen Coetsiers & Tom Janssens, T...
Adobe Air for mobile, is it really easy? - Jürgen Coetsiers & Tom Janssens, T...tcs digital world
 
Open android apps - Friedger Müffke, Open Intents - droidcon.be 2011
Open android apps - Friedger Müffke, Open Intents - droidcon.be 2011Open android apps - Friedger Müffke, Open Intents - droidcon.be 2011
Open android apps - Friedger Müffke, Open Intents - droidcon.be 2011tcs digital world
 
Application discovery process- Stéphane Guérin, appoke - droidcon.be 2011
Application discovery process- Stéphane Guérin, appoke - droidcon.be 2011Application discovery process- Stéphane Guérin, appoke - droidcon.be 2011
Application discovery process- Stéphane Guérin, appoke - droidcon.be 2011tcs digital world
 
Incubation method for starters - Frank Gielen, IBBT - droidcon.be 2011
Incubation method for starters - Frank Gielen, IBBT - droidcon.be 2011Incubation method for starters - Frank Gielen, IBBT - droidcon.be 2011
Incubation method for starters - Frank Gielen, IBBT - droidcon.be 2011tcs digital world
 
Everyone knows how to code, now try to sell it. - Olga Steidl, SPB Software -...
Everyone knows how to code, now try to sell it. - Olga Steidl, SPB Software -...Everyone knows how to code, now try to sell it. - Olga Steidl, SPB Software -...
Everyone knows how to code, now try to sell it. - Olga Steidl, SPB Software -...tcs digital world
 
When Spider Webs Unite, They Can Tie Up A Lion… - Danny Devriendt, Porter No...
When Spider Webs Unite, They Can Tie Up A Lion… - Danny Devriendt, Porter No... When Spider Webs Unite, They Can Tie Up A Lion… - Danny Devriendt, Porter No...
When Spider Webs Unite, They Can Tie Up A Lion… - Danny Devriendt, Porter No...tcs digital world
 
Handheld hormones - Ramon Suarez - droidcon.be 2011
Handheld hormones - Ramon Suarez - droidcon.be 2011Handheld hormones - Ramon Suarez - droidcon.be 2011
Handheld hormones - Ramon Suarez - droidcon.be 2011tcs digital world
 

Plus de tcs digital world (8)

AmbientTalk, a scripting language for Android devices - Dries Harnie, VUB - d...
AmbientTalk, a scripting language for Android devices - Dries Harnie, VUB - d...AmbientTalk, a scripting language for Android devices - Dries Harnie, VUB - d...
AmbientTalk, a scripting language for Android devices - Dries Harnie, VUB - d...
 
Adobe Air for mobile, is it really easy? - Jürgen Coetsiers & Tom Janssens, T...
Adobe Air for mobile, is it really easy? - Jürgen Coetsiers & Tom Janssens, T...Adobe Air for mobile, is it really easy? - Jürgen Coetsiers & Tom Janssens, T...
Adobe Air for mobile, is it really easy? - Jürgen Coetsiers & Tom Janssens, T...
 
Open android apps - Friedger Müffke, Open Intents - droidcon.be 2011
Open android apps - Friedger Müffke, Open Intents - droidcon.be 2011Open android apps - Friedger Müffke, Open Intents - droidcon.be 2011
Open android apps - Friedger Müffke, Open Intents - droidcon.be 2011
 
Application discovery process- Stéphane Guérin, appoke - droidcon.be 2011
Application discovery process- Stéphane Guérin, appoke - droidcon.be 2011Application discovery process- Stéphane Guérin, appoke - droidcon.be 2011
Application discovery process- Stéphane Guérin, appoke - droidcon.be 2011
 
Incubation method for starters - Frank Gielen, IBBT - droidcon.be 2011
Incubation method for starters - Frank Gielen, IBBT - droidcon.be 2011Incubation method for starters - Frank Gielen, IBBT - droidcon.be 2011
Incubation method for starters - Frank Gielen, IBBT - droidcon.be 2011
 
Everyone knows how to code, now try to sell it. - Olga Steidl, SPB Software -...
Everyone knows how to code, now try to sell it. - Olga Steidl, SPB Software -...Everyone knows how to code, now try to sell it. - Olga Steidl, SPB Software -...
Everyone knows how to code, now try to sell it. - Olga Steidl, SPB Software -...
 
When Spider Webs Unite, They Can Tie Up A Lion… - Danny Devriendt, Porter No...
When Spider Webs Unite, They Can Tie Up A Lion… - Danny Devriendt, Porter No... When Spider Webs Unite, They Can Tie Up A Lion… - Danny Devriendt, Porter No...
When Spider Webs Unite, They Can Tie Up A Lion… - Danny Devriendt, Porter No...
 
Handheld hormones - Ramon Suarez - droidcon.be 2011
Handheld hormones - Ramon Suarez - droidcon.be 2011Handheld hormones - Ramon Suarez - droidcon.be 2011
Handheld hormones - Ramon Suarez - droidcon.be 2011
 

Dernier

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Dernier (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Integrating the Belgian e-ID into Android - Gauthier Van Damme - droidcon.be 2011

  • 1. Integrating the Belgian e-ID into Android Gauthier Van Damme Karel Wouters Danny De Cock Dries Schellekens Katholieke Universiteit Leuven ESAT/SCD/IBBT-COSIC Droidcon, 2011 ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 1 / 14
  • 2. Outline 1 The Belgian e-ID card The Belgian e-ID card The open source Belgian e-ID card 2 Building a secure application on Android Secure Elements in Mobile Phones Working with Secure Elements in Android 3 Belgian e-ID for Android Belgian e-ID for Android Opportunities & pittfalls for mobile e-ID ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 2 / 14
  • 3. Outline 1 The Belgian e-ID card The Belgian e-ID card The open source Belgian e-ID card 2 Building a secure application on Android Secure Elements in Mobile Phones Working with Secure Elements in Android 3 Belgian e-ID for Android Belgian e-ID for Android Opportunities & pittfalls for mobile e-ID ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 3 / 14
  • 4. The Belgian e-ID card March 31st, 2003: rst Belgian e-ID cards issued Today: almost 10 million cards active Printed information provide for normal citizen identication Java Card application for secure data key storage: PKI based on X.509 v3 certicates Two key pairs per citizen are dened inside this PKI Authentication key pair for client authentication Non-Repudiation key pair for le signature Key usage is PIN protected ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 4 / 14
  • 5. The e-ID Quick Key Toolset Belgian e-ID application is closed source and rigid ⇒ Open Source version developed for innovation security purposes Can be written on any Java Card Enables creation of e-ID clones Cryptographic keys of course dierent See: http://code.google.com/p/eid-quick-key-toolset/ ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 5 / 14
  • 6. Outline 1 The Belgian e-ID card The Belgian e-ID card The open source Belgian e-ID card 2 Building a secure application on Android Secure Elements in Mobile Phones Working with Secure Elements in Android 3 Belgian e-ID for Android Belgian e-ID for Android Opportunities pittfalls for mobile e-ID ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 6 / 14
  • 7. Secure Elements in Mobile Phones Mid-1990s: idea of Secure Element (SE) accessible by mobile phone applications → Securely store data and keys Mostly Java Cards as compatible platform Applications managed by one entity 3 Secure Element versions found today: In SIM, controlled by MNO Embedded in phone, controlled by OEM On microSD card, controlled by card distributor ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 7 / 14
  • 8. Java Card 2.2.x as Secure Element Compliant to the ISO 7816 standard: Communication done through APDUs Predened le types structure Denes an extensible set of card commands Primitive subset of the Java environment: Data types: boolean, short, string, arrays Packages, classes, interfaces, and exceptions Dedicated libraries for cryptographic operations No garbage collection No multithreading Class les converted to `cap' les, loaded on Java Card → According to Global Platform specications for card management → Each applet unique AID on card ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 8 / 14
  • 9. Working with Java Cards in Android 1. Develop your Java Card applet load it into the SE Load it into your SE using program of your choice (e.g. GPShell) It will respond to APDUs coming from your mobile phone e.g. Verify PIN, Sign Data, Encrypt Data, etc. 2. Have a smart card driver installed on the phone 3. Develop your android application Need library to access driver Have a SmartCardClient to initialise a smart card connection Initialise your SmartCardClient ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 9 / 14
  • 10. Working with Java Cards in Android (2) Connect to your application on the smart card Start communicating with your application Don't forget to clean up smart card connection ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 10 / 14
  • 11. Outline 1 The Belgian e-ID card The Belgian e-ID card The open source Belgian e-ID card 2 Building a secure application on Android Secure Elements in Mobile Phones Working with Secure Elements in Android 3 Belgian e-ID for Android Belgian e-ID for Android Opportunities pittfalls for mobile e-ID ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 11 / 14
  • 12. Belgian e-ID for Android Used Giesecke Devrient secure microSD card as Java Card Used open source Smart Card driver library Source code further info found at: http://code.google.com/p/seek-for-android/ Contains: Full e-ID clone on microSD card Read functionalities Data le signing Data loading and verictation ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 12 / 14
  • 13. Opportunities pittfalls for mobile e-ID Authenticated cryptographic primitives ID could enable: + Signing documents mails easily everywhere + Secure authentication to web and other servers + Visual citizen identication: visual/NFC/... + Direct picture or video watermarking + Setting up encrypted communication channels (e.g. in VoIP) Unfortunately: - No visual security measures can be implemented - In case of malware on phone: security card blocking risk → `Always-on' connection! ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 13 / 14
  • 14. Future Work Current Future work: Extend e-ID for anonymous petition signing on mobile phone Use e-ID in mobile banking application Questions? Acknowledgment: Giesecke Devrient for their support Belgian Government (FEDICT) for the close collaboration ESAT/SCD-COSIC (KUL) Integrating the Belgian e-ID in Android Droidcon, 2011 14 / 14