Digital identity

07/04/24

IAS-ECC technology and cards

On 23 September 2008, the “Identification, Authentication and Signature” (IAS) project was officially transferred from the Direction Générale de la Modernisation de l'État (DGME) to the Agence Nationale des Titres Sécurisés (ANTS).

As such, the ANTS is now responsible for:

developing, disseminating and promoting the IAS standard
managing the IAS card driver development project (middleware)
defining a functional compliance programme for IAS cards and readers

In order to make the French specifications (IAS) compatible with the European standards (ECC), the ANTS, together with the GIXEL group (a smart card industry group), created the IAS-ECC specification.

The ANTS has also upgraded the IAS middleware to the new IAS-ECC technology.

New versions of the IAS-ECC middleware are published on this site as they become available, so that the middleware can keep pace with the industrial development of smart cards.

Why a card/middleware driver?

The IAS-ECC middleware, or IAS-ECC card driver, is software installed on the user's workstation that enables client applications to use the functions of cards compliant with IAS-ECC technology.

This software is designed for use with:

“agent" cards
Sesam-Vitale2 cards
the future National Identity Card (CNI)
as well as all future cards issued by administrative authorities, provided that these cards comply with the IAS-ECC standard.

It ensures the interoperability of cards with client security applications requiring dialogue with a smart card:

authentication
file or e-mail encryption
signing (qualified or not) of documents
access to the holder's personal data

The same software can be used, regardless of the card supplier: This is a major advantage for the deployment of smart cards, both within French government agencies and by the ANTS for its own projects.

IAS-ECC middleware driver features

The IAS-ECC middleware consists of 3 modules. Two modules provide applications with standard CAPI and PKCS#11 APIs.
The third module of the IAS-ECC middleware offers interfaces for managing functions not covered by the standard APIs, in particular:

qualified signatures
mutual card-server authentication
all functions requiring the establishment of a secure channel
access to files

These modules are accompanied by tools that make it easier to use the cards, USB keys and certificates. To function, these modules require PKCS#15 structures in the IAS-ECC card.

The functions added by ANTS in the new version of the middleware are:

support for PINPAD readers (integration of the PCSC V2.0 standard)
support for self-diagnosis functions (facilitating the implementation of support functions)

The middleware is qualified with cards from the following three manufacturers:

Gemalto
Oberthur Technologies
SAGEM Orga

For each of these cards, the middleware is qualified to work with the following customisation profiles:

Adèle 1
Adèle 2
CNIe

Limits of the user licence

The IAS-ECC middleware is licensed for use by French government authorities only.

It can therefore be used freely with all agent or user cards issued by a government authority and based on a referenced IAS base.

Level 3 support is planned for this software by ANTS.

Level 2 and 1 media are to be provided by the issuing administrative authority.

Middleware security certification

On the user's workstation, the role of the middleware is to convert the commands produced by the application (signature and authentication applications, etc.) into commands that can be understood by the smart card (APDU).

The middleware takes the user's PIN code and transmits it to the card. To simplify interactions with the user, the middleware implements a PIN caching mechanism.
During an electronic signature, it is the middleware that activates the private key corresponding to the signature certificate selected by the user.

Middleware can be downloaded from this url:

https://www.support.cartes.ants.gouv.fr

What is the role of the ANTS?

The ANTS must define a digital identity strategy that complies with the European standards set out in the eIDAS regulation.

This strategy must abide by four guiding principles:

protection of personal data: in particular the guarantee of anonymity and the right to be forgotten
security: ensuring that our identity data cannot be stolen, copied or misused
ease of use: for transferring, storing and using this data
shared trust.

Digital identity

07/04/24

IAS-ECC technology and cards

As such, the ANTS is now responsible for:

developing, disseminating and promoting the IAS standard
managing the IAS card driver development project (middleware)
defining a functional compliance programme for IAS cards and readers

The ANTS has also upgraded the IAS middleware to the new IAS-ECC technology.

New versions of the IAS-ECC middleware are published on this site as they become available, so that the middleware can keep pace with the industrial development of smart cards.

Why a card/middleware driver?

The IAS-ECC middleware, or IAS-ECC card driver, is software installed on the user's workstation that enables client applications to use the functions of cards compliant with IAS-ECC technology.

This software is designed for use with:

“agent" cards
Sesam-Vitale2 cards
the future National Identity Card (CNI)
as well as all future cards issued by administrative authorities, provided that these cards comply with the IAS-ECC standard.

It ensures the interoperability of cards with client security applications requiring dialogue with a smart card:

authentication
file or e-mail encryption
signing (qualified or not) of documents
access to the holder's personal data

IAS-ECC middleware driver features

qualified signatures
mutual card-server authentication
all functions requiring the establishment of a secure channel
access to files

These modules are accompanied by tools that make it easier to use the cards, USB keys and certificates. To function, these modules require PKCS#15 structures in the IAS-ECC card.

The functions added by ANTS in the new version of the middleware are:

support for PINPAD readers (integration of the PCSC V2.0 standard)
support for self-diagnosis functions (facilitating the implementation of support functions)

The middleware is qualified with cards from the following three manufacturers:

Gemalto
Oberthur Technologies
SAGEM Orga

For each of these cards, the middleware is qualified to work with the following customisation profiles:

Adèle 1
Adèle 2
CNIe

Limits of the user licence

The IAS-ECC middleware is licensed for use by French government authorities only.

It can therefore be used freely with all agent or user cards issued by a government authority and based on a referenced IAS base.

Level 3 support is planned for this software by ANTS.

Level 2 and 1 media are to be provided by the issuing administrative authority.

Middleware security certification

Middleware can be downloaded from this url:

https://www.support.cartes.ants.gouv.fr

What is the role of the ANTS?

The ANTS must define a digital identity strategy that complies with the European standards set out in the eIDAS regulation.

This strategy must abide by four guiding principles:

protection of personal data: in particular the guarantee of anonymity and the right to be forgotten
security: ensuring that our identity data cannot be stolen, copied or misused
ease of use: for transferring, storing and using this data
shared trust.

Digital identity

IAS-ECC technology and cards

Middleware driver and how to download

Why a card/middleware driver?

IAS-ECC middleware driver features

Limits of the user licence

Middleware security certification

What is the role of the ANTS?

Digital identity

IAS-ECC technology and cards

Middleware driver and how to download

Why a card/middleware driver?

IAS-ECC middleware driver features

Limits of the user licence

Middleware security certification

What is the role of the ANTS?

Suivez-noussur les réseaux sociaux

Suivez-nous
sur les réseaux sociaux