Digital identity

IAS-ECC technology and cards

On 23 September 2008, the “Identification, Authentication and Signature” (IAS) project was officially transferred from the Direction Générale de la Modernisation de l'État (DGME) to the Agence Nationale des Titres Sécurisés (ANTS).

As such, the ANTS is now responsible for:

  •  developing, disseminating and promoting the IAS standard
  •  managing the IAS card driver development project (middleware)
  •  defining a functional compliance programme for IAS cards and readers

In order to make the French specifications (IAS) compatible with the European standards (ECC), the ANTS, together with the GIXEL group (a smart card industry group), created the IAS-ECC specification.

The ANTS has also upgraded the IAS middleware to the new IAS-ECC technology.

 

New versions of the IAS-ECC middleware are published on this site as they become available, so that the middleware can keep pace with the industrial development of smart cards.

Why a card/middleware driver?

The IAS-ECC middleware, or IAS-ECC card driver, is software installed on the user's workstation that enables client applications to use the functions of cards compliant with IAS-ECC technology.

This software is designed for use with:

  • “agent" cards
  • Sesam-Vitale2 cards
  • the future National Identity Card (CNI)
  • as well as all future cards issued by administrative authorities, provided that these cards comply with the IAS-ECC standard.

It ensures the interoperability of cards with client security applications requiring dialogue with a smart card:

  • authentication
  • file or e-mail encryption
  • signing (qualified or not) of documents
  • access to the holder's personal data

The same software can be used, regardless of the card supplier: This is a major advantage for the deployment of smart cards, both within French government agencies and by the ANTS for its own projects.

 

IAS-ECC middleware driver features 

The IAS-ECC middleware consists of 3 modules. Two modules provide applications with standard CAPI and PKCS#11 APIs.
The third module of the IAS-ECC middleware offers interfaces for managing functions not covered by the standard APIs, in particular:

  • qualified signatures
  • mutual card-server authentication
  • all functions requiring the establishment of a secure channel
  • access to files

These modules are accompanied by tools that make it easier to use the cards, USB keys and certificates. To function, these modules require PKCS#15 structures in the IAS-ECC card.

The functions added by ANTS in the new version of the middleware are:

  • support for PINPAD readers (integration of the PCSC V2.0 standard)
  • support for self-diagnosis functions (facilitating the implementation of support functions)

The middleware is qualified with cards from the following three manufacturers:

  • Gemalto
  • Oberthur Technologies
  • SAGEM Orga

For each of these cards, the middleware is qualified to work with the following customisation profiles:

  • Adèle 1
  • Adèle 2
  • CNIe

Limits of the user licence

The IAS-ECC middleware is licensed for use by French government authorities only.

It can therefore be used freely with all agent or user cards issued by a government authority and based on a referenced IAS base.

Level 3 support is planned for this software by ANTS.

Level 2 and 1 media are to be provided by the issuing administrative authority.

 

Middleware security certification

On the user's workstation, the role of the middleware is to convert the commands produced by the application (signature and authentication applications, etc.) into commands that can be understood by the smart card (APDU).

The middleware takes the user's PIN code and transmits it to the card. To simplify interactions with the user, the middleware implements a PIN caching mechanism.
During an electronic signature, it is the middleware that activates the private key corresponding to the signature certificate selected by the user.

 

 

Middleware can be downloaded from this url:

https://www.support.cartes.ants.gouv.fr

What is the role of the ANTS?

The ANTS must define a digital identity strategy that complies with the European standards set out in the eIDAS regulation.

This strategy must abide by four guiding principles:

  1. protection of personal data: in particular the guarantee of anonymity and the right to be forgotten
  2. security: ensuring that our identity data cannot be stolen, copied or misused
  3. ease of use: for transferring, storing and using this data
  4. shared trust.

Digital identity


IAS-ECC technology and cards

On 23 September 2008, the “Identification, Authentication and Signature” (IAS) project was officially transferred from the Direction Générale de la Modernisation de l'État (DGME) to the Agence Nationale des Titres Sécurisés (ANTS).

As such, the ANTS is now responsible for:

  •  developing, disseminating and promoting the IAS standard
  •  managing the IAS card driver development project (middleware)
  •  defining a functional compliance programme for IAS cards and readers

In order to make the French specifications (IAS) compatible with the European standards (ECC), the ANTS, together with the GIXEL group (a smart card industry group), created the IAS-ECC specification.

The ANTS has also upgraded the IAS middleware to the new IAS-ECC technology.

 

New versions of the IAS-ECC middleware are published on this site as they become available, so that the middleware can keep pace with the industrial development of smart cards.

Why a card/middleware driver?

The IAS-ECC middleware, or IAS-ECC card driver, is software installed on the user's workstation that enables client applications to use the functions of cards compliant with IAS-ECC technology.

This software is designed for use with:

  • “agent" cards
  • Sesam-Vitale2 cards
  • the future National Identity Card (CNI)
  • as well as all future cards issued by administrative authorities, provided that these cards comply with the IAS-ECC standard.

It ensures the interoperability of cards with client security applications requiring dialogue with a smart card:

  • authentication
  • file or e-mail encryption
  • signing (qualified or not) of documents
  • access to the holder's personal data

The same software can be used, regardless of the card supplier: This is a major advantage for the deployment of smart cards, both within French government agencies and by the ANTS for its own projects.

 

IAS-ECC middleware driver features 

The IAS-ECC middleware consists of 3 modules. Two modules provide applications with standard CAPI and PKCS#11 APIs.
The third module of the IAS-ECC middleware offers interfaces for managing functions not covered by the standard APIs, in particular:

  • qualified signatures
  • mutual card-server authentication
  • all functions requiring the establishment of a secure channel
  • access to files

These modules are accompanied by tools that make it easier to use the cards, USB keys and certificates. To function, these modules require PKCS#15 structures in the IAS-ECC card.

The functions added by ANTS in the new version of the middleware are:

  • support for PINPAD readers (integration of the PCSC V2.0 standard)
  • support for self-diagnosis functions (facilitating the implementation of support functions)

The middleware is qualified with cards from the following three manufacturers:

  • Gemalto
  • Oberthur Technologies
  • SAGEM Orga

For each of these cards, the middleware is qualified to work with the following customisation profiles:

  • Adèle 1
  • Adèle 2
  • CNIe

Limits of the user licence

The IAS-ECC middleware is licensed for use by French government authorities only.

It can therefore be used freely with all agent or user cards issued by a government authority and based on a referenced IAS base.

Level 3 support is planned for this software by ANTS.

Level 2 and 1 media are to be provided by the issuing administrative authority.

 

Middleware security certification

On the user's workstation, the role of the middleware is to convert the commands produced by the application (signature and authentication applications, etc.) into commands that can be understood by the smart card (APDU).

The middleware takes the user's PIN code and transmits it to the card. To simplify interactions with the user, the middleware implements a PIN caching mechanism.
During an electronic signature, it is the middleware that activates the private key corresponding to the signature certificate selected by the user.

 

 

Middleware can be downloaded from this url:

https://www.support.cartes.ants.gouv.fr

What is the role of the ANTS?

The ANTS must define a digital identity strategy that complies with the European standards set out in the eIDAS regulation.

This strategy must abide by four guiding principles:

  1. protection of personal data: in particular the guarantee of anonymity and the right to be forgotten
  2. security: ensuring that our identity data cannot be stolen, copied or misused
  3. ease of use: for transferring, storing and using this data
  4. shared trust.