The Belgian eID

Belgian eID - intro

Functionality of the BeID card

Originally referred to as Belpic - the Belgian electronic identity card. The Belgian eID (electronic identity card) combines the features of a traditional identity card (identification of the citizen, travel document within the EU) with the possibilities originally created by the EC Directive 1999/93 for electronic signatures. This directive was replaced by the eIDAS regulation (EC 910/2014). The basic functionality of the card can be described as: There is no encryption/decryption capability offered.

There are three different instantiations of the BeID concept:

Applications

You can use the card for authentication in a web context, or you can use it to secure SSH sessions or similar. You can sign XML, MS-Word, Acrobat PDF or anything you'd like (assuming the format supports smart cards and electronic signatures).

The first application was Mijn Dossier from the National Register. This allows a citizen to retrieve a basic statement about himself on name, address, status etc in signed XML. Here's a copy of mine.

The my.belgium.be site gives an overview of public sector applications. There are countless applications coming up, particularly in eHealth. This includes e.g. the administration of influenza vaccination.

For eGov purposes, a role management system has been set-up.

The IAM apps site 'Mijn digitale sleutels' binds it together.

Data visually present on the BeID card

The front of the eID card lists name (i.e. name, two first names, first letter of third name), title, nationality, birth place and date, gender, card number, card validity dates, picture and hand-written signature of the holder.

The back of the eID card lists place of delivery of the card, the National Register Number (NRN) of the citizen, hand-written signature of the civil servant delivering the card, and ICAO machine readable identification.

Data electronically present on the BeID card

Two applications can deliver data in electronic format:

Technical features of the card

The card originally selected was a Gemalto (started as Schlumberger, then Axalto, now Gemalto) Cryptoflex JavaCard 32K, equipped with a 16 bit microcontroller (Infineon SLE66CX322P) and an additional crypto processor (for RSA and DES computations). The card has ROM, EEPROM and RAM. The Belpic Java Applet handles all communications with the outside world.

On behalf of the Belgian government, Zetes delivers specific middleware intended to be used together with the card. From an application's perspective, there are four categories of functions available (high-level summary only):

Visual security mechanisms include rainbow and guilloche printing, CLI (Changeable Laser Image), OVI (Optical Variable Ink), Alphagram, relief and UV print, and laser engraving.

Timeline

Timeline - overall

The overall timeline can be approximated as:

Timeline - Belgium

The timeline can be approximated as:

BeID ecosystem

A BeID ecosystem evolved around the card, including:
Plans included a custom-built identity and access management system, e.g. based on JBoss and ForgeRock OpenAM.

Applications

Federal government

Other

Oversight and discussion

Belgium

Related

Technical foundation

Basics

Development

BeID on Android

Resources

Cardreaders

  • Getting the card to work
  • Getting the card to work

    Legacy - getting the card to work on Debian 8

    I went through the following steps to use the card on my Debian Jessie (Debian 8) with the ACR38 reader.

    Legacy - getting the card to work on Ubuntu

    I went through the following steps to use the card on my Lucid Lynx (Ubuntu 10.4) with the ACR38 reader.

    Valid HTML 4.01 Frameset.