IT-Security All safe and sound?

Size: px
Start display at page:

Download "IT-Security All safe and sound?"

Transcription

1 IT-Security All safe and sound? The building blocks for secure E-Government Dr. Vienna, Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz

2 Contents 1. AT E-Gov Big Picture 2. eid 3. Electronic Signatures 4. Challenges Vienna,

3 E-Government maturity and sophistication Information provision Interactive Fully transactional Vienna,

4 Usage in Austria: HELP.gv.at Source: Bundeskanzleramt Vienna,

5 The Legal Framework SigG (signature) E-GovG (egovernment) AVG (general procedures) ZustG (delivery) secondary legal regulations specifications and recommendations Source: Bundeskanzleramt Vienna,

6 The Big Picture portal application portal register edelivery manager print service officer forms server bank archive edelivery service Source: Bundeskanzleramt Vienna,

7 Core Elements Source: Bundeskanzleramt Vienna,

8 Core Security Building Blocks Authentication Identification / eid Electronic Signatures Registered Electronic Mail Vienna,

9 Part 2: eid Vienna,

10 C2G Vienna,

11 Little security requirement when browsing public data trusted identity reading manipulating data authorizing the transaction Citizen transaction and security transaction integrity eid Source: Reinhard Posch, Major Cities, Wien ? privacy - access S Vienna, esig

12 Little security requirement when browsing public data trusted identity reading manipulating data authorizing the transaction Citizen transaction and security transaction integrity eid Security-relevant phase entered with eid; may be concluded with esig esig eid Source: Reinhard Posch, Major Cities, Wien ? privacy - access S Vienna, esig

13 eid ambitions Personal data = digital currency Digital identity "economic" drive USER ENABLEMENT eid "trust-building" drive USER EMPOWERMENT Personal data = private asset Source: Galler / EK Vienna,

14 Online Identity = CSP + public register Trust Center: Certification Service Provider (CSP) public sector registries CSP A-Trust CSP CRR BMI Supplementary Register Electronic Identity Source: Reinhard Posch Vienna,

15 Citizen Card - Basic functions» The Austrian Citizen Card is a concept, not a specific technology» The Citizen Card combines» qualified electronic signature Authentication» electronic identity Identification Figure: Thomas Rössler Vienna,

16 Sector-specific PIN Sector tax sector-code sourcepin- Reg 4csabB2 Sector health sector-code SA GH No7b99t sspin tax 5cwu4N sspin health Vienna,

17 Major initiatives Citizen Cards Health insurance cards: Rollout Mai-Nov. 2005, is an SSCD 100 % coverage reached end of Nov (~9 mio.) activation free of charge for citizens Other card initiatives: official s service card CSP signature cards student service cards, etc. Mobile phone signatures: relaunched 2009 free of charge for citizens so far, no ID card with chip Source: Herbert Leitold Vienna,

18 Why and where representation Bilateral Representations for explicit actions Companies Associations Link between legal persons and natural persons Source: Thomas Rössler Vienna,

19 Why and where representation Tax Consultant Lawyer Professional Representatives Organwalter (officials) Bilateral Representations for explicit actions Companies Associations Link between legal persons and natural persons Source: Thomas Rössler Vienna,

20 Austrian Online Mandate System Vienna,

21 G2G Vienna,

22 Connecting Portals» Trusted network of PA portals» De-centralized user administration» Access rights» Security classes» Assurance levels» 1-4 (NIST SP , ISO/IEC 29115, STORK)» Security assertions» SAML 2 Vienna,

23 Autorisation Connecting Portals Rights management Policy Decision Point (PDP) Rights validation Policy Enforcement Point (PEP) Ref: PV-Whitepaper Vienna,

24 Ref: iconarchive.com Part 3: Electronic Signatures Vienna,

25 G2C Vienna,

26 Official signature of documents» The Official signature is an advanced electronic signature of an authority.» It facilitates recognition of the fact that a document originates from an authority» The signature certificate includes a specific attribute - egov OID» It has to be visualized with certain elements Vienna,

27 Different implementations rgd visualization Minimum content: logo of the authority Explicit information that it was officially signed Information needed for the verification of the electronic signature and the printout Source: Peter Kustor, PSC Workshop on E-Procedures Stockholm, 31 May 2012 Vienna,

28 Example: Criminal Record Certificate» Frequently needed, e.g. in public procurement» Fully electronic process Vienna,

29 C2G Vienna,

30 Mobile Phone Signature» Core Aspects» Operated by a Certifcation Service Provider (CSP) for qualified certificates (A-Trust)» Signature-creation data (cryptographic keys) kept at CSP but controlled by the signatory» 2-factor authentication (knowledge & possession)» Secure Signature-Creation Device» 1999/93/EC Annex III, confirmed by a notified body Vienna,

31 Components User Mobile phone Vienna, Source: Peter Kustor, Thomas Rössler, IRIS 2010, Salzburg

32 Components Web-Frontend HSM - Creation of crypto-keys - Decryption of signature creation data - Creation of qualified electronic signatures SMS Gateway Signature key DB Signature-creation data (private keys) are encrypted under - Citizen password - Mobile number Vienna, Secret HSM key 32 Source: Peter Kustor, Thomas Rössler, IRIS 2010, Salzburg

33 Simple to use Vienna,

34 Bodies related to esignature Security» Supervision of Certification Service Providers» Telekom-Control-Kommission, assisted by RTR- GmbH» Confirmation Body assesses SSCDs» A-SIT» SSCDs can (but need not) be CC certified» International mutual recognition agreement of CC certificates Vienna,

35 Source: govspace.gov.au Part 4: Challenges Vienna,

36 Trend and strategies >2020 Vienna,

37 All safe and sound?»cloud Computing»Mobile Computing»Interoperability Vienna,

38 Cloud computing CLOUD means contractual and legal challenges. Governments are used to only accept their jurisdiction. With data protection and foreign legislation like the Patriot Act we face a new dimension. Vienna,

39 Technology for cloud 1 Data location 2 Cloud and eid 3 Cloud and encryption 4 Formal correctness even if theoretical work indicates feasibility we are ways off reality Christian Cachin, IBM Vienna,

40 Policies needed DIGITAL:AUSTRIA has developed a first set of recommendations to provide guidance for all government agencies in Austria Vienna,

41 eid and liability In case egovernment or businesses are dealing with values these values will be attacked eid and liability will be the main answers as preventive information security! Vienna,

42 Weak cloud security - consequences In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iphone, ipad, and MacBook. [ ] Had I used two-factor authentication for my Google account, it s possible that none of this would have happened [ ] Source: wired.com / Mat Honan Vienna,

43 capabilities different from PC browsers e.g. flash Mobile devices APPs result very dynamic systems file system and sandbox execution result access limits external devices very limited malware detection very rare Vienna,

44 Interoperability a single legal instrument for e-signature und eid ( eidas regulation )» plus further trust services (e-delivery, )» European regulation» replaces the signature directive (1999)» delegated acts still under discussion as this would centralize several aspects.» Austria well prepared for eidas Vienna,

45 eidas launching event 10/2014 Vienna,

46 Thank you for your attention!

47 Citizen Card Environment Variants Minimum-footprint Mobile Phone Local installation Herbert Leitold Vienna,

The Austrian Citizen Card

The Austrian Citizen Card The Austrian Citizen Card A European Best Practice The E-Government Innovation Centre is a joint initiative of the Federal Chancellery and the Graz University of Technology Herbert Leitold Innovation Forum

More information

Secure Information Technology Center Signature verification and digital services

Secure Information Technology Center Signature verification and digital services Secure Information Technology Center Signature verification and digital services Herbert Leitold, A-SIT Study Visit Georgian Delegation Vienna, 16 th February 2015 Zentrum für sichere Informationstechnologie

More information

The Austrian Citizen Card

The Austrian Citizen Card The Austrian Citizen Card The use of the electronic signature International public experiences Thomas Rössler, A-SIT, Austria Austria EU member state approx. 8 mio. citizens 2 3 About us A-SIT Founded:

More information

European Electronic Identity Practices

European Electronic Identity Practices European Electronic Identity Practices Country Update of Austria Speaker: Herbert Leitold Date: 9 Nov 2004 PART I: Overview Table of contents Overview of Citizen Card initiatives and its status (Summary

More information

The Mobile Phone Signature in edemocracy and egovernment Applications. Gregor.eibl@bka.gv.at

The Mobile Phone Signature in edemocracy and egovernment Applications. Gregor.eibl@bka.gv.at The Mobile Phone Signature in edemocracy and egovernment Applications Gregor.eibl@bka.gv.at Characteristics of the Citizen Card ( 4 Abs. 1 E-GovG) unique identity authenticity Citizen Card = before authenfication:

More information

Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market

Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012) 135 final} {SWD(2012) 136 final} Andrea SERVIDA

More information

AK IT-Security 1. E-Government Introduction, Motivation, Demonstration 705.052 (VO) 705.053 (KU)

AK IT-Security 1. E-Government Introduction, Motivation, Demonstration 705.052 (VO) 705.053 (KU) AK IT-Security 1 E-Government Introduction, Motivation, Demonstration 705.052 (VO) 705.053 (KU), Andreas Fitzek, Christian Maierhofer Graz, 08.10.2014 Das E-Government Innovationszentrum ist eine gemeinsame

More information

trust and confidence "draw me a sheep" POLICY AND REGULATION FOR EUROPE

trust and confidence draw me a sheep POLICY AND REGULATION FOR EUROPE trust and confidence "draw me a sheep" POLICY AND REGULATION FOR EUROPE new regulation eidas... "...told him that she was the only one of her kind in all the universe" POLICY AND REGULATION FOR EUROPE

More information

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1 Zentrum für sichere Informationstechnologie Austria Secure Information Technology Center Austria A-1030 Wien, Seidlgasse 22 / 9 Tel.: (+43 1) 503 19 63 0 Fax: (+43 1) 503 19 63 66 A-8010 Graz, Inffeldgasse

More information

Data Privacy in the Cloud E-Government Perspective

Data Privacy in the Cloud E-Government Perspective Data Privacy in the Cloud E-Government Perspective Herbert Leitold; EGIZ, A-SIT International Cloud Symposium 2011, Panel on Data Privacy and the Role Policy Plays in Defining Trust Requirements Ditton

More information

Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market

Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market COM(2012)238 of 4.6.2012 ClubPSCo, Paris, 20.6.2012 Gérard GALLER

More information

Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market

Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market [COM(2012) 238 final] {SWD(2012) 135 final} {SWD(2012) 136 final} Andrea SERVIDA

More information

LEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION

LEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION LEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION Aušra Kumetaitienė Head of Information Society Development Division Tomas Jakimavičius Telecommunications and

More information

Current Research- Cloud Computing and E-Government

Current Research- Cloud Computing and E-Government AK IT-Security 1 Current Research- Cloud Computing and E-Government Graz, 12.11.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz Overview»

More information

egovernment 2020 new media and technologies for better citizenship oriented communication and applications

egovernment 2020 new media and technologies for better citizenship oriented communication and applications egovernment 2020 new media and technologies for better citizenship oriented communication and applications Christian Rupp, Austrian Federal Chancellery Federal Republic of Austria Area: 83 879 km² - Population:

More information

The Cloud On A Clear Day. Neal Juern

The Cloud On A Clear Day. Neal Juern The Cloud On A Clear Day Neal Juern Alternate Titles The Cloud So what is it anyway? Why is it so cloudy? How To Keep Your Head Out What are the risks? Is it all just marketing fluff? What is The Cloud?

More information

eid and ebanking: get your bank account in Minutes through an online portal!

eid and ebanking: get your bank account in Minutes through an online portal! eid and ebanking: get your bank account in Minutes through an online portal! An example of the cross-border use of eids in the private sector. London, 5 June 2015. Dr. Thomas ROESSLER, CEO PrimeSign GmbH

More information

DS-05-2015: Trust eservices. The policy context: eidas Regulation

DS-05-2015: Trust eservices. The policy context: eidas Regulation DS-05-2015: Trust eservices The policy context: eidas Regulation Cybersecurity & Privacy Innovation Forum 2015 Brussels, 28 April 2015 Andrea SERVIDA DG CONNECT, European Commission Head of eidas Task

More information

Proposed Framework for an Interoperable Electronic Identity Management System

Proposed Framework for an Interoperable Electronic Identity Management System page 1 Proposed Framework for an Interoperable Electronic Identity Management System Amir Hayat 1, Thomas Rössler 1 Several Member States in the European Union (EU)have rolled out electronic identity (eid)

More information

AK IT-Sicherheit 1. Identity Management. Bernd Zwattendorfer Graz, 29.10.2014

AK IT-Sicherheit 1. Identity Management. Bernd Zwattendorfer Graz, 29.10.2014 AK IT-Sicherheit 1 Identity Management Graz, 29.10.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz Motivation Ref: Peter Steiner, The New

More information

AK IT-Security 1. Electronic Delivery. Andreas Fitzek Graz, 05.11.2014

AK IT-Security 1. Electronic Delivery. Andreas Fitzek Graz, 05.11.2014 AK IT-Security 1 Electronic Delivery Graz, 05.11.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz Motivation Source: Wikipedia Graz, 05.11.2014

More information

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke Agenda eidas Regulation TR-03110 V2.20 German ID card POSeIDAS Summary cryptovision mindshare 2015: eidas

More information

A Privacy-Preserving eid based Single Sign-On Solution

A Privacy-Preserving eid based Single Sign-On Solution A Privacy-Preserving eid based Single Sign-On Solution Bernd Zwattendorfer, Arne Tauber, Thomas Zefferer E-Government Innovation Center Graz, Austria {Bernd.Zwattendorfer, Arne.Tauber, Thomas.Zefferer}@egiz.gv.at

More information

USABILITY EVALUATION OF ELECTRONIC SIGNATURE BASED E-GOVERNMENT SOLUTIONS

USABILITY EVALUATION OF ELECTRONIC SIGNATURE BASED E-GOVERNMENT SOLUTIONS USABILITY EVALUATION OF ELECTRONIC SIGNATURE BASED E-GOVERNMENT SOLUTIONS Thomas Zefferer Innovation Center (EGIZ) Inffeldgasse 16a, 8010 Graz, Austria Vesna Krnjic Innovation Center (EGIZ) Inffeldgasse

More information

Empowerment through Electronic Mandates Best Practice Austria

Empowerment through Electronic Mandates Best Practice Austria Empowerment through Electronic Mandates Best Practice Austria Thomas Rössler Secure Information Technology Center Austria (A-SIT) thomas.roessler@a-sit.at Abstract. For dealing with electronic identities

More information

MAJOR SHIFTS DRIVEN BY HIGH-SPEED NETWORKS

MAJOR SHIFTS DRIVEN BY HIGH-SPEED NETWORKS MAJOR SHIFTS DRIVEN BY HIGH-SPEED NETWORKS Prof. Dr. Reinhard Posch CIO Federal Government AUSTRIA 21.11.14 PILLARS FOR FUTURE COMMUNICATION mobility FUTURE ICT agility SECURITY AND IDENTITY JURISDICTION

More information

Sicherheitsaspekte des neuen deutschen Personalausweises

Sicherheitsaspekte des neuen deutschen Personalausweises Sicherheitsaspekte des neuen deutschen Personalausweises Dennis Kügler Bundesamt für Sicherheit in der Informationstechnik egov Fokus 2/2013: Identity- und Access Management im E-Government Rethinking

More information

UNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures

UNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures Introduction to the law of electronic signatures Luca Castellani Head, Regional Centre for Asia and the Pacific UNCITRAL Secretariat Incheon, Republic of Korea Outline 1. Methods and technologies for electronic

More information

TrustedX: eidas Platform

TrustedX: eidas Platform TrustedX: eidas Platform Identification, authentication and electronic signature platform for Web environments. Guarantees identity via adaptive authentication and the recognition of either corporate,

More information

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of

More information

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.

More information

SSLPost Electronic Document Signing

SSLPost Electronic Document Signing SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that

More information

Performance Characteristics of Data Security. Fabasoft Cloud

Performance Characteristics of Data Security. Fabasoft Cloud Performance Characteristics of Data Security Valid from October 13 th, 2014 Copyright GmbH, A-4020 Linz, 2014. All rights reserved. All hardware and software names used are registered trade names and/or

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require

More information

ETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification

ETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification TS 102 640-3 V1.1.1 (2008-10) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture, Formats and Policies; Part 3: Information Security

More information

Fact sheet: sa Certipost nv. Certipost Panel Presentation European Commission. Company. Activities based on 2 pillars: Clients.

Fact sheet: sa Certipost nv. Certipost Panel Presentation European Commission. Company. Activities based on 2 pillars: Clients. Certipost Panel Presentation European Commission Bart Callens Product and Sales Manager Document Protection Services 1 Fact sheet: sa Certipost nv Company Shareholders De Post/La Poste, 50% Belgacom, 50%

More information

Objectives. What is Cloud Computing? Security Problems and Liability Privacy Concerns Solutions Recap Challenges for the Customer

Objectives. What is Cloud Computing? Security Problems and Liability Privacy Concerns Solutions Recap Challenges for the Customer 1 Objectives What is Cloud Computing? Security Problems and Liability Privacy Concerns Solutions Recap Challenges for the Customer 2 What is Cloud Computing? Not single, agreed upon definition exists yet,

More information

Encryption-based 2FA for Server-side Qualified Signature Creation

Encryption-based 2FA for Server-side Qualified Signature Creation S C I E N C E P A S S I O N T E C H N O L O G Y Encryption-based 2FA for Server-side Qualified Signature Creation Christof Rath, christof.rath@iaik.tugraz.at Institute for Applied Information Processing

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

Guidelines for the use of electronic signature

Guidelines for the use of electronic signature Republic of Albania National Authority for Electronic Certification Guidelines for the use of electronic signature Guide Nr. 001 September 2011 Version 1.3 Guidelines for the use of electronic signature

More information

Electronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012

Electronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012 Electronic Signature: Conform to the CC Anytime, Anywhere, with any Device September 20, 2012 DICTAO 152, avenue Malakoff 75116 PARIS, France Tel. : +33 (0)1 73 00 26 10 Internet : www.dictao.com Agenda

More information

National Authority for Electronic Certification. Electronic Signature in Albania by Eris Asllani- Head of Department

National Authority for Electronic Certification. Electronic Signature in Albania by Eris Asllani- Head of Department National Authority for Electronic Certification Electronic Signature in Albania by Eris Asllani- Head of Department Roma - - - 2011 *General Statistics Population - 3,200,000 (est.) Area - 28.748 sq/km

More information

Resolution Database Privacy preserving based Single-Signon

Resolution Database Privacy preserving based Single-Signon Resolution Database Privacy preserving based Single-Signon Solution S.S Dhanvantri Divi 1, T.Swapna 2, K.J.Sharma 3 1 Student, TRR ENGINEERING COLLEGE, PATANCHERU, HYDERABAD 2 Associate Professor, TRR

More information

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 What are You Trying to Protect? If someone got into your email, what

More information

Improving Online Security with Strong, Personalized User Authentication

Improving Online Security with Strong, Personalized User Authentication Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware

More information

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT Dmitry Barinov SecureKey Technologies Inc. Session ID: MBS-W09 Session Classification: Advanced Session goals Appreciate the superior

More information

Implementation of qualified electronic signatures in the process of creating project and technical documentation. Austria. January 28 th 2016

Implementation of qualified electronic signatures in the process of creating project and technical documentation. Austria. January 28 th 2016 Implementation of qualified electronic signatures in the process of creating project and technical documentation The experiences of member countries of the ECEC Austria Dr. Herbert Döller January 28 th

More information

AK IT-Security 1. Recap Electronic Signatures. Tobias Kellner Graz, 22.10.2014

AK IT-Security 1. Recap Electronic Signatures. Tobias Kellner Graz, 22.10.2014 AK IT-Security 1 Recap Electronic Signatures Tobias Kellner Graz, 22.10.2014 Das E-Government Innovationszentrum ist eine gemeinsame Einrichtung des Bundeskanzleramtes und der TU Graz What can electronic

More information

CEF Building blocks. Informatics. Joao Rodrigues Frade DIGIT.B4. CEF Project and Architecture Office Directorate-General for Informatics

CEF Building blocks. Informatics. Joao Rodrigues Frade DIGIT.B4. CEF Project and Architecture Office Directorate-General for Informatics CEF Building blocks Joao Rodrigues Frade DIGIT.B4 CEF Project and Architecture Office Directorate-General for AGENDA CEF at a glance CEF reuse logic CEF building blocks A fully functioning Digital Single

More information

Secure Cloud Identity Wallet

Secure Cloud Identity Wallet 1 CREDENTIAL Secure Cloud Identity Wallet DS-02-2014 Dr. Arne Tauber u 2 CREDENTIAL Research Project Call: H2020-DS-2014-1 Acronym: CREDENTIAL Type of Action: IA Number: 653454 Partners: 12 Duration: 36

More information

DRAFT Pan Canadian Identity Management Steering Committee March 1, 2010

DRAFT Pan Canadian Identity Management Steering Committee March 1, 2010 DRAFT Pan Canadian Identity Management Steering Committee March 1, 2010 Pan Canadian Identity Management & Authentication Framework Page 1 1 Introduction This document is intended to describe the forming

More information

View from a European Trust Service Provider Server Signing: Return of experience and certification strategy

View from a European Trust Service Provider Server Signing: Return of experience and certification strategy View from a European Trust Service Provider Server Signing: Return of experience and certification strategy January 16, 2014 - Berlin Thibault de Valroger VP Strategy & Development OPENTRUST Thibault.devalroger@opentrust.com

More information

E-Government in Austria. Roland Ledinger Austrian Federal Chancellery

E-Government in Austria. Roland Ledinger Austrian Federal Chancellery E-Government in Austria Roland Ledinger Austrian Federal Chancellery Federal Republic of Austria Area: 83 870.95 km² Population: 8 174 733 12 federal ministries 80 district administrations 2359 municipalities

More information

Identifying Obstacles in moving towards an Interoperable Electronic Identity Management System

Identifying Obstacles in moving towards an Interoperable Electronic Identity Management System Identifying Obstacles in moving towards an Interoperable Electronic Identity Management System Amir Hayat*, Reinhard Posch, Herbert Leitold Institute for Applied Information Processing and Communication,

More information

Software and Cloud Security

Software and Cloud Security 1 Lecture 12: Software and Cloud Security 2 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and

More information

TrustKey Tool User Manual

TrustKey Tool User Manual TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...

More information

PKI - current and future

PKI - current and future PKI - current and future Workshop for Japan Germany Information security Yuichi Suzuki yuich-suzuki@secom.co.jp SECOM IS Laboratory Yuichi Suzuki (SECOM IS Lab) 1 Current Status of PKI in Japan Yuichi

More information

Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association. SAFE-BioPharma Association

Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association. SAFE-BioPharma Association Navigating the Identity Landscape Rich Furr Head, Global Regulatory Affairs and Chief Compliance Officer, SAFE-BioPharma Association SAFE-BioPharma Association Overview An overview of US and EU government

More information

Securing Identities & Trust

Securing Identities & Trust Securing Identities & Trust Agenda About Safelayer Identities & Trust eidas (eid, Authentication and Signature) Use case: Izenpe Mobile eidas services Safelayer Demo Portal Q& A? WWW.SAFELAYER.COM 2 About

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

Technical Guideline eid-server. Part 2: Security Framework

Technical Guideline eid-server. Part 2: Security Framework Technical Guideline eid-server Part 2: Security Framework BSI TR-03130-2 Version 2.0.1 January 15, 2014 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Phone: +49 22899 9582-0 E-Mail:

More information

ETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification

ETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification TS 102 640-3 V2.1.1 (2010-01) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management

More information

SECURE AND EFFICIENT PROCESSING OF ELECTRONIC DOCUMENTS IN THE CLOUD

SECURE AND EFFICIENT PROCESSING OF ELECTRONIC DOCUMENTS IN THE CLOUD SECURE AND EFFICIENT PROCESSING OF ELECTRONIC DOCUMENTS IN THE CLOUD Klaus Stranacher, Bernd Zwattendorfer, Vesna Krnjic Graz University of Technology, E-Government Innovation Center, EGIZ Inffeldgasse

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

CRYPTOGRAPHY AS A SERVICE

CRYPTOGRAPHY AS A SERVICE CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,

More information

Why Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)

Why Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity) Why Identity Management Identity Management Claudiu Duma Identity crisis Privacy concerns Identity theft Terrorist threat Department of Computer and Information Science cladu@ida.liu.se What We Cover Digital

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

SHORT MESSAGE SERVICE SECURITY

SHORT MESSAGE SERVICE SECURITY SHORT MESSAGE SERVICE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

How To Understand And Understand The Certificate Authority (Ca)

How To Understand And Understand The Certificate Authority (Ca) TS 102 042 V1.1.1 (2002-04) Technical Specification Policy requirements for certification authorities issuing public key certificates 2 TS 102 042 V1.1.1 (2002-04) Reference DTS/SEC-004006 Keywords e-commerce,

More information

COMMISSION OF THE EUROPEAN COMMUNITIES

COMMISSION OF THE EUROPEAN COMMUNITIES EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 28.11.2008 COM(2008) 798 final COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

De-Mail. A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information: www.de-mail.de

De-Mail. A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information: www.de-mail.de De-Mail A reliable and secure online communication platform Armin Wappenschmidt (secunet) More information: www.de-mail.de 1 Agenda Overview of De-Mail Implementation aspects Current status and outlook

More information

PROXKey Tool User Manual

PROXKey Tool User Manual PROXKey Tool User Manual 1 Table of Contents 1 Introduction...4 2 PROXKey Product... 5 2.1 PROXKey Tool... 5 2.2 PROXKey function modules...6 2.3 PROXKey using environment...6 3 PROXKey Tool Installation...7

More information

AGENDA ITEM 15-16 : ELECTRONIC SIGNATURE

AGENDA ITEM 15-16 : ELECTRONIC SIGNATURE SCREENING CHAPTER 10 Country Session: 13- Content Legislation Main Points of Turkish Electronic Signature Legislation Electronic Certificate Service Providers and Market Standardization Aspect of Electronic

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013 Security framework Guidelines for trust services providers Part 1 Version 1.0 December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Security framework Guidelines

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Web Application Security

Web Application Security Web Application Security Erwin Huber Head of Research & Development Web Application Security Web Application Security Unit Strong Focus on Web Application Security since 1996 Protection of Web Applications

More information

DO YOU USE FIREWALLS?

DO YOU USE FIREWALLS? DO YOU USE FIREWALLS? Great! So do we. And nonetheless, websites get hacked, manipulated and messed up. Even if you protect yourself, you can very quickly become a victim of an attack. You probably know

More information

Mutual legal recognition of electronic communications and electronic signatures and paperless trade facilitation: challenges and opportunities

Mutual legal recognition of electronic communications and electronic signatures and paperless trade facilitation: challenges and opportunities Mutual legal recognition of electronic communications and electronic signatures and paperless trade facilitation: challenges and opportunities Luca Castellani Secretary, Working Group IV (Electronic Commerce)

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of BlackBerry Enterprise Server version 5.0.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification

More information

NIST-Workshop 10 & 11 April 2013

NIST-Workshop 10 & 11 April 2013 NIST-Workshop 10 & 11 April 2013 EUROPEAN APPROACH TO OVERSIGHT OF "TRUST SERVICE PROVIDERS" Presented by Arno Fiedler, Member of European Telecommunications Standards Institute Electronic Signatures and

More information

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs

More information

Applying Cryptography as a Service to Mobile Applications

Applying Cryptography as a Service to Mobile Applications Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

FEDERAL LAW GAZETTE FOR THE REPUBLIC OF AUSTRIA. Year 2015 Issued on December 11, 2015 Part II

FEDERAL LAW GAZETTE FOR THE REPUBLIC OF AUSTRIA. Year 2015 Issued on December 11, 2015 Part II 1 of 11 FEDERAL LAW GAZETTE FOR THE REPUBLIC OF AUSTRIA Year 2015 Issued on December 11, 2015 Part II 410th Regulation: Cash Register Security Regulation, [RKSV] 410th Regulation by the Federal Minister

More information

Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED. 25-27 March 2015.

Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED. 25-27 March 2015. Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED 25-27 March 2015 eidas Regulation By Alessandra Sbordoni Legal Officer, eidas Task Force

More information

26.3.2014 A7-0365/133

26.3.2014 A7-0365/133 26.3.2014 A7-0365/133 Amendment 133 Amalia Sartori on behalf of the Committee on Industry, Research and Energy Report A7-0365/2013 Marita Ulvskog Electronic identification and trust services for electronic

More information

Implementation of e-signature in the ESCWA Region: Status and Next Steps. By Matthew Perkins

Implementation of e-signature in the ESCWA Region: Status and Next Steps. By Matthew Perkins Implementation of e-signature in the ESCWA Region: Status and Next Steps By Matthew Perkins Understanding e-signature How do we identify ourselves online? Electronic records of real-world authenticators

More information

Digital signature and e-government: legal framework and opportunities. Raúl Rubio Baker & McKenzie

Digital signature and e-government: legal framework and opportunities. Raúl Rubio Baker & McKenzie Digital signature and e-government: legal framework and opportunities Raúl Rubio Baker & McKenzie e-government concept Utilization of Information and Communication Technologies (ICTs) to improve and/or

More information

DISCLOSURE STATEMENT PREPARED BY

DISCLOSURE STATEMENT PREPARED BY DISCLOSURE STATEMENT PREPARED BY - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Ensuring Enterprise Data Security with Secure Mobile File Sharing. A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite

More information

Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue

Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue Zsolt Sikolya Ministry of Informatics and Communications (IHM) Tel: +3614613366, Fax: +3614613548

More information

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00 PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)

More information

ISO 27001 COMPLIANCE WITH OBSERVEIT

ISO 27001 COMPLIANCE WITH OBSERVEIT ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk

More information

Cybersecurity and Secure Authentication with SAP Single Sign-On

Cybersecurity and Secure Authentication with SAP Single Sign-On Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle

More information

SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective for all the audits commencing on or after 01 April 2010) CONTENTS

More information

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

WHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline

More information

EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE. on a common framework for electronic signatures

EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE. on a common framework for electronic signatures COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 29.04.1999 COM(1999) 195 fmal 98/0191(COD) Amended proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE on a common framework for electronic signatures

More information