The Austrian Citizen Card

Transcription

1 The Austrian Citizen Card The use of the electronic signature International public experiences Thomas Rössler, A-SIT, Austria

2 Austria EU member state approx. 8 mio. citizens 2

3 3

4 About us A-SIT Founded: 1999 Business Fields: Attestation of Secure Signature Creation Devices according to the EU Directive on Secure Electronic Signatures (1999/93/EC) Austrian E-Government Initiative Consulting in questions of IT-Security Attestation of Online Payment Systems Secure Information Technology Center Austria Weyringergasse 35, A-1040 Wien, 4

5 Content Austrian Identification System the basis for unique identification Austrian Citizen Card Concept the Austrian e-id implementation the link between identities and signatures Applications how to disseminate e-ids and signatures 5

6 Content Austrian Identification System the basis for unique identification Austrian Citizen Card Concept the Austrian e-id implementation the link between identities and signatures Applications how to disseminate e-ids and signatures 6

7 The Austrian Identification System CRR SupR Each resident has a unique number ZMR-Zahl in the Central Register of Residents (CRR) 7

8 The Austrian Identification System Identification is based on unique identification numbers taken from Austria s base registers: e.g. Central Residents Register (CRR), etc. Every person in Austria is registered with such a base register Even foreigners living in Austria can be registered with the so called Supplementary Register (SR) Every person gets assigned a unique personal identification number, the so called Source-PIN 8

9 The Austrian Identification System Source PIN is unique in contrast to other base identifiers, it is under the sole control of the citizen it must not be stored by any governmental or private party Due to privacy reasons, the Source PIN is not used to identify persons in E-Government processes For Identification in E-Government Processes, we use Sector Specific-PINs (sspin) 9

10 The Austrian Identification System Each governmental sector (i.e. different areas of the public administration) is assigned a specific alphanumeric code, the sector code For each of these sectors, the Austrian e-id concept foresees a separate unique identifier, which is called the Sector Specific PIN (sspin) The Sector Specific PIN is derived from the person s Source PIN by applying a cryptographic one-way function (Hash-function) Each sspin is different and it is neither possible to calculate the underlying sourcepin nor any other sector s sspin from a given sspin. 10

11 The Austrian Identification System Break the Doom Loop sourcepin Sector Taxes and Duties SA Sector Social Security GH Add Sector Identifier (SA) to the sourcepin (Concatination) Add Sector Identifier (GH) to the sourcepin (Concatination) One Way Function HASH-Function (SHA-1) One Way Function HASH-Function (SHA-1) sspin for Sector SA sspin for Sector GH 11

12 Content Austrian Identification System the basis for unique identification Austrian Citizen Card Concept the Austrian e-id implementation the link between identities and signatures Applications how to disseminate e-ids and signatures 12

13 Austrian Citizen Card Concept Citizen Card holds Electronic Signatures Authentication Electronic Identity Identification 13

14 Security Layer Austrian Citizen Card Concept For Identification: Source PIN Sector Specific PIN For Authentication: Electronic Signatures Governmental Application Sector Specific PIN + Citizen is identified uniquely (sspin) Citizen Card Identity Link Public Key Source PIN and authenticated by applying electronic signatures 14

15 Identity-Link The Identity-Link binds: the citizen s unique Identifier (Source-PIN) to the citizen s public keys used for electronic signatures Identity Link Public Key Source PIN thus it contains the following information of a citizen: First Name, Last Name, Date of Birth, Source-PIN the Identity-Link is a SAML 1.0 Assertion which is electronically signed by a governmental authority 15

16 Security-Layer: a high-level interface Simple XML requests via Web browser Open Interface Security Layer <?xml version="1.0" encoding="utf-8"?> <CreateXMLSignatureRequest xmlns=" <KeyboxIdentifier>SecureSignatureKeypair</K <DataObjectInfo Structure="enveloping"> <sl10:dataobject> <sl10:xmlcontent>data to be signed </sl10:xmlcontent> </sl10:dataobject> <sl10:transformsinfo> <sl10:finaldatametainfo> <sl10:mimetype>text/plain</sl10:mim </sl10:finaldatametainfo> </sl10:transformsinfo> </DataObjectInfo> </CreateXMLSignatureRequest> 16

17 Citizen Card is a Concept! Signature- Card Health-Card Student-Cards Employee-ID Bank-Cards Mobile Phone 17

18 Content Austrian Identification System the basis for unique identification Austrian Citizen Card Concept the Austrian e-id implementation the link between identities and signatures Applications how to disseminate e-ids and signatures 18

19 Modules for Online-Applications (MOA) Open Source Modules MOA ID, MOA-wID: Identification MOA SS: server-signatures e.g. official signatures MOA SP: signature-validation MOA ZS: electronic delivery MOA VV: mandates, representation for server-side integration 19

20 E-Government Applications Applications are major drivers for dissemination! tell users what they can do with it 20

21 Tax declarations online FinanzOnline 1 Mio. users (04/2006) (username/passw and/or citizen card) 2/3 citzens 1/3 companies and others March 2006: 23 Mio. online transactions so far,14 Mio. tax declarations online 21

22 Electronic delivery Substitutes registered letters notification e.g. by signed receipt postal delivery as backup Dual delivery same interface for electronic or postal delivery 22

23 Mandates Representation of natural and legal persons Signed XML stored in the Citizen Card environment Mandator and representative identified via sourcepin Content defines the mandate Technical revocation of a mandate (OCSP like) Different approach for professional representation or officials 23

24 Sign using Word 2007 Word 2007 has signature capabilities EGIZ developed a plugin to create official signature deliver signed document electronically 24

25 Sign PDF documents PDF is a popular viewer format Developed a tool providing two modes text mode Allows reconstruction from printout binary mode 25

26 Summary The Austrian e-id system bases on personal unique identifiers Source PINs For authentication Electronic Signatures are used Citizen Card is a concept not a specific card the most essential drivers for disseminating Electronic Signatures are applications 26

27 Thank you for your attention. Thomas Rössler at 27