The Austrian Citizen Card



Similar documents
The Austrian Citizen Card

European Electronic Identity Practices

A Privacy-Preserving eid based Single Sign-On Solution

Proposed Framework for an Interoperable Electronic Identity Management System

Modinis Study on Identity Management in egovernment

Procedure for How to Enroll for Digital Signature

Server based signature service. Overview

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

Authentication Context Classes for Levels of Assurance for the Swedish eid Framework

Secure Cloud Identity Wallet

Digital signature and e-government: legal framework and opportunities. Raúl Rubio Baker & McKenzie

Personal Deposit Account Application

AK IT-Security 1. E-Government Introduction, Motivation, Demonstration (VO) (KU)

Glossary of Key Terms

eauthentication in Estonia and beyond Tarvi Martens SK

Cartão de Cidadão: Autenticação de Papéis do Cidadão

Using the W3C WebCrypto API for Document Signing

E-Government in Austria. Roland Ledinger Austrian Federal Chancellery

ETSI TS V2.1.1 ( ) Technical Specification

DRAFT Standard Statement Encryption

APPLICATION FOR DIGITAL CERTIFICATE

Verification of digitally signed PDFs

Land Registry. Version /09/2009. Certificate Policy

Submitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex

ACCESSIBILITY CHALLENGES IN E-GOVERNMENT:

ETSI TS V2.1.2 ( )

FEDERAL LAW GAZETTE FOR THE REPUBLIC OF AUSTRIA. Year 2015 Issued on December 11, 2015 Part II

PKI - current and future

PLEASE NOTE: Please contact your government to get more information about the citizen card in your country.

DigiCert. Certificate Policy. DigiCert, Inc. Version 4.03 May 3, 2011

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

AK IT-Sicherheit 1. Identity Management. Bernd Zwattendorfer Graz,

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

AUSTRIAN BUSINESS SERVICE PORTAL

goberlin a Trusted Cloud Marketplace for Governmental and Commercial Services

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Electronic Submission of Medical Documentation (esmd) CDA Digital Signatures. January 8, 2013

How To Use Saml 2.0 Single Sign On With Qualysguard

2014 IBM Corporation

New York State Electronic Signatures and Records Act

Current Research- Cloud Computing and E-Government

D . A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information:

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

How to Complete the Online Application

Forum of European Supervisory Authorities for Electronic Signatures (FESA) Working Paper on Qualified Certificates for Automatically Signing Systems

NATIONAL PROVIDER IDENTIFIER (NPI) APPLICATION/UPDATE FORM

PRISMACLOUD. Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH

Technical Guideline TR Electronic Identities and Trust Services in E-Government

CLASS - III Digital Signature Certificate Application Check List (To be filled by applicant)

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

ETSI TS V1.1.1 ( ) Technical Specification

CERTIFICATION PRACTICE STATEMENT UPDATE

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

GOVERNMENT OF ANDHRA PRADESH ABSTRACT

eid Security Frank Cornelis Architect eid fedict All rights reserved

Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

IBM WebSphere Application Server

ACCOUNT NAME ACCOUNT NUMBER. Company School Trust Informal Body e.g. Reg.Group Specify

Uses of electronic signature in Europe

Overview of Employment and Employee Privacy Laws and Key Trends in Austria

Amendments and Modifications to Internal Procedure Rules of AS Talveaed.

SAFE Digital Signatures in PDF

e-signlive for LotusLive Silanis Online e-signature Services e-signdoc User Guide Connect. Collaborate. Close.

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

Northern Territory International Women s Day Vocational Education and Training Study Grants 2014

PekaoBIZNES 24 QUICK Start. User Guide First steps in the system

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

Signature policy for TUPAS Witnessed Signed Document

Transcription:

The Austrian Citizen Card The use of the electronic signature International public experiences Thomas Rössler, A-SIT, Austria

Austria EU member state approx. 8 mio. citizens 2

3

About us A-SIT Founded: 1999 Business Fields: Attestation of Secure Signature Creation Devices according to the EU Directive on Secure Electronic Signatures (1999/93/EC) Austrian E-Government Initiative Consulting in questions of IT-Security Attestation of Online Payment Systems Secure Information Technology Center Austria Weyringergasse 35, A-1040 Wien, http://www.a-sit.at 4

Content Austrian Identification System the basis for unique identification Austrian Citizen Card Concept the Austrian e-id implementation the link between identities and signatures Applications how to disseminate e-ids and signatures 5

Content Austrian Identification System the basis for unique identification Austrian Citizen Card Concept the Austrian e-id implementation the link between identities and signatures Applications how to disseminate e-ids and signatures 6

The Austrian Identification System CRR SupR Each resident has a unique number ZMR-Zahl in the Central Register of Residents (CRR) 7

The Austrian Identification System Identification is based on unique identification numbers taken from Austria s base registers: e.g. Central Residents Register (CRR), etc. Every person in Austria is registered with such a base register Even foreigners living in Austria can be registered with the so called Supplementary Register (SR) Every person gets assigned a unique personal identification number, the so called Source-PIN 8

The Austrian Identification System Source PIN is unique in contrast to other base identifiers, it is under the sole control of the citizen it must not be stored by any governmental or private party Due to privacy reasons, the Source PIN is not used to identify persons in E-Government processes For Identification in E-Government Processes, we use Sector Specific-PINs (sspin) 9

The Austrian Identification System Each governmental sector (i.e. different areas of the public administration) is assigned a specific alphanumeric code, the sector code For each of these sectors, the Austrian e-id concept foresees a separate unique identifier, which is called the Sector Specific PIN (sspin) The Sector Specific PIN is derived from the person s Source PIN by applying a cryptographic one-way function (Hash-function) Each sspin is different and it is neither possible to calculate the underlying sourcepin nor any other sector s sspin from a given sspin. 10

The Austrian Identification System Break the Doom Loop sourcepin Sector Taxes and Duties SA Sector Social Security GH Add Sector Identifier (SA) to the sourcepin (Concatination) Add Sector Identifier (GH) to the sourcepin (Concatination) One Way Function HASH-Function (SHA-1) One Way Function HASH-Function (SHA-1) sspin for Sector SA sspin for Sector GH 11

Content Austrian Identification System the basis for unique identification Austrian Citizen Card Concept the Austrian e-id implementation the link between identities and signatures Applications how to disseminate e-ids and signatures 12

Austrian Citizen Card Concept Citizen Card holds Electronic Signatures Authentication Electronic Identity Identification 13

Security Layer Austrian Citizen Card Concept For Identification: Source PIN Sector Specific PIN For Authentication: Electronic Signatures Governmental Application Sector Specific PIN + Citizen is identified uniquely (sspin) Citizen Card Identity Link Public Key Source PIN and authenticated by applying electronic signatures 14

Identity-Link The Identity-Link binds: the citizen s unique Identifier (Source-PIN) to the citizen s public keys used for electronic signatures Identity Link Public Key Source PIN thus it contains the following information of a citizen: First Name, Last Name, Date of Birth, Source-PIN the Identity-Link is a SAML 1.0 Assertion which is electronically signed by a governmental authority 15

Security-Layer: a high-level interface Simple XML requests via Web browser Open Interface Security Layer <?xml version="1.0" encoding="utf-8"?> <CreateXMLSignatureRequest xmlns="http://www.cio <KeyboxIdentifier>SecureSignatureKeypair</K <DataObjectInfo Structure="enveloping"> <sl10:dataobject> <sl10:xmlcontent>data to be signed </sl10:xmlcontent> </sl10:dataobject> <sl10:transformsinfo> <sl10:finaldatametainfo> <sl10:mimetype>text/plain</sl10:mim </sl10:finaldatametainfo> </sl10:transformsinfo> </DataObjectInfo> </CreateXMLSignatureRequest> 16

Citizen Card is a Concept! Signature- Card Health-Card Student-Cards Employee-ID Bank-Cards Mobile Phone 17

Content Austrian Identification System the basis for unique identification Austrian Citizen Card Concept the Austrian e-id implementation the link between identities and signatures Applications how to disseminate e-ids and signatures 18

Modules for Online-Applications (MOA) Open Source Modules MOA ID, MOA-wID: Identification MOA SS: server-signatures e.g. official signatures MOA SP: signature-validation MOA ZS: electronic delivery MOA VV: mandates, representation for server-side integration 19

E-Government Applications Applications are major drivers for dissemination! tell users what they can do with it 20

Tax declarations online FinanzOnline 1 Mio. users (04/2006) (username/passw and/or citizen card) 2/3 citzens 1/3 companies and others March 2006: 23 Mio. online transactions so far,14 Mio. tax declarations online 21

Electronic delivery Substitutes registered letters notification e.g. by email signed receipt postal delivery as backup Dual delivery same interface for electronic or postal delivery 22

Mandates Representation of natural and legal persons Signed XML stored in the Citizen Card environment Mandator and representative identified via sourcepin Content defines the mandate Technical revocation of a mandate (OCSP like) Different approach for professional representation or officials 23

Sign using Word 2007 Word 2007 has signature capabilities EGIZ developed a plugin to create official signature deliver signed document electronically 24

Sign PDF documents PDF is a popular viewer format Developed a tool providing two modes text mode Allows reconstruction from printout binary mode 25

Summary The Austrian e-id system bases on personal unique identifiers Source PINs For authentication Electronic Signatures are used Citizen Card is a concept not a specific card the most essential drivers for disseminating Electronic Signatures are applications 26

Thank you for your attention. Thomas Rössler www.a-sit. at thomas.roessler@a-sit.at 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information