the austrian citizen card
Post on 01-Jan-2017
226 Views
Preview:
TRANSCRIPT
The Austrian Citizen Card
The use of the electronic signature –
International public experiences
Thomas Rössler, A-SIT, Austria
About us… A-SIT
– Founded: 1999
– Business Fields:
– Attestation of Secure Signature Creation Devices according to the
EU Directive on Secure Electronic Signatures (1999/93/EC)
– Austrian E-Government Initiative
– Consulting in questions of IT-Security
– Attestation of Online Payment Systems
4
Secure Information Technology Center – Austria
Weyringergasse 35, A-1040 Wien, http://www.a-sit.at
Content
– Austrian Identification System… the basis for unique identification
5
– Austrian Citizen Card Concept… the Austrian e-ID implementation
… the link between identities and signatures
– Applications
… how to disseminate e-IDs and signatures
Content
– Austrian Identification System… the basis for unique identification
6
– Austrian Citizen Card Concept… the Austrian e-ID implementation
… the link between identities and signatures
– Applications
… how to disseminate e-IDs and signatures
The Austrian Identification System
7
CRR
SupR
Each resident has a unique number „ZMR-Zahl“
in the Central Register of Residents (CRR)
The Austrian Identification System
– Identification is based on unique identification numbers taken
from Austria’s base registers:
– e.g. Central Residents Register (CRR), etc.
– Every person in Austria is registered with such a
base register
– Even foreigners living in Austria can be registered with the so
called Supplementary Register (SR)
8
Every person gets assigned a unique personal
identification number, the so called Source-PIN
The Austrian Identification System
– Source PIN
– … is unique
– … in contrast to other base identifiers,
it is under the sole control of the citizen
– … it must not be stored by any
governmental or private party
– Due to privacy reasons, the Source PIN is not used to identify
persons in E-Government processes
9
For Identification in E-Government Processes, we use
Sector Specific-PINs (ssPIN)
The Austrian Identification System
– Each governmental sector (i.e. different areas of the public
administration) is assigned a specific alphanumeric code, the
sector code
– For each of these sectors, the Austrian e-ID concept foresees a
separate unique identifier, which is called the
Sector Specific PIN (ssPIN)
– The Sector Specific PIN is derived from the person’s Source PIN
by applying a cryptographic one-way function (Hash-function)
10
Each ssPIN is different and it is neither possible to
calculate the underlying sourcePIN nor any other
sector’s ssPIN from a given ssPIN.
The Austrian Identification System
– Break the
„Doom Loop“
sourcePIN
Sector
„Taxes and Duties“
SA
Sector
„Social Security“
GH
Add Sector Identifier (SA) to the
sourcePIN (Concatination)
Add Sector Identifier (GH) to the
sourcePIN (Concatination)
One Way Function
HASH-Function (SHA-1)
One Way Function
HASH-Function (SHA-1)
ssPIN for Sector SA
ssPIN for Sector GH
11
Content
– Austrian Identification System… the basis for unique identification
12
– Austrian Citizen Card Concept… the Austrian e-ID implementation
… the link between identities and signatures
– Applications
… how to disseminate e-IDs and signatures
Austrian Citizen Card Concept
– Citizen Card holds…
– Electronic Signatures Authentication
– Electronic Identity Identification
13
Austrian Citizen Card Concept
– For Identification: Source PIN Sector Specific PIN
– For Authentication: Electronic Signatures
14
+
Identity Link
Public KeySource PIN
Governmental
Application
Citizen is identified
uniquely (ssPIN)
and authenticated
by applying electronic
signatures
Citizen Card
Sector
Specific
PINSe
cu
rity
La
ye
r
Identity-Link
– The Identity-Link binds:
– the citizen‘s unique Identifier (Source-PIN)
to
– the citizen‘s public keys used for electronic signatures
– thus it contains the following information of a citizen:
– First Name, Last Name, Date of Birth, Source-PIN
– the Identity-Link is a SAML 1.0 Assertion which is electronically
signed by a governmental authority
15
Identity Link
Public KeySource PIN
– Simple XML requests via Web browser
Security-Layer: a high-level interface
16
<?xml version="1.0" encoding="UTF-8"?>
<CreateXMLSignatureRequest xmlns="http://www.cio
<KeyboxIdentifier>SecureSignatureKeypair</K
<DataObjectInfo Structure="enveloping">
<sl10:DataObject>
<sl10:XMLContent>Data to be signed
</sl10:XMLContent>
</sl10:DataObject>
<sl10:TransformsInfo>
<sl10:FinalDataMetaInfo>
<sl10:MimeType>text/plain</sl10:Mim
</sl10:FinalDataMetaInfo>
</sl10:TransformsInfo>
</DataObjectInfo>
</CreateXMLSignatureRequest>
Open Interface Security Layer
Citizen Card is a „Concept“!
17
Signature- Card
Bank-Cards
Health-Card
Student-Cards
Mobile Phone
Employee-ID
Content
– Austrian Identification System… the basis for unique identification
18
– Austrian Citizen Card Concept… the Austrian e-ID implementation
… the link between identities and signatures
– Applications
… how to disseminate e-IDs and signatures
Modules for Online-Applications (MOA)
– Open Source Modules – MOA–ID, MOA-wID: Identification
– MOA–SS: server-signatures
– e.g. official signatures
– MOA–SP: signature-validation
– MOA–ZS: electronic delivery
– MOA–VV: mandates, representation
for server-side integration
19
E-Government Applications
– Applications are major drivers for dissemination!
– … tell users what they can do with it …
20
Tax declarations online
– FinanzOnline– 1 Mio. users (04/2006)
(username/passw and/or citizen card)
– 2/3 citzens
– 1/3 companies and others
– March 2006: 23 Mio. online
transactions
– so far,14 Mio. tax declarations
online
21
Electronic delivery
22
– Substitutes registered letters
– notification e.g. by email
– signed receipt
– postal delivery as backup
– Dual delivery
– same interface for electronic or
postal delivery
Mandates
– Representation of natural
and legal persons
– Signed XML stored in the
Citizen Card environment
– Mandator and representative
identified via sourcePIN
– Content defines the mandate
– Technical revocation of a
mandate (OCSP like)
– Different approach for
professional representation
or officials 23
Sign using Word 2007
– Word 2007 has
signature capabilities
– EGIZ developed a
plugin to
– create official signature
– deliver signed document
electronically
24
Sign PDF documents
– PDF is a popular viewer format
– Developed a tool providing
two modes
– text mode
Allows reconstruction
from printout
– binary mode
25
Summary
26
– The Austrian e-ID system bases on personal unique identifiers –
Source PINs
– For authentication Electronic Signatures are used
– Citizen Card is a concept – not a specific card
– the most essential drivers for disseminating Electronic Signatures
are applications
top related