the austrian citizen card

The Austrian Citizen Card

The use of the electronic signature –

International public experiences

Thomas Rössler, A-SIT, Austria

2

Austria EU member state

approx. 8 mio. citizens

About us… A-SIT

– Founded: 1999

– Business Fields:

– Attestation of Secure Signature Creation Devices according to the

EU Directive on Secure Electronic Signatures (1999/93/EC)

– Austrian E-Government Initiative

– Consulting in questions of IT-Security

– Attestation of Online Payment Systems

4

Secure Information Technology Center – Austria

Weyringergasse 35, A-1040 Wien, http://www.a-sit.at

Content

– Austrian Identification System… the basis for unique identification

5

– Austrian Citizen Card Concept… the Austrian e-ID implementation

… the link between identities and signatures

– Applications

… how to disseminate e-IDs and signatures

Content


6



– Applications


The Austrian Identification System

7

CRR

SupR

Each resident has a unique number „ZMR-Zahl“

in the Central Register of Residents (CRR)


– Identification is based on unique identification numbers taken

from Austria’s base registers:

– e.g. Central Residents Register (CRR), etc.

– Every person in Austria is registered with such a

base register

– Even foreigners living in Austria can be registered with the so

called Supplementary Register (SR)

8

Every person gets assigned a unique personal

identification number, the so called Source-PIN


– Source PIN

– … is unique

– … in contrast to other base identifiers,

it is under the sole control of the citizen

– … it must not be stored by any

governmental or private party

– Due to privacy reasons, the Source PIN is not used to identify

persons in E-Government processes

9

For Identification in E-Government Processes, we use

Sector Specific-PINs (ssPIN)


– Each governmental sector (i.e. different areas of the public

administration) is assigned a specific alphanumeric code, the

sector code

– For each of these sectors, the Austrian e-ID concept foresees a

separate unique identifier, which is called the

Sector Specific PIN (ssPIN)

– The Sector Specific PIN is derived from the person’s Source PIN

by applying a cryptographic one-way function (Hash-function)

10

Each ssPIN is different and it is neither possible to

calculate the underlying sourcePIN nor any other

sector’s ssPIN from a given ssPIN.


– Break the

„Doom Loop“

sourcePIN

Sector

„Taxes and Duties“

SA

Sector

„Social Security“

GH

Add Sector Identifier (SA) to the

sourcePIN (Concatination)

Add Sector Identifier (GH) to the

sourcePIN (Concatination)

One Way Function

HASH-Function (SHA-1)

One Way Function

HASH-Function (SHA-1)

ssPIN for Sector SA

ssPIN for Sector GH

11

Content


12



– Applications


Austrian Citizen Card Concept

– Citizen Card holds…

– Electronic Signatures Authentication

– Electronic Identity Identification

13

Austrian Citizen Card Concept

– For Identification: Source PIN Sector Specific PIN

– For Authentication: Electronic Signatures

14

+

Identity Link

Public KeySource PIN

Governmental

Application

Citizen is identified

uniquely (ssPIN)

and authenticated

by applying electronic

signatures

Citizen Card

Sector

Specific

PINSe

cu

rity

La

ye

r

Identity-Link

– The Identity-Link binds:

– the citizen‘s unique Identifier (Source-PIN)

to

– the citizen‘s public keys used for electronic signatures

– thus it contains the following information of a citizen:

– First Name, Last Name, Date of Birth, Source-PIN

– the Identity-Link is a SAML 1.0 Assertion which is electronically

signed by a governmental authority

15

Identity Link

Public KeySource PIN

– Simple XML requests via Web browser

Security-Layer: a high-level interface

16

<?xml version="1.0" encoding="UTF-8"?>

<CreateXMLSignatureRequest xmlns="http://www.cio

<KeyboxIdentifier>SecureSignatureKeypair</K

<DataObjectInfo Structure="enveloping">

<sl10:DataObject>

<sl10:XMLContent>Data to be signed

</sl10:XMLContent>

</sl10:DataObject>

<sl10:TransformsInfo>

<sl10:FinalDataMetaInfo>

<sl10:MimeType>text/plain</sl10:Mim

</sl10:FinalDataMetaInfo>

</sl10:TransformsInfo>

</DataObjectInfo>

</CreateXMLSignatureRequest>

Open Interface Security Layer

Citizen Card is a „Concept“!

17

Signature- Card

Bank-Cards

Health-Card

Student-Cards

Mobile Phone

Employee-ID

Content


18



– Applications


Modules for Online-Applications (MOA)

– Open Source Modules – MOA–ID, MOA-wID: Identification

– MOA–SS: server-signatures

– e.g. official signatures

– MOA–SP: signature-validation

– MOA–ZS: electronic delivery

– MOA–VV: mandates, representation

for server-side integration

19

E-Government Applications

– Applications are major drivers for dissemination!

– … tell users what they can do with it …

20

Tax declarations online

– FinanzOnline– 1 Mio. users (04/2006)

(username/passw and/or citizen card)

– 2/3 citzens

– 1/3 companies and others

– March 2006: 23 Mio. online

transactions

– so far,14 Mio. tax declarations

online

21

Electronic delivery

22

– Substitutes registered letters

– notification e.g. by email

– signed receipt

– postal delivery as backup

– Dual delivery

– same interface for electronic or

postal delivery

Mandates

– Representation of natural

and legal persons

– Signed XML stored in the

Citizen Card environment

– Mandator and representative

identified via sourcePIN

– Content defines the mandate

– Technical revocation of a

mandate (OCSP like)

– Different approach for

professional representation

or officials 23

Sign using Word 2007

– Word 2007 has

signature capabilities

– EGIZ developed a

plugin to

– create official signature

– deliver signed document

electronically

24

Sign PDF documents

– PDF is a popular viewer format

– Developed a tool providing

two modes

– text mode

Allows reconstruction

from printout

– binary mode

25

Summary

26

– The Austrian e-ID system bases on personal unique identifiers –

Source PINs

– For authentication Electronic Signatures are used

– Citizen Card is a concept – not a specific card

– the most essential drivers for disseminating Electronic Signatures

are applications

27

Thomas Rössler

www.a-sit. at

[email protected]

Thank you for your attention….

the austrian citizen card

Documents