Tutorial 3 peter kustor

Kopfzeile

eID and interoperability
- The Austrian Experience

Peter Kustor
27th September 2011
peter.kustor@bka.gv.at

Table of contents
Citizen Card Concept
eID-innovation: Mobile Phone Signature
eID interoperability in Austria
STORK and lessons learned
Future Challenges

eID and interoperability | 27.9.2011 2|

Fußzeile Seite 1 29.09.2011

Kopfzeile

Citizen Card - Major Milestones
November 2000: Austrian Cabinet Council decision
– … to employ chip-card technology to improve
citizen’s access to public services; to supplement
the planned health insurance card with electronic
signatures
February 2003: 1st Citizen Card
– Austrian Computer Society membership card
March 2004: E-Government Act
– Legal basis of the Identity Management System
2005 - 2010
– Several private-sector and public-sector
borne Citizen Card initiatives


A valid legal basis – the main ingredient

E-Government Act

sector
citizen identity-
mandates source PIN specific
card link
eID

standard-
source PIN supplement official
document
REGISTER REGISTER signature
REGISTER



Kopfzeile

Citizen card (concept)
The Austrian citizen card is
a concept, not a specific
technology

The Citizen Card combines Identity-Link

– electronic signature/
declaration of intent
Authentication
– Unique electronic identity
Identification
– data on representation,
mandates
Representation


Online Identity = CSP + public register

Trust Center: public sector registries
Certification Service Provider
(CSP)

Supplementary
CSP Register
CSP CRR
…
A-Trust BMI

Electronic Identity



Kopfzeile

eID Austria : Overview

LEGAL QUALIFIED
SIGNATUR
+ IDENTIT
Y
E LINK

any private sector Identity = source
PUBLIC PRIVATE CA for qualified pin cryptographically
signatures bound to certificate

only on
DATA PROTECTION openly available the card
in a directory (HSM)

SECTOR SECTOR SECTOR SECTOR

one way mapping into sectors


Identity Link
XML data structure stored in the
Card or in the hardware secure module
that holds: ...
<saml:SubjectConfirmationData>
– personal data: name, date of <pr:Person xsi:type="pr:Physical
<pr:Identification>
birth source
<pr:Value>123456789012</pr:V
<pr:Type>http://reference.e-g
</pr:Identification>
– unique ID “sourcePIN” PIN <pr:Name>
<pr:GivenName>Herbert</pr:Given
– public keys of the <pr:FamilyName>Leitold</pr:Fami
</pr:Name>
certificates ...
<saml:Attribute
signed by the AttributeName="CitizenPublicKey"
... <dsig:RSAKeyValue>
authority <dsig:Modulus>snW8OLCQ49qNefems



Kopfzeile

Electronic identity of natural persons

Base
Central Residents Register Supplementary Register
Number (CRRegNo) Number for non-residents Registers

Source PIN

ssPIN ssPIN ssPIN ssPIN
education Soc. Sec. taxation …


ssPIN: Generation

irreversible Source PIN
derivation

ssPIN a ssPIN b
e.g. constructing &
e.g. taxes & duties
living

Conversion impossible!

eID and interoperability | 27.9.2011 10 |


Kopfzeile

Citizen Cards

Cards:
•Health insurance cards: 100 % coverage,
activation free of charge for citizens
• official’s service card
• Certification service provider signature cards
• student service cards, etc.

Mobile phone signatures:
• Start 2009
• free of charge for citizens


eID citizen card function

Access to e-gov:
• eForms Access to e-business:
• eHealth • eBanking
Within • eDelivery • eBilling
• eDocument-Safe • eProcurement
administration:
• eUniversity • CyberDoc
• eSignature
• eVoting • Archivium
• eRegisters
• eDelivery
• eFile System


Kopfzeile

Server Side – Open Source Programme
Basic modules for integration into
applications
– Open Source, free for public &
private sector
MOA – Module for On-line
Applications
– Identification (MOA-ID)
– Signature validation / creation
(MOA-SS/SP)
– Electronic delivery (MOA-ZS)
– Representation (MOA-VV)
– Official signatures (MOA-AS)

Variants
Minimum-footprint

Mobile Phone

Local installation



Kopfzeile

Table of contents
Future Challenges


Demo

Log On at
HELP
ONLINE



Kopfzeile

mobile phone signature
server-based citizen card solution for
qualified electronic signatures via mobile phone
familiar technology and comfortable alternative to the
current smartcards
important step towards usability and dissemination of
modern eGovernment services because
– no software installation on the local PC,
– no special computer skills and
– no card readers are needed for use.


Mobile phone signature
Core Aspects
– Operated by a Certification Service
Provider (CSP) for qualified certificates
– Signature-creation data (cryptographic
keys) kept at CSP but controlled by the
signatory
• 2-factor authentication (knowledge &
possession) as known from smartcards
– Secure Signature-Creation Device
• 1999/93/EC Annex III, confirmed by a
notified body


Kopfzeile

Features of mobile phone signature

No requirement on the mobile phone or SIM
– Just receiving SMS
Zero-footprint: no local installation, just the browser
Revocation of a certificate is definite – the signature-creation
data are destroyed (unlike with signature cards)
– Actually, revocation checking could be omitted, if relying on
that fact
Identity data is communicated from the operator directly to the
application
– Reduces verification needs and residual risks


Features of mobile phone signature
Free of charge for users
Alternative to card-based eID
Platform- and location independent
Trustworthy and secure
User-friendly
High-potential also in private sector applications



Kopfzeile

Registration possibilities
„self registration“ using a qualified
signature (existing citizen card):
https://www.handy-signatur.at/

Registration authorities/ registration
officers at various institutions (expanding: finance
authorities, post offices…)
https://www.a-trust.at/Aktivierung/ro/OfficerData.aspx?t=mobile

Using „trusted systems“ (currently e.g. FinanzOnline,
registration via online banking in cooperation with telecom providers)


Table of contents
Future Challenges



Kopfzeile

Integration of foreign eIDs
Framework for the legal equality of
foreign signature cards with the
Austrian citizen card concept:
§ 6 Abs. 5 E-GovG and „equality
regulation“
Registration in the Supplementary
Register without explicit proof of
registration data, if
– an Application contains a qualified
signature, that
– is based on an equivalent proof of
unique identity (§ 2 Z 2 E-GovG) in the
country of origin.
Currently the eIDs of Belgium,
Estonia, Finland, Iceland, Italy,
Liechtenstein, Lithuania, Portugal,
Sweden, Slovenia and Spain meet
these interoperability | 27.9.2011
eID and requirements. 23 |

Table of contents
Future Challenges



Kopfzeile

EU “Large Scale” pilots
Electronic Procurement
Large Scale Pilot PEPPOL
www.peppol.eu

Electronic Identity
Large Scale Pilot STORK
www.eid-stork.eu

Service Directive
Large Scale Pilot SPOCS
www.eu-spocs.eu

eHealth
Large Scale Pilot epSOS www.epsos.eu

e-Justice Communication
Large Scale Pilot e-CODEX www.e-codex.eu


STORK-Outcome: it works…
www.eesti.ee
https://circabc.europa.eu
www.myhelp.gv.at
www.meinbrief.at
https://abnahme.service-bw.de/idm-web-
portal/page/protected/index/index.faces?action=init&stor
k=true
http://saferchat.eid.is/



Kopfzeile

Electronic delivery (www.meinbrief.at)





Kopfzeile



STORK - mission complete?

STORK is about making it happen - i.e. PILOTS


Kopfzeile



we currently prepare for STORK 2.0


Kopfzeile

Table of contents
Future Challenges



we learned what is to be done


Kopfzeile


Digital Agenda - the next step



Kopfzeile

eID - essential challenges

Non-natural Persons (e.g. companies)
– where time equals money and
– where identity and privacy (e.g. IP protection ..) really counts
Mobility - eID with and through mobile devices
– convenience
– availability
– simplicity
– we have to go to the citizen - not vice versa
Impacts of Cloud Computing on eID
– cloud is opening up an ample set of security questions
– it is a chance and a challenge
– while not a technology by itself it changes assumptions

how to extend take-up and use
reduce complexity
– Amend (simplify!) legal framework and create legally secure
conditions
– public opinion still assigns high complexity with eID
– technology is high up in barriers
– these barriers are also perceived by application providers
which is hampering services

easier access to technology
– people who used eID once stay with it

the user must see the need



Kopfzeile

Thank you
for your attention!

Peter Kustor
Federal Chancellery of Austria

Ballhausplatz 2
1014 Vienna
Phone: +43 53115 2554
Peter.Kustor@bka.gv.at
http://digitales.oesterreich.gv.at or
http://digital.austria.gv.at

Components

User

Mobile phone


Kopfzeile

Components

Web-Frontend

HSM

- Creation of crypto-keys
- Decryption of signature
creation data
- Creation of qualified SMS Gateway
electronic signatures

Signature key DB

Signature-creation data
(private keys) are encrypted
under
- Citizen password
- Mobile number
- Secret HSM key

Registration


Kopfzeile

Registration

Password
Enter mobile number
Mob-Nr.
Needs to verify possession
Choose password

Generate one-time code
(OTC) Identification

Send OTC via SMS

OTC

Registration II

Possession verified Code

Generate signature-
creation data (private
keys) and encrypt under
Code

- Citizen password Verify possession
- Mobile number
- Secret HSM key

Encrypted storage in DB Code


Kopfzeile

Registration II

Possession verified Code

Generate signature-
creation data (private
keys) and encrypt under

Code
- Citizen password
- Mobile number
- Secret HSM key

Encrypted storage in DB Signature-creation data (private keys) only
Code
a) inside the HSM or
b) encrypted storage
(under key (HSM, mobile number ...)

Signature-creation


Kopfzeile

Signature-creation

Request

password Enter password

Mob-Nr.
Enter mobile number

Application redirects to
signature website

Application prepares a
signature request

Signature-creation I

Display

Generate hash-value Confirm

Generate SMS one-time
code (OTC)

Send OTC and hash-value
via SMS Code


Kopfzeile

Signature-creation II

Possession verified
Code

Load and decrypt the Enter OTC, verify hash
signature-creation data to
HSM using

Code
- Mobile number
- Secret HSM key

Signature-creation in the Code
HSM

Signature-creation II

Possession verified
Besitz verifiziert
Code

Load and decrypt the Enter OTC
Wiederherstellen der to
signature-creation data
Signaturerstellungsdaten
HSM using
Code

aus Datenbank mit
- Schlüssel des HSM
-- Schlüsselnumber
Mobile aus Kennwort
- Secret HSM key

Signature-creation in
Signaturerstellung mitthe
HSM
Signaturerstellungsdaten
The Code
one-time code (OTC) verifies possession of the phone

Using the signature-creation data (private keys) only
a) inside the HSM and
b) after having entered the user password
c) linked to the mobile number


Kopfzeile

Signature-creation III

Returning the XML Signature returned to the
Signature
signature application

Mobile Phone Signature – Legal Assessment

Mobile Phone Signature = Citizen Card?
Citizen Card = qualified signature + identity link

Mobile Phone Signature = qualified signature?
Qualified Signature = advanced electronic signature
+ qualified certificate
+ SSCD


Kopfzeile

Advanced Electronic Signature
is uniquely linked to the signatory
it is capable of identifying the signatory
it is created using means that the signatory can maintain
under his sole control
it is linked to the data to which it relates in such a manner
that any subsequent change of the data is detectable



Kopfzeile

„is uniquely linked to the signatory“

the signature-creation-data used for signature
generation (and the corresponding signature
verification data) can practically occur only once



Kopfzeile

„ it is capable of identifying the signatory “
Authenticity
practically impossible to create the same key pair twice
ensured that a signature that is verifiable using signature
verification data (public key in the certificate) has been
created with the corresponding signature-creation data
(private key)
practically impossible that signature-creation data can be
derived



Kopfzeile

„using means that the signatory can maintain under
his sole control “
Signature-creation authorised only by the signatory
Multifactor authentication: knowledge and possession
Does “can maintain under sole control” mean that it must
be ensured by hardware means? NO!
„…to be assumed that ‘sole control’ can be achieved with appropriate
technical or organisational means even with software certificates
[…] … security measures need to be in place providing that the
signatory can enforce his sole control…“ (RV 293 BlgNR 23. GP)
– see also FESA - working paper on advanced
electronic signatures and “Public Statement on Server
Based Signature Services”: “…FESA members believe that
sole control at least of the signature creation data can be achieved
and that advanced electronic signatures can be created by a
server based signature service…“!



Kopfzeile

„it is linked to the data to which it relates in such a manner that any
subsequent change of the data is detectable “

Integrity
practically impossible that different electronic data result in
the same signature or can be created from a given
electronic signature.



Kopfzeile

Qualified Signature?

Qualified Signature = advanced el. signature


+ SSCD

Qualified Certificate

Qualified
Certficate

Certificate content Requirements
Annex I Annex II
1999/93/EC 1999/93/EC


Kopfzeile

Certificate Content (Annex I)
indication that the certificate is issued as a qualified
certificate
identification of the CSP and the State in which it is
established
name of the signatory (or a pseudonym identified as
such)
signature-verification data which correspond to
signature-creation data under the control of the signatory
beginning and end of the period of validity of the
certificate
identity code of the certificate
advanced electronic signature of the CSP issuing it
Further options: limitations on scope, value of
transaction, specific attributes of the signatory

Requirements on the CSP (Annex II)
reliability necessary for providing certification services
secure directory and a secure and immediate revocation service
precise date and time when a certificate is issued or revoked
verify identity and, if applicable, specific attributes of the signatory
personnel with expert knowledge, experience, and qualifications
(managerial level, electr. signature technology, security
procedures)
trustworthy systems and products - protected against modification
and ensuring the technical and cryptographic security;
measures against forgery of certificates, and, in cases where the
CSP generates signature-creation data, guarantee its
confidentiality
sufficient financial resources (to bear the risk of liability for
damages)
etc.


Kopfzeile




+ SSCD

SSCD
Confirmation by a designated body (Art. 3(4) of
1999/93/EC)
§ 6 Abs. 3 Signature Order 2008: Organisational
security measures possible, if components are
operated in a “controlled environment” (e.g., qualified
and reliable personnel, appropriate physical and
logical access control).
A-SIT conformity certificate: 2.11.2009
According to Art. 3 para 4 second subpara of the
Directive, this attestation (“determination of
conformity with the requirements laid down in Annex
III”) is to be recognised by all Member States.


Kopfzeile




+ SSCD

Mobile Phone Signature – Legal Assessment

Mobile Phone Signature = Citizen Card?
Citizen Card = qualified signature + identity link

Mobile Phone Signature = qualified signature?
Qualified Signature = advanced electronic signature
+ SSCD


Tutorial 3 peter kustor

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (19)

Ähnlich wie Tutorial 3 peter kustor

Ähnlich wie Tutorial 3 peter kustor (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Tutorial 3 peter kustor