brno, 29. april 2003 [email protected]/45 2 nd international scientific conference security...
TRANSCRIPT
![Page 1: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/1.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 1/45
2nd International Scientific Conference Security and Protection of Information
Austrian e-Government and
Citizen Card Initiatives
Herbert Leitold
Secure Information Technology Center – Austria (A-SIT)
![Page 2: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/2.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 2/45
About myself
Working for A-SIT Confirmation body under Austrian Signature Law Notified body w.r.t. EU Electronic Signature
Directive 1999/93/EC Advises public authorities in ICT security aspects
Activities include Technology assessment activities
Electronic signatures, biometrics, IT security tools, … Standardization
EESSI: Common Criteria Protection Profiles that support the EU Electronic Signature Directive
White Book “Austrian Citizen Card”
![Page 3: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/3.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 3/45
2nd International Scientific Conference Security and Protection of Information
@Table of Contents
Introduction e-Government in Europe Austrian e-Government basics
Unique identification Electronic signatures & e-
Gov. European dimension Austrian dimension
Austrian citizen card concept
Identification/Confidentiality levels
Conclusions
![Page 4: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/4.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 4/45
Internet penetration in the EU
Source: Europ. Commission (eEurope benchmarking 2002)
50 %
![Page 5: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/5.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 5/45
e-Government in Europe:
Public services online 2001-2002
Source: Europ. Commission (eEurope benchmarking 2002)
50 %
![Page 6: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/6.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 6/45
e-Government in Europe:
Internet users visiting e-Government sites
Source: Europ. Commission (eEurope benchmarking 2002)
50 %
![Page 7: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/7.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 7/45
Source: Eurobarometer (eEurope benchmarking 2001)
e-Government in Europe:
Government services online 2001
![Page 9: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/9.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 9/45
The starting points ...
Austrian cabinet council decision (Nov. 2000) … to employ chip-card technology to improve
citizen’s access to public services … to supplement the planned health
insurance card with electronic signature
“White book” citizen card (June 2001) defines general requirements and
strategic decisions from an authority’s perspective
![Page 10: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/10.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 10/45
Guiding principles …
The administration doing it’s core business
Open for the market to provide services
Port
als
, h
elp
desks
Linked via Open Interfaces
Choice of access forcitizens
![Page 11: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/11.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 11/45
General structure
STANDARD BUILDING BLOCKS
IdentificationConfidentialityStandard formsxml – printxml – signature
e-deliverye-payment..Knowledge
Management
OPEN INTERFACEPORTAL
![Page 13: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/13.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 13/45
2nd International Scientific Conference Security and Protection of Information
Unique identification
The problem of unique identification
considering PKI, certificates, etc.
Data protection requirements Process specific ID
solution followed in Austria
![Page 14: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/14.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 14/45
EU Signature Directive (1999/93/EC) defines:
considering §2(b), why is there a problem with unique identification ?
§ 2. ‘advanced electronic signature’ means an electronic signature which meets the following requirements:
(a) it is uniquely linked to the signatory;(b) it is capable of identifying the signatory;(c) it is created using means that the signatory can maintain
under his sole control; and(d) it is linked to the data to which it relates in such a manner
that any subsequent change of the data is detectable;
The “identification problem”
![Page 15: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/15.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 15/45
Certification service provider (CSP)
Subscriber/signatory/signer Relying party
Certificate holds• Issuer• Name of signatory (pseudonym)• Public key• Attributes• Validity period• etc.
• How to avoid digital twins?
High quality identification
at the CSP
The PKI “magic triangle”
![Page 16: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/16.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 16/45
The “identification problem”
High-quality identification at the CSP personal appearance, present a photo ID
Authority’s processes require identification certificate not sufficient “digital twins” problem
Possible solutions Online-access to CSP’s registration records Government-owned PKI (has access to registration
records) Permanent/unique ID in the certificate Alternatives ?
CSP
![Page 17: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/17.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 17/45
Data protection concerns
A unique ID (central registration number CRN) is available in the Austrian central registry based on data out of a 2001 census central registration system launched in 2002
CRN may not be used with official proceedings cross-search violates data-protection rules
However, process-specific IDs may be used e.g. a ID for tax declarations e.g. a (different) ID for social security matters
![Page 19: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/19.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 19/45
Process-specific ID
Process-specific ID derived from national
central registration number combined with a process-
specific number
Cryptographic hash prevents tracing back
to registration numbers observes data protection
requirements replaces UID/PWD schemes
![Page 20: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/20.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 20/45
A XML data structure that holds data often used in official proceedings
Given name, family name, date of birth the citizen’s unique ID (CRN) and a citizen’s public key (the citizen may have
several)
signed by the Ministry of Interior
Ties PKI data to an “official electronic identity”Stored with the citizen card under the citizen’s control
Persona-binding
PKIOfficial registry
(CRN)
persona-binding
![Page 21: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/21.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 21/45
2nd International Scientific Conference Security and Protection of Information
Electronic signatures and e-Government
EU signature directive the European dimension
Requirements for SSCDs Evaluation of components
Austrian signature law Relation to the EU directive
Directive1999/93/EC
![Page 22: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/22.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 22/45
EU Signature Directive (1999) lays down:
EESSI developed technical standards e.g. Common Criteria protection profiles (SSCD-PP, CMCSO-PP, ..) EU Commission/A9C to publish reference numbers – binding for EU
§ 5(1) Member States shall ensure that advanced electronic signatures which are based on a qualified certificate and which are created by a secure-signature-creation device:
(a) satisfy the legal requirements of a signature in relation todata in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data; and ...
EU electronic signature directive
![Page 23: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/23.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 23/45
secure signature-creation device
Annex III covers requirements for secure signature-creation
devices to ensure the functionality of advanced electronic
signatures; it does not cover the entire system environment
in which such devices operate; …
means a signature-creation device which meets the requirements laid down in Annex III;
The conformity of secure signature-creation-devices with the
requirements laid down in Annex III shall be determined by
appropriate public or private bodies designated by Member
States.
EU electronic signature directive (cntd.)
![Page 24: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/24.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 24/45
Certification service provider (CSP)
Subscriber/signatory/signer Relying party
creation device
Signature-creation process and environment
Signature-format and syntax
Signature-validation process and environment
Trustworthy
systems
Qualified certificate
Qualified certificate policy
Electronic Signature Standards (EESSI)
![Page 25: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/25.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 25/45
Certification service provider (CSP)
Subscriber/signatory/signer Relying party
creation device
Signature-creation process and environment
Signature-format and syntax
Signature-validation process and environment
Trustworthy
systems
Qualified certificate
Qualified certificate policy
CMCSO-PPCMCKG-PP
SSCD-PP
Common Criteria Protection Profiles
![Page 26: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/26.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 26/45
HIAuthentication data
User Authentication
SCD Import
User Authentication
Personalisation
Signature-Creation
SSCD Type 2
Tru
sted
cha
nnel
**
Trustedchannel **
Trustedchannel
Tru
sted
pat
h*
CGAInit. / SVD into cert.
CGA **SVD into cert.
HIAuthentication data
SCADTBS-representation
SDO
SCADTBS-representation
SDO
CGAInit. / SVD into cert.
User Authentication
User Authentication
Personalisation
Signature-Creation
SSCD Type 3
SVD Export
User Authentication
SCD/SVD GenerationTrustedchannel
Trustedchannel
Tru
sted
pat
h*
SCD ExportSVD Export
User Authentication
SCD/SVD Generation
SSCD Type 1 Tru
sted
chan
nel
Trustedchannel
• Type 1: SCD generation
• Type 2: SCD usage (“to sign”)
• Type 3: “both 1&2”
SSCDs (3 types defined by EESSI)
![Page 27: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/27.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 27/45
DTBS(viewer)
SSCD: the device getting ‘in touch’ with the private key
e.g. a smart-card(1999/93/EC Annex III)
SCD(private key)User authentication
(e.g. PIN entry)
Document
(hash value)
SVD export (public key/certificate)
Electronic Signature
SSCD – a different view
![Page 28: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/28.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 28/45
D T B S
FCS_COP.1/SIGNING
FCS_COP.1/CORRESP
FCS_CKM.1FCS_CKM.1 / _CKM.4
FPT_PHP.1 / _PHP.3
FIA_AFL.2,
…….
FTP_ITC.1
FTP_TRP.1 (*)
FTP_ITC.1
FIA_UAU.1
FMT_SMR.1 (Adm./Sign.)
FDP_ACF.1
SFRs – a few of them
![Page 29: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/29.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 29/45
Austrian signature law (2000)
requirements wrt. evaluation of
technical components vary
§ 18(1) Technical components which allow the forgery of signed data to be reliably recognized and reliably prevent unauthorized use of signature creation data procedures shall be used […].[…](5) The technical components and procedures for generating secure signatures must be constantly and adequately verified using state-of-the-art technology. Compliance with security requirements must be certified by a confirmation body (§ 19).
EU vs. Austrian electronic signature rules
![Page 30: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/30.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 30/45
2nd International Scientific Conference Security and Protection of Information
Austrian Citizen Card
a single specific smart-card? requirements of the
citizen card logical view to the card
security layer / security capsule
How the model is used
![Page 31: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/31.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 31/45
National ID card with chip (2003)
Health insurance card“health care certificate + el. signature”(for each citizen 2004)
ATM card / bank account cardswith electronic signatures(expected for 2004)
further initiatives:• CSPs issuing qualified certificates• Austrian computer society member card• new technologies (PDAs, cell phones, WIM) • student service cards
Several smart-card initiatives …
![Page 32: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/32.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 32/45
Concept “Austrian Citizen Card”
Defines general minimum requirements: secure electronic signatures
i.e., legal equivalence to handwritten signatures,
additional key-pairs ‘general signatures’, encryption
info-boxes to store data persona binding, certificates, power of attorney access control to info-boxes
DH key exchange session key certificates
![Page 33: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/33.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 33/45
Some definitions …
Security Capsule: Combination of the security-relevant components wrt. electronic signatures clear responsibility / liability (signature law)
Security Layer: An interface that provides a logical view to the security capsule
![Page 34: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/34.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 34/45
Security Capsule
Application
add. memory
Security-Layer
card-interface (e.g. PKCS#11)
Hashfunctio
n
PIN pad trustw. viewer
Security Layer vs.
Security Capsule
![Page 35: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/35.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 35/45
Security Capsule
Security-Layer
Elements of the Austrian Citizen Card
MF_BUERGERK
DF_eAPPL
IF_SCHL_BUERGERK
IF_SCHL_eAPPL
EF_DATEN_BUERGERK
EF_DATEN_eAPPL
EF_KEY_eAPPL
EF_ZERT_eAPPL
DF_eSIG
IF_SCHL_eSIG
EF_DATEN_eSIG
EF_SIGKEY_eSIG
EF_ZERT_eSIG
DF_eSV
IF_SCHLÜSSEL_SV
EF_DATEN_SV
EF_SVDATEN_SV
EF_ANSPRUCH_SV
EF_RFU_SV
additionalkey pairs
electronicsignature
individualinfo-boxes
health insurancecertificate
DF_INFOx
IF_SCHL_INFOx
EF_DAT_A_INFOx
EF_DAT_B_INFOx
EF_DAT_C_INFOx
MF_BUERGERK
DF_eAPPL
IF_SCHL_BUERGERK
IF_SCHL_eAPPL
EF_DATEN_BUERGERK
EF_DATEN_eAPPL
EF_KEY_eAPPL
EF_ZERT_eAPPL
DF_eSIG
IF_SCHL_eSIG
EF_DATEN_eSIG
EF_SIGKEY_eSIG
EF_ZERT_eSIG
DF_eSV
IF_SCHLÜSSEL_SV
EF_DATEN_SV
EF_SVDATEN_SV
EF_ANSPRUCH_SV
EF_RFU_SV
additionalkey pairs
electronicsignature
individualinfo-boxes
health insurancecertificate
DF_INFOx
IF_SCHL_INFOx
EF_DAT_A_INFOx
EF_DAT_B_INFOx
EF_DAT_C_INFOx
MF_BUERGERK
DF_eAPPL
IF_SCHL_BUERGERK
IF_SCHL_eAPPL
EF_DATEN_BUERGERK
EF_DATEN_eAPPL
EF_KEY_eAPPL
EF_ZERT_eAPPL
DF_eSIG
IF_SCHL_eSIG
EF_DATEN_eSIG
EF_SIGKEY_eSIG
EF_ZERT_eSIG
DF_eSV
IF_SCHLÜSSEL_SV
EF_DATEN_SV
EF_SVDATEN_SV
EF_ANSPRUCH_SV
MF_BUERGERK
DF_eAPPL
IF_SCHL_BUERGERK
IF_SCHL_eAPPL
EF_DATEN_BUERGERK
EF_DATEN_eAPPL
EF_KEY_eAPPL
EF_ZERT_eAPPL
DF_eSIG
IF_SCHL_eSIG
EF_DATEN_eSIG
EF_SIGKEY_eSIG
EF_ZERT_eSIG
DF_eSV
IF_SCHLÜSSEL_SV
EF_DATEN_SV
EF_SVDATEN_SV
EF_ANSPRUCH_SV
EF_RFU_SV
additionalkey pairs
electronicsignature
individualinfo-boxes
health insurancecertificate
DF_INFOx
IF_SCHL_INFOx
EF_DAT_A_INFOx
EF_DAT_B_INFOx
EF_DAT_C_INFOx
![Page 36: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/36.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 36/45
Simple request/response scheme Application sends request Security Capsule responds
Result or Error code
Protocol elements encoded in XMLTransport layer bindings TCP/IP, SSL/TLS (socket communication) HTTP/HTTPS (capsule acts as simple
Webserver)
Security Capsule
Request
Response
Security Layer Protocol
![Page 40: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/40.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 40/45
2nd International Scientific Conference Security and Protection of Information
Identification / Confidentiality levels
e-Government processeshave different
requirements wrt. identification or
confidentiality Three Security levels
Replacing UID/PWD
![Page 41: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/41.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 41/45
ServerBrowser
SSL/TLS
Based on “conventional” SSL/TLS
Security Level I
no specific requirements
![Page 42: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/42.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 42/45
ServerBrowser
active component
SCT:•time•URL
1
3
SSL/TLS
Authentic.Block:•time•URL•ID
2
Security Level II
usual G2C services
![Page 43: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/43.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 43/45
bind the SSL/TLS
certificatesto citizen card
ServerBrowser
SSL/TLS
active component
Security Level III
specific confidentiality requirements
![Page 44: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/44.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 44/45
Current State
Security Layer Demonstrator implemented in JAVA Used by developers
“golden device” for developing security capsules to test e-Government applications in early stages
Some e-Government applications Applications to social insurance (operational) Registration of a business in Vienna
(operational) Petitions to federal ministries (end 2002) Penal records (Q1 2003) Tax declarations online (Q1 2003)
![Page 45: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/45.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 45/45
2nd International Scientific Conference Security and Protection of Information
Conclusions
Security capsule / layer provide
a technology-neutral interface
to the Austrian citizen card
Electronic signatures are a central element
Concept is the basis of Austrian
e-Government initiatives
e-Austria
![Page 46: Brno, 29. April 2003 Herbert.Leitold@a-sit.at1/45 2 nd International Scientific Conference Security and Protection of Information Austrian e-Government](https://reader036.vdocument.in/reader036/viewer/2022081603/56649c6e5503460f94920da9/html5/thumbnails/46.jpg)
Brn
o, 29
. A
pri
l 20
03
[email protected] 46/45
2nd International Scientific Conference Security and Protection of Information
Thank you foryour attention !