tutorial 3 peter kustor
Post on 20-Oct-2014
933 views
DESCRIPTION
TRANSCRIPT
Kopfzeile
29.09.2011Fußzeile Seite 1
eID and interoperability
- The Austrian Experience
Peter Kustor27th September [email protected]
eID and interoperability | 27.9.2011 2 |
Table of contents
� Citizen Card Concept
� eID-innovation: Mobile Phone Signature
� eID interoperability in Austria
� STORK and lessons learned
� Future Challenges
Kopfzeile
29.09.2011Fußzeile Seite 2
eID and interoperability | 27.9.2011 3 |
Citizen Card - Major Milestones
� November 2000: Austrian Cabinet Council decision
– … to employ chip-card technology to improve citizen’s access to public services; to supplement the planned health insurance card with electronic signatures
� February 2003: 1st Citizen Card
– Austrian Computer Society membership card
� March 2004: E-Government Act
– Legal basis of the Identity Management System
� 2005 - 2010
– Several private-sector and public-sector borne Citizen Card initiatives
eID and interoperability | 27.9.2011 4 |
A valid legal basis – the main ingredient
E-Government Act
citizen
card
identity-link
mandates source PINsector
specificeID
source PINREGISTER
supplementREGISTER
standard-documentREGISTER
officialsignature
Kopfzeile
29.09.2011Fußzeile Seite 3
eID and interoperability | 27.9.2011 5 |
Citizen card (concept)
� The Austrian citizen card is a concept, not a specific technology
� The Citizen Card combines– electronic signature/
declaration of intent
� Authentication
– Unique electronic identity
� Identification
– data on representation, mandates
� Representation
Identity-Link
eID and interoperability | 27.9.2011 6 |
Trust Center: Certification Service Provider(CSP)
public sector registries
Online Identity = CSP + public register
CRRBMI
Electronic Identity
CSPA-Trust
CSP…
SupplementaryRegister
Kopfzeile
29.09.2011Fußzeile Seite 4
eID and interoperability | 27.9.2011 7 |
eID Austria : Overview
LEGAL
PUBLIC PRIVATE
DATA PROTECTION
QUALIFIEDSIGNATURE
IDENTITYLINK
+
only on the card (HSM)
Identity = sourcepin cryptographically bound to certificate
any private sectorCA for qualified signatures
openly available in a directory
SECTOR SECTOR SECTORSECTOR
one way mapping into sectors
eID and interoperability | 27.9.2011 8 |
Identity Link
� XML data structure stored in the
Card or in the hardware secure module
that holds:
– personal data: name, date of
birth
– unique ID “sourcePIN”
– public keys of the
certificates
signed by the
authority
...
<saml:SubjectConfirmationData>
<pr:Person xsi:type="pr:Physical
<pr:Identification>
<pr:Value>123456789012</pr:V
<pr:Type>http://reference.e-g
</pr:Identification>
<pr:Name>
<pr:GivenName>Herbert</pr:Given
<pr:FamilyName>Leitold</pr:Fami
</pr:Name>
...
<saml:Attribute
AttributeName="CitizenPublicKey"
... <dsig:RSAKeyValue>
<dsig:Modulus>snW8OLCQ49qNefems
sourcePIN
Kopfzeile
29.09.2011Fußzeile Seite 5
eID and interoperability | 27.9.2011 9 |
Electronic identity of natural persons
Central Residents RegisterNumber (CRRegNo)
Central Residents RegisterNumber (CRRegNo)
Source PINSource PIN
ssPIN
education
ssPIN
Soc. Sec.
ssPIN
taxation
ssPIN
…
Base
RegistersSupplementary Register Number for non-residentsSupplementary Register Number for non-residents
eID and interoperability | 27.9.2011 10 |
ssPIN: Generation
Conversion impossible!
ssPIN a
e.g. taxes & dutiese.g. constructing &
living
ssPIN b
irreversiblederivation
Source PINSource PIN
Kopfzeile
29.09.2011Fußzeile Seite 6
eID and interoperability | 27.9.2011 11 |
Citizen Cards
Cards:
•Health insurance cards: 100 % coverage,
activation free of charge for citizens
• official’s service card
• Certification service provider signature cards
• student service cards, etc.
Mobile phone signatures:
• Start 2009
• free of charge for citizens
eID and interoperability | 27.9.2011 12 |
eID citizen card function
Access to e-business:• eBanking
• eBilling
• eProcurement
• CyberDoc
• Archivium
• eDelivery
Within
administration:• eSignature
• eRegisters
• eFile System
Access to e-gov:• eForms
• eHealth
• eDelivery
• eDocument-Safe
• eUniversity
• eVoting
Kopfzeile
29.09.2011Fußzeile Seite 7
eID and interoperability | 27.9.2011 13 |
Server Side – Open Source Programme
� Basic modules for integration into
applications
– Open Source, free for public &
private sector
� MOA – Module for On-line
Applications
– Identification (MOA-ID)
– Signature validation / creation
(MOA-SS/SP)
– Electronic delivery (MOA-ZS)
– Representation (MOA-VV)
– Official signatures (MOA-AS)
eID and interoperability | 27.9.2011 14 |
Variants
Local installation
Mobile Phone
Minimum-footprint
Kopfzeile
29.09.2011Fußzeile Seite 8
eID and interoperability | 27.9.2011 15 |
Table of contents
� Citizen Card Concept
� eID-innovation: Mobile Phone Signature
� eID interoperability in Austria
� STORK and lessons learned
� Future Challenges
eID and interoperability | 27.9.2011 16 |
Demo
� Log On at
HELPONLINE
Kopfzeile
29.09.2011Fußzeile Seite 9
eID and interoperability | 27.9.2011 17 |
mobile phone signature
� server-based citizen card solution for
� qualified electronic signatures via mobile phone
� familiar technology and comfortable alternative to the
current smartcards
� important step towards usability and dissemination of
modern eGovernment services because
– no software installation on the local PC,
– no special computer skills and
– no card readers are needed for use.
eID and interoperability | 27.9.2011 18 |
Mobile phone signature
� Core Aspects
– Operated by a Certification Service Provider (CSP) for qualified certificates
– Signature-creation data (cryptographic keys) kept at CSP but controlled by the signatory
• 2-factor authentication (knowledge &
possession) as known from smartcards
– Secure Signature-Creation Device
• 1999/93/EC Annex III, confirmed by a
notified body
Kopfzeile
29.09.2011Fußzeile Seite 10
eID and interoperability | 27.9.2011 19 |
Features of mobile phone signature
� No requirement on the mobile phone or SIM
– Just receiving SMS
� Zero-footprint: no local installation, just the browser
� Revocation of a certificate is definite – the signature-creation data are destroyed (unlike with signature cards)
– Actually, revocation checking could be omitted, if relying on that fact
� Identity data is communicated from the operator directly to the application
– Reduces verification needs and residual risks
eID and interoperability | 27.9.2011 20 |
Features of mobile phone signature
� Free of charge for users
� Alternative to card-based eID
� Platform- and location independent
� Trustworthy and secure
� User-friendly
� High-potential also in private sector applications
Kopfzeile
29.09.2011Fußzeile Seite 11
eID and interoperability | 27.9.2011 21 |
Registration possibilities
� „self registration“ using a qualified
signature (existing citizen card):
https://www.handy-signatur.at/
� Registration authorities/ registration
officers at various institutions (expanding: finance
authorities, post offices…)
https://www.a-trust.at/Aktivierung/ro/OfficerData.aspx?t=mobile
� Using „trusted systems“ (currently e.g. FinanzOnline,
registration via online banking in cooperation with telecom providers)
eID and interoperability | 27.9.2011 22 |
Table of contents
� Citizen Card Concept
� eID-innovation: Mobile Phone Signature
� eID interoperability in Austria
� STORK and lessons learned
� Future Challenges
Kopfzeile
29.09.2011Fußzeile Seite 12
eID and interoperability | 27.9.2011 23 |
Integration of foreign eIDs
� Framework for the legal equality of
foreign signature cards with the
Austrian citizen card concept:
§ 6 Abs. 5 E-GovG and „equality
regulation“
� Registration in the Supplementary
Register without explicit proof of
registration data, if
– an Application contains a qualified
signature, that
– is based on an equivalent proof of
unique identity (§ 2 Z 2 E-GovG) in the
country of origin.
� Currently the eIDs of Belgium,
Estonia, Finland, Iceland, Italy,
Liechtenstein, Lithuania, Portugal,
Sweden, Slovenia and Spain meet
these requirements.
eID and interoperability | 27.9.2011 24 |
Table of contents
� Citizen Card Concept
� eID-innovation: Mobile Phone Signature
� eID interoperability in Austria
� STORK and lessons learned
� Future Challenges
Kopfzeile
29.09.2011Fußzeile Seite 13
eID and interoperability | 27.9.2011 25 |
EU “Large Scale” pilots
LargeLarge ScaleScale PilotPilot PEPPOLPEPPOL
LargeLarge ScaleScale PilotPilot STORKSTORK
Electronic Identity
www.peppol.eu
www.eid-stork.eu
LargeLarge ScaleScale PilotPilot SPOCSSPOCS
Service Directive
www.eu-spocs.eu
LargeLarge ScaleScale PilotPilot epSOSepSOS
eHealth
www.epsos.eu
Electronic Procurement
LargeLarge ScaleScale PilotPilot ee--CODEXCODEX
e-Justice Communication
www.e-codex.eu
eID and interoperability | 27.9.2011 26 |
STORK-Outcome: it works…� www.eesti.ee
� https://circabc.europa.eu
� www.myhelp.gv.at
� www.meinbrief.at
� https://abnahme.service-bw.de/idm-web-
portal/page/protected/index/index.faces?action=init&stor
k=true
� http://saferchat.eid.is/
Kopfzeile
29.09.2011Fußzeile Seite 14
eID and interoperability | 27.9.2011 27 |
Electronic delivery (www.meinbrief.at)
eID and interoperability | 27.9.2011 28 |
Electronic delivery (www.meinbrief.at)
Kopfzeile
29.09.2011Fußzeile Seite 15
eID and interoperability | 27.9.2011 29 |
Electronic delivery (www.meinbrief.at)
eID and interoperability | 27.9.2011 30 |
STORK - mission complete?
STORK is about making it happen - i.e. PILOTS
Kopfzeile
29.09.2011Fußzeile Seite 16
eID and interoperability | 27.9.2011 31 |
eID and interoperability | 27.9.2011 32 |
STORK - mission complete?
we currently prepare for STORK 2.0
Kopfzeile
29.09.2011Fußzeile Seite 17
eID and interoperability | 27.9.2011 33 |
Table of contents
� Citizen Card Concept
� eID-innovation: Mobile Phone Signature
� eID interoperability in Austria
� STORK and lessons learned
� Future Challenges
eID and interoperability | 27.9.2011 34 |
STORK - mission complete?
we learned what is to be done
Kopfzeile
29.09.2011Fußzeile Seite 18
eID and interoperability | 27.9.2011 35 |
eID and interoperability | 27.9.2011 36 |
Digital Agenda - the next step
Kopfzeile
29.09.2011Fußzeile Seite 19
eID and interoperability | 27.9.2011 37 |
eID - essential challenges
� Non-natural Persons (e.g. companies)
– where time equals money and
– where identity and privacy (e.g. IP protection ..) really counts
� Mobility - eID with and through mobile devices
– convenience
– availability
– simplicity
– we have to go to the citizen - not vice versa
� Impacts of Cloud Computing on eID
– cloud is opening up an ample set of security questions
– it is a chance and a challenge
– while not a technology by itself it changes assumptions
eID and interoperability | 27.9.2011 38 |
how to extend take-up and use
� reduce complexity
– Amend (simplify!) legal framework and create legally secure
conditions
– public opinion still assigns high complexity with eID
– technology is high up in barriers
– these barriers are also perceived by application providers
which is hampering services
� easier access to technology
– people who used eID once stay with it
� the user must see the need
Kopfzeile
29.09.2011Fußzeile Seite 20
Thank youfor your attention!
Peter Kustor
Federal Chancellery of Austria
Ballhausplatz 2
1014 Vienna
Phone: +43 53115 2554
http://digitales.oesterreich.gv.at or
http://digital.austria.gv.at
Components
Mobile phone
User
Kopfzeile
29.09.2011Fußzeile Seite 21
Components
Signature key DB
Signature-creation data
(private keys) are encrypted
under
- Citizen password
- Mobile number
- Secret HSM key
SMS Gateway
HSM
- Creation of crypto-keys
- Decryption of signature
creation data
- Creation of qualified
electronic signatures
Web-Frontend
Registration
Kopfzeile
29.09.2011Fußzeile Seite 22
Registration
Enter mobile number
Choose password
PasswordPassword
Identification
Mob-Nr.Mob-Nr.Needs to verify possession
Generate one-time code
(OTC)
Send OTC via SMS
OTCOTC
Registration II
CodeCode
Co
de
Co
de
Generate signature-
creation data (private
keys) and encrypt under
- Citizen password
- Mobile number
- Secret HSM key
Encrypted storage in DB
Possession verified
CodeCode
Verify possession
Kopfzeile
29.09.2011Fußzeile Seite 23
Registration II
CodeCode
Co
de
Co
de
CodeCodeSignature-creation data (private keys) only
a) inside the HSM or
b) encrypted storage
(under key (HSM, mobile number ...)
Generate signature-
creation data (private
keys) and encrypt under
- Citizen password
- Mobile number
- Secret HSM key
Encrypted storage in DB
Possession verified
Signature-creation
Kopfzeile
29.09.2011Fußzeile Seite 24
Signature-creation
Application prepares a
signature request
Application redirects to
signature website
passwordpassword
Enter mobile number
Mob-Nr.Mob-Nr.
Enter password
RequestRequest
Signature-creation I
Generate hash-value
Generate SMS one-time
code (OTC)
Send OTC and hash-value
via SMS CodeCode
ConfirmConfirm
DisplayDisplay
Kopfzeile
29.09.2011Fußzeile Seite 25
Signature-creation II
Enter OTC, verify hash
CodeCode
Co
de
Co
de
Load and decrypt the
signature-creation data to
HSM using
- Citizen password
- Mobile number
- Secret HSM key
Signature-creation in the
HSM
Possession verified
CodeCode
Verify possession
Signature-creation II
Enter OTC
CodeCode
Co
de
Co
de
Wiederherstellen der
Signaturerstellungsdaten
aus Datenbank mit- Schlüssel des HSM- Schlüssel aus Kennwort
Signaturerstellung mit
Signaturerstellungsdaten
Besitz verifiziert
CodeCode
Verify possession
The one-time code (OTC) verifies possession of the phone
Using the signature-creation data (private keys) only
a) inside the HSM and
b) after having entered the user password
c) linked to the mobile number
Load and decrypt the
signature-creation data to
HSM using
- Citizen password
- Mobile number
- Secret HSM key
Signature-creation in the
HSM
Possession verified
Kopfzeile
29.09.2011Fußzeile Seite 26
Signature-creation III
Signature returned to the
applicationSignatureSignatureReturning the XML
signature
Mobile Phone Signature – Legal Assessment
� Mobile Phone Signature = Citizen Card?
� Citizen Card = qualified signature + identity link
� Mobile Phone Signature = qualified signature?
� Qualified Signature = advanced electronic signature
+ qualified certificate
+ SSCD
Kopfzeile
29.09.2011Fußzeile Seite 27
Advanced Electronic Signature
� is uniquely linked to the signatory
� it is capable of identifying the signatory
� it is created using means that the signatory can maintain
under his sole control
� it is linked to the data to which it relates in such a manner
that any subsequent change of the data is detectable
Advanced Electronic Signature
� is uniquely linked to the signatory
� it is capable of identifying the signatory
� it is created using means that the signatory can maintain
under his sole control
� it is linked to the data to which it relates in such a manner
that any subsequent change of the data is detectable
Kopfzeile
29.09.2011Fußzeile Seite 28
„is uniquely linked to the signatory“
� the signature-creation-data used for signature
generation (and the corresponding signature
verification data) can practically occur only once
Advanced Electronic Signature
� is uniquely linked to the signatory
� it is capable of identifying the signatory
� it is created using means that the signatory can maintain
under his sole control
� it is linked to the data to which it relates in such a manner
that any subsequent change of the data is detectable
Kopfzeile
29.09.2011Fußzeile Seite 29
„ it is capable of identifying the signatory “
Authenticity
� practically impossible to create the same key pair twice
� ensured that a signature that is verifiable using signature verification data (public key in the certificate) has been created with the corresponding signature-creation data (private key)
� practically impossible that signature-creation data can be derived
Advanced Electronic Signature
� is uniquely linked to the signatory
� it is capable of identifying the signatory
� it is created using means that the signatory can maintain
under his sole control
� it is linked to the data to which it relates in such a manner
that any subsequent change of the data is detectable
Kopfzeile
29.09.2011Fußzeile Seite 30
„using means that the signatory can maintain under his sole control “
� Signature-creation authorised only by the signatory
� Multifactor authentication: knowledge and possession
Does “can maintain under sole control” mean that it must be ensured by hardware means? NO!
„…to be assumed that ‘sole control’ can be achieved with appropriate technical or organisational means even with software certificates […] … security measures need to be in place providing that the signatory can enforce his sole control…“ (RV 293 BlgNR 23. GP)
– see also FESA - working paper on advanced electronic signatures and “Public Statement on Server Based Signature Services”: “…FESA members believe that sole control at least of the signature creation data can be achieved and that advanced electronic signatures can be created by a server based signature service…“!
Advanced Electronic Signature
� is uniquely linked to the signatory
� it is capable of identifying the signatory
� it is created using means that the signatory can maintain
under his sole control
� it is linked to the data to which it relates in such a manner
that any subsequent change of the data is detectable
Kopfzeile
29.09.2011Fußzeile Seite 31
„it is linked to the data to which it relates in such a manner that any
subsequent change of the data is detectable “
Integrity
� practically impossible that different electronic data result in
the same signature or can be created from a given
electronic signature.
Advanced Electronic Signature
� is uniquely linked to the signatory
� it is capable of identifying the signatory
� it is created using means that the signatory can maintain
under his sole control
� it is linked to the data to which it relates in such a manner
that any subsequent change of the data is detectable
Kopfzeile
29.09.2011Fußzeile Seite 32
Qualified Signature?
Qualified Signature = advanced el. signature
+ qualified certificate
+ SSCD
Qualified Certificate
Qualified
Certficate
Certificate content Annex I
1999/93/EC
Requirements Annex II
1999/93/EC
Kopfzeile
29.09.2011Fußzeile Seite 33
Certificate Content (Annex I)
� indication that the certificate is issued as a qualified certificate
� identification of the CSP and the State in which it is established
� name of the signatory (or a pseudonym identified as such)
� signature-verification data which correspond to signature-creation data under the control of the signatory
� beginning and end of the period of validity of the certificate
� identity code of the certificate
� advanced electronic signature of the CSP issuing it
� Further options: limitations on scope, value of transaction, specific attributes of the signatory
Requirements on the CSP (Annex II)
� reliability necessary for providing certification services
� secure directory and a secure and immediate revocation service
� precise date and time when a certificate is issued or revoked
� verify identity and, if applicable, specific attributes of the signatory
� personnel with expert knowledge, experience, and qualifications (managerial level, electr. signature technology, security procedures)
� trustworthy systems and products - protected against modification and ensuring the technical and cryptographic security;
� measures against forgery of certificates, and, in cases where the CSP generates signature-creation data, guarantee its confidentiality
� sufficient financial resources (to bear the risk of liability for damages)
� etc.
Kopfzeile
29.09.2011Fußzeile Seite 34
Qualified Signature?
Qualified Signature = advanced el. signature
+ qualified certificate
+ SSCD
SSCD
� Confirmation by a designated body (Art. 3(4) of
1999/93/EC)
� § 6 Abs. 3 Signature Order 2008: Organisational
security measures possible, if components are
operated in a “controlled environment” (e.g., qualified
and reliable personnel, appropriate physical and
logical access control).
� A-SIT conformity certificate: 2.11.2009
� According to Art. 3 para 4 second subpara of the
Directive, this attestation (“determination of
conformity with the requirements laid down in Annex
III”) is to be recognised by all Member States.
Kopfzeile
29.09.2011Fußzeile Seite 35
Qualified Signature?
Qualified Signature = advanced el. signature
+ qualified certificate
+ SSCD
Mobile Phone Signature – Legal Assessment
� Mobile Phone Signature = Citizen Card?
� Citizen Card = qualified signature + identity link
� Mobile Phone Signature = qualified signature?
� Qualified Signature = advanced electronic signature
+ qualified certificate
+ SSCD