Skip to main content

An Open Interface Enabling Secure E-Government

The Approach Followed with the Austrian Citizen Card

  • Chapter

Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT,volume 100)

Abstract

When encouraging citizens to approach public administrations by electronic means in order to improve the public services and to avoid costly media transitions from paper-based applies to IT-supported back-office applications, authorities and implementers need to be in particular cautious in two aspects: On the one hand, security is an indispensable guiding principle for concerns of legal certainty, identification and authentication requirements, confidentiality and data protection aspects, and certainly security is needed to achieve broad user acceptance. Electronic signatures based on smartcards represent a state-of-the-art in supporting several of these security requirements. On the other hand, the concepts followed need to be technology-neutral to a large extent to both remain open for future or emerging technologies that may mature to meet these security requirements as well and to avoid discrimination against particular solutions. Otherwise inclusion of upcoming solutions may well turn out a costly experience. In this paper the approaches followed with the Austrian citizen card are discussed — an ambitious project that aims at deploying e-Government on the large scale. By means of an open interface the authorities specify the requirements arising out of the applications in the administrative bodies. This allows the authorities to launch the development of applications based on well-defined interfaces, but not mandating a certain technological instantiation such as a social security card, public identity cards, or private-sector-borne signature cards such as banking cards. By taking up and implementing the interface specification an open market is stimulated that paves the way to a public-private partnerships. The paper gives the rationale of choosing the open interface approach and discusses its actual implementation — the so-called security layer — in detail.

Key words

  • electronic signatures
  • open interfaces
  • citizen card
  • identity card

The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35612-9_23

References

  1. Austrian signature law: “Bundesgesetz über elektronische Signaturen (Signaturgesetz - SigG)”, BGBl. I Nr. 190/1999, BOB!. I Nr. 137/2000, BGBl. I Nr. 32/2001.

    Google Scholar 

  2. Austrian signature order: “Verordnung des Bundeskanzlers über elektronische Signaturen (Signaturverordnung - SigV)”, StF: BGBl. II Nr. 30/2000.

    Google Scholar 

  3. Administration reform law: “Verwaltungsreform Gesetz”, 2001 amending “Allgemeines Verwaltungsverfahrensgesetz (AVG)” BGB1. Nr. 51/1991.

    Google Scholar 

  4. Notification delivery law: “Bundesgesetz vom 1. April 1982 über die Zustellung behördlicher Schriftstücke”, BOB!. I Nr. 137/2001.

    Google Scholar 

  5. Posch R., Leitold H.: “Weissbuch Bürgerkarte”, Bundesministerium für öffentliche Leistung und Sport, IT-Koordination des Bundes, June 2001.

    Google Scholar 

  6. Directive 1999/93/EC of the European Parliament and of the Council of 13. December 1999 on a community framework for electronic signatures.

    Google Scholar 

  7. European Electronic Signature Standardization Initiative: “EESSI explanatory document: Description of deliverables”, EESSI Steering Group, 2000.

    Google Scholar 

  8. International Organization for Standardization: “Information technology–Security techniques–Evaluation criteria for IT security”, ISO/IEC 15408–1 to 15408–3, 1999.

    Google Scholar 

  9. CEN/ISSS WS/E-Sign Workshop: “Security Requirements of Secure Signature Creation Devices (SSCD-PP)”, CWA 14168 and CWA 14169, 2002.

    Google Scholar 

  10. Hously, R.: “Cryptographic Message Syntax ( CMS)”, IETF Request For Comment RFC 2630, 1999.

    Google Scholar 

  11. ETSI SEC: “Electronic Signature Formats, v.1.2.2”, Technical Specification ETSI TS 101733, 2000.

    Google Scholar 

  12. ETSI SEC: “XML Advanced Electronic Signatures (XAdES)”, Technical Specification ETSI TS 101903, 2002.

    Google Scholar 

  13. ETSI SEC: “Policy requirement for certification authorities issuing qualified certificates, v1.1.1”, Technical Specification ETSI TS 101456, 2000.

    Google Scholar 

  14. CEN/ISSS WS/E-Sign Workshop: “Cryptographic Module for CSP Signing Operations — Protection Profile (CMCSO-PP)”, CWA 14167–2, 2002

    Google Scholar 

  15. European Electronic Signature Standardization Initiative: “Algorithms and Parameters for Secure Electronic Signatures, v2.1”, EESSI algorithm group, 2001.

    Google Scholar 

  16. RSA Laboratories: “RSA Cryptography Standard”, PKCS #1 v2.1 draft 2, 2001.

    Google Scholar 

  17. National Institute of Standards and Technology, “Digital Signature Standard (DSS)”, NIST FIPS Publication 186–2, 2000.

    Google Scholar 

  18. American National Standards Institute, “Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)”, ANSI X9. 62–1998, 1998.

    Google Scholar 

  19. International Organization for Standardization, “Information technology–Security techniques–Cryptographic techniques based on elliptic curves–Part 2: Digital signatures”, ISO/IEC FCD 15946–2, 1999.

    Google Scholar 

  20. Eastlake D., Reagle J., and Solo D.: “XML-Signature Syntax and Processing”, W3C Recommendation, 2002.

    Google Scholar 

  21. Freed N., Borenstein N.: “Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types”, IETF Request For Comment RFC 2046, 1996.

    Google Scholar 

  22. Murata M, Laurent S. St., and Kohn D.: “XML Media Types”, IETF Request For Comment RFC 3023, 2001.

    Google Scholar 

  23. Boyer J.: “Canonical XML”, W3C Recommendation, 2001.

    Google Scholar 

  24. Clark J., DeRose S.: “XML Path Language”, W3C Recommendation, 1999.

    Google Scholar 

  25. Clark J.: “XSL Transformations (XSLT)”, W3C Recommendation, 1999.

    Google Scholar 

  26. Dierks T., Allen C.: “The Transport Layer Security (TLS) Protocol, Version 1.0”, IETF Request For Comment RFC 2246, 1999.

    Google Scholar 

  27. Gettys, Mogul, Frystyk, Masinter, Leach, and Berners-Lee: “Hypertext Transfer Protocol, HTTP/1.1”, IETF Request For Comment RFC 2616, 1999.

    Google Scholar 

  28. Rescorla: “HTTP over TLS”, IETF Request For Comment RFC 2818, 2000.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2002 IFIP International Federation for Information Processing

About this chapter

Cite this chapter

Hollosi, A., Posch, R., Leitold, H. (2002). An Open Interface Enabling Secure E-Government. In: Jerman-Blažič, B., Klobučar, T. (eds) Advanced Communications and Multimedia Security. IFIP — The International Federation for Information Processing, vol 100. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35612-9_19

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-35612-9_19

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4757-4405-7

  • Online ISBN: 978-0-387-35612-9

  • eBook Packages: Springer Book Archive