Advertisement

A Shared Certified Mail System for the Austrian Public and Private Sectors

  • Arne Tauber
  • Bernd Zwattendorfer
  • Thomas Zefferer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6866)

Abstract

It is vital for public administrations and private businesses to send important documents such as bids or subpoenas in a secure and reliable way. Therefore, many countries have put various certified mail systems in place on the Internet. Due to the low number of official deliveries, it is reasonable to search for synergies with the private sector to guarantee the economic success of such widely-deployed systems. Opening a governmental system to the private sector inevitably raises challenges and security requirements in terms of qualified identification, data privacy protection, and trust. Privacy issues may arise when national (governmental) identification numbers are used. Trust issues may arise when trusted third parties are involved. Even if trusted third parties do not conspire with senders or recipients concerning a fair message exchange, they may cheat when financial interests come into play, e.g. in a per-message payment scheme. In this paper we present a solution addressing these issues from a practical viewpoint. Our solution distributes trust among different domains and introduces a scheme for qualified authentication and identification of recipients using the Austrian national electronic ID card to meet the requirements for data privacy protection.

Keywords

Certified E-Mail Non-Repudiation Semi-TTP Trust Distribution Domain Separation Qualified Identification 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair non-repudiation protocols. Computer Communications 25(17), 1606–1621 (2002)CrossRefGoogle Scholar
  2. 2.
    Onieva, J., Zhou, J., Lopez, J.: Multiparty Nonrepudiation: A survey. ACM Computing Surveys 41(1) (2008)Google Scholar
  3. 3.
    Gesamte Rechtsvorschrift für Allgemeines Verwaltungsverfahrensgesetz 1991, Fassung vom (May 23, 2011), http://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10005768 (last visited on May 23, 2011)
  4. 4.
    Gesamte Rechtsvorschrift für Zustellgesetz, Fassumg vom (May 23, 2011), http://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10005522 (last visited on May 23, 2011)
  5. 5.
    Ferrer-Gomilla, J., Onieva J., Payeras, M., Lopez, J., Certified electronic mail: Properties revisited. Computers & Security (2009) Google Scholar
  6. 6.
    Gennai, F., Martusciello, L., Buzzi, M.: A certified email system for the public administration in Italy. In: IADIS International Conference WWW/Internet, vol. 2, pp. 143–147 (2005)Google Scholar
  7. 7.
    Dietrich, J., Keller-Herder, J.: De-Mail — verschlüsselt, authentisch, nachweisbar. In: Datenschutz und Datensicherheit – DuD 2010, vol. 34(5), pp. 299–301 (2010) Google Scholar
  8. 8.
    Tauber A.: Requirements for Electronic Delivery Systems in eGovernment – An Austrian Experience. In: IFIP I3E 2009, vol. 305, pp. 123–133 (2009)Google Scholar
  9. 9.
    Oppliger, R.: Providing Certified Mail Services on the Internet. IEEE Security and Privacy 5(1), 16–22Google Scholar
  10. 10.
    European Parliament and Council, Directive 1999/93/EC on a Community framework for electronic signatures Google Scholar
  11. 11.
    Leitold, H., Hollosi, A., Posch, R.: Security Architecture of the Austrian Citizen Card Concept. In: Proceedings of 18th Annual Computer Security Applications Conference (2002) Google Scholar
  12. 12.
    Miranda J.P., Melo J.: EPM: Tech, Biz and Postal Services Meeting Point. In: ISSE 2004 - Securing Electronic Business Processes, pp. 259–267 (2004) Google Scholar
  13. 13.
    Franklin, M., Reiter, M.: Fair exchange with a semi-trusted Third Party. In: Proceedings of 4th ACM Conference on Computer and Communications Security, pp. 1–6 (1997)Google Scholar
  14. 14.
    Kothari, S.C.: Generalized linear threshold scheme. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 231–241. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  15. 15.
    Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613Google Scholar
  16. 16.
    Micali, S.: Simultaneous electronic transactions, US Patent 5666420 (1997) Google Scholar
  17. 17.
    Bao, F., Wang, G., Zhou, J., Zhu, H.: Analysis and Improvement of Micali’s Fair Contract Signing Protocol. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 176–187. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Ateniese, G., Medeiros, B., Goodrich, M.: TRICERT: A Distributed Certified E-Mail Scheme. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2001, San Diego, California, USA (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Arne Tauber
    • 1
  • Bernd Zwattendorfer
    • 1
  • Thomas Zefferer
    • 1
  1. 1.E-Government Innovation CenterGrazAustria

Personalised recommendations