eID and eGovernment in Austria
34
Brussels, 27 January 2006 eID and eGovernment in Austria eGovernment Subgroup Meeting on eID The E-Government Innovations Center is an initiative of the Austrian Federal Chancellery and the Graz University of Technology Herbert Leitold [email protected]
Transcript of eID and eGovernment in Austria
Brussels, 27 January 2006
eID and eGovernment in AustriaeGovernment Subgroup Meeting on eID
The E-Government Innovations Center is an initiative of the Austrian Federal Chancellery and the Graz University of Technology
Herbert [email protected]
Brussels, 27 January 2006 2
ContentsPart I: Basic Concepts
Laws and Bylaws
Official Signatures
Registers
Citizen Infrastructure
Server-side open source modules
Part II: In ActionDemonstration
Brussels, 27 January 2006 3
Major Laws and Bylaws
E-Government Act (into force March 2004)Citizen card, IDM concept (sourcePIN, ssPINs), authority to act as representative, official signature, administrative signature
Amendments to Delivery Act enables electronic delivery
Bylaws to E-Government Act
SourcePIN Register Regulation
E-Government Sectors Delimitation Regulation
Supplementary Register Regulation
Administrative Signature Regulation
Delivery Service Regulation
Brussels, 27 January 2006 4
Official Signaturee.g., legal acts needelectronic signature to get in force
Same approach for notifications, etc.
Maintain probative value even after media transitions
Brussels, 27 January 2006 5
Example of an official signature
Brussels, 27 January 2006 6
Probative value maintained on print outsreconstruction of XML document possible from the paper copy
Media independence
date and time CA and serial-numberLogo of issuing
authority
signature value
signing person
unique form identifier
Brussels, 27 January 2006 7
Registersfor natural persons
for legal persons
Supplementary registers
sourcePIN
Brussels, 27 January 2006 8
Unique identifiers
Various unique IDsNatural persons
Central Register of Residents (CRR; ZMR)
Legal personsRegister of Company Names (CNR)
Register of Associations (AR)
Supplementary Register (supR)For natural persons
e.g. expatriates, foreigners
For other parties
CRR supR CNR AR
123… CRR-number (ZMR)
Brussels, 27 January 2006 9
sourcePIN Register
Source PINsUnique IDs derived from unique IDs in Registers
strong encryption for physical persons
sourcePIN Register maintained by Data Protection Commission
SourcePIN stored in Citizen Card Environment
Data structure Identity LinkLinks Identity to Electronic Signature
CRR supR CNR AR
sourcePIN-Reg
4csabB2…
123…
Brussels, 27 January 2006 10
Citizen InfrastructureeID initiatives
Smartcards et.al.
IDM concept – data protection
Cross-border IDM concept
Integration of Technologies
Brussels, 27 January 2006 11
Major roll-outs
Bank cards (ATM cards)Each bank card issued since March 2005 is also an SSCD (as of 1999/93/EC)
Health insurance cards:Rollout Mai-Nov. 2005, ~70.000 cards/day100 % coverage (8 Mio.) reached end of Nov.
Mobile phones:each mobile phone (capable of receiving SMS)(since March 2004)
Further initiatives:• CSP signature cards• Student service cards, etc.
Brussels, 27 January 2006 12
Sector-specific IDM concept
4csabB2…
sourcePIN-Reg
sector-code
GH
Sector „health“
5cwu4N…
ssPIN „health“
No7b99t…
ssPIN „tax“
sector-code
SA
Sector „tax“
Brussels, 27 January 2006 13
Foreign-eID integration
Integration of foreign eIDBelgian, Estonian, Finish, Italian eID integrated into the
Uses Recurring identity conceptUnique identifier of foreign certificateused as “sourcePIN”
Service to be started 02/2006
Brussels, 27 January 2006 14
The integration of the various technologies ids provided by an open interface, its implementation is the Citizen Card Environment
Open Interface Security LayerOpen Interface Security Layer
Integration of technologiesCitzen
Card Environment
Brussels, 27 January 2006 15
Server SideMOA – Module for On-line
ApplicationsBasic modules
Open source
Brussels, 27 January 2006 16
The MOA species
MOA–ID/ID+, MOA-wID: Identification
MOA–SS: Server SignatureOfficial Signature
MOA–SP: Signature Verification
MOA–ZS: Electronic Deliverysubstitute registered letter
MOA–VV: Representation
further to come …
Brussels, 27 January 2006 17
In ActionFINANZOnline
Tax declarations
Register of convictions certificate” (clearance cert.)
eID plus ePayment
Electronic delivery
Web-ShopUsing the Citizen Card in the private sector
Brussels, 27 January 2006 18
Demo 1: FINANZOnlineCurrently ~70% of tax returns(employed citizens) filedonline
VAT declarations
etc.
DEMOSKIP
Brussels, 27 January 2006 19
Step 1: Select Citizen Card
Brussels, 27 January 2006 20
Step 2: Identification (ssPIN) and sign
Brussels, 27 January 2006 21
Step 3: Carry out your tax busieness
Brussels, 27 January 2006 22
Demo 2: Register of Convictions Certificate
Simple process
In the conventional case requirespersonal appearance eitherfor the application or pickup
Electronic identification gives improvement
Example of an intelligent form
Start
Identif.
Pay-ment
-
Appli-cation
SKIP
Brussels, 27 January 2006 23
Step 1: Fill in a form, …
Brussels, 27 January 2006 24
Step 2: control it, …
„Intelligent form“: Data Taken from identity-link in
the Citizen Card
Needed by the process(entered by citizen in step 1)
Data (home address) know to administration. Consent to
use given in step 1
Proceed with signature
Brussels, 27 January 2006 25
Step 3: sign it, …
Brussels, 27 January 2006 26
Step 4: pay it, …
Brussels, 27 January 2006 27
Step 5: Receive confirmation …
Brussels, 27 January 2006 28
Step 6: … and get it.
Brussels, 27 January 2006 29
Delivery Service
Authority
Für die elektronische Zustellung sind folgende Schnittstellen definiert:Empfänger/in – Zustelldienst[1]. Die Benutzerführung und Kommunikation erfolgen über Webseiten[2], die Signatur über die Bürgerkarte.Behörde – Zustelldienst[3].Zweistufige Schnittstelle zur Auswahl des Zustelldienstes und zur Übermittlung des Zustellstücks.
Für die elektronische Zustellung sind folgende Schnittstellen definiert:Empfänger/in – Zustelldienst[1]. Die Benutzerführung und Kommunikation erfolgen über Webseiten[2], die Signatur über die Bürgerkarte.Behörde – Zustelldienst[3].Zweistufige Schnittstelle zur Auswahl des Zustelldienstes und zur Übermittlung des Zustellstücks.
Notice1 4
Notification2
3Pickup/Signature
Delivery
The concluding „e“ in e-GovernmentAlso for registered mail
DEMOSKIP
Demo 3: electronic delivery
Brussels, 27 January 2006 30
Step 1: Select Citizen Card
Brussels, 27 January 2006 31
Step 2: Sign receipt
Brussels, 27 January 2006 32
Step 3: Incoming Mail-Box
Brussels, 27 January 2006 33
Citizen Card for private sector
Same concept, but additional data protection measuresPrivate sector-specific personal identifiers (pssPIN)
Created in citizen card environment
Private-sector ID (e.g. company’s registration number)acts as “sector ID”
Allows for eID to be used in e-commerce
