Important legal notices
 
Search on EUROPA   
Back to IDABC home page Back to IDABC home page
 
 

eID case study: Austria

Austria’s electronic identification scheme, which is based on a system of generating secure ‘sector specific’ digital certificates for different eGovernment applications, has attracted interest from across Europe. Under the Austrian system, it is also possible to incorporate to some extent foreign eIDs into Austrian eGovernment processes.


At the root of electronic identification in Austria is the source PIN (personal identification number). Every person in Austria is assigned a unique source PIN, which is generated from identification numbers held in Austria’s base registers – the Central Residents’ Register and, for foreigners living in Austria, the Supplementary Register. Whilst the identifiers held in the registers are publicly available, the source PIN is secret and under the sole control of the citizen. Neither governmental nor private organisations have the right to store source PINs.

The technical process for generating source PINs involves four steps: conversion of the identifier held in the Central Residents’ or Supplementary Register into a binary representation; addition of a secret seed value; encryption achieved by application of a secret key; and finally BASE-64 encoding.

The source PIN can then be built into the Austrian  Citizen Card, which is used for accessing eGovernment services and for electronic signatures. However, no identity card is required in Austria and the Citizen Card concept should rather be understood as a broader range of tools enabling administrative procedures to be carried out electronically rather than as a universal and uniform identity card. Because of the open, technologically neutral approach taken by Austria, a variety of entities can issue Citizen Cards. These include both public bodies (including Federal ministries and universities) and private bodies (certification authorities, banks) and can even involve other technologies such as mobile phone signatures.

The Citizen Card concept has been developed by the Austrian Secure Information Technology Centre (A-SIT), an independent body acting as a partner to the Austrian government, with support from organizations such as the Austrian National Bank and the Technical University of Graz. A-SIT specialises in signatures and eAuthentication and has developed the Austrian source PIN based electronic identification model.

Spinning a web of ssPINs

For eGovernment application identification Austria uses sector-specifi c PINs, or ssPINs. These are derived from the source PIN held by the citizen whenever he or she uses his or her Citizen Card. Each different area of public administration has a specific alphanumeric code, known as the sector code. This is combined with the citizen’s source PIN. A cryptographic one-way function (a Hash function,  where the input can be of any length but the output is of a fixed length) is then applied to create the ssPIN.

Source PIN generation
Source PIN generation


This system offers a number of benefits. Firstly, there is no linking of identity across different eGovernment services, thus protecting privacy. Secondly, the system offers a high degree of security as each ssPIN is different and it is not possible to work back from the ssPIN and calculate the source PIN. Nor is it possible to calculate any other ssPIN from a given ssPIN.

In eGovernment applications therefore, the citizen is identified by the ssPIN, which will depend on the  particular application being used. Authentication is via electronic signature, which is also incorporated into the Citizen Card.

The Austrian system offers a further major benefit: it is possible to create what are known as substitutional source PINs from foreign eIDs, which can therefore be integrated into Austrian eGovernment services. By Austrian legislation, this can be done for certain eGovernment applications requiring a recurring identity – where a citizen registers for an application and that application continues to recognise the citizen based on a repetitive identifier.

A-SIT has developed a prototype web service that allows holders of Italian and Finnish eID cards to request a substitutional source PIN. These are created by applying keyed Hash functions to identifiers derived from Italian and Finnish eIDs. The result is then BASE-64 encoded to generate the substitutional source PIN. This can be used in certain Austrian eGovernment applications in a similar way to the source PIN held by Austrian citizens or residents. A-SIT is presently working on integration of Belgian eIDs into the same system.

The Austrian Government is now cooperating with other Member States and the services of the European Commission in preparing the ground for future work in this domain at pan-European level. The new i2010 Programme launched by Information Society Commissioner Viviane Reding at the beginning of June 2005 includes a proposed Action Plan for eGovernment that will include specific actions to enable eGovernment services across national boundaries using a common framework of mutually recognised national eIDs.

During the Austrian Presidency of the EU, starting in January 2006, there will be a major high-level eGovernment conference at which the issue of interoperability of European eGovernment services and the role of electronic identity in building trust in the growing ’European Information Space‘ will take centre stage.

 

Further information:

Presentation on the Austrian eID scheme, given at the IDABC Launch Conference in Brussels in February 2005, by Thomas Rössler of A-SIT (PDF file).

A-SIT website (in German)

 


Article published in Synergy 03 - July 2005