This system offers a number of benefits. Firstly, there is no linking of identity across different eGovernment services, thus protecting privacy. Secondly, the system offers a high degree of security as each ssPIN is different and it is not possible to work back from the ssPIN and calculate the source PIN. Nor is it possible to calculate any other ssPIN from a given ssPIN.
In eGovernment applications therefore, the citizen is identified by the ssPIN, which will depend on the particular application being used. Authentication is via electronic signature, which is also incorporated into the Citizen Card.
The Austrian system offers a further major benefit: it is possible to create what are known as substitutional source PINs from foreign eIDs, which can therefore be integrated into Austrian eGovernment services. By Austrian legislation, this can be done for certain eGovernment applications requiring a recurring identity – where a citizen registers for an application and that application continues to recognise the citizen based on a repetitive identifier.
A-SIT has developed a prototype web service that allows holders of Italian and Finnish eID cards to request a substitutional source PIN. These are created by applying keyed Hash functions to identifiers derived from Italian and Finnish eIDs. The result is then BASE-64 encoded to generate the substitutional source PIN. This can be used in certain Austrian eGovernment applications in a similar way to the source PIN held by Austrian citizens or residents. A-SIT is presently working on integration of Belgian eIDs into the same system.
The Austrian Government is now cooperating with other Member States and the services of the European Commission in preparing the ground for future work in this domain at pan-European level. The new i2010 Programme launched by Information Society Commissioner Viviane Reding at the beginning of June 2005 includes a proposed Action Plan for eGovernment that will include specific actions to enable eGovernment services across national boundaries using a common framework of mutually recognised national eIDs.
During the Austrian Presidency of the EU, starting in January 2006, there will be a major high-level eGovernment conference at which the issue of interoperability of European eGovernment services and the role of electronic identity in building trust in the growing ’European Information Space‘ will take centre stage.
Presentation on the Austrian eID scheme, given at the IDABC Launch Conference in Brussels in February 2005, by Thomas Rössler of A-SIT (PDF file).
A-SIT website (in German)
Article published in Synergy 03 - July 2005