You are here: Start page > Glossary

Glossary

The Secure Information Technology Centre - Austria (A-SIT) is an organisation that is supported by the Finance Ministry, National Bank and the Technical University Graz. A-SIT Website

A-Trust

A-Trust is the only accredited certification service provider^(?) in Austria. The Federal Chancellery authorised A-Trust to issue digital certificates^(?) for use with citizen cards. The company is owned by various partners: A-Trust partners

a.sign client

A free software application by the A-Trust^(?) company, which makes citizen card functionality available for Windows operating system. (Cryptographic Service Provider). The a.sign client is required for citizen card software (citizen card environment) from A-Trust and the program VPDFSign, for signing PDF files. a.sign Client Website

a.sign premium

The product name for A-Trust`s^(?) qualified certificate^(?) on the citizen card.

Activation

Activation describes the process of setting-up your mobile phone or your e-card as a citizen card. Activate your citizen card

Administrative signature

Precursor to the qualified signature^(?). Certificates^(?) for administrative signatures are not issued anymore, but still remain valid until their expiry date (end of 2012 at the latest). An administrative signature is an advanced signature^(?) that is equivalent to a qualified signature in e-government^(?).
If you have an administrative signature and want to change to a qualified signature, you will need a new e-card:

Online e-card order form (in the Reason field enter the following: Citizen card (change to a qualified certificate) or
call the e-card service line: 050 124 33 11

Adobe signature

A worldwide standard for signing PDFs. It was developed by the company Adobe (creator of the PDF format). Adobe signatures can be verified directly in Adobe Reader. They are not compatible with PDF-AS^(?) signatures. In order to create a qualified signature^(?), a plug-in is required. More information on PDF signatures

Advanced signature

In the Eletronic Signature Act, this is the medium quality level for an electronic signature^(?). As opposed to a qualified signature^(?), the advanced signature does not generally have the same legal standing as a written signature. Also see: Background information: Contents of the law

Applet

A software program that runs in a browser (Firefox, Internet Explorer, Safari, etc.) Applets are written in the programming language Java^(?).

Asymmetric encryption [Public key encryption]

A sophisticated encryption method in which a different key is used for encryption and decryption. One part of this key pair is open (public key^(?)), the other part is secret (private key^(?)). Well-known asymmetric encryption algorithms are RSA^(?) and ECDSA^(?).

Base64

A coding system that uses 64 different characters (26 upper-case letters, 26 lower-case letters, 10 digits 0-9, + and /). Base64 is widely used - e.g. all e-mail attachments are coded in this form.

BDC

The company BDC EDV Consulting GmbH specialises in IT consulting, project management and software development in the areas

IT security, security concepts, cryptography
smartcards
digital signatures, public key infrastructure (PKI)
electronic payment systems

BDC Website

Card PIN [Secret PIN, Authentication PIN]

The card PIN can be used to create an advanced signature^(?) and enables access to the identity link^(?). The card PIN is a 4 to 10 digit combination that you can select upon activation^(?) of your card.

Card reading device [Card Reader, Smart Card Reader]

A small device that is connected to your computer. It is able to read and write data on a Chipcard^(?).
Card reader from the Gemalto company

Certificate

Simply put, a certificate is an electronic file that confirms your identity (that you really are who you say you are). Technical explanation: A certification service provider^(?) (i.e. A-Trust^(?)) confirms that a public key^(?) really belongs to a certain person. The certificate is only valid for a certain length of time (max. 5 years) and is signed by the certification service provider with its private key^(?).
The Electronic Signature Act differentiates between qualified certificates^(?) and (non-qualified) certificates^(?).

Certificate revocation list

A list managed by A-Trust number^(?) that contains all the numbers of suspended and revoced certificates.
Certificate revocation list (direct download of the .crl file)

Certification service provider [CSP]

A certificate^(?) provider. With citizen cards, this is the company A-Trust^(?) (the only certification service provider accredited in Austria).

Chipcards [Smartcard]

A plastic card with an embedded metal chip (usually gold coloured). Examples: e-card, debit card (Maestro)

CIN [Cardholder Identification Number, Signature contract number]

This is your customer number at the certification service provider^(?) (A-Trust^(?)). You will receive a new CIN each time the activation process^(?) is carried out. It is displayed in your signature contract as your signature contract number .

Citizen card environment [CCE, citizen card software]

Software that is necessary for using citizen card functionality on the card. The Austrian Federal Chancellery recommends Mocca^(?) software for the citizen card. Additional citizen card environments are available from other private companies such as the A-Trust citizen card environment, trustDesk^(?) and hotSign^(?).

CRR number [Central Register of Residents number]

A number assigned to you in the Central Register of Residents (CRR). Every person registered in Austria can be uniquely identified by this number. CRR numbers are 12 digits long, e.g. 000247681888. They consist of random numbers and a checksum.
You can see your CRR number on your proof of residency certificate (this replaces the old registration document starting Mar. 1, 2002): Request your proof of residency certificate using your citizen card

Digital Austria

A platform at the Federal Chancellery for coordinating e-government^(?) activities in Austria. Digital Austria Website

Directory service

A public directory made available by a certification service provider^(?) (i.e. A-Trust^(?)). The directory contains a list of certificates^(?) that have been issued. A-Trust directory service

e-card G2 [e-card 2nd Generation]

All cards issued before December 2009. You can also check the top right corner (under the SI logo) - there will not be any braille text.
G2 e-cards contain two ECDSA^(?) key pairs.
e-card G2

e-card G3 [e-card 3rd Generation]

All cards issued starting from December 2009. Also identifiable by the braille text on the top right (under the SI logo).
G3 e-cards contain an ECDSA^(?) key pair (for a qualified certificate^(?)) and an RSA^(?) key pair (for a non-qualified certificate^(?)).
e-card G3

e-government

e-government (German: "e-Regierung") is a general description for the effort to simplify public administration processes using computers.

ECDSA

A newer asymmetrisc encryption algorithm^(?) that is based on elliptic curves. ECDSA is more advanced than RSA^(?) (i.e., it produces shorter signature values), but is not yet as widely used. The abbreviation stands for Elliptic Curve Digital Signature Algorithm.

EGIZ

The e-Government Innovation Centre (E-GIZ) is a shared initiative between the Federal Chancellery and the Technical University Graz. It is responsible for developing the citizen card software^(?) amongst other things. Mocca^(?).

Electronic signature [digital signature]

The electronic version of a hand-written signature. The Austrian Electronic Signature Act recognises three levels of quality for electronic signatures:

electronic signature (also referred to as the simple electronic signature for reasons of clarity)
advanced electronic signature^(?)
qualified electronic signature^(?)

FinanzOnline

The Finance Office's Internet platform for taking care of tax matters online. FinanzOnline

Hash value [fingerprint, message digest]

A checksum number derived from the original text. It is used to check if the text is complete and whether or not it has been manipulated. Popular hash algorithms are MD5, CRC and SHA^(?).
It comes from the English verb "to hash", meaning to cut into small pieces. On restaurant menus, "hash" is another name for ground beef.

hotSign

Citizen card software^(?) (citizen card environment) from the BDC company. (some costs may be involved) hotSign Website
BDC hotSign

Identity link

An identity link is used to establish a connection between your qualified certificate^(?) and your source PIN^(?). Since you are only identified in the certificate by your name, mix-ups can occur if someone has the same name as you. On a technical level, the identity link is a file signed by the SourcePIN Register Authority in XML^(?) format. It is saved to the chip on your card during the activation process^(?).

Infobox

Memory area on the e-card. The identity link^(?) is e.g., saved in an infobox; as are mandates.

Infobox PIN

With citizen cards on older debit cards (Maestro), access to the Infobox^(?) (where the e.g. identity link^(?) is saved) is protected with a PIN^(?). The infobox PIN is set to 0000 by default

IT Solution

IT Solution has been developing software for digital signatures for different areas of application since 1998.
IT Solution Website

Java

A programming language that is installed by default in most browsers (Firefox, Internet Explorer, Safari, etc.). Java Website

Logo

The graphical component of the official signature^(?). It helps users recognize the signing authority more quickly. A logo is the electronic equivalent of an official stamp or seal. Logo examples:
Logo of the Austrian Federal Chancellery

Mobile phone signature

The mobile phone signature is a fully functional citizen card that you can activate on your mobile phone. The main advantage is that you do not need a card reader^(?) in order to use it. To activate your mobile phone as a citizen card, see mobile phone activation.

Mocca

Citizen card software^(?) recommended by the Austrian Federal Chancellery (citizen card environment). EGIZ^(?) coordinates the development of the software. The software is free-of-charge; the source code is open (Open Source). The name stands for Modular Open Citizen Card Architecture. Download Mocca

Non-qualified certificate

A certificate^(?) that is not a qualified certificate^(?). The Electronic Signature Act (SigG) does not have a special term for this type of certificate. In many places, they are referred to as simple certificates or advanced certificates .

Official photo identification (Activation)

These are the identification documents that are accepted at the registration sites:

International Passport
Austrian driver's license
Austrian Identification Card
Austrian Identity Card
Apothekerausweis
Behindertenpass
Dolmetscherausweis
eDA Dienstausweis Republik Österreich
EDU-Card
Notarausweis
Rechtsanwaltsausweis
Sachverständigenausweis
Studierendenausweis
Ziviltechnikerausweis

Official signature

This is the electronic signature^(?) used by the authorities that adheres to the PDF-AS^(?) standard. An official signature can be an advanced^(?) or a qualified signature^(?). An official signature consists of:

The logo^(?) of the signing authority
Notification that the document was officially signed
Notification that the signature was verified

Online CCE [CCE online]

Citizen card software^(?) (citizen card environment) that runs in a Web browser (Firefox, Internet Explorer, Safari, etc.); Requires Java^(?). Java Website
Online CCE at FinanzOnline

PC/SC Interface [PC/SC Standard]

A standardised interface for card readers^(?) for accessing chipcards^(?). The name stands for Personal Computer / Smart Card.

PDF-AS

A standard specified by EGIZ^(?) for signing PDFs. The abbreviation AS originally stood for the German word Amtssignatur^(?) (official signature), in reality however, all citizen card users can create PDF-AS signatures.
PDF-AS signatures are not compatible with Adobe signatures^(?). PDF-AS signatures always contain a signature block^(?). With PDF-AS text signatures, this makes it possible to verify the signature on printed documents (however, this requires that the entire text be typed in). More information on PDF signatures

PIN [PIN code]

A password in the form of a combination of numbers that must be entered in order to carry out certain actions. The PIN is a security measure to prevent unauthorised access. The citizen card on the e-card is protected by a signature PIN^(?) and a card PIN^(?). The name stands for Personal Identification Number.

Private key

The secret part of the key pair that is used in asymmetric encryption^(?). Information that is encrypted (signed) with the private key can only be decrypted again with the public key^(?).

Public key

The public part of the key pair that is used in asymmetric encryption^(?). Information that is encrypted (signed) with the public key can only be decrypted again with the private key^(?).

Qualified certificate

A certificate^(?) fulfils all the additional requirements listed in Electronic Signature Act (SigG) § 5. A qualified signature^(?) must be based on a qualified certificate.

Qualified signature

The highest quality level for an electronic signature^(?). Electronic Signature Act (SigG) § 4 declares that a qualified electronic signature is the legal equivalent of a written signature (with only a few exceptions such as e.g. Notary records). See also: Background information: Contents of the law

Revocation password

This password allows you to deactivate the citizen card functionality (both certificates^(?) will be permanently revoked). The revocation password consists of 6 to 10 characters (letters and digits). You can choose the password upon activation^(?).
(Without your revocation password, you will not be able to revoke the citizen card, however, you will still be able to suspend it.)

Root certificate

The certificate^(?) that is signed by the certification service provider^(?) which issued the certificate. In other words: all citizen cards are dependent on the trustworthiness of the root certificate from A-Trust^(?).

RSA

One of the oldest asymmetric encryption algorithms^(?). RSA is more widespread than the more modern ECDSA^(?), however it creates longer signature values. The abbreviation comes from the initials of the three developers Ronald L. Rivest, Adi Shamir und Leonard Adleman.

RTR GmbH

The Telekom Control Commission is the regulation authority for the Austrian telecommunications sector. It is also responsible for tasks in the supervisory board as set out in the Electronic Signature Act. They supervise the Radio and Telecom Regulation Company (RTR GmbH).

Sector specific personal identifier [ssPIN]

A number derived from the source PIN^(?) which can be used by public authorities to identify a person (e.g. j/NxdRQhp+tNyE9WhHdBSYuy3hA=). To calculate the sector specific personal identifer, a sector code (identifying the sector) from the respective area is used (along with the source PIN) (e.g. UW for environment (German: Umwelt) or SA for taxes (German: Steuern und Abgaben). This process ensures that one person is not able to be identified across different administrative areas. It is also not possible to recalculate the original source PIN from the sector specific personal identifier.

Security layer

The part of the citizen card software^(?) (citizen card environment) that communicates with the chipcard^(?).

SHA

The hash algorithm used with the citizen card. The abbreviation stands for Secure Hash Algorithm.

Signature card

A chipcard^(?) that contains a certificate^(?) but not an identity link^(?), and is therefore not a citizen card.

Signature password [Signature password]

This password protects access to the citizen card functionality on mobile phones. Basically, it's a PIN code for your mobile phone. The signature password consists of 6 to 20 characters (letters and digits). You can choose the password upon activation^(?).

Signature PIN

The signature PIN allows you to create a qualified signature^(?). For the e-card, it is a 6 to 12 digit number. You can choose your PIN number upon activation^(?).

Signature visualisation

The relevant components of an electronic signature^(?) saved in table form as specified in PDF-AS^(?). The main parts in the signature visualisation include:

The signature value (=signed hash^(?))
The name of the signer
Date and time
The number of the underlying certificate^(?)
Info about where the signature can be verified

For official signatures^(?) it also contains:

The logo^(?) of the signing authority
Notification that the document was officially signed

Example:

Social insurance number [SI number]

This ten digit number is your customer number for your social insurance provider. The last six numbers are usually (but not always) your date of birth (e.g., 050670 for June 5, 1970).

Source PIN

A number derived from your CRR number^(?) (e.g. Qq03dPrgcHsx3G0lKSH6SQ==). It builds the base for the identity link^(?). The source PIN is created using Triple-DES^(?) encryption. It is impossible to calculate the original CRR number from the source PIN.

SourcePIN Register Authority

This authority was created especially for issuing source PINs^(?) and managing the Supplementary Register^(?). The SourcePIN Register Authority is the Data Protection Commission. Stammzahlenregisterbehörde Website

Stork

An EU initiative to link all the different "citizen card" (eID’s) from different European countries together. The abbreviation stands for Secure identity across borders linked. Stork Website

Supplementary Register

A supplementary register to the Central Register of Residents (CRR) that allows persons not registered in Austria to obtain a citizen card.
Background info: The identity link^(?) of the citizen card is based on the source PIN^(?), which is derived from the CRR number^(?). Anyone who is not registered in Austria will not be listed in the Central Register of Residents and will therefore not have a CRR number.

The Supplementary Register for Natural Persons contains private persons.
The Supplementary Register for Others contains legal persons that are not entered in the Commercial Register.

The Supplementary Register is managed by the SourcePIN Register Authority^(?).

Symmetric encryption

An encryption method that uses the same key to encrypt as well as decrypt data. (as opposed to asymmetric encryption^(?)). The most widely-used symmetric encryption algorithms are IDEA, AES and DES^(?).

TAN

The second part of authentication for the citizen card on your mobile phone. After you have logged in with your signature password^(?), you receive a SMS with your TAN code. It consists of 6 characters (letters and digits) and is valid for five minutes. TAN stands for transaction number.

Triple DES [3DES]

A symmetric encryption algorithm^(?). The block size is 64 Bit, i.e. the length of the information to be encrypted must be a multiple of 64 Bits. The triple designation means, in essence, that the DES encryption process is repeated three times. The abbreviation DES stands for Data Encryption Standard.

trustDesk

Another citizen card software^(?) (citizen card environment) provider from the company IT Solution. This commercial software must be purchased. trustDesk Website

Verifying signatures on printed documents

Using the PDF-AS^(?) standard, it is possible to verify text signatures on printed documents. In order to do this, the entire text and the signature value from the signature block^(?) has to be typed in. Invisible characters (multiple spaces, paragraph tags, TAB markers, etc.) are automatically ignored when verifying the signature. The PDF-AS^(?) standard contains comprehensive "normalisation measures" to deal with them.
Links:

XML

A standardised file format used to exchange information. For example, for a person named Susanne Muster, born Jan. 1, 1950, the following would appear in her identity link^(?):

<pr:Name>
<pr:GivenName>Susanne</pr:GivenName>
<pr:FamilyName primary="undefined">Muster</pr:FamilyName>
</pr:Name>
<pr:DateOfBirth>1950-01-01</pr:DateOfBirth>