Logo BKA Open Interfaces
for e-Government
Logo A-SIT

The Austrian Citizen Card


Document information


Introduction to the Austrian Citizen Card

Short name






Document class


Document status


Short description

This document provides an introduction to the Austrian Citizen Card.


Arno Hollosi
Gregor Karlinger
Thomas Rössler
Martin Centner
et al.

Work group

Federal Chancellery, Federal Staff Unit for ICT Strategy, Technology and Standards


This specification is supplied by A-SIT and the Federal Chancellery. It may be used without modification provided that reference is made to this copyright notice. The specification may be expanded, however any additional material must be clearly identified and the expanded specification must be made freely available.

Table of contents

  1. Model
  2. Commands
    1. Signature
    2. Encryption
    3. Hash values
    4. Data storage
  3. Specifications
    1. Introduction
    2. Security Layer application interface
    3. Standardised key and info boxes
    4. Minimum implementation of the Security Layer
    5. Security Layer transport protocols
    6. User interface requirements
    7. Access protection
    8. Standardised viewer format
    9. Error codes of the Security Layer
    10. Errata
  4. Explanations
    1. Tutorial

1 Model

Preliminary note: For better readability, this document dispenses with non-gender-specific formulations. However, the formulations expressly relate to both sexes.

The Citizen Card is a model that provides a series of functions for carrying out e-Government and e-Commerce transactions securely. The Citizen Card can in particular be used to create and verify electronic signatures for electronic documents, to encrypt and decrypt electronic documents, to calculate and check hash values for electronic documents, and to record data in a data storage area and retrieve it from there.

The Citizen Card model

The diagram shows the elements involved when the Citizen Card is used. These are the Citizen Card Environment, which encapsulates the functions described above, the citizen, who uses these functions, and the application, which controls the Citizen Card Environment in such a way that the citizen can use the functions at his convenience.

The diagram also shows two interfaces. These are described in detail in the following specifications: The user interface regulates communication between the citizen and the Citizen Card Environment, while the Security Layer interface defines the interaction between the application and the Citizen Card Environment.

The following glossary describes the interfaces and the elements involved in detail.

Citizen Card
According to the Austrian E-Government Act [E-GovG], par. 10, subpar. 10, the Citizen Card is "the logical unit, independent of whether implemented on different technical components or not, combining an electronic signature with an identity link (Paragraph 4(2) of the E-Government Act) and the associated security data and plus any existing data on representation". Following the terminology used in the specifications for the Austrian Citizen Card, the Citizen Card Environment is the implementation of the Citizen Card as a logical unit.

Citizen Card Environment
The programme or service that provides the Citizen Card function. In principle, this could take the form of a programme that runs locally on the citizen's computer (local Citizen Card Environment), or a server-based service accessed via the Internet (server-based Citizen Card Environment). Interaction with this programme or service is handled via two interfaces: the user interface and the Security Layer.
The programme that issues queries to the Citizen Card Environment via the Security Layer and that receives and processes the corresponding replies.
User interface
The interface used by the citizen to communicate with the Citizen Card Environment. On the one hand, this interface is used to handle user interaction, which may be necessary in order to handle a Security Layer command (e.g. displaying a document to be signed when a command is issued to create an XML signature); on the other hand, the citizen can use this interface to configure his Citizen Card Environment according to his personal needs (e.g. he can change the access protection settings for his info boxes). The requirements placed on the user interface are defined in User interface requirements.
The person who wishes to use the Citizen Card Environment functions for secure e-Government or e-Commerce transactions. Usually, requests to the Citizen Card Environment are not issued by the citizen himself, but rather by the application that represents the e-Government or e-Commerce application.
Security Layer
The interface used by the application to communicate with the Citizen Card Environment. The detailed protocol that can be used via this interface is specified in Security Layer application interface. The possible bindings between this protocol and transport layers such as HTTP or TCP are defined in Security Layer transport protocols.
Hash Input Data
This is the data that is used for the calculation of the hash value used within a dsig:Reference. If the transformations for the dsig:Reference are present, the data represents the result of the last transformation. If no transformations are specified, the hash input data equals the reference input data.
Reference Input Data
Represents the data that results from the resolution of the URI attribute within the dsig:Reference. If transformations for the dsig:Reference are present, then this data is used as input data for calculating the first transformation. If no transformations are specified, the reference input data equals the hash input data.

2 Commands

This section offers an overview of the various functions provided by the Citizen Card Environment. The functions can largely be divided into four major areas:

  1. The creation and verification of electronic signatures;
  2. The encryption and decryption of electronic documents;
  3. The calculation and verification of hash values for electronic documents;
  4. The reading of data from data storage and the writing of data to data storage areas.

2.1 Signature

The citizen can use the Citizen Card Environment both to sign electronic documents and to verify electronic signatures.

One of the key features of the Citizen Card Environment in both cases is the fact that the citizen can view the actual electronic documents: When creating an electronic signature, he can first verify exactly what data he is actually signing. When verifying an existing signature, the citizen can determine what data is authenticated by the signature.

A Citizen Card Environment offers a secure signature according to the Austrian Signature Act [SigG] or an administrative signature. In e-Government, administrative signatures shall, according to the Austrian E-Government Act [E-GovG], be treated the same way as secure electronic signatures for a transitional period. Thus, for example, the Citizen Card Environment contains the signature creation device which is demanded by law and which requires certification in order to create a secure electronic signature. The advantage of encapsulating the components to be certified into a logical unit is that developers don't have to worry about these legal requirements when designing an application.

2.2 Encryption

The citizen can use the Citizen Card Environment both to encrypt his own electronic documents for any recipients and to decrypt encrypted documents using a decryption key held in the Citizen Card Environment.

2.3 Hash values

The citizen can use the Citizen Card Environment both to calculate a hash value for an electronic document and to verify a hash value for an electronic document.

2.4 Data storage

The Citizen Card Environment provides the citizen with a data storage area for reading and writing data required for e-Government or e-Commerce procedures.

The specifications divide the data storage area into logical units known as info boxes. New info boxes can be created in the data storage area and existing ones can be read, modified and deleted.

The Citizen Card Environment always contains a series of standardised info boxes. This means, for example, that the certificates belonging to the signature and encryption keys held in the Citizen Card Environment can be read out. Info boxes can also be used to access the person identity link and authorisations defined in [E-GovG].

These specifications purposely avoid providing details of the physical location of the storage area data. Several options are conceivable and these could be combined to form a common logical data storage area, e.g.:

Because the info boxes stored in the data storage area may hold sensitive information, the specifications define appropriate requirements for storage and for access protection.

3 Specifications

This section provides an overview of the various specification documents relating to the Austrian Citizen Card. All of these are normative documents.

3.1 Introduction

This document. [next...]

3.2 Security Layer application interface

This document describes the Security Layer interface which can be used by an application to control the functions provided by the Citizen Card Environment. The interface standardises a series of commands; each command obeys a simple question/answer scheme, i.e. the application issues a query to the Citizen Card Environment and the Citizen Card Environment responds after the command has been processed (and after any interaction with the citizen via the user interface) with the appropriate response to the application. [next...]

3.3 Standardised key and info boxes

This document defines the identifiers for those key boxes and info boxes that are mandatory.

A key box identifies a key held in the Citizen Card Environment that is available for creating electronic signatures and/or decrypting electronic data. The key box identifier in the relevant Security Layer commands defines which key is to be used for creating a signature or decryption.

An info box identifies a dataset stored in the Citizen Card Environment to which read and write access is available with Security Layer commands. The info box identifier is used in these commands to define which dataset is to be created, read, modified or deleted. [next...]

3.4 Minimum implementation of the Security Layer

This document defines which Security Layer commands must always be implemented by a Citizen Card Environment. It also contains profiles of the signature formats used by the commands for signature creation, signature verification, encryption and decryption, regulations in relation to the viewer component of the Citizen Card Environment, and requirements for the resolution of the URLs that occur in the various commands. [next...]

3.5 Security Layer transport protocols

The Security Layer interface can be accessed using a variety of transport protocols. This document describes the binding of the Security Layer to the TCP, TLS, HTTP and HTTPS transport protocols. [next...]

3.6 User interface requirements

The Citizen Card Environment must communicate with the citizen via the user interface in order to complete a number of Security Layer commands, for example displaying the data to be signed when a signature is created and the activation of the signature function by the citizen. This document defines the requirements placed on this user interface for the various commands. [next...]

3.7 Access protection

The execution and result of most Security Layer commands require protection. This means that not every application is permitted to execute every Security Layer command or access the result of command execution. This document specifies access protection that must be observed by a Citizen Card Environment. For this, the authentication of the accessing application is first classified. Starting from this classification, rules are defined that determine whether or not an application may execute a command. [next...]

3.8 Standardised viewer format

It is important for the acceptance of the Citizen Card that all Citizen Card Environments available on the market are able to handle at least one common document format in their viewer component (used for example to display the data to be signed when creating a signature). This format should have appropriate options for layout and incorporating images, however should still be suitable in principle as a viewer format for secure signatures. This document specifies just such a document format based on XHTML and CSS2. [next...]

3.9 Error codes of the Security Layer

If, for some reason, a command cannot be processed by the Citizen Card Environment, it replies to the application with a specified error response instead of the response belonging to the query. This document specifies the error codes supplied in this error response. [next...]

3.10 Errata

This document lists known errata in the specifications for the Austrian Citizen Card from version 1.1.0 onwards. When one of the specification documents is published with a higher version number, the errata listed up to this publication date are incorporated in the latest specification, however all errata are still listed in this document. As soon as an erratum has been entered in this document, it is regarded as eliminated in terms of the correction listed in the entry – where applicable. [next...]

4 Explanations

This section provides an overview of the other documents relating to the Austrian Citizen Card. These documents contain explanations and are purely informational in character.

4.1 Tutorial

This document contains a tutorial for developers of applications. It contains examples for all Security Layer commands as well as multi-level procedures for common application scenarios of the Citizen Card. [next...]

5 References

BGBl. I No. 10/2004.
BGBl I No. 190/1999 idF BGBl I No. 152/2001.

6 History

Date Version Changes
2004-05-14 1.2.0
  • Revised
2002-08-31 1.1.0
  • Various editorial improvements
2002-02-25 1.0.0
  • Created