Security
The citizen card is one of the most secure methods available for identifying yourself over the Internet (login). This table shows how secure the various methods are (green = very secure, red = not secure).
| Secure from access code theft (e.g. phishing) | Secure against attack over the Net (man in the middle) | Secure against attack on the computer (e.g. viruses) | |
|---|---|---|---|
| Citizen card | high | high | high |
| PIN & mTAN | high | medium | low |
| PIN & iTAN | medium | low | low |
| PIN & TAN | low | low | low |
| Username & password | low | low | low |
The components knowledge and possession are at the heart of the citizen card security concept. Most other processes are based either only on knowledge (e.g. username & password) or on possession (e.g. an access card). The problem with this approach is that an attacker only needs to obtain your password, e.g, by spying (or steal your access card).
It is practically impossible to crack the citizen card. An attacker would have to steal not only your e-card (or mobile phone), but the password for it as well.
Data Protection
Data Stored on the Citizen Card
The following information is saved on the citizen card:
- Two certificates(?). These contain:
- Title
- First name
- Last name
- E-mail address (if desired)
- The identity link(?). This contains in addition:
- Date of birth
- Source PIN(?)
This information is saved on the small golden chip on the e-card. When using the citizen on the mobile phone, the information is stored on a high-security server and is only accessed when needed.
Double Protection for Citizens
Data protection plays a central role in the citizen card concept. The complex encryption process ensures that sensitive information about citizens cannot be centrally accessed.
Technical details: All citizens who are registered in Austria can be identified by their unique number in the Central Register of Residents called a CRR number(?). This number is not stored directly on the citizen card. A sourcePIN(?) is saved on the card in place of the CRR. The sourcePIN is encrypted so strongly with the triple DES algorithm that the original CRR number is not able to be recalculated from it.
On top of this, an additional security measure is built into the card: The sourcePIN is not used directly in citizen card processes to prevent unauthorised access by public authorities when dealing with the citizen card. In fact, the sourcePIN is encrypted even further (with the SHA-1 algorithm) and is different between the various administrative sectors. Sector codes
are used to do this, see E-Government Sector Delimination Regulation. The end result of all these encryption processes is the sector-specific personal identifier(?)
(ssPIN).
For citizen card providers in the public sector (e.g. companies or associations), the number in the Commercial Register (or registered association's number) is used in place of the sector code. The result is then called the sector-specific personal identifier for use in the private sector
(previously: economic sector-specific personal identifier, wbPK).
