Security

The Citizen Card on the e-card implies multiple security mechanisms:

  • Firstly, you need to put the e-card into the card reader, so you must be in possession of the e-card.
  • Secondly, you need to enter the (correct) Signature PIN

Also the Mobile Phone Signature implies multiple security mechanisms:

  • Firstly, each application requires entering your telephone number and your signature password. Hence, you must know this password.
  • Next, you receive an SMS on your mobile phone with the specified number. So you need to be in possession of the activated mobile phone.
  • This SMS contains a TAN, which is valid for five minutes and for the current transaction only.

Mobile Phone Signature and Citizen Card are particularly reliable methods to identify oneself on the Internet. Both provide high security against

  • theft of access codes (such as phishing)
  • attacks through the network (Man in the Middle)
  • attacks on the computer (for example viruses)

Security Through Multi-Factor Authentication

Only the correct combination of the two factors knowledge (Signature PIN) and possession (mobile phone or e-card) allows a successful login to a e-service or effects an electronic signature. Therefore, to abuse this ID concept someone need to steal a mobile phone or the e-card AND additionally determine the corresponding PIN. If you act carefully, this is practically impossible.

Conventional identification methods - such as username and password, PIN and TAN, or token systems use just one fator - usually knowledge, rarely possession. In these cases it is sufficient spying on information or stealing an admission card, and abuse is possible.

Security Through Application of Cryptographic Methods

The Mobile Phone Signature or Citizen Card prevents central access to sensitive personal data - this is ensured through several steps for which sophisticated cryptographic methods are in place.

  • All citizens who are registered in Austria can be identified by their unique number in the Central Register of Residents (CRR number).
  • This number is not stored directly on the Citizen Card. It is encrypted with the Triple-DES method and the resulting Source PIN is saved on the card in place of the CRR. Because of the applied encryption, the CRR cannot be derived from the Source PIN.
  • The Source PIN is not used directly either. By applying a cryptographic one-way function (SHA-1), a sector-specific personal identifier (ssPIN) is derived for each administrative sector - such as construction and housing, health, agriculture, taxation, etc. - from the Source PIN. It is infeasible to reconstruct the Source PIN from an ssPIN. Furthmore, it is impossible to use the ssPIN of one sector to derive the ssPIN of another sector. This prevents, for example, the tax authorities to take insight into processes of the health sector. It also ensures that each administrative sector may only have access to data from their own area of responsibility.