Austrian ICT Strategies - univie.ac.at · Austrian ICT Strategies ... voting. 6 strategic services and coordination ... – system checks “this is the entitled user” (SMS-CODE)

1

Austrian ICT Strategies

Mag. Alexander Leiningen-Westerburg, MAS

Federal Staff Unit for ICT-StrategiesFederal Chancellery Austria

eEurope 2005• modern online public services

– e-government– e-learning services– e-health services

• a dynamic e-business environmentand, as an enabler for these• widespread availability of broadband access at

competitive prices• a secure information infrastructure

2

E-GovernmentInitiative Österreich

2003 - 2005

E-Government Austria

e-Government PlattformBundeskanzler

Technical working

group of the federal states

IKT BoardCIO Austria

CIOs departments

e-Cooperation Board

Exekutivsekretär

Federal chancelleryTask forces Task forces

Federal Staff Unit for ICT-Strategies

Task forces

political levelpolitical level

technical technical levellevel

working levelworking level

3

4

online sophistication of public services Austria # 4

Austria made the most remarkable progress of 27 percentage points.

0%

25%

50%

75%

100%

S DK IRL A FIN NOR F UK NL P E I B ISL EL D L

Oct 2003 Oct 2002 Oct 2001

Onlin

e-Ver

fügbar

keit in P

roze

nt

complete electronic case handlingAustria #2

Volls

tändig

e Tra

nsa

ktio

n in P

roze

nt

0%

25%

50%

75%

100%

DK A S FIN IRL UK NOR F I D E P B EL ISL NL L

Oct 2003 Oct 2002 Oct 2001

5

Austrian E-Government Strategy

whereas information services are fully developed, interactions and transactions still lack a European Infrastructure and common understanding

what services do we offer

Information servicesfull coverage

business orientede-gov services

e.g. water, allowances, ...personal transactions

e.g. passport, certificates,…

security related servicese.g. medical, EKIS, .

e-governancee.g. participation, voting

6

strategic services and coordination• Information services cover basically all

institutions• Business oriented transactions can follow

existing models without prior strong identification• „real“ e-government applications need unique

identification• Sensitive government applications need

extended security• E-participation is still to be technically explored

e-government is not a purpose per itself• functional components have to serve the strategic

goals• citizens will not ask why they still have to go somewhere• if it does not pay it will vanish at the end• a solution that can not stand international competition and

interoperate with other solutions will not survive• e-government strategies is about open interfaces

AND HOW TO GET THEM ACCEPTED

7

Austrian E-Government Act• Basis for Identification and Authentication in

Electronic Communications with Public Bodies– Source Identification Number (sourcePIN)– Source PIN Register Authority– Unique Identification in Data files– Sector-Specific Personal Identifiers (ssPINs)– Official Signature– Submission of Electronic Records– E-delivery– E-Voting

http://www.cio.gv.at/egovernment/law/E-Gov_Act_endg_engl_Fassung1.pdf

e-n

oti

fica

tion

e-payment

e-delivery

secu

re s

ignin

g

e-banking with eps 2

filling in

the form

Lodging a new claim

withe-notification

form request

zustellung.gv.at

XML –form

8

Easy access for everyone• e-government forms styleguide

– standardised look and feel across administrative borders

– standard guidelines for forms– easy recognition for citizen– continual improvement by usability tests – http://reference.e-government.gv.at/

• WAI – Web Accessibility Initiative


citizen card concept• Identification

– The main goal with e-signatures in administration is identification

– serving the needs of administration– enhancing privacy

• Authentification• Integrity

– Data must not be modified

• Non Repudiaton

9


citizen card components• Two certificates

– Secure electronic signature– Encryption

• Security layer• Person binding by Source PIN• Data boxes


Source PIN Register Authority• Source PIN

– Personal source identification number is derived from the central register of residents an protected by strong encryption

– Non residents may get their Source PIN at an embassy• Legal persons or other non-natural persons may use

number of– Company Register, Central Register of Associations, or

Supplementary Register • Source PIN must be stored only

– On the citizen card– Source PIN Register authority

• Unique Identification in data files may be represented only in a Sector-specific identifier

10


Sector-specific identifier

Source PIN


irreversible derivationHASH-function

e.g. finance e.g. driving licence

No dragnet investigation possible


irreversible derivationHASH-function


identification and e-commerce• If identification serves good purposes in

e-government observing privacy, why should it not be used in the private sector

• Deriving synergies with businesses.• In order to identify natural persons in electronic

communications with a controller in the private sector (Paragraph 5(3) of the Datenschutzgesetz 2000), a specific number may be derived, using the citizen card (wbPK).

11


identification – electronic signature

WEB SERVICE

two components• card (ownership)• PIN (knowledge)

OR

http://meldung.wien.gv.at/egovMB/


making the use of e-signature easier• Europe has not really implemented the e-signature

guideline.• Signature has to be made significantly easier.• Using security tokens people allready have, might

help (banking cards, mobile phones..).• Until 31 December 2007, administrative signatures

may also be used in connection with citizen card functions and shall be treated in the same way as secure signatures.

12


SECURITY SERVER

citizen card functions with mobile phone

WEB SERVICE

three components• mobile (ownership)• PIN (knowledge)• security server (TTP)


how signatures with mobiles work

– the user faces a document to sign

– user chooses his method to sign (e.g. A1.net)

– system checks “this is the entitled user” (SMS-CODE)

– the external security module is enabled and performs signing process. The operator has no access to the keys.

1

2

3

4

5

13


e-payment

• E-payment has to complement the technology suite for e-government.– payment must be electronic to avoid physical

presence– legal procedures require payment to happen on the spot

• There is no special legal regulation needed.• As there are many methods for payment e-

government needs a standard that is open for any applicable method of payment.

EPS2 serves this purpose


e-payment by eps2

• payments are indipendent from applications • every payment system possible (E-Banking, Mobile Payment …)• trustworthy

– confirmation of payment can be printed– Full evidence, even if the e-government transaction failed

• e-business suitable

Application form

Continue the process

Request to pay

E-Payment

14


electronic delivery• NO e-mail delivery

– electronic addresses are transient• no official registry of electronic addresses• the same e-mail address might belong to a different person tomorrow.

• register with delivery – not with application• only one registration

– applications need not maintain delivery data • delivery to non applicants

– e.g. building: notification goes to persons that do not apply• security and trust

– this has to compare to conventional delivery methods


e-delivery

• comfortable• secure

– Encryption possible– Official signature

• cheap– Free (till end of 2005) – [today 7-8 € pro RSA Brief]– No media discontinuity

E-notfication

Public authority https://www.zustellung.gv.at

citizen

SMS, e-mail

Pickup ticketIdentified pickup

Nachrichten-Server

Optional printout

15


official signature• Electronic documents need the potential for being

authentic.• Even if printed on paper such documents must keep

validity.• electronic documents must be valid in various

environments• Electronic documents should look trustworthy to

anyone at first sight


date and time unique form id

logo validity hintsignature

value

signing person(function)

CA and serial number

16


the back office• ELAK im BUND• SAP• ZMR, ADR, GWR, ZVR, ….


ELAK im Bund• avoid paper in standard procedures• allow access – with enhanced identification

– from any place any time• integrate archiving (still to manage)• integrate forms from citizen to allow seamless

scaling• integrate further back office systems

(directories, SAP) for more efficient and moreaccurate application

17


ELAKBrief

Akt

Fax

Telefonat

Elektronisches Anbringen

E-Mail

Einlauf

Kanzlei

EDIAKT

•Registrierung•Scannen•Papierablage•Überprüfung Signatur

Kanzlei

Fachbereich

•Protokollierung•Zuteilung

Fachbereich

Kanzlei

Fachbereich

•Reinschrift•Beglaubigung•Abfertigung in Richtung Zustellsysteme

Elektronische Zustellung

Brief

E-G

overn

men

t S

chn

itts

telle

•Styleguide•Identifikation•Signatur•Zahlungsbest.

Standard-

Dokumenten-

register

•Festlegung von Aktenlauf/Fristen•Bearbeitung •Erledigung oder•Ablage


• goal– trust and security for citizens– quality control– mandatory list of technical documents

• voluntary commitment– free– Conformity may be controlled

• Awarding by the federal chancellary– run of validity - three years– Withdrawal possible

• Arbitration board– Only if technical criteria misatch

www.Guetesiegel.gv.at

18


e-participation

• e-participation – this is where technology meets politics

• there are considerable structural effects– digital divide– threat of manipulation– privacy aspects

• generally the perception of technology does not match the real world – e.g. e-government will face a much stricter security

demand than conventional systems


e-voting the first steps• technical protocols are there• scaling of technology has not really been

challenged• legal mechanisms are still not in sight – at

least in many countries• Which societies are ready?

– and will they stay ready?

19


thank youfor the attention

[email protected]

Documents

Austrian ICT Strategies - univie.ac.at · Austrian ICT Strategies ... voting. 6 strategic services and coordination ... – system checks “this is the entitled user” (SMS-CODE)