View
724
Download
0
Embed Size (px)
DESCRIPTION
#CeDEM13 Day 2 afternoon, Reflections, Main Hall, Chair: Morten Meyerhoff Nielsen
Citation preview
Service Layer
Help Layer
Customer Layer
Browser
www.Help.gv.at Portal
MOA-‐ID STORK MOCCA STORK
eDelivery eSafe HV-‐Services
CiDzen
MOCCA Server
MOA-‐ID Server
Graphics
Internet
Internet
eDelivery eSafe HV-‐Services
26.05.13 1
Proxy AuthenDcator eGovernment official Channel InformaDon
Help.gv.at: Login via Mobile
26.05.13 2
eGovernment official Channel InformaDon
Customer Layer
myHelp Layer
Service Layer
Browser
eDelivery eSafe HV-‐Services MOA-‐ID STORK MOCCA STORK MOA-‐ID STORK MOCCA STORK
CerDficate & Private Key
in accordance to §35 ZustG in Austria
CiDzen
MOCCA Server
MOA-‐ID Server
Graphics
eDelivery, eSave, HV-‐Services � CerDficate GeneraDon (pkcs12 Container) � [RegistraDon/Re-‐entry (a^er First RegistraDon)] opDonal
CerDficate Private Key
1 2
CerDficate GeneraDon
Internet
Internet
1
2
26.05.13 3
www.myHelp.gv.at Portal
MOA-‐ID STORK MOCCA STORK
eSafe HV-‐Services
CerDficate & Private Key
1
eDelivery
2 1
BRZ eDelivery Service: Create CerDficate
26.05.13 4
BRZ eDelivery Service: pkcs12 Container saved
26.05.13 5
Help.gv.at: Connect to BRZ eDelivery Service
26.05.13 6
BRZ eDelivery Service
Service Domain myHelp Domain
Private User Domain
Domain Model: Login Request
26.05.13 7
CiDzen‘s Client Proxy AuthenDcator (Client Proxy)
myHelp.gv.at
Key Share
Holder 1
BRZ login page, …
eDelivery Service
meinBrief login page, …
eDelivery Service
Post Server login page, …
eDelivery Service
Key Share
Holder n
1. URL 2. request login
shared Key n shared Key 1
shared Key request
shared Key 1-‐n
BRZ eDelivery Service: Upload pkcs12 Container
26.05.13 8
BRZ eDelivery Service: Show Inbox (2 Objects)
26.05.13 9
Sequence Diagram Data Access CiDzen myHelp ProxyAuthenDcator KeySharholder 1 KeySharholder n Database meinBrief
getData
validaDon < <
< <
getData
getSharedKeyPart 1
getSharedKeyPart n
validaDon
< reconstructSharedKey <
loadPrivateKey + CerDficate
< decryptPrivateKey + CerDficate < connect
Post Server
BRZ eDeliveryService
26.05.13 10
Components for secure saving of the eDelivery CerDficates in myHelp.gv.at
Key Upload Policy Server
LDAP
MeinBrief eDelivery Service
load
access Data
Key1 Access (eDelivery
Correspondence)
myHelp.gv.at
load CerDficate + Policy Key
Site Minder (AuthenDcaDon)
store CerDficate
+ Policy Key
store
get Key2+Key3
Key3
upload CerDficate + Private Key
MySQL
Post Server eDelivery Service
BRZ eDelivery Service
Key2
based on
(bPK
+Key2+Ke
y3)
26.05.13 11