Advertisement

From the eCard-API-Framework Towards a Comprehensive eID-Framework for Europe

  • Detlef Hühnlein
  • Manuel Bach

Abstract

The German eCard-strategy aims at harmonizing the various government projects which issue or use smart cards for authentication and signature purposes. Against this background the German government developed the eCard-API-Framework [eCard-TR] which aims at supporting arbitrary smart cards and facilitating the integration of them into various eID-applications. The present contribution provides a brief overview of the main features of the eCard-API-Framework, highlights current standardization efforts at CEN and ISO and provides an outlook how this approach might form the basis for a comprehensive eID-framework for Europe and beyond.

Keywords

Smart Card Electronic Signature Deployment Scenario Government Project Signature Purpose 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [CardSpace]
    Microsoft: CardSpace, via http://cardspace.netfx3.com/Google Scholar
  2. [CEN14171]
    Comité européen de normalisation (CEN): General guidelines for electronic signature verification, CEN Workshop Agreement, May 2004, via ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/ c wal 4171-00-2004-May.pdfGoogle Scholar
  3. [CEN14890-2]
    Comité européen de normalisation (CEN): Application Interface for smart cards used as Secure Signature Creation Devices — Part 2: Additional Services, CEN Workshop Agreement, May 2004, via ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwal4890-02-2004-May.pdfGoogle Scholar
  4. [prCENl 5480-1]
    Comité européen de normalisation (CEN): Identification card systems — European Citizen Card — Part I: Physical, electrical and transport protocol characteristics, prCEN/TS 15480-1, proposed Technical Standard, 2007Google Scholar
  5. [prCENl 5480-2]
    Comité européen de normalisation (CEN): Identification card systems — European Citizen Card — Part 2: Logical data structures and card services, prCEN/TS 15480-2, proposed Technical Standard, 2007Google Scholar
  6. [prCENl 5480-3]
    Comité européen de normalisation (CEN): Identification card systems — European Citizen Card — Part 3: European Citizen Card Interoperability using an application interface, prCEN/TS 15480-3, Working Draft, 2007Google Scholar
  7. [eCard-TR]
    Federal Office for Information Security: eCard-API-Framework — Technical Directive BSI 03112, 2007Google Scholar
  8. [eHC]
    gematik: The Specification of the German Electronic Health Card eHC, Part 1: Commands, Algorithms and Functions of the COS Platform, via http://www.gematik.de/upload/gematik_eGK_Specification_Parti_e_Vl_1_0_518.pdf Part 2: Applications and application-related Structures, via http://www.ge-matik.de/upload/gematik_eGK_Specification_Part2_e_Vl_l_l_516.pdf, Part 3: Layout andPhysical Properties, vai http://www.gematik.de/upload/gematik_eGK_Specification_Part3_e_Vl_l_0_514.pGoogle Scholar
  9. [ETSI-101733]
    ETSI: Electronic Signature Formats, Electronic Signatures and Infrastructures (ESI) — Technical Specification, ETSI TS 101 733 VI.5.1, 2003-12, via http://portal.etsi.org/docbox/EC_Files/EC_Files/ ts_101733v010501p.pdfGoogle Scholar
  10. [ETSI-101903]
    ETSI: XML Advanced Electronic Signatures (XAdES), Technical Specification, TS 101 903 VI.2.2 (2004-04), via http://uri.etsi.org/01903/vl.2.2/ts_101903v010202p.pdfGoogle Scholar
  11. [ETSI-102204]
    ETSI: Mobile Signature Service — Web Service Interface, Technical Specification TS 102 204 VI. 1.4, via http://portal.etsi.oig/docbox/EC_Files/EC_Files/ts_l02204v010104p.pdfGoogle Scholar
  12. [ETSI-102231]
    ETSI: Provision of harmonized Trust Service Provider (TSP) status information, Technical Specification TS 102 231, via http://portal.etsi.org/stfs/STF_HomePages/STF290/draft_ts_102231v010201p&RGW.docGoogle Scholar
  13. [Higgins]
    Higgins Team: Higgins Trust Framework Project Home, via http://www.eclipse.org/higginsGoogle Scholar
  14. [HüBa07]
    D. Hühnlein, M. Bach: How to use ISO/IEC 24727-3 with arbitrary Smart Cards, in C. Lambrinou-dakis, G. Pernul, A.M. Tjoa (Eds.): TrustBus 2007, LNCS 4657, SS. 280–289, 2007Google Scholar
  15. [ISO7816-4]
    ISO/IEC: Identification cards — Integrated circuit cards — Part 4:Organization, security and commands for interchange, ISO7816-4, Version 2005-01-15Google Scholar
  16. [ISO7816-15]
    ISO/IEC: Information technology — Identification cards — Integrated circuits) cards with contacts — Part 15: Cryptographic information application, ISO/IEC 7816-15, 2003Google Scholar
  17. [ISO24727-1]
    ISO/IEC: Identification Cards — Integrated Circuit Cards Programming In-terfaces — Part 1: Architecture, ISO/IEC 24727-1, Final Draft International Standard, 2006Google Scholar
  18. [ISO24727-2]
    ISO/IEC: Identification Cards — Integrated Circuit Cards Programming In-terfaces — Part 2: Generic Card Interface, ISO/IEC 24727-3, Committee Draft, 2006Google Scholar
  19. [ISO24727-3]
    ISO/IEC: Identification Cards — Integrated Circuit Cards Programming Interfaces — Part 3: Application Interface, ISO/IEC 24727-3, Committee Draft, 2006Google Scholar
  20. [ISO24727-4]
    ISO/IEC: Identification Cards — Integrated Circuit Cards Programming Interface — Part 4: API Administration, ISO/IEC 24727-4, Working Draft, 2007Google Scholar
  21. [Kowa07]
    B. Kowalski: A survey of the eCard-Strategy of the German Federal Government, (in German), Proceedings of BIOSIG 2007, GI Lecture Notes in Informatics, 2007Google Scholar
  22. [LeymO7]
    F. Leyman: e-ID interoperability large scale pilot — STORK, Talk at the EEMA-Conference “The European e-Identity Conference”, Paris, June 2007Google Scholar
  23. [Liberty]
    Liberty Alliance Project: The Liberty Alliance, via http://www.projectliberty.org/Google Scholar
  24. [ManDecO5]
    Ministerial declaration, approved unanimously on 24 November 2005, Manchester, United Kingdom, via http://archive.cabinetoffice.gov.uk/egov2005conference/documents/proceedings/ pdf/051124declaration.pdfGoogle Scholar
  25. [MS-CAPI]
    Microsoft Inc.: Cryptography Reference (Microsoft CryptoAPI), Platform SDK: Security, via http:// msdn.microsoft.com/library/en-us/security/security/cryptographyreference.aspGoogle Scholar
  26. [MS-CNG]
    Microsoft Inc.: Cryptography API: Next Generation http://msdn.microsoft.com/library/en-us/seccrypto/security/cryptography_api_nextgeneration.aspGoogle Scholar
  27. [OASIS-DSS]
    OASIS: Digital Signature Service Core Protocols, Elements, and Bindings, Version 1.0, OASIS Standard, via http://docs.oasis-open.org/dss/vl.0/oasis-dss-core-spec-vl.0-os.pdfGoogle Scholar
  28. [Onom@topic]
    M. Faher: Onom@Topic — project, presentation at Porvoo 9, May 2006, via http://porvoo9.gov.si/ pdf/FRI_15_1000_MFaher_AXALTO_Porvoo9.pdfGoogle Scholar
  29. [PC/SC]
    PC/SC Workgroup: PC/SC Workgroup Specifications 1.0/2.0, via http://pcscworkgroup.comGoogle Scholar
  30. [RFC2246]
    T. Dierks, C. Allen: The TLSProtocol-Version 1.0, RFC2246, via http://www.ietf.org/rfc/rfc2246.txtGoogle Scholar
  31. [RFC2560]
    M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams: X.509 Internet Public Key Infrastructure — Online Certificate Status Protocol — OCSP, IETF RFC 2560, via http://www.ietf.org/rfc/rfc3161.txtGoogle Scholar
  32. [RFC3161]
    C. Adams, P. Cain, D. Pinkas, R. Zuccherato: Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP). IETF RFC 3161, August 2001, via http://www.ietf.org/rfc/rfc3161.txtGoogle Scholar
  33. [RFC3369]
    R. Housley: Cryptographic Message Syntax (CMS), IETF RFC 3369., via http://www.ietf.org/rfc/ rfc3369.txtGoogle Scholar
  34. [SICCT-vl.l]
    TeleTrusT: SICCT-Spezifikation, Version 1.1.0, 2006-12-19, via http://www.teletrust.de/fileadmin/ files/publikationen/Spezifikationen/SICCTSpezifikationl. 10.pdfGoogle Scholar
  35. [XML-Enc]
    W3C Recommendation: XML Encryption Syntax and Processing, 10. Dezember 2002, via http://www. w3.org/TR/xmlenc-core/Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden 2007

Authors and Affiliations

  • Detlef Hühnlein
    • 1
  • Manuel Bach
    • 2
  1. 1.secunet Security Networks AGMichelauGermany
  2. 2.Federal Office for Information Security (BSI)BonnGermany

Personalised recommendations