Advertisement

New Authentication Concepts for Electronic Identity Tokens

  • Jan Eichholz
  • Detlef Hühnlein
  • Gisela Meister
  • Johannes Schmölz

Abstract

The national funded project [BioP@ss] researches the possibilities of an IP based smart card interface based on the international smart card application interface standards [CEN 15480] and [ISO/IEC 24727]. Instead of the classical APDU based communication a TCP/IP based web service communication with the smart card is established. This solution offers the benefit that this interface relies on well established standardized Internet protocols and hence reduces the necessity of an intermediate middleware implementation which translates web service calls into APDU’s. Additionally, we define a [SAML(v2.0)] profile, which allows the implementation of an Identity Provider directly on a smart card.

Keywords

Smart Card Authentication Protocol User Agent European Citizen Identity Provider 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The BioP@ss homepage: www.biopass.eu
  2. Comité européen de normalisation (CEN): Identification card systems — European Citizen Card — Part 1-4, Technical Standard (partly in preparation), 2010Google Scholar
  3. J. Eichholz, D. Hühnlein, J. Schwenk: SAMLizing the European Citizen Card, in A. Brömme & al. (Ed.), Proceedings of BIOSIG 2009: Biometrics and Electronic Signatures, GI-Edition Lecture Notes in Informatics (LNI) 155, 2009, pp. 105–117, http://www.ecsec.de/pub/SAMLizing-ECC.pdf
  4. ISO/IEC: Identification cards – Integrated Circuit Cards, Part 1–13 & 15, International StandardGoogle Scholar
  5. ISO/IEC: Identification Cards — Integrated Circuit Cards Programming Interfaces — Part 1–6, International Standard (partly in preparation), 2010Google Scholar
  6. Java Card™ Platform, Version 3.0 Connected Edition, http://java.sun.com
  7. H. Leitold, A. Hollosi, R. Posch: Security Architecture of the Austrian Citizen Card Concept, Proceedings of the 18th Annual Computer Security Applications Conference, IEEE Press, 2002, pp. 391–401Google Scholar
  8. S. Cantor, J. Kemp, R. Philpott, E. Maler: Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, 15.03.2005, http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf, 2005
  9. J. Kemp, S. Cantor, P. Mishra, R. Philpott, E. Maler: Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, 15.03.2005. http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf, 2005.
  10. S. Cantor, F. Hirsch, J. Kemp, R. Philpott, E. Maler: Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, 15.03.2005. http://docs.oasisopen.org/security/saml/v2.0/saml-bindings-2.0-os.pdf, 2005
  11. N. Klingenstein: SAML V2.0 Holder-of-Key Web Browser SSO Profile, OASIS Committee Draft 02, 05.07.2009. http://www.oasis-open.org/committees/download.php/33239/sstc-samlholder-of-key-browser-sso-cd-02.pdf, 2009
  12. S. Cantor, J. Kemp, R. Philpott, E. Maler: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, 15.03.2005. http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf , 2005.
  13. Secure idenTity acrOss boRders linKed (STORK) project website, http://www.eid-stork.eu, 2010
  14. J. Alcalde-Moraño, J. L. Hernández-Ardieta, A. Johnston, D. Martinez, B. Zwattendorfer: STORK Deliverable D5.8.1b – Interface Specification, 08.09.2009, https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=960
  15. Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI): Advanced Security Mechanism for Machine Readable Travel Documents – Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI), Technical Directive (BSI-TR-03110), Version 2.02, https://www.bsi.bund.de/cae/servlet/contentblob/532066/publicationFile/44802/TR-03110_v202_pdf.pdf , 2009.
  16. Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI): Technical Directive eCard-API-Framework, Version 1.1 of 15.07.2009, https://www.bsi.bund.de/cln_156/sid_BFE35DE615DDE059B55587F30981D6BD/ContentBSI/Publikationen/TechnischeRichtlinien/tr03112/index_htm.html
  17. A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, H. Granqvist: WS-SecureConversation 1.4, OASIS Standard http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/ws-secureconversation.pdf, 2009
  18. XML Encryption Syntax and Processing, http://www.w3.org/TR/xmlenc-core/
  19. XML Signature Syntax and Processing, http://www.w3.org/TR/xmldsig-core/

Copyright information

© Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH 2011

Authors and Affiliations

  • Jan Eichholz
    • 1
  • Detlef Hühnlein
    • 2
  • Gisela Meister
    • 3
  • Johannes Schmölz
    • 4
  1. 1.Giesecke & Devrient GmbHMünchenGermany
  2. 2.secunet Security Networks AGMichelauGermany
  3. 3.Giesecke & Devrient GmbHMünchenGermany
  4. 4.Hochschule CoburgCoburgGermany

Personalised recommendations