Federal Chancellery of Austria
Austria

The Problem

In most cases, public authorities and enterprises use username/password combinations for the online identification of their users/customers. Insecure passwords, man-in-the-middle or phishing attacks lead to a steady increase of abuse on the internet. Solely last year cybercrime has risen by more than 100 percent. The increase rate of phishing attacks (“password fishing”) was 328,9 percent over the last year; a similar picture in case of hacking attacks.

Because of this Federal Platform Digital Austria decided to develop a two-component-concept (knowledge and possession) for secure electronic identification and qualified electronic signatures that is easy to use and though suitable to bridge the digital divide: the mobile phone signature.

The “mobile phone signature” means a further development of the known card-based citizen card, where citizens had to buy card readers, install software, etc. before using the activated ID-card for identification and qualified electronic signatures.

As mentioned above the mobile phone based eID solution aims to bridge the digital gap by reducing acquisition costs for smartcards or smartcard readers, avoiding technical hurdles like software installations (for middleware/ drivers etc.) and increasing usability due to the use of familiar technology (mobile phone).

Solution and Key Benefits

 What is the initiative about? (the solution)
The mobile phone signature (identification and qualified electronic signatures by using the mobile phone) was developed with support of the EU Commission in the large EU pilot project on interoperability of electronic identities called "STORK" . It was activated during the last quarter in 2009. This solution makes it possible to use electronic signatures with a mobile phone. In contrast to existing card-based solutions, installing software and additional hardware (card reader) is no longer necessary.

The solution for secure electronic identification and qualified electronic signatures carried out with the mobile phone functions similar to the solution banks use for e-banking. After successfully logging in with the access code (mobile phone number) and PIN, a TAN code is sent via SMS to the activated mobile phone. When the TAN code is entered in the respective application, a qualified electronic signature is created. This could also be a simple method for creating qualified electronic signatures on a mobile phone. This signature would be, just like in the former card-based solution, the legal equivalent of a handwritten signature, and could be used everywhere, not only for procedures with public administration, but also in business, e.g., in e-banking. The mobile phone signature offers a user-friendly alternative to the well-known card-based eID solutions.

Beside the high security level the mobile phone based eID solution aims to bridge the digital gap by reducing acquisition costs for smartcards or smartcard readers, avoiding technical hurdles like software installations (for middleware/ drivers etc.) and increasing usability due to the use of familiar technology (mobile phone).

All users benefit in several ways from the further development of the Austrian citizen card concept for secure identification and qualified e-sigantures - they will save money and time.

As users do no longer have to install certain software on their PC, they don’t need special computer skills or technical knowledge to use their “mobile phone signature”,
* to place their qualified electronic signature on contracts,
* use it for official applications,
* in the fields of electronic billing,
* E Banking ,
* E-Payment or
* Logon processes.

Actors and Stakeholders

 Who proposed the solution, who implemented it and who were the stakeholders?
The mobile phone signature (eID and qualified electronic signature by using mobile phones) was developed by the Federal Platform Digital Austria (http://digital.austria.gv.at) and supported by the EU Commission. The mobile phone signature was implemented in the large EU pilot project on interoperability of electronic identities called "STORK" . It was activated during the last quarter in 2009.
The high level of distinction that eGovernment solutions like the mobile phone signature now enjoys in Austria is seen in the fact that the responsibility for the overall coordination of eGovernment been transferred to the Federal Chancellery. The general term for it is the Federal Platform Digital Austria (PDA), which was created in 2005. It has become the centre stage for coordination and strategy of eGovernment in Austria by the Federal Government. All eGovernment projects in Austria now run under the Federal Platform Digital Austria designation.
It coordinates all the agendas of the "Cooperation BLSG" (which stands for Federal Government, Provinces, Municipalities and Communities), formerly known as the eCooperation Board, and the Federal ICT Board. The advantages of having a single chairmanship in charge of projects are obvious. Projects are coordinated with one another so any projects which are too similar can be detected and duplication of effort can be avoided. The chairmanship of Platform Digital Austria is held by the Federal CIO.
The eGovernment Innovation Centre (EGIZ) was established at the same time as the platform. The initiative between the Federal Chancellery and the Graz University of Technology supports the Chancellery in the development of an ICT federal strategy and was strongly involved in the development and implementation of the mobile phone signature.
Due to the fact that there are no restrictions to the concrete, technical implementation as long as the legal requirements (such as usage of “secure signature creation devices”) are met, the mobile phone signature can be used in the public sector as well as in the private sector, so to say there is no certain group of stakeholders: everyone can benefit from it.

(a) Strategies

 Describe how and when the initiative was implemented by answering these questions
 a.      What were the strategies used to implement the initiative? In no more than 500 words, provide a summary of the main objectives and strategies of the initiative, how they were established and by whom.
The underlying citizen card is an essential component of Austria’s E-Government strategy and approach. The citizen card concept offers functionality for the identification and authentication and – by using qualified electronic signatures – constitutes the foundation for legal security.

To guarantee a cost-effective implementation of the mobile phone based implementation of the citizen card (called mobile phone signature) and to ensure the highest possible degree of interoperability, the mobile phone signature was developed with support of the EU Commission in the large EU pilot project on interoperability of electronic identities called "STORK" . The mobile solution for eID and e-signatures was activated during the last quarter in 2009. In contrast to the card-based forms – already known in Europe – installing software and additional hardware (card reader) is no longer necessary.

As the citizen card concept is built upon open standards, it allows all signature cards and storage mediums, which fulfill citizen card specifications and legal requirements to be used. The concept just determines certain standards in terms of functionality and guarantees high-level sustainability. There are no restrictions to the concrete, technical implementation as long as the legal requirements (such as usage of “secure signature creation devices”) are met. This fosters additional solutions in different technology sectors such as the mobile phone sector. The so-called mobile signature offers a comfortable alternative to the previous used smartcards. This server-based citizen card solution for qualified electronic signatures means a further important step towards usability and dissemination of modern E-Government services as well as an interesting alternative to countless username/password combinations in both, the public and the private sector.

(b) Implementation

 b.      What were the key development and implementation steps and the chronology? No more than 500 words
Implementation period: Beginning in 2008, the mobile phone signature was developed in the EU large scale pilot project on interoperability of electronic identities called "STORK"(http://www.eid-stork.eu).
The integration of the HSM (hardware security module) module, which forms the basis for the mobile phone signature, has been done in collaboration with a private IT-company named A-Trust (http://www.a-trust.at) in 2009, which is the competent certification service provider.

Start/Dissemination: The mobile phone signature was verified for legal compliance in November 2009 by A-SIT (http://www.a-sit.at).

Widespread marketing began in 2011/2012. The noticeable breakthrough was in September 2012.
Since September, there is an above-average increase of activations, which can be seen as result of the marketing activities of the Austrian Federal Chancellery and the steady increase of applications that support the mobile signature.

(c) Overcoming Obstacles

 c.      What were the main obstacles encountered? How were they overcome? No more than 500 words
The main obstacles we encountered was the question how to extend the scope of the mobile phone signature to businesses, the upgrade of all existing registration officers, the costs of sending the SMS and the higher complexity caused by different eID methods within one country.

From your experience we knew that it will be very difficult to establish a nationwide identification system without involving the private sector. The extension of scope for private businesses was therefore crucial in the development of the mobile phone signature. The possibility to sign any PDF, including private contracts, was one way to overcome this extension of scope because the qualified signature is in principal open for every possible signature requirement in the field of business.

In Austria, there was an existing landscape of registration officers for the citizen card. All registration officers therefore needed an update of knowledge and a renewed contractual framework to allow them to activate mobile phone signatures. This was solved through specific education modules, which could be designed shorter than the general basic education for registration officers.

It was a strategic decision to offer the mobile phone signature for free to the citizen and businesses during the first enrolment phase to foster the distribution and reach a critical mass of users. Therefore the costs for the SMS, involved in every signature process, were paid from a central budget by the government.

From the user perspective a new method for eID was introduced with the mobile phone signature even if the concept behind is the same with the citizen card. This resulted in a higher complexity for the user who had to distinguish between the card based solution versus the mobile phone based solution. To overcome this issue a clear separation of marketing messages was necessary.

(d) Use of Resources

 d.      What resources were used for the initiative and what were its key benefits? In no more than 500 words, specify what were the financial, technical and human resources’ costs associated with this initiative. Describe how resources were mobilized
Many different key players were involved in the development of the system. Below you can find a list of the main players:

• The E-Government Innovation Center (EGIZ) invented the technical solutions
• The E-Government department in the federal chancellery is responsible for steering all information and marketing messages to the different target groups
• A-SIT verified the legal compliance of the developed solution
• A-Trust is responsible for operating the service
• Platform Digital Austria is in charge of cooperating and communicating the solution to the federal and provincial stakeholders

Sustainability and Transferability

  Is the initiative sustainable and transferable?
The initiative is sustainable because it is a top political priority as stated in the government program. A project management was appointed by the cabinet of the federal chancellery to bundle all activities fostering the mobile phone signature. Besides this priority there was a common agreement amongst ministries of sharing the costs for certificates.
To transfer the initiative abroad the solution was presented to more than 40 international delegations of politicians, public administrations employees and business representatives since 2010. Furthermore, knowledge was shared with the European commission and especially with those member states, with which Austria is running bilateral cooperation agreements. Finally, Austria participates in international large scale pilots (STORK, SPOCS…), were the mobile phone signature is a key component.

Lessons Learned

 What are the impact of your initiative and the lessons learned?
Users benefit in several ways from the mobile phone signature - they will save money and time.

As users do no longer have to install certain software on their PC, they don’t need special computer skills or technical knowledge to use their mobile “citizen card”, i.e.
* to place their qualified electronic signature on contracts,
* use it for official applications,
* in the fields of electronic billing,
* E Banking ,
* E-Payment or
* Logon processes.

The use of familiar technology (mobile phone) helps to get confident with the new offer. Furthermore acquisition costs for smartcards or smartcard readers – so far a big hurdle in the rollout process – are a thing of the past. Everything at a proven, high security level.

Contact Information

Institution Name:   Federal Chancellery of Austria
Institution Type:   Government Department  
Contact Person:   Harald Pirker
Title:   civil servant, e-government expert  
Telephone/ Fax:  
Institution's / Project's Website:  
E-mail:   harald.pirker@bka.gv.at  
Address:  
Postal Code:  
City:  
State/Province:  
Country:   Austria

          Go Back

Print friendly Page