Abstract
The national funded project [BioP@ss] researches the possibilities of an IP based smart card interface based on the international smart card application interface standards [CEN 15480] and [ISO/IEC 24727]. Instead of the classical APDU based communication a TCP/IP based web service communication with the smart card is established. This solution offers the benefit that this interface relies on well established standardized Internet protocols and hence reduces the necessity of an intermediate middleware implementation which translates web service calls into APDU’s. Additionally, we define a [SAML(v2.0)] profile, which allows the implementation of an Identity Provider directly on a smart card.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The BioP@ss homepage: www.biopass.eu
Comité européen de normalisation (CEN): Identification card systems — European Citizen Card — Part 1-4, Technical Standard (partly in preparation), 2010
J. Eichholz, D. Hühnlein, J. Schwenk: SAMLizing the European Citizen Card, in A. Brömme & al. (Ed.), Proceedings of BIOSIG 2009: Biometrics and Electronic Signatures, GI-Edition Lecture Notes in Informatics (LNI) 155, 2009, pp. 105–117, http://www.ecsec.de/pub/SAMLizing-ECC.pdf
ISO/IEC: Identification cards – Integrated Circuit Cards, Part 1–13 & 15, International Standard
ISO/IEC: Identification Cards — Integrated Circuit Cards Programming Interfaces — Part 1–6, International Standard (partly in preparation), 2010
Java Card™ Platform, Version 3.0 Connected Edition, http://java.sun.com
H. Leitold, A. Hollosi, R. Posch: Security Architecture of the Austrian Citizen Card Concept, Proceedings of the 18th Annual Computer Security Applications Conference, IEEE Press, 2002, pp. 391–401
S. Cantor, J. Kemp, R. Philpott, E. Maler: Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, 15.03.2005, http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf, 2005
J. Kemp, S. Cantor, P. Mishra, R. Philpott, E. Maler: Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, 15.03.2005. http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf, 2005.
S. Cantor, F. Hirsch, J. Kemp, R. Philpott, E. Maler: Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, 15.03.2005. http://docs.oasisopen.org/security/saml/v2.0/saml-bindings-2.0-os.pdf, 2005
N. Klingenstein: SAML V2.0 Holder-of-Key Web Browser SSO Profile, OASIS Committee Draft 02, 05.07.2009. http://www.oasis-open.org/committees/download.php/33239/sstc-samlholder-of-key-browser-sso-cd-02.pdf, 2009
S. Cantor, J. Kemp, R. Philpott, E. Maler: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard, 15.03.2005. http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf , 2005.
Secure idenTity acrOss boRders linKed (STORK) project website, http://www.eid-stork.eu, 2010
J. Alcalde-Moraño, J. L. Hernández-Ardieta, A. Johnston, D. Martinez, B. Zwattendorfer: STORK Deliverable D5.8.1b – Interface Specification, 08.09.2009, https://www.eid-stork.eu/index.php?option=com_processes&Itemid=&act=streamDocument&did=960
Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI): Advanced Security Mechanism for Machine Readable Travel Documents – Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI), Technical Directive (BSI-TR-03110), Version 2.02, https://www.bsi.bund.de/cae/servlet/contentblob/532066/publicationFile/44802/TR-03110_v202_pdf.pdf , 2009.
Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI): Technical Directive eCard-API-Framework, Version 1.1 of 15.07.2009, https://www.bsi.bund.de/cln_156/sid_BFE35DE615DDE059B55587F30981D6BD/ContentBSI/Publikationen/TechnischeRichtlinien/tr03112/index_htm.html
A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, H. Granqvist: WS-SecureConversation 1.4, OASIS Standard http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/ws-secureconversation.pdf, 2009
XML Encryption Syntax and Processing, http://www.w3.org/TR/xmlenc-core/
XML Signature Syntax and Processing, http://www.w3.org/TR/xmldsig-core/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH
About this chapter
Cite this chapter
Eichholz, J., Hühnlein, D., Meister, G., Schmölz, J. (2011). New Authentication Concepts for Electronic Identity Tokens. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2010 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9788-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9788-6_3
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-1438-8
Online ISBN: 978-3-8348-9788-6
eBook Packages: EngineeringEngineering (R0)