Status and Outlook on Electronic Identity in Europe: The Case of Austria

Alois Paulin, 2012

IFIP e-Government Conference 2012, Kristiansand,


In this article we create an overview over the conducted research and present legal provisions and technical recommendations that govern the electronic identity in Austria. We describe the relevant details of the Austrian e-signature and e-government legislation, as well as the available technological solutions and tools for citizen and developers. We conclude with a critical commentary on the present EU e-ID landscape based on the case of Austria.


Electronic identity (e-ID) technologies have received significant worldwide attention between the fin-de-millénaire and the first few years of the 21st century; crucial enablers for the e-ID were new national laws which aimed at regulating the characteristics and legal significance of electronic identities, defining how identification, authentication and signing (“I-A-S” [1]) using ICT are to be applied in the context of law.

In the European Union the major driver was Directive 1999/93/EC of the European Parliament and Council, which normalized the requirements towards the national legislations and mandated the validity of electronic signatures before law – a crucial milestone for legally significant electronic interaction. Implementations into national law of Directive 1999/93/EC had to be realized before July 19th 2001. Although the directive explicitly focuses on electronic signatures, identification and authentication – and thus the regulation of e-ID, are implied [3].

Directive 1999/93/EC was purposely designed to be technology- and vendor-neutral in order to protect the single market from national regulative tendencies [4]. Further, a temporary electron-ic equivalence to the legal concept of handwritten signature – the qualified electronic signature (technology neutral as well), was defined in order to serve as a translator for already existing, not e-conscious legislation [4]. This very same neutrality however has resulted in technologically isolated national islands, wherein local, usually government-sponsored technical solutions, enjoy a privileged de-facto monopoly. Activities, such as for example the EU-cosponsored project STORK [5] have been deployed in order to search for ways to bridge these national “e-borders”.

In this paper, we aim to establish an in-depth overview of one of such “national islands”, namely the Austrian e-ID landscape. Our goal is neither to compare Austria to other countries in this aspect [cf. 6], nor to evaluate its technical sophistication [cf. 7], service take-up [cf. 8] or popularity [cf. 9], [10]; instead we aim to provide an insightful reference for those who require to deal with Austrian e-ID.

At first we will first analyze the hierarchy of legal acts that regulate how e-ID is established and used in Austria; next we shall present an overview over the technical instantiations of e-IDs ac-cepted by Austrian bureaucracy and business, as well as additional tools and miscellaneous help-ful technical solutions available to users, service providers and developers. We shall conclude with a discussion of the Austrian solution within the pan-EU context.

The reality: a national monopolist

Despite the explicit vendor- and technology-neutrality provisioned, Austrian e-government’s protégée is the company A-Trust, which’ products are the only one accepted by online services provided by the government; A-Trust is the only commercial provider of e-ID related services in Austria that underwent voluntary accreditation as provisioned by e-GovG [16].

The privately owned A-Trust represents the executive pillar of the Citizen Card; the pillar for accreditations is the non-profit organization A-SIT – an association (Verein) of public sector institutions. Members of A-SIT are the Federal Ministry of Finance, the Central bank of the Republic of Austria and the Graz University of Technology [17]. A-SIT is currently the only registered accreditation body in Austria [18], [19].

Available e-ID carriers / A-Trust

The first provider of e-ID tokens that complied with the provisions for the Austrian Citizen Card (CC) was the Austrian Computer Society, which in 2003 equipped its members with new mem-bership cards with smartcard functionality [20]; the Austrian Computer Society did however not provide CCs directly. Further potential e-ID carriers where disseminated later trough a later generation of ATM cards and mandatory social security cards – the eCard; Aichholzer & Strauß [21] provide an elaborate overview of the CC development and dissemination, as well as its conceptual design.

At present, two carrying technologies exist: smartcard-based CCs (ATM cards, the eCard, student IDs, etc. [23]) and a solution that utilizes one’s mobile phone.

On smartcards, a stored SAML assertions document represents the Identity-Link [24] and two cryptographic key pairs are available for e-signing (one for qualified e-signatures according to Austrian criteria); in order to use the card as a CC, special software must be used, while signing trough popular office applications is theoretically, but not practically possible [25], [26], because advanced elliptic curve cryptography is used, which is not yet popularly supported. The smart-card offers a convenient way to assure multi-factor authentication trough proof of possession and knowledge (the PIN), however it is becoming increasingly inconvenient and unpopular for practical use, as it requires special hard- and software, like smartcard-readers and supporting hosting systems [cf. 23].

A-Trust’s mobile solution, the Handy-Signatur (HS) transforms the user’s mobile phone into a secure-signature-creation-device (SSCD), which assures multi-factor authorization (proof-of-possession: the mobile device, knowledge: shared secret); the HS was designed as part of the STORK project [23]. Mobile e-signing can be achieved twofold [cf. 27]: either by utilizing a special SIM card as the SSCD, as it is done by the Estlandian Mobiil-ID [23], or by using the mobile device as an authentication token, which unlocks the signing module on a remote server, as it is the case with the Handy-Signatur.

An SSCD inter alia must comply with the requirement that it can be hold under the sole control of its owner. In the case of the HS however, the SSCD is not a single physically controllable object anymore, but rather a system that fulfils this condition trough organizational means [28].

In the case of the HS, the cryptographic key pairs are stored in an nShield 500e F31 hardware security module (HSM) on a high security server stored in a safe of A-Trust’s computing center [28]; the user requests access to the CC functionality by sending her phone number and associated password – the shared secret, via HTTPS (using a web form provided by A-Trust) to the server, which responds by sending a time-limited, unique password via SMS to the user’s mobile phone, which the user transmits over HTTPS as the proof of possession information; this one-time-password grants the server’s signing module access to the key pair and the associated Identity-Link SAML assertions in the HSM [23], [28].

Technical recommendations

Several recommendations that regulate the technical characteristics of the Austrian e-ID have been designed, which however have not been issued by relevant democratic bodies and are consequently not binding before law. This deficit of formal legitimacy of the available technical documents however must be viewed in the light of the absolute monopolistic constellation of A-Trust and A-SIT; consequently, the available technical specifications must be seen as the documentation for A-Trust’s instantiations of the CC, which is relevant for advanced users and developers who require dealing with existing solutions.

The formal issuer of technical conventions is a non-personified association of federal, regional and local governments that bases on a mutual agreement on cooperation in the use of ICT – the Kooperation Bund/Länder/Gemeinden; this association publishes its agreed-upon conventions on Since 2005, e-government-related issues are coordinated by the federal chancellor trough the unit Platform Digitales Österreich (Platform Digital Austria; PDA;, whose chair is the Chief Information Officer (CIO).

Complete technical documentation can be found online at two sources (English translations are partly provided):


The available documentation describes a recommendation how to instantiate the CC (“CC Specifications”) [29], the format of the Identity-Link [24] and the protocol for requesting the Identity-Link [30].

(It is interesting to observe that all leading people who are involved in designing the Austrian CC technical recommendations, as well as those involved in voluntary accreditation of the CC, have their professional roots in the Technical University of Graz; based on this finding, one might conclude that the Austrian e-ID, as the main pillar of Austrian e-Gov, is governed by a single “clan”. Kubicek & Noack [6] note, that such clans can have positive influence on the development process, they do however not comment this issue from other, more democratic points of view.)

The CC-specifications recommendation [29] describes an abstract model which consists of three stakeholders: the citizen, the CC-environment and the application.

The CC-environment (CCE) is an information system that encapsulates the concrete CC and enables the consuming application access to the CC’s functionality. This model allows an application to consume many different CC tokens with no need to adapt to their special requirements, be-cause the CCE takes care of this.

Interaction between applications and the CCE is provided trough an exchange of specified XML requests and responses over either a TCP/IP (or SSL/TLS) or HTTP (HTTPS) binding (the “Security Layer”); in the first case, the requests are transmitted directly to an Internet socket, in the later, the request is transmitted via a HTML form. Applications can request the creation and verification of e-signatures (CMS and XMLDSig), encryption and decryption to/from CMS and XMLEnc, calculation and verification of hashes, and the access to associated data storage provided as part of the CC concept – to read e.g. the Identity-Link or to write application-specific data.

The communication between the CCE and the user is conducted via the User-Interface (Benutzerschnittstelle; UI). The CC specifications contain provisions that regulate how the UI must behave, e.g. that it must present to the citizen the document before signing it; further, CC specifications regulate that for visualizing content, a limited XHTML 1.1 and CSS 2 must be used.

Several end-user CCEs are available – three commercial and one open-source CCE are listed on A-SIT’s CC-dedicated web site The open-source MOCCA [31], [32] is considered as the most advanced option and provides integrated support for many foreign e-ID cards, among them the Belgian BELPIC, Estonian ESTID, as well as Italian, Icelandic, Lithuanian, Swedish, Swiss, Portuguese e-ID cards [33], [34] – several foreign e-ID solutions (not including the Swiss one) have been equalized with the CC by a decree of the federal chancellor in 2010 [35].

Another solution worth mentioning are the open-source Modules for Online-Applications – MOA [36], which are formally provided by the Austrian Federal Chancellery. MOA provide means for creating and verifying e-signatures and reading the IDL, however they slightly differ from the formal CC specifications and offer advanced possibilities for developers, such as a SOAP and Java API. An illustrative use-case with a Lichtenstein e-ID has been described by Ivković & Stranacher [33].

Conclusion, discussion & outlook

In the present article we described the Austrian e-ID landscape from the legal and technical viewpoints. From the legal aspect we outlined the provisions of the EU Directive 1999/93/EC and all relevant national Austrian provisions for e-ID and e-government; here we described the legal differences between the advanced electronic signature (AeSig) and the qualified electronic signature (QeSig), emphasizing that the later was provided only as a temporary electronic equivalent to the handwritten signature. We further described the Austrian recommendation for a national qualified e-ID system, the Bürgerkarte (Citizen Card), both as an abstract concept in Austrian law and its de-facto monopolistic instantiation and use in national e-government.

As shown in the case of Austria, an interesting discrepancy between legal provisions and the reality in national e-government can be observed, whereby the former focus on the abstractly de-scribed AeSig and forbid any discrimination in its validity before law, while the later center around a bottom-up defined technical solution for the more stringent QeSig which de-facto is the only option for access to Austria’s e-government.

More than 10 years after pan-EU adoption of Directive 1999/93/EC, government-driven e-ID programs can be considered failed. Thus, Kubicek [9] reports that despite a wide dissemination of e-ID tokens only a marginal percentage of “e”-aware citizen use governmental e-IDs for authentication: if other options are available, only from 0-2% (Austria, Spain, Denmark, Finland, Sweden; slightly more successful are Belgium: 20% and Estonia: 14%) of authentications required for submitting tax returns are done using the national e-ID. According to Rissanen [15] overall use of Finnish e-ID is even less, namely only 0.1% vs. 99.9% in favor of the popular, less complicated e-banking authentication system TUPAS, which can be used also for authentication towards e-government.

These numbers clearly indicate that users do not accept high-secure and accordingly user-unfriendly authentication, despite the established opinion of the driving clans behind its technical development, that “security is an indispensable precondition for concerns of legal certainty and for achieving acceptance by the citizens” [37].

During the last years many options have been evaluated how to foster the adoption of national e-IDs and consequently the QeSig for use in e-government and business. Fuelled by various EU political agendas, academia, private- and public sector institutions likewise drove the development of technology that can be used to create virtually unforgeable signatures, which correspond to the legal concept of the handwritten signature. Thus, Rossnagel [38] analyzes measures how to foster the adoption of the qualified signature; he describes attempts of material motivation (Nordrhein-Westfahlen in 2004 raffled mountain-bikes among those who submitted their tax returns online, Britain gave in 2000 and 2001 a £10 tax-voucher to e-submissions) and considers the introduction of penalties to force the use e-ID cards.

On the other hand, the public-sector EU-powered project STORK [5] aims to solve another severe issue, namely the across-border acceptance of national e-ID systems. STORK’s solution is a federative information system, which abstracts the functionalities of individual national e-ID systems; its principles resemble the concept behind the Austrian Citizen Card, which is also capable to in-corporate foreign e-IDs.

A final question however remains unanswered: why do politics and academia focus on the highly unpopular qualified e-ID and e-signature, although it was designed as only a temporary provision for as long as the concept of the handwritten signature still exists [4], [cf. 39]? Might perhaps Parkinson’s Law [40] provide the answer?


The present research was supported by the UNITE Secondment Programme project of the European Commission “Upgrading ICT excellence by strengthening cooperation between research Teams in an enlarged Europe”.