Highlights of the Information Security Solutions Europe/SECURE 2007 Conference
E-Book, Englisch, 446 Seiten, eBook
ISBN: 978-3-8348-9418-2
Verlag: Vieweg & Teubner
Format: PDF
Kopierschutz: 1 - PDF Watermark
The topics include: Identity Management, Information Security Management - PKI-Solutions, Economics of IT-Security - Smart Tokens, eID Cards, Infrastructure Solutions - Critical Information Infrastructure Protection, Data Protection, Legal Aspects.
Adequate information security is one of the basic requirements of all electronic business processes. It is crucial for effective solutions that the possibilities offered by security technology can be integrated with the commercial requirements of the applications. The reader may expect state-of-the-art: best papers of the Conference ISSE/SECURE 2007.
Prof. Dr. Norbert Pohlmann is Professor for System and Information Security at the University of Applied Sciences in Gelsenkirchen, Germany.
Prof. Dr. Helmut Reimer is Senior Partner, TeleTrusT, Germany.
Dipl.-Math. Wolfgang Schneider is Deputy Institute Director, Fraunhofer Institute SIT, Germany.
Zielgruppe
Professional/practitioner
Autoren/Hrsg.
Weitere Infos & Material
1;Contents;6
2;Preface;12
3;About this Book;14
4;Welcome;16
5;Microsoft: A Trustworthy Vision for Computing;18
5.1;Legal, Technical and Social Aspects of Security;20
5.1.1;Regulating Information Security: A Matter of Principle?;22
5.1.1.1;Abstract;22
5.1.1.2;1 Introduction;22
5.1.1.3;2 Working with rules;22
5.1.1.4;3 Making rules;25
5.1.1.5;4 Information security: to serve and protect?;27
5.1.1.6;5 What’s law got to do with it?;28
5.1.1.7;6 A Working Group;29
5.1.1.8;7 Regulatory Principles;30
5.1.1.9;8 Conclusions;35
5.1.1.10;References;35
5.1.2;ISTPA Operational Analysis of International Privacy Requirements;37
5.1.2.1;1 Introduction and Background;37
5.1.2.1.1;1.1 The ISTPA Privacy Framework;37
5.1.2.1.2;1.2 Drivers for Framework Analysis and Revision;40
5.1.2.2;2 The Analysis of Privacy Principles;40
5.1.2.2.1;2.1 Overview;40
5.1.2.2.2;2.2 Selected International Laws and Directives;41
5.1.2.2.3;2.3 Study Methodology and Key Findings;42
5.1.2.2.4;2.4 Illustration of Sub-Components ;42
5.1.2.2.5;2.5 Additional Findings and Observations;43
5.1.2.3;3 Conclusion and Next Steps for Using the Analysis;44
5.1.3;The Legal Conflict between Security and Privacy in Addressing Crime and Terrorism on the Internet;45
5.1.3.1;1 Introduction;45
5.1.3.2;2 A brief summary of the evolution of Internet laws in addressing crime and terrorism;46
5.1.3.2.1;2.1 Introduction ;46
5.1.3.2.2;2.2 The origin of the Internet and the impact and consequences of the commercialization of the Internet;47
5.1.3.2.3;2.3 The phases of evolution of Internet legal regulation;47
5.1.3.2.4;2.4 The ‘driving force’ behind the evolution of Internet legal regulation;49
5.1.3.3;3 Privacy and security on the Internet;50
5.1.3.3.1;3.1 Introduction;50
5.1.3.3.2;3.2 The European Union and United States of America’s approach to Internet privacy and security;52
5.1.3.3.3;3.3 Effect of Internet state control of information on Internet 3.3 privacy and security;54
5.1.3.4;4 Conclusion;54
5.1.3.5;References;55
5.1.4;Data Encryption on File Servers;57
5.1.4.1;1 Introduction;57
5.1.4.2;2 Why Encrypt Files on Central File Servers?;57
5.1.4.3;3 Possible Solutions;59
5.1.4.4;4 Microsoft Encrypting File System;59
5.1.4.4.1;4.1 EFS Principles;59
5.1.4.4.1.1;4.1.1 EFS Certificates;60
5.1.4.4.1.2;4.1.2 User Profiles;60
5.1.4.4.1.3;4.1.3 File Sharing;60
5.1.4.4.2;4.2 General EFS Recommendations;61
5.1.4.5;5 Decru DataFort;61
5.1.4.5.1;5.1 Storage Encryption Processor;61
5.1.4.5.2;5.2 Cryptainer™ Storage Vaults;62
5.1.4.5.3;5.3 Levels of Virtualization;62
5.1.4.5.4;5.4 Clustering;63
5.1.4.6;6 Utimaco SafeGuard LAN Crypt;63
5.1.4.6.1;6.1 SafeGuard LAN Crypt Main Features;63
5.1.4.6.2;6.2 Keys and Algorithms;64
5.1.4.6.3;6.3 Encryption Rules;65
5.1.4.6.4;6.4 Transparent encryption;66
5.1.4.6.5;6.5 Encryption Profiles;66
5.1.4.7;7 Different Solution Approaches;66
5.1.4.7.1;7.1 Database encryption;66
5.1.4.7.2;7.2 Enterprise Rights Management;66
5.1.4.7.3;7.3 SAN encryption;67
5.1.4.8;8 Conclusion;67
5.1.5;Setting up an Effective Information Security Awareness Programme;68
5.1.5.1;1 Introduction;68
5.1.5.2;2 Organising an effective security awareness programme;69
5.1.5.3;3 Organising an awareness programme in practice;72
5.1.5.3.1;3.1 Defining objective and scope;72
5.1.5.3.2;3.2 Setting up the project plan ;73
5.1.5.3.3;3.3 Obtaining senior management commitment;73
5.1.5.3.4;3.4 Preparing the deliverables;74
5.1.5.3.5;3.5 Program roll-out ;74
5.1.5.3.6;3.6 Tracking the programme and its effectiveness;76
5.1.5.3.7;3.7 Results;76
5.1.5.4;4 Conclusion;77
5.1.5.5;References;77
5.1.6;Saferinternet.pl Project – Educational Activities for Internet Safety in Poland;78
5.1.6.1;1 Introduction;78
5.1.6.1.1;1.1 Conferences and trainings ;79
5.1.6.1.2;1.2 Child in The Web – Social Campaign;79
5.1.6.1.3;1.3 Sieciaki.pl – educational project for children;80
5.1.6.1.4;1.4 Safer Internet Day in Poland;80
5.1.6.1.5;1.5 The National Coalition for Internet Safety;81
5.1.6.1.6;1.6 The Consultation Committee;81
5.1.6.1.7;1.7 Research;82
5.1.6.2;2 Conclusions;83
5.1.7;Is Cyber Tribalism Winning Online Information Warfare?;84
5.1.7.1;1 Introduction;84
5.1.7.1.1;1.1 Social elements:;85
5.1.7.1.2;1.2 Economic Elements:;85
5.1.7.1.3;1.3 Political Elements:;85
5.1.7.1.4;1.4 Security Elements:;85
5.1.7.2;2 The shift;86
5.1.7.2.1;2.1 Physical vs. Virtual Environments;86
5.1.7.3;3 The Issues;86
5.1.7.4;4 Costs Implications;87
5.1.7.5;5 The challenges;87
5.1.7.5.1;5.1 Revealing Cyber Identities Techniques, countermeasures 5.1 for meeting challenges and weaponry;87
5.1.7.5.1.1;5.1.1 Personalisation;87
5.1.7.5.1.2;5.1.2 Personalisation Tools and Information retrieval ;88
5.1.7.5.1.3;5.1.3 Predictive statistical models for information retrieval;88
5.1.7.5.1.4;5.1.4 Subscriber and Mass Emailing Networks;88
5.1.7.5.1.5;5.1.5 Chat rooms ;89
5.1.7.5.1.6;5.1.6 SMS (Short message Service or Simple Messaging Service) ;89
5.1.7.5.1.7;5.1.7 Cyber language;89
5.1.7.5.1.8;5.1.8 Online Gamers;89
5.1.7.6;6 Who is winning the war?;90
5.1.7.7;7 Conclusions;90
5.1.7.8;References;91
5.1.8;Phishing Across Interaction Channels: Methods, Experience and Best Practice;92
5.1.8.1;1 Banking channels – not only the internet;92
5.1.8.2;2 Phishing the aim and fundamental steps ;93
5.1.8.2.1;2.1 Why strong authentication is not enough;93
5.1.8.2.2;2.2 Channel specific challenges of strong authentication;94
5.1.8.2.3;2.3 A technical social engineering phishing attack;95
5.1.8.2.4;2.4 User awareness – a call for security ergonomics;96
5.1.8.2.5;2.5 Strength in depth – Securing the transaction;97
5.1.8.2.6;2.6 Transaction data authentication;97
5.1.8.3;3 Conclusion;99
5.1.8.4;References;100
5.1.9;IT-Security Beyond Borders – an Assessment of Trust Levels Across Europe;101
5.1.9.1;1 Trust – and “wheel of distrust”;101
5.1.9.1.1;1.1 Declining Trust;102
5.1.9.1.2;1.2 The Wheel of Distrust;104
5.1.9.1.3;1.3 Consequence of “wheel of distrust”;106
5.1.9.2;2 Danish IT-security policy frame;107
5.1.9.2.1;2.1 Problems identified by the working group;108
5.1.9.2.2;2.2 Overview over solutions suggested.;109
5.1.9.3;3 Conclusion;110
5.1.10;Analyzing and Improving the Security of Internet Elections;112
5.1.10.1;1 Introduction;112
5.1.10.2;2 Overview of Internet Election Systems;113
5.1.10.2.1;2.1 The SERVE system;113
5.1.10.2.2;2.2 The Estonian Internet election system;114
5.1.10.2.3;2.3 The proposed Polish Internet election system;115
5.1.10.2.4;2.4 Research on new Internet election protocols;115
5.1.10.3;3 Security Analysis of Internet Elections;115
5.1.10.3.1;3.1 General requirements of Internet elections’ security;115
5.1.10.3.2;3.2 General vulnerabilities of Internet elections;116
5.1.10.3.3;3.3 Vulnerabilities and attacks on the Internet election software;116
5.1.10.3.4;3.4 Vulnerabilities and attacks on the Internet election execution environment;117
5.1.10.3.5;3.5 Infrastructure vulnerabilities;117
5.1.10.4;4 Methods For Improving Internet Election Security;118
5.1.10.4.1;4.1 Distribution of operating systems and applications on Live-CD;118
5.1.10.4.2;4.2 Virtual machines on voter hosts;118
5.1.10.4.3;4.3 Remote execution of voting applications;119
5.1.10.5;5 Conclusion;119
5.1.10.6;6 References;120
5.1.11;Remote Access Mechanics as a Source of Threats to Enterprise Network Infrastructure;121
5.1.11.1;1 Introductory information;121
5.1.11.2;2 Threats and Chosen Remote Access Mechanics;122
5.1.11.3;3 Inteligent Network Access Protection;125
5.1.11.3.1;3.1 Network Access Protection (NAP) ;125
5.1.11.3.1.1;3.1.1 Action scenarios;126
5.1.11.3.1.2;3.1.2 NAP Platform Components ;126
5.1.11.3.2;3.2 Terminal Services;127
5.1.11.4;4 Conclusion;128
5.1.11.5;References;128
5.1.12;“Private Investigation” in the Computer Environment: Legal Aspects;129
5.1.12.1;1 Introduction to the problem;129
5.1.12.2;2 Gathering evidence by private individuals in the light of the Polish law;130
5.1.12.3;3 Available methods;130
5.1.12.4;4 Evidential value of the collected information;131
5.1.12.5;5 Criminal and civil liability for actions that contravene the law;131
5.1.12.6;6 Conclusion;132
5.2;Identity, Information Security and Rights Management;134
5.2.1;Design Rationale behind the Identity Metasystem Architecture;136
5.2.1.1;1 Introduction;136
5.2.1.1.1;1.1 The Challenge: A Ubiquitous Digital Identity Solution for ;136
5.2.1.1.2;1.2 Practical Considerations;136
5.2.1.1.3;1.3 Architecture of a Proposed Solution;137
5.2.1.2;2 Identity Problems on the Internet and an Overview of the Proposed Solution;137
5.2.1.2.1;2.1 The Internet’s Problems are often Identity Problems.;138
5.2.1.2.2;2.2 “InfoCard” and the Identity Metasystem;138
5.2.1.2.3;2.3 Roles within the Identity Metasystem ;139
5.2.1.2.4;2.4 Claims-Based Identities and InfoCards;139
5.2.1.2.5;2.5 Putting the User in Control;140
5.2.1.2.6;2.6 Authenticating Sites to Users;140
5.2.1.2.7;2.7 Authenticating Users to Sites;142
5.2.1.2.8;2.8 Protocols Behind the Identity Metasystem;143
5.2.1.3;3 Design Decisions behind the Identity Metasystem;143
5.2.1.3.1;3.1 Protocol . Payload ;143
5.2.1.3.2;3.2 Identity Selector . Identity Provider;143
5.2.1.3.3;3.3 Identity Selector . Metadata Store;144
5.2.1.3.4;3.4 Guarantee Separation of Contexts;144
5.2.1.3.5;3.5 Facilitate “Data Rejection” ;144
5.2.1.3.6;3.6 Claims . “Trust”;145
5.2.1.3.7;3.7 Human Token . Computational Token;145
5.2.1.3.8;3.8 Auditing . Non-auditing Identity Providers;145
5.2.1.3.9;3.9 Authentication Goes Both Ways;145
5.2.1.3.10;3.10 Predictable, Protected Human Communication;145
5.2.1.4;4 Status and Plans;146
5.2.1.5;5 Conclusions;146
5.2.1.6;References;147
5.2.1.7;6 Appendix A – The Laws of Identity 6;148
5.2.2;Federated ID Management – Tackling Risk and Credentialing Users;149
5.2.2.1;1 Federation;149
5.2.2.1.1;1.1 What is it?;149
5.2.2.1.2;1.2 Why the TSCP is interested in Federation;150
5.2.2.2;2 First Problem – Credentialing ;150
5.2.2.2.1;2.1 Common Policy is the Beginning ;150
5.2.2.2.2;2.2 One Size Does Not Fit All;151
5.2.2.2.3;2.3 Already a Risk Reduction;151
5.2.2.3;3 Federation Sets the Stage for Scalability;151
5.2.2.3.1;3.1 Federation Introduces a New Set of Policies;151
5.2.2.3.2;3.2 Federation Policy and Attribute Profiles ;152
5.2.2.3.3;3.3 Radical Shift for Access Control;152
5.2.2.3.4;3.4 Data Tagging Enables Claims Awareness;153
5.2.2.4;4 Technology;153
5.2.2.5;5 Conclusion – Through Federation to Scalable Compliance;154
5.2.2.6;References;154
5.2.3;Information Security Governance for Executive Management;155
5.2.3.1;1 Information Security Governance Definition;155
5.2.3.2;2 The Information Security Governance Framework;157
5.2.3.3;3 Information Security Governance and Executive Management;158
5.2.3.4;4 Illustrative Matrix of Outcomes and Directives;163
5.2.3.5;5 Conclusion;164
5.2.3.6;References;165
5.2.4;Model Driven Security for Agile SOA-Style Environments;166
5.2.4.1;1 Unmanageable security;166
5.2.4.2;2 Model driven development;168
5.2.4.3;3 MDA Tool Chain;170
5.2.4.4;4 SecureMDA™ model driven security;171
5.2.4.5;5 TrustedSOA™ model driven security for SOA;173
5.2.4.6;6 Conclusion;174
5.2.4.7;7 Acknowledgements;175
5.2.4.8;References;175
5.2.5;The Business Perspective on Roles Including Root Causes of Implementation Problems and Proven Ways to Overcome them;176
5.2.5.1;1 Roles and provisioning;176
5.2.5.2;2 The business aspects;178
5.2.5.3;3 Solution and case study;180
5.2.5.4;4 Conclusion;184
5.2.6;A Security Architecture for Enterprise Rights Management;185
5.2.6.1;1 Introduction;185
5.2.6.2;2 ERM in enterprises;186
5.2.6.3;3 Market Solutions;186
5.2.6.4;4 Turaya Security Kernel – Concepts and Terms;189
5.2.6.5;5 Solution;190
5.2.6.6;6 Proof of concept;194
5.2.6.7;7 Conclusion;195
5.2.6.8;References;196
5.2.7;Rights Management Technologies: A Good Choice for Securing Electronic Health Records?;197
5.2.7.1;1 Introduction;197
5.2.7.2;2 EHR Security and Privacy Requirements;198
5.2.7.3;3 Traditional Solutions;200
5.2.7.4;4 Rights Management Technologies;202
5.2.7.5;5 Rights Management Technologies in the Healthcare Domain;203
5.2.7.6;6 Conclusions;205
5.2.7.7;7 References;206
5.2.8;Case Studies from Fuzzing Bluetooth, WiFi and WiMAX;207
5.2.8.1;1 Introduction;207
5.2.8.2;2 Case Studies;210
5.2.8.3;3 Conclusions;214
5.2.9;Evaluation of the Possible Utilization of anti-spam Mechanisms Against spit;215
5.2.9.1;1 Introduction;215
5.2.9.2;2 Related Work;216
5.2.9.3;3 VoIP usage scenarios;216
5.2.9.4;4 Spit – a threat arising from VoIP;218
5.2.9.5;5 “Spit on” SPIT;219
5.2.9.6;6 Conclusions and further work;224
5.2.9.7;References;225
5.2.10;Modeling Trust Management and Security of Information;226
5.2.10.1;1 Introduction;226
5.2.10.2;2 Access control;226
5.2.10.3;3 Trust Management (TM);230
5.2.10.4;4 Conclusion;235
5.2.10.5;References;235
5.3;Smart Tokens, eID Cards, Infrastructure Solutions and Interoperability;236
5.3.1;Infrastructure for Trusted Environment: In Search of a Solution;238
5.3.1.1;1 The Problem of Trust Establishment;238
5.3.1.2;2 Background: Trusted Computing and TPM;240
5.3.1.3;3 Other Environments;241
5.3.1.4;4 Trusted Intermediaries: Economics and Technology ;243
5.3.1.5;5 Conclusions: Infrastructure for Trusted Computing;245
5.3.1.6;References;245
5.3.2;Integrity Check of Remote Computer Systems Trusted Network Connect;247
5.3.2.1;1 Introduction;247
5.3.2.2;2 Trusted Network Communications;249
5.3.2.3;3 Trusted Network Connect;250
5.3.2.4;4 Alternative Approaches;252
5.3.2.5;5 Critical Consideration;253
5.3.2.6;6 Conclusion;255
5.3.2.7;References;256
5.3.3;Technical Guidelines for Implementation and Utilization of RFID-based Systems;257
5.3.3.1;1 Project Description;258
5.3.3.2;2 Considerations for the Implementation of Technical Guidelines;259
5.3.3.3;3 Structure of the Technical Guideline;264
5.3.3.4;4 Explanation of the security concept;264
5.3.3.5;5 Conclusion;268
5.3.3.6;References;269
5.3.4;High Density Smart Cards: New Security Challenges and Applications;270
5.3.4.1;1 Introduction;271
5.3.4.2;2 Smart Card Platform Security;273
5.3.4.3;3 Applications;275
5.3.4.4;4 Conclusion;278
5.3.5;ID Cards in Practice;279
5.3.5.1;1 Travel Documents In Accordance with ICAO 9303;279
5.3.5.2;2 Registered Traveller Programs for “Fast Lane” Process;282
5.3.5.3;3 Comparison between Travel Documents According to ICAO and Registered Traveller Programs;284
5.3.5.4;References;284
5.3.6;Large Scale Fingerprint Applications: Which Technology Should be Used?;285
5.3.6.1;1 Introduction;285
5.3.6.2;2 Applications & Projects;286
5.3.6.3;3 Standards;290
5.3.6.4;4 Requirements & Recommendations;292
5.3.6.5;5 Assessment;294
5.3.6.6;References;294
5.3.7;From the eCard-API-Framework Towards a Comprehensive eID-Framework for Europe;295
5.3.7.1;1 Introduction;295
5.3.7.2;2 The eCard-API-Framework;296
5.3.7.3;3 Towards a comprehensive eID-framework for Europe;303
5.3.7.4;4 Conclusion;304
5.3.7.5;References;304
5.3.8;Making Digital Signatures Work across National Borders;306
5.3.8.1;1 Introduction;306
5.3.8.2;2 DNV’s Position and Role;307
5.3.8.3;3 The Challenges to the RP;307
5.3.8.4;4 The RP’s Risk Situation;308
5.3.8.5;5 Risk Management by use of a VA;310
5.3.8.6;6 The VA Services;313
5.3.8.7;7 Conclusion;314
5.3.8.8;References;315
5.3.9;Financial Fraud Information Sharing;316
5.3.9.1;1 Introduction;316
5.3.9.2;2 OATH and Transaction Fraud Information Sharing;317
5.3.9.3;3 IODEF;318
5.3.9.4;4 THRAUD;319
5.3.9.5;5 Conclusion;324
5.3.9.6;References;324
5.3.10;Enterprise Key Management Infrastructure;325
5.3.10.1;1 Introduction;325
5.3.10.2;2 Requirements;326
5.3.10.3;3 Enterprise Key Management Infrastructure (EKMI);327
5.3.10.4;4 Conclusion;331
5.3.11;Intrinsic Physical Unclonable Functions in Field Programmable Gate Arrays;332
5.3.11.1;1 Introduction;332
5.3.11.2;2 Physical Unclonable Functions, Fuzzy Extractors and Helper Data Algorithms;334
5.3.11.3;3 PUF Constructions;335
5.3.11.4;4 Offline HW/SW Authentication for FPGAs;337
5.3.11.5;5 Conclusion;339
5.3.11.6;References;339
5.3.12;Security Evaluation and Testing – Past, Present and Future;341
5.3.12.1;1 The Past;341
5.3.12.2;2 The Present (More or Less);343
5.3.12.3;3 The Future;344
5.3.12.4;4 Polishing the Crystal Ball;345
5.3.12.5;5 Conclusion;346
5.3.12.6;References;347
6;Economics of Security and PKI Applications;348
6.1;Managing Information Security in Small and Medium Sized Enterprises: A Holistic Approach;350
6.1.1;1 Introduction;350
6.1.2;2 A Holistic Approach to Information Security;353
6.1.3;3 Case Study;355
6.1.4;4 Conclusions and Future Work;357
6.1.5;References;358
6.2;EKIAS – Success Criteria of PKI Implementations;359
6.2.1;1 The Project;359
6.2.2;2 Results;360
6.2.3;3 Recommendations;364
6.2.4;4 Conclusion;365
6.2.5;References;365
6.3;Embedded PKI in Industrial Facilities;366
6.3.1;1 Session Abstract;366
6.3.2;2 Enrolment and Certificate Lifecycle Management;372
6.3.3;3 Conclusion;373
6.3.4;References;373
6.4;SIM-enabled Open Mobile Payment System Based on Nation-wide PKI;374
6.4.1;1 Introduction;374
6.4.2;2 Public Key Cryptosystems;376
6.4.3;3 Open Mobile Payment Platform based on FINEID;379
6.4.4;4 Conclusion;383
6.4.5;References;385
6.5;Evidence Record Syntax – a new International Standard for Long-Term Archiving of Electronic Documents and Signed Data;386
6.5.1;1 Introduction;386
6.5.2;2 Problem and Solution;387
6.5.3;3 Technical Details;387
6.5.4;4 Security by Renewal;389
6.5.5;5 Data;391
6.5.6;6 Conclusion;393
6.5.7;References;393
6.6;PKI and Entitlement – Key Information Security Management Solutions for Business and IT Compliance;395
6.6.1;1 Introduction;395
6.6.2;2 Mapping of Business and Compliance-related IT Requirements to PKI and Entitlement;396
6.6.3;3 Deployment of PKI and Entitlement at Siemens;399
6.6.4;4 Conclusion;404
6.6.5;References;404
6.7;Future Diffusion of PKI-Technology – A German Delphi Study;405
6.7.1;1 Introduction;405
6.7.2;2 Explanation of PKI and Innovation Theory;406
6.7.3;3 Evaluation of a PKI Diffusion Model;407
6.7.4;4 Conclusion;413
6.7.5;References;414
6.7.6;Acknowledgements;414
6.8;The Introduction of Health Telematics in Germany;415
6.8.1;1 Applications;415
6.8.2;2 Unlimited Possibilities – Open Platform Basis;417
6.8.3;3 Conclusion;419
6.9;The German Identity Card - Concept and Applications;420
6.9.1;1 Introduction;420
6.9.2;2 Concepts;421
6.9.3;3 Applications;422
6.9.4;4 Conclusions;423
6.9.5;References;423
6.10;Infrastructure for Identification and Identity Documents;424
6.10.1;1 Passport offices in Germany;424
6.10.2;2 The Application Process;425
6.10.3;3 Conclusion;429
6.11;The Security Infrastructure of the German Core Application in Public Transportation ;430
6.11.1;1 Background and Goals;430
6.11.2;2 Advantages of the security infrastructure for users;431
6.11.3;3 Anatomy of the security infrastructure;432
6.11.4;4 Security Level of the Security Infrastructure;436
6.11.5;5 Conclusion;437
6.11.6;References;437
6.12;Applications of Citizen Portals;438
6.12.1;1 Introduction;438
6.12.2;2 Key elements of the Directive;439
6.12.3;3 Summary of important regulations;439
6.12.4;4 Implementation of the EU Service Directive;442
6.12.5;5 Conclusion;445
6.12.6;References;445
6.13;Virtual Post Office in Practice;446
6.13.1;1 Introduction;446
6.13.2;2 The Virtual Post Office;447
6.13.3;3 The Online Service Computer Interface;448
6.13.4;4 Application Scenarios;450
6.13.5;5 E-Mail vs. OSCI;451
6.13.6;6 IT Infrastructure of the DRV Bund;452
6.13.7;7 Conclusion;455
6.13.8;References;455
7;Index;456
Legal, Technical and Social Aspects of Security.- Regulating Information Security: A Matter of Principle?.- ISTPA Operational Analysis of International Privacy Requirements.- The Legal Conflict between Security and Privacy in Addressing Crime and Terrorism on the Internet.- Data Encryption on File Servers.- Setting up an Effective Information Security Awareness Programme.- Saferinternet.pl Project — Educational Activities for Internet Safety in Poland.- Is Cyber Tribalism Winning Online Information Warfare?.- Phishing Across Interaction Channels: Methods, Experience and Best Practice.- IT-Security Beyond Borders — an Assessment of Trust Levels Across Europe.- Analyzing and Improving the Security of Internet Elections.- Remote Access Mechanics as a Source of Threats to Enterprise Network Infrastructure.- “Private Investigation” in the Computer Environment: Legal Aspects.- Identity, Information Security and Rights Management.- Design Rationale behind the Identity Metasystem Architecture.- Federated ID Management — Tackling Risk and Credentialing Users.- Information Security Governance for Executive Management.- Model Driven Security for Agile SOA-Style Environments.- The Business Perspective on Roles Including Root Causes of Implementation Problems and Proven Ways to Overcome them.- A Security Architecture for Enterprise Rights Management.- Rights Management Technologies: A Good Choice for Securing Electronic Health Records?.- Case Studies from Fuzzing Bluetooth, WiFi and WiMAX.- Evaluation of the Possible Utilization of anti-spam Mechanisms Against spit.- Modeling Trust Management and Security of Information.- Smart Tokens, eID Cards, Infrastructure Solutions and Interoperability.- Infrastructure for Trusted Environment: In Search of a Solution.- IntegrityCheck of Remote Computer Systems Trusted Network Connect.- Technical Guidelines for Implementation and Utilization of RFID-based Systems.- High Density Smart Cards: New Security Challenges and Applications.- ID Cards in Practice.- Large Scale Fingerprint Applications: Which Technology Should be Used?.- From the eCard-API-Framework Towards a Comprehensive eID-Framework for Europe.- Making Digital Signatures Work across National Borders.- Financial Fraud Information Sharing.- Enterprise Key Management Infrastructure.- Intrinsic Physical Unclonable Functions in Field Programmable Gate Arrays.- Security Evaluation and Testing — Past, Present and Future.- Economics of Security and PKI Applications.- Managing Information Security in Small and Medium Sized Enterprises: A Holistic Approach.- EKIAS — Success Criteria of PKI Implementations.- Embedded PKI in Industrial Facilities.- SIM-enabled Open Mobile Payment System Based on Nation-wide PKI.- Evidence Record Syntax — a new International Standard for Long-Term Archiving of Electronic Documents and Signed Data.- PKI and Entitlement — Key Information Security Management Solutions for Business and IT Compliance.- Future Diffusion of PK1-Technology — A German Delphi Study.- The Introduction of Health Telematics in Germany.- The German Identity Card — Concepts and Applications.- Infrastructures for Identification and Identity Documents.- The Security Infrastructure of the German Core Application in Public Transportation.- Applications of Citizen Portals.- Virtual Post Office in Practice.
Infrastructure for Identification and Identity Documents (S. 405-406)
Walter Landvogt
Bundesdruckerei GmbH
Systems House Solution Development
landvogt@bdr.de Abstract
The introduction of the new German biometric passport on 1st - quirements for the technical systems at the local passport authorities and the computing departments of the city administration. The capturing of biometric information and the process of assuring the usability of biometric data for the biometric information to the central production facilities of Bundesdruckerei. The identity document application process and the common level of security for the technical environment. However, the local administration bears responsibility for the concrete organization of the process and the kind and type of technical system.
1 Passport ,officies Germany
From a total of 12.400 communities in Germany about 5.300 provide local administration services which run necessary local infrastructural tasks and services for the citizens. Smaller communities in the the administration of the registration data and the enrolment and issuing of passports and identity documents. The two services a closely related, since they are typically based on a single software system that manages the registration database as well as the passport and identity document database. To provide a documents may be applied for and will be delivered to the applicant.
As the local administrations have to bear the cost of purchasing and maintenance for the technical equipment they make their own decision for a software product for registration and passport purposes and for wide range of different requirements concerning the performance of the software for registration and passport enrolment have led to a wide variety of systems and architectures in use.
2 The Application Process
Passports and identity documents are being manufactured at the central high security production facili- application records to the production server. Whereas in the past the passport data records had been mailed on paper formulas to Bundesdruckerei with the introduction of the biometric passport a change has taken place. Nowadays the electronic application process has become standard since the software systems being used at the local authorities have integrated standard software modules for the necessary digitalisation process for portrait photo and the applicant’s signature. By 1st of November 2007 the - gerprints and the digital acquisition of the based way to deliver the biometric information to the passport production.
2.1 Registration ,and Passport Application Software and Biometric Modules
Since the introduction of the new passport the software products were adapted to the new demands. At states each software product had a regional focus. Even more, administration software often had been developed an operated by computing centres, which were part of the state administration and designed business processes to the needs of their regional customers. Thus infrastructures can be found, where the the registration application.
On the other hand personnel computer based registration applications were The passport and identity document application process is above the registration data. For the application process a record set from the registration database is being taken and enriched by passport or - tration software the mandatory digital application process and the acquisition of the increase the requirement to handle multimedia data formats: video streams are transmitted from the multimedia data was not very common for administration software and the software systems and databases were not prepared for managing it.
