Citizen card environment
The Citizen Card Environment (BKU) is software that is required to use the Austrian Citizen Card . A chip card reader is required in order to be able to access various signature cards .
software
The software must meet certain conditions in order to offer the required protection and security during the processes. This concerns z. B. non-manipulable cryptography processes, protected communication between the software and the certification test center (SSL) as well as data protection aspects.
There are different versions depending on the BKU provider. A simple BKU only supports the use of d. H. access and verification by the citizen card. Versions are possible as a web application or as a client for the specific operating systems. In addition, there are offers for various features such as PDF signing in the application itself or add-ins for other software such as Adobe Reader .
A distinction is made between the local BKU, the online BKU and the mobile BKU. With the local BKU, a client is used that represents the interface between the application and the citizen card . With the online BKU it is similar to a client via a web application such as B. Java (programming language) controlled. The third option is the mobile BKU, which uses a special procedure to sign via the mobile phone.
Technical framework
The BKU is the interface between applications that require registration or signing and the citizen card in its physical card form. The information required for checking the certificate can be read from the card using a card reader.
Card readers
There are different variants of card readers, whereby it should be ensured that these are also supported by the selected citizen cards. The security level also plays an important role, since the communication between the card reader and the software is a target for malware .
There are three security levels for card readers:
| Security level | description | |
|---|---|---|
| step 1 | There is only one card reader on this device. The pin is checked using other input options, such as the keyboard connected to the computer . This pin can also be logged by malicious programs that monitor the keyboard. | |
| Level 2 | A so-called numpad is also integrated on this device. The pin is entered directly on the keyboard of the card reader device and is no longer forwarded to the computer for verification. | |
| level 3 | A numpad and an additional small display are integrated on the device. As with level 2, the PIN entry and verification remains on the device and is not transmitted to the computer. The display also shows which document is involved. Malicious programs cannot show the user any other image and thus no other document for signing than is ultimately signed by the BKU, since they can only manipulate the (main) screen display of the computer workstation, but important properties of the document to be signed directly on the display of the Reading device. |
Web links
Provider for BKUs
- Mocca from EGIZ (web client, from Java 1.6)
- a.sign citizen card environment from A-Trust (supported: Windows, Linux)
- TrustDesk from IT-Solution (supports: Windows, Linux and Mac)
- hotSign from BDC