SP3 Client Development
The Subproject Client Development is composed of the folloing workpackages:
Interface Device Service
This workpackage covers the analysis, specification, implentation and testing of an open source reference implementation of an Interface Device Layer compliant with ISO/IEC 24727. It will support a variety of interface devices such as smart card terminals based on PC/SC or SICCT, mobile devices with support for NFC or OpenMobile-API and Trusted Platform Modules. The implementation will support several selected platforms.
This workpackage starts with a survey and analysis of existing eID and credential systems and will conduct research on user-friendly multi-device authentication. It then specifies and implements eID services supporting selected authentication protocols and eID cards. It will be studied how minimal-disclosure credentials can be integrated in the ISO/IEC 24727 architecture. A tool to efficiently create Cardinfo files for supporting existing eIDs will be developed. A legal analysis will provide technical partners with practical implementation guidance.
This workpackage designs and implements the services around digital signatue, including signature creation and validation. The foresees different access protocols; OASIS-DSS will be implemented. Signature formats such as CAdES, XAdES, and PAdES will be supported by plug-ins. This work will be accompanied by a legal analysis of eSignature services.
Using mock-ups in a usability analysis, an open source reference implementation of a user-interface component will be created. The approach aims to optimize usability and accessibility
Trustworthy Client Platform
This workpackage will establish how established technologies, such as Trusted Platform Modules on PCs or Mobile Trusted Modules, can be used to provide hardware-based client security. Work covers analysis, architecture and protocol design, implementation, evaluation, and integration. Focus will be on secure data life-cycle management and security assurances for third party assets like tokens or mobile code. Among others, the feasibility and security of lightweight virtualization solutions and secure input and output will be studied for mobile devices. Also, new approaches for backup and recovery of secret key material will be investigated.
The FutureID Client needs to be seamlessly launched when users access an appropriately prepared web resource. This workpackage conducts the necessary requirements analysis, interface and module specification, implementation, integration, and testing. Topics include Applet- or PKCS#11-based integration of PCs and App-based integration on mobile platforms. Interfacing the FutureID Client with browser plug-ins and add-ons will be studied, as will secure bindings for Federated Identity Management protocols.
This workpackage will provide the tools and methods necessary for comprehensive testing of the client component, using an approach of continuous integration and regular regressing testing. A requirements analysis will among others identify the relevant operating systems, platforms, and browsers. Tools will be developed for module, integration, and acceptance testing.