EUCARIS has implemented a series of security measures.

Use of a closed network

All information is exchanged between the Member States via a dedicated secured private TCP/IP network. This makes it very difficult to get unauthorised access.

TLS

The security between the participating member states is controlled by the EUCARIS server core. All messages are transferred over a secured connection using Transport Layer Security (TLS). By means of TLS the messages are encrypted, so even if an unauthorised person gets access to the messages, it is not possible for him/her to read the content. In this way the exclusiveness of the information is guaranteed.

Use of XML signing

All messages exchanged between the participating member states are signed using a dedicated public key infrastructure. The EUCARIS server will verify the signature of all incoming messages and by this EUCARIS ensures data integrity, non-repudiation and correct authentication.

The EUCARIS server supports X509 certificates from multiple PKI providers. Currently, the EUCARIS states run their own managed PKI that makes use of Verisign certificates. The application has facilities to assign a specific certificate to one or several services.

Logging

EUCARIS has facilities to log all information that is exchanged. The logged information is used for statistics and audits. In requests made to other countries, the identity of the requesting user is part of the logged message, so it is always possible to trace which employee from what country has made an inquiry, and for what reason.

EUCARIS has to follow severe rules and procedures with respect to data protection of privacy-sensitive personal data.

Member State authorization

EUCARIS Member States authorise other countries based on their bilateral agreements or international Treaties.

The EUCARIS application validates the message signing and permits/rejects a country to make inquiries based on its own access control information. A Member State does not have to validate the requesting users in other Member States and therefore no complicated cross EUCARIS user management is required.

Authorisation of EUCARIS users

EUCARIS users using the standard EUCARIS Web client are authenticated using the default Windows mechanisms. The users are assigned to various user groups with a specific role. Each user group can be authorised for particular functions of the application. Through this mechanism it is possible to authorise one user for vehicle inquiries, and another user only for driving licences. Moreover, administrator functions and regular user functions are segregated.