German eID and eIDAS: Secure Digital Identification Overview

 
 
The German eID and eIDAS
Jens Bender
Federal Office for Information Security
 
 
Electronic Identification @ eIDAS
Notification
 of (existing) national eID schemes
No „EU-eID“, but mutual recognition of national eIDs
Notification is not mandatory
Recognition of notified eIDs 
is
 mandatory
eID schemes are only affected if notified
eServices are always affected
→ „
Interoperability
“ instead of „
harmonisation
 
 
The German eID
Governmental ID Card
Integrated (contactless) chip since 2010
~ 40 Mill. issued
Electronic functions
Travel similar to ePassport
Identification/authentication
Qualified Signature
 
 
C
i
t
i
z
e
n
:
C
a
n
 
t
h
e
 
s
e
r
v
i
c
e
p
r
o
v
i
d
e
r
 
p
r
o
v
e
 
i
t
s
i
d
e
n
t
i
t
y
?
B
o
t
h
,
 
t
h
e
 
c
i
t
i
z
e
n
 
a
n
d
 
t
h
e
s
e
r
v
i
c
e
 
p
r
o
v
i
d
e
r
,
 
h
a
v
e
r
e
l
i
a
b
l
e
 
p
r
o
o
f
 
o
f
 
t
h
e
 
i
d
e
n
t
i
t
y
o
f
 
t
h
e
 
o
t
h
e
r
 
p
a
r
t
y
S
e
r
v
i
c
e
 
P
r
o
v
i
d
e
r
:
I
s
 
t
h
e
 
c
i
t
i
z
e
n
 
a
b
l
e
 
t
o
p
r
o
v
e
 
h
i
s
/
h
e
r
 
i
d
e
n
t
i
t
y
?
The German eID
 
 
01.12.2015
5
Based on secure channel citizen ↔ SP
As opposed to “document oriented” signatures
Only valid in the moment of authentication
Offline capable
The German eID
 
 
01.12.2015
6
No traditional “ID-Provider”
No central IT security hot spot
No central entitiy which could track citizens → privacy
No Service Level Agreements necessary
The German eID
 
 
01.12.2015
7
Many different eID schemes
Smartcard based, TAN based, server based, …
Based on signature or secure channel or …
Operated by government or private sector (or both)
Interop. framework must deal with all of them
European Interoperability
 
 
01.12.2015
8
eID scheme provides central “Proxy” all SPs
can connect to
Well suited for eID schemes already having a central
entity
Pro
SPs needs to implement only a single interface
Con
No end-to-end relationship between citizen and SP
Which law to use? Who is the data controller?
The proxy knows everything → Tracking
Single Point of Failure → Availability?
Proxy based
 
 
01.12.2015
9
eID scheme provides middleware to SPs
Well suited for eID schemes having no central
entity
Pro
End-to-end relationship (allows mutual auth.)
No central component
Con
Service provider needs to deploy middleware
Pure Middleware based
 
 
01.12.2015
10
Middleware based eID
No central component in eID scheme
necessary
Central deployment at
receiving MS
As single interface towards Service
Provider
SP does not need to know if the citizen
uses a MW or Proxy based scheme
“Hybrid”
 
 
01.12.2015
11
Defines common interface for Proxy and Middleware
Notifying MS decides on Proxy- or Middleware based notification
Receiving MS decides on centralized/decentralized deployment
Also “semi decentralized”, e.g. one Connector per sector, is possible
Criteria
Does a central entity already exists
What fits into security/data protection “philosophy”
Scalability
Interoperability Framework
MW 1
MW 2
eIDAS Connector
National
eID scheme
Proxy
National
eID scheme
Service
Provider(s)
 
 
01.12.2015
12
German eID is middleware based
Fits into the framework
Middleware to be provided to other MSs under development/testing
eIDAS only deals with “unique identification”
No pseudonymous identification, age verification, …
No authentication of SP
→ only part of the German eID scheme is covered
DE & eIDAS : eID scheme
 
 
01.12.2015
13
Decentralized deployment for Service Providers
SPs already operate “eID-Server” for German eID
To be extended by Connector to eIDAS Interoperability Framework
Less data available via eIDAS than from German eID
Not all MSs deliver name at birth, place of birth expected by eGov
Many processes require address not available from all MSs
Service Provider need to understand concept of LoA
Adaption of business processes necessary!
DE & eIDAS : Service Providers
 
 
01.12.2015
14
Implementing Act for Interoperability Framework published in Official
Journal
Technical Specifications
Drafted by Technical Subgroup of the Expert Group
Opinion of the Cooperation Network and adoption
Testing and Integration
Sample Implementation by DIGIT under CEF
Pilots …
Support for MSs for (technical) integration via CEF calls
Which Member State will notify first?
Current Status / Way forward
 
 
01.12.2015
15
Currently: many different national eID schemes
Every MS does his own thing
„Enforced“ interoperability via eIDAS regulation
→ Hypothesis: Convergence of eID schemes will happen
Due to economic, not regulatory, pressure
Common standard(s)
Common data model(s) and „direct“ interoperability
Cost and time-to-market reduction for industry and MS
Long-term Hypothesis
 
 
01.12.2015
16
!
 
 
 
 
?
Slide Note
Embed
Share

The German eID system, including eIDAS integration, offers secure digital identification services through government-issued ID cards with embedded chips. It allows citizens and service providers to authenticate each other securely online. The system emphasizes interoperability and privacy protection without the need for traditional ID providers or central IT security hubs. European interoperability standards are also considered for various eID schemes. Proxy-based eID schemes offer a central proxy for service providers to connect to, simplifying implementation.

  • German eID
  • eIDAS
  • digital identification
  • secure authentication
  • European interoperability

Uploaded on Oct 01, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript


  1. The German eID and eIDAS Jens Bender Federal Office for Information Security

  2. Electronic Identification @ eIDAS Notification of (existing) national eID schemes No EU-eID , but mutual recognition of national eIDs Notification is not mandatory Recognition of notified eIDs is mandatory eID schemes are only affected if notified eServices are always affected Interoperability instead of harmonisation

  3. The German eID Governmental ID Card Integrated (contactless) chip since 2010 ~ 40 Mill. issued Electronic functions Travel similar to ePassport Identification/authentication Qualified Signature

  4. The German eID Citizen: Service Provider: Service provider proves identity using its access certifcate Can the service provider prove its identity? Is the citizen able to prove his/her identity? Both, the citizen and the service provider, have reliable proof of the identity of the other party Citizen uses eID to prove identity

  5. The German eID Based on secure channel citizen SP As opposed to document oriented signatures Only valid in the moment of authentication Offline capable Citizen Service Provider Web Browser Web Site eID-Client Background Infrastructure eID-Server Card Reader 01.12.2015 5

  6. The German eID No traditional ID-Provider No central IT security hot spot No central entitiy which could track citizens privacy No Service Level Agreements necessary Citizen Service Provider Web Browser Web Site eID-Client Background Infrastructure eID-Server Card Reader 01.12.2015 6

  7. European Interoperability Many different eID schemes Smartcard based, TAN based, server based, Based on signature or secure channel or Operated by government or private sector (or both) Interop. framework must deal with all of them 01.12.2015 7

  8. Proxy based eID scheme provides central Proxy all SPs can connect to Well suited for eID schemes already having a central entity Pro SPs needs to implement only a single interface Con No end-to-end relationship between citizen and SP Which law to use? Who is the data controller? The proxy knows everything Tracking Single Point of Failure Availability? 01.12.2015 8

  9. Pure Middleware based eID scheme provides middleware to SPs Well suited for eID schemes having no central entity Pro End-to-end relationship (allows mutual auth.) No central component Con Service provider needs to deploy middleware 01.12.2015 9

  10. Hybrid Middleware based eID No central component in eID scheme necessary Central deployment at receiving MS As single interface towards Service Provider SP does not need to know if the citizen uses a MW or Proxy based scheme 01.12.2015 10

  11. Interoperability Framework Defines common interface for Proxy and Middleware Notifying MS decides on Proxy- or Middleware based notification Receiving MS decides on centralized/decentralized deployment Also semi decentralized , e.g. one Connector per sector, is possible Criteria Does a central entity already exists What fits into security/data protection philosophy National eID scheme Scalability Proxy eIDAS Connector Service Provider(s) MW 1 National eID scheme MW 2 01.12.2015 11

  12. DE & eIDAS : eID scheme German eID is middleware based Fits into the framework Middleware to be provided to other MSs under development/testing eIDAS only deals with unique identification No pseudonymous identification, age verification, No authentication of SP only part of the German eID scheme is covered 01.12.2015 12

  13. DE & eIDAS : Service Providers Decentralized deployment for Service Providers SPs already operate eID-Server for German eID To be extended by Connector to eIDAS Interoperability Framework Less data available via eIDAS than from German eID Not all MSs deliver name at birth, place of birth expected by eGov Many processes require address not available from all MSs Service Provider need to understand concept of LoA Adaption of business processes necessary! 01.12.2015 13

  14. Current Status / Way forward Implementing Act for Interoperability Framework published in Official Journal Technical Specifications Drafted by Technical Subgroup of the Expert Group Opinion of the Cooperation Network and adoption Testing and Integration Sample Implementation by DIGIT under CEF Pilots Support for MSs for (technical) integration via CEF calls Which Member State will notify first? 01.12.2015 14

  15. Long-term Hypothesis Currently: many different national eID schemes Every MS does his own thing Enforced interoperability via eIDAS regulation Hypothesis: Convergence of eID schemes will happen Due to economic, not regulatory, pressure Common standard(s) Common data model(s) and direct interoperability Cost and time-to-market reduction for industry and MS 01.12.2015 15

  16. ! ? 01.12.2015 16

More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#