Electronic Identity Cards for User Authentication&#x2014;Promise and Practice

Andreas Poller; Sven T&#x00FC;rpe; Ulrich Waldmann; Sven Vow&#x00E9;

doi:10.1109/MSP.2011.148

Security&Privacy
2012
Issue No. 1 - January/February
Abstract - Electronic Identity Cards for User Authentication—Promise and Practice

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Andreas Poller Articles by Ulrich Waldmann Articles by Sven Vowé Articles by Sven Türpe

Electronic Identity Cards for User Authentication—Promise and Practice

January/February 2012 (vol. 10 no. 1)

pp. 46-54

	ASCII Text	x
	Andreas Poller, Ulrich Waldmann, Sven Vowé, Sven Türpe, "Electronic Identity Cards for User Authentication—Promise and Practice," IEEE Security & Privacy, vol. 10, no. 1, pp. 46-54, January/February, 2012.

	BibTex	x
	@article{ 10.1109/MSP.2011.148, author = {Andreas Poller and Ulrich Waldmann and Sven Vowé and Sven Türpe}, title = {Electronic Identity Cards for User Authentication—Promise and Practice}, journal ={IEEE Security & Privacy}, volume = {10}, number = {1}, issn = {1540-7993}, year = {2012}, pages = {46-54}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2011.148}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Electronic Identity Cards for User Authentication—Promise and Practice IS - 1 SN - 1540-7993 SP46 EP54 EPD - 46-54 A1 - Andreas Poller, A1 - Ulrich Waldmann, A1 - Sven Vowé, A1 - Sven Türpe, PY - 2012 KW - eID KW - user authentication KW - electronic identity card KW - identity management KW - smart card KW - privacy KW - Germany VL - 10 JA - IEEE Security & Privacy ER -

Andreas Poller, Fraunhofer Institute for Secure Information Technology

Ulrich Waldmann, Fraunhofer Institute for Secure Information Technology

Sven Vowé, Fraunhofer Institute for Secure Information Technology

Sven Türpe, Fraunhofer Institute for Secure Information Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.148

Electronic identity (eID) cards promise to supply a universal, nationwide user authentication mechanism. Most European countries have started deploying eID for government and private-sector applications. The German eID project serves as a showcase for eID from an application perspective. The new German ID card is contactless, aims to protect people's privacy to the greatest extent possible, and supports cryptographically strong mutual authentication between users and services. Privacy features include support for pseudonymous authentication and per-service controlled access to individual data items. The core technology seems ready for mass deployment, but application issues might hamper eID adoption for online applications.

1. Architecture Electronic Identity Card and Electronic Resident Permit, ver. 1.13, tech. report TR-03127, German Federal Office for Information Security, Mar. 2011.
2. Advanced Security Mechanisms for Machine Readable Travel Documents—Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI), ver. 2.05, tech. report TR-03110, German Federal Office for Information Security, Oct. 2010.
3. Application Interface for Smart Cards Used as Secure Signature Creation Devices, draft version, tech. report CEN prEN 14890, European Committee for Standardization, 2011.
4. S.A. Brands, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy, MIT Press, 2000.
5. J. Camenisch and B. Pfitzmann, "Federated Identity Management," Security, Privacy, and Trust in Modern Data Management, M. Petkovic, and W. Jonker eds., Springer, 2007, pp. 213–238.
6. H. Plötz, "Technik des Neuen ePA," presentation at the 26th Chaos Communication Congress, Dec. 2009; http://events.ccc.de/congress/2009/Fahrplan/ events3510.en.html.
7. "Unisys Security Index—Germany," Unisys, Feb. 2011; www.unisyssecurityindex.com/usi/germanyreports .
8. G. Borges, "Rechtsfragen der Haftung im Zusammenhang mit dem elektronischen Identitätsnachweis," Ruhr-Universität Bochum, Nov. 2010; www.bmi.bund.de/SharedDocs/Downloads/DE/ Themen/Sicherheit/PaesseAusweisestudie2_npa.pdf?__blob=publicationFile .
9. , Handbook of eID Security, W. Fumy and M. Paeschke eds., Publicis, 2011.
10. Identification Card Systems—European Citizen Card (ECC),, draft version, tech. report CEN prTS 15480, European Committee for Standardization, 2011.
11. Machine Readable Travel Documents—Supplemental Access Control for Machine Readable Travel Documents, ver. 1.01, tech. report ISO/IEC JTC1 SC17 WG3/TF5, Int'l Civil Aviation Org., 11 Nov. 2010.
12. "National Strategies and Policies for Digital Identity Management in OECD Countries," Org. for Economic Co-operation and Development, Mar. 2011; www.oecd-ilibrary.org/content/workingpaper 5kgdzvn5rfs2-en.
13. "National Strategy for Trusted Identities in Cyberspace," the White House, Apr. 2011; www.whitehouse.gov/sites/default/files/rss_viewer NSTICstrategy_041511.pdf.

Index Terms:

eID, user authentication, electronic identity card, identity management, smart card, privacy, Germany

Citation:

Andreas Poller, Ulrich Waldmann, Sven Vowé, Sven Türpe, "Electronic Identity Cards for User Authentication—Promise and Practice," IEEE Security & Privacy, vol. 10, no. 1, pp. 46-54, Jan.-Feb. 2012, doi:10.1109/MSP.2011.148

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.