Andreas Poller , Fraunhofer SIT, Darmstadt
Ulrich Waldmann , Fraunhofer SIT, Darmstadt
Sven Vowé , Fraunhofer SIT, Darmstadt
Sven Türpe , Fraunhofer SIT, Darmstadt
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.148
Electronic identity (eID) cards promise to supply a universal, nation-wide mechanism for user authentication. Most European countries have started to deploy eID for government and private sector applications. Are government- issued electronic ID cards the proper way to authenticate users of online services? We use the German eID project as a showcase to discuss eID from an application perspective. The new German ID card has interesting design features: it is contactless, it aims to protect people’s privacy to the extent possible, and it supports cryptographically strong mutual authentication between users and services. Privacy features include support for pseudonymous authentication and per-service controlled access to individual data items. The article discusses key concepts, the eID infrastructure, observed and expected problems, and open questions. The core technology seems ready for prime time and government projects deploy it to the masses. But application issues may hamper eID adoption for online applications.
none, K.6.5.a Authentication < K.6.5 Security and Protection < K.6 Management of Computing and Information Systems < K Computing Milie, K.4.1.f Privacy < K.4.1 Public Policy Issues < K.4 Computers and Society < K Computing Milieux, K.6.m.b Security < K.6.m Miscellaneous < K.6 Management of Computing and Information Systems < K Computing Milieux
Andreas Poller, Ulrich Waldmann, Sven Vowé, Sven Türpe, "Electronic Identity Cards for User Authentication – Promise and Practice", IEEE Security & Privacy, , no. 1, pp. , PrePrints PrePrints, doi:10.1109/MSP.2011.148