By November 1, 2010 the ID card hitherto in use in Germany will be replaced by the new personal identity card, with built-in electronic identification and signature functions. At first glance, the new ID card differs from the old one only in form – it will be the same size and shape as an everyday debit card. But an RFID chip located on its inside stores the data that today can only be read optically from the document. The new cards can also be read wirelessly. To ensure that only authorized parties can access the data, their information on the card is protected by cryptography, and data is transmitted through a cryptographically secured protocol. These measures are intended to prevent access by unauthorized parties. The cardholder can personally designate who gets access to the data by means of a six-digit PIN. At the same time, government legislature regulates who may obtain access privileges. To do so, every service provider must apply for an authorization certificate from an official issuing agency, and demonstrate that it requires the information in order to conduct business.
For individual citizens, this innovation comes with a whole series of advantages. With the new personal identity card, it will be possible, for example, to validate your identity on the Internet by use of your personalized e-Identification (eID). "To strengthen confidence in business and administrative processes in the virtual world, we must provide citizens with secure identification," asserts Jens Fromm of the Fraunhofer Institute for Open Communication Systems FOKUS in Berlin. "Handling and administration of identities must be structured as simply as possible. The new personal identity card can contribute to this goal," continues his colleague, Petra Hoepner. Using the electronic identification function, individuals can initiate contact with public authorities or service providers right from their personal computers and use electronic data, to do online shopping, open an account, check into a hotel or play the lottery. Consumers can dispense with today's electronic signature or any expensive procedures, like Germany's PostIdent procedures. Each citizen can activate the eID function upon receipt of his identification card, and then use it with his assigned PIN.
So that everything operates with technical impeccability, not only are the new ID cards needed, but also the infrastructure that guarantees their data security. To design, assemble and test them, the federal ministry of the interior, which is responsible for introducing the new personal identity cards, opted for four strong partners. Two of them are institutes of the Fraunhofer-Gesellschaft:Fraunhofer's FOKUS and the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt.
Both Fraunhofer Institutes together make up the "Test and Demonstration Center of the New Personal Identity Card," which acts as the starting and reference point for the applications test. The showcase for applications is located at FOKUS in Berlin. It delivers targeted care and support for the introduction phase of the personal identity card. Interested visitors from the public administration, business and media sectors can familiarize themselves with scenarios and applications there. On the one hand, technical and organizational data on the new personal identity card, eGovernment and eBusiness will be presented at the demonstration center. On the other hand, the demonstration center also houses technical components like "Citizen Client" and the eID server, as well as selected pilot projects from service providers. "Since January 1, 2010, interested institutions and companies have been able to participate in the applications test," says Jens Fromm, head of the Fraunhofer FOKUS Secure eIdentity Laboratory. "This gives them an opportunity to test the functionalities of the new personal identity card prior to its rollout." The laboratory for security testing has a site in Darmstadt where Fraunhofer employees support businesses with technical know-how on the integration of existing services, and the development of new services. "We are making a test service available to companies and conducting error analyses," says Ulrich Waldmann, of Fraunhofer SIT.
The "Test and Demonstration Center of the New Personal Identity Card" in Berlin acts as the starting and reference point for the applications test.
(Photo Credit: Fraunhofer FOKUS)
At CeBIT, SIT will present applications that demonstrate how to use the new personal identification card for verification when making a phone call through a VoIP connection, i.e., an Internet phone call. The design lets contact partners in VoIP telephone conversations mutually obtain authentication of each other, and allows for the confidential exchange of information by telephone. "Indeed, there have already been methods for both parties to establish identification on the phone," explains Ronald Marx, "like recognizing voices, engaging the assigned telephone number, or other features from a database. These processes were frequently unreliable or unable to be deployed globally." In the future, he explains, the online authentication function of the new personal identity card can be used for this purpose.
Imagine, for example, an identity cardholder who wishes to access his bank's telephone banking services via the call center, because he wants to expand his stock portfolio. By virtue of the indispensible confidentiality required to handle the subject matter of such discussions, mutual authentication and encryption is required. The bank offers the use of the eID function, since it is in their own best interest to have a reliable means of identifying its customers and business partners. At the same time, it wants to be able to reliably provide evidence of its own identification. Now that process consists of three basic steps: Producing an encrypted direct line between customer and bank, transmitting the respective identification data, and finally, assigning both lines. The customer, on the one hand, enjoys the assurance that his contact partner is a bank employee. And the call center agent, in turn, knows with certainty that he is dealing with the actual customer.
In the future, it should even be possible to identify oneself via cellphone. "To do so, you have to be able to read the RFID chip in the ID card with the cellphone," explains Ronald Marx, who handles the project at SIT. "Once the identification is introduced, this function will eventually support more and more cellphones."