As part of the Digital Agenda for Europe 2020, the European Parliament and the Council of the European Union have passed in July 2014 the Regulation (EU) No 910/2014 on "electronic identification and trust services for electronic transactions in the internal market" (eIDAS regulation) that repeals the Directive 1999/93/EC (Signature Directive). The eIDAS regulation constitues a great basis for building trust in the online environment in Europe.
This regulation covers different aspects of electronic transactions:
The eIDAS token specification is a contribution from the German and French IT security agencies BSI and ANSSI, supported by European industry partners, to the Interoperability Framework for electronic identification. It allows the development of token-based and customized solutions for electronic identification, authentication and signatures that are directly interoperable, without the need of translation via proxies.
The specification provides a modular and homogeneous Secure element API to protect the
of the data stored on tokens for electronic identification, authentication and signatures (eIDAS token). Examples are the German ID card or the German Residence Permit.
The eIDAS token specification is covering all existing eService use cases, and opening the door to new applications. The technology is based on a direct mutual authentication between eIDAS token and service provider and facilitates real end-to-end encryption. The approach is to build on the technology of machine readable travel documents and the corresponding infrastructures that are already in use in the European member states and includes enhancements and extended services.
Privacy by design features:
Strong authentication procedures
Extended Access Control
Data minimization procedures