In the course of the digitisation of business and governmental processes, secure electronic identification is of crucial importance in order to enable trust in electronic services.
The German eID is designed to provide this trust. The system is based on government-issued chip cards using certified chips and strong cryptographic protocols, i.e.
The chip of the German eID card stores the personal data of the holder and serves as security anchor for the protection of this data and the authentication of the holder.
The German eID utilises two authentication factors to perform authentication, “possession” (eID card) and “knowledge” (6-digit PIN). The eID card stores the personal data and the relevant keys to enable authentication. The PIN is required to express consent and to start the authentication process.
Looking at the real world, the holder of an ID card usually knows to whom or which institution she or he proves her/his own identity, since the identification takes place at the premises of a company/a government office. The holder shows his or her ID card directly to the relying party.
The German eID transfers these principles into the digital world. The basic principles of electronic identification with the German eID are based on
Access to any data is only possible after successful authentication of the relying party and verification of the corresponding access rights.
However, unlike signature-based eID schemes, the relying party receives no permanent proof of identity. From a data protection point of view, this has the advantage that the relying party cannot prove the authentication towards a third party.
The authentication mechanism of the German eID is the General Authentication Procedure. (BSI-TR 03110)