Federal Office for Information Security (BSI)

The electronic ID card

The electronic ID card was introduced on 1st November, 2010. Unlike the current ID card it will only be the same size as a cheque card or bankcard and a contactless chip (radio frequency chip) will be embedded in it. The data printed on the electronic ID card will additionally be stored on the RF chip. If desired two fingerprints of the ID card bearer can also be recorded on the RF chip. This will not lead to additional costs.

Which data is exactly stored in the electronic ID card is found under content of the electronic ID card. How the personal data is protected from unauthorized access can be found under data protection. There now follows additional information on the electronic ID card's functions.

Internet ID card

With its embedded RF chip the electronic ID card can be used in the future as an ID card on the internet in the future. This is served by the so-called eID application. E.g. the one or another trip to a local authority can be dispensed with, because one can authenticate himself through the internet using the electronic ID card (eGovernment).

The ID card can also be used in the field of eBusiness. I.e. private service providers (e.g. companies using online shopping) can apply for access to certain data stored on the electronic ID card. Before such an authorization is granted, a verification is carried out concerning what data the service provider really needs for his purposes from the ID card and if he is trustworthy. The authorization is always only valid for a limited time period and can also be withdrawn. The authorization is technically realized with digital certificates, which are retrieved during "Terminal Authentication".

Before a service provider is allowed to access the data stored on the electronic ID card, the service provider has to display his certificate and with it also the data he is allowed to read. The card bearer still has the option to restrict the read permission to less data.

Afterwards, the card holder has to enter his six digits personal identification number (PIN). If the electronic check of the digital certificate ends with a positive result (Terminal Authentication), the data is unlocked. All data is transmitted encrypted.

The read permission can also be limited so far as eg only the age can be requested if an internet page should only allow access to persons over 18 years. Additionally, there is also a pseudonym function that makes registering and being recognized by the same service provider possible, without requiring the service provider to have knowledge of the card holder's personal data (e.g. in an internet forum). This function is card- and service-specific. I.e. if one person registers for two services using the pseudonym function, then these cannot determine that in fact the same person applied for both services.

Should the electronic ID card be lost, it is possible to lock the eID application using a personal password. If the PIN is entered incorrectly too many times, it has to be reactivated using a PUK (PIN Unblocking Key), similar to the PIN of a mobile phone.

In addition the eID application on the ID card can be deactivated by the ID card authority, if desired.

Signature function

At the request of the card bearer a signature function can be activated on the electronic ID card, which allows qualified signatures according to the German Signature Law. These signatures are a type of digital signature which bindingly prove that a file has not been altered and has been signed by the person specified in the signature. Such kind of signed text documents can meet the legally required form of written documents. The digital certificates required for this procedure can be acquired from providers from the industry.

Secure travel document

Just like the ID document the electronic ID card can be used as a passport substitute for travelling to certain countries. Due to its RF chip, the security of this travel document is increased.

The facial image stored digitally on the RF chip has a better quality than the one printed on the ID card, since it is not distorted by the structure of the ID card. Therefore, in addition to the stored fingerprints, the card is suitable to simplify the determination whether the ID card and the person really correspond.

Besides, the security mechanisms on the RF chip allow a quick recognition of a forged electronic ID card. More on this topic under "Passive authentication" ...