Abstract
Authentication is an important aspect of e-government applications, as in many cases the identity of a citizen has to be established before provision of a service. Germany is among the countries that have established an electronic identification and authentication infrastructure, based on an electronic identity card. The card enables both local and remote authentication to service providers and authorities. While privacy-enhancing technologies have been used to a large extent in its design and there are no known attacks on its security protocols, the eID card has been harshly criticized. Less than a third of the citizens requesting an identity card choose to activate the eID function. Using the example of Germany, this chapter discusses whether the establishment of an electronic authentication infrastructure makes sense and presents possible reasons for the German eID card's lack of success. In addition, the author considers electronic signatures and their integration in an electronic authentication infrastructure.
TopBackground
In this section, we first provide some general background about smartcards, before looking at the Geman eID card in more detail.
Key Terms in this Chapter
Extended Access Control (EAC): Protocol, consisting of terminal authentication and chip authentication, that enables mutual authentication and establishment of a secure communication channel between a smartcard (eID card) and a terminal.
eID card: Smartcard that implements protocols used for the authentication of a user towards a service provider over an electronic communication channel.
Public Key Infrastructure (PKI): Infrastructure for the authentication of public keys used in digital signature schemes and/or for the encryption of data. Public keys are usually authenticated by trusted certification authorities, which use digital signature schemes to confirm the mapping between a public key and the identity of its owner.
Password Authenticated Connection Establishment (PACE): Protocol used for authentication of a smartcard reader towards the German eID card, and for establishment of a secure channel between the card and the reader.
Restricted Identification (RI): Protocol that allows generation of an identifier which is specific for one combination of an eID card and a service provider.
Digital Signature: Public-key cryptographic scheme that ensures authenticity and integrity of a document, and which also reaches the goal of non-repudiation (i.e. the holder of a private key cannot deny having signed a document if verification with the corresponding public key is successful).