Download (PDF, 589 KB, Datei ist nicht barrierefrei

Innovations for
an eID Architecture
in Germany
www.bsi.bund.de

thE BsI
the German Federal Office for Information Security
(Bundesamt für Sicherheit in der Informationstechnik - BSI)
is Germany’s central It security service provider: a neutral,
independent authority for issues relating to It security in the
information society. the BsI provides information on risks
and threats relating to the use of information and communication
technology, develops security guidelines, advises
manufacturers, distributors and users. the BsI primarily
advises public administrations on the national, state and
local levels, but also seeks to exchange information with
businesses and private users.
Contents
ContEnts
1. The new identity card – secure, standardized
proof of identity in the digital world 4
2. User-oriented requirements for the
identification function of the new identity card 6
3. Application software for users – AusweisApp 8
4. Security mechanisms for the identification
function of the new ID card 9
4.1 Password Authenticated Connection
Establishment (PACE) 10
4.2 Extended Access Control (EAC),
readers and EAC box 11
4.3 Passive Authentication (PA) 14
4.4 Public Key Infrastructures (PKI)
for electronic identity documents 15
4.4.1 Country Signing Certificate Authority (CSCA) 15
4.4.2 Country Verifying Certificate Authority (CVCA) 16
5. The eID server – interface for web applications 19
6. Revocation management in the new
German identity card 20
7. References 23
Imprint 24
2 3

IDEntIFICAtIon FunCtIon IDEntIFICAtIon FunCtIon
1. The new identity card – secure,
standardized proof of identity
in the digital world
starting november 1 st , 2010, the new identity card will be
introduced in Germany as an electronic, multi-functional
card in credit-card format, valid as a travel document and as
proof of identity both personally and in the electronic world.
this identity card implements an innovative concept based
on a contactless interface that is already in use for electronic
passports world-wide.
the new identity card not only represents a modern
sovereign document that will significantly improve the
identification of persons e.g. when crossing borders. the
ID card will also be equipped with additional electronic
functions, in par ticular electronic ID (eID) and the optional
Qualified Electronic signature (QEs), which offer users
significant advantages. these functionalities enable individuals
to positively identify themselves online and issue
legally binding electronic declarations of will. they are thus
a key instrument for enabling legally valid contacts to be
con cluded over the Internet, and are intended to promote
streamlined eGovernment and eBusiness services.
the introduction of the identification function of the new
identity card entailed preparing, developing and deploying
a sophisticated It infrastructure and embedding it in a complex
overall system with more than 60 million participating
individuals. this required firstly that the associated organizational,
legal and technical prerequisites be created. the
German ID Card Act [PAuswG 2010] sets out the general legal
framework for identity documentation and electronic proof
of identity; the corresponding regulation [PAuswV 2010]
defines in particular the requirements for security and data
protection of the eID infrastructure. these are augmented
by close to 20 technical Guidelines and protection profiles
promulgated by the Federal office for Information security
(BsI), which are published in binding form in the German
Federal Gazette. some of these requirements are explained
as examples in this brochure.
the infrastructure of the new identity card is intended to
realize a trustworthy and efficient identity management.
the combination of a sovereign identity document with
eID functionality for eBusiness and eGovernment will also
provide users with a secure identity in the electronic world
and afford them better protection against many types of
cybercrime, such as phishing and identity theft.
Particular priority was placed on data protection, data
security and preserving information self-determination. All
disclosures and transmissions are reliably protected using
internationally recognized and established encryption processes.
As part of the eID function, user data are exchanged
only between the provider of the service and the holder of
the identity document.
Biometrically relevant data, i.e. photo, where applicable
fingerprints, eye color, height and personal signature, are
never transmitted to service providers or via the Internet.
only sovereign authorities possess the authorization and the
technical means to query such sensitive information.
4 5

DAtA ProtECtIon DAtA ProtECtIon
2. User-oriented requirements for the
identification function of the new
identity card
As a protective function for the personal data stored on
the ID card chip, legal requirements stipulate that all
institutions that want to access some or all of this data
must possess an appropriate authorization. Before such
an authorization is issued, government authorities review
which data the service provider (e.g. an online retailer, or
also public offices) absolutely requires for his pur poses,
and whether he is trustworthy. the authorization is always
issued for only a limited period and can be re voked.
technically, the authorization is implemented using
authorization certificates whose status is queried at terminal
authorization.
Before the new ID card releases data to a service provider
with an authorization certificate, the service provider must
display his certificate, and thus also the data he is allowed to
read. the holder of the identity card always has the option of
restricting the read authorization to less data.
the ID card holder must then enter a six-digit personal
identi fication number (PIn). If the electronic verification of
the authorization certificate is positive, the data are released.
All data are transmitted in encrypted form.
the read authorization can be restricted so that for example,
only age-related information can be queried. there is also a
pseudonym function that enables users to log onto and be
recognized by a service provider such as an Internet forum
without revealing any personal data to the service provider.
this function is card- and service-specific: in other words,
service providers who compare their databases cannot
determine whether the pseudonyms registered there belong
to one and the same person.
In the event that the new identity card is lost, the eIDfunctionality
can be revoked using a personal password
(revocation management, see chapter 6). If the personal
identification number is entered incorrectly three times, its
reactivation requires a PIn un blocking key (PuK).
If desired, the card’s eID functionality can be disabled by the
issuing authority.
A QEs function can also be activated on the new identity
card. using this signature, it is possible to fulfill requirements
for the written form under contract law by electronic means.
the electronic certificates required for this process can be
purchased from commercial providers.
6 7

IntErFACEs
3. Application software for
users – AusweisApp
In order to use their new identity card on line, users require
a software that serves as the interface between the ID, the
card reader and the service provider’s eID server. this software,
called “AusweisApp” (“Ausweis” is the German word
for “ID document”), will be available free of charge on a
web portal of the German Federal Ministry of the Interior
(https://www.ausweisapp.bund.de) for the operating
systems Windows, Linux and Mac os.
In addition to utilizing the identification function of the
new ID cards, AusweisApp also enables qualified electronic
signature with multiple signature cards, both conventional
contact type cards and contactless devices like the new
ID card. Functions of the German health card are also
supported.
AusweisApp is an implementation of the technical Guideline
eCard-API Framework [tr-03112], which defines easy-touse,
uniform interfaces for communication between card
readers, cards and applications (web-based and local).
4. Security mechanisms for the
identification function of the
new ID card
the security mechanisms and resulting It infrastructures for
the new ID card ensure protection of personal data, proof of
the authenticity of the identity document and proof against
forgery.
special attention has been given to solutions for securing the
contactless interface between the ID card and the terminal –
which, among other things, must meet the requirements for
qualified electronic signatures.
the following protocols and other measures for achieving
the aforementioned security objectives were developed
under the active leadership and participation of the BsI.
8 9
Abbreviation
Full name Purpose
PACE Password
Authen ticated
Connection
Establishment
EAC Extended Access
Control
CA: Chip
Authentication
TA: Terminal
Authentication
PA Passive
Authentication
RI Restricted
Identification
sECurIty
Access control, protects the
RF chip from being read at a
distance.
Extended access control,
comprising two subprotocols.
Establishment of a secure link and
detection of “cloned” RF chips.
Authentication of terminal
device for reading sensitive data
from RF chip.
Validation of authenticity and
integrity of the data on the RF chip.
Generation of chip- and providerspecific
pseudonyms.

sECurIty
PKI Public Key
Infrastructure
CSCA: Country
Signing Certificate
Authority
CVCA: Country
Verifying Certificate
Authority
Hierarchy of digital certificates.
Hierarchy of digital certificates
for signing data in electronic
identity documents.
Hierarchy of digital certificates
for read authorization of
electronic identity documents.
4.1 Password Authenticated Connection
Establishment (PACE)
Password Authenticated Connection Establishment (PACE)
ensures that the contactless rF chip in the new identity
card cannot be read without explicit access, and that data
are exchanged with the terminal device in encrypted form
[Bender 2008].
the password that can be used for PACE depends on the
authorization certificate of the reader (terminal) device used.
usually, this is the six-digit personal identification number
(PIn), which is known only to the holder of the identity card.
For reader devices with authorization certificates for
sovereign use, e.g. border control, either a Machine
readable Zone (MrZ) printed on the back of the new
identity card or the six-digit card access number (CAn)
printed on the front is sufficient.
4.2 Extended Access Control (EAC),
readers and EAC box
Extended Access Control (EAC) comprises an array of
protocols that are always executed in a specific order,
depending on which electronic identity document is to be
read [tr-03110].
the EAC protocols include Chip Authentication (CA)
and terminal Authentication (tA). the two protocols are
executed together with Password Authenticated Connection
Establishment (PACE) and Passive Authentication (PA).
the purpose of Chip Authentication is to confirm that
the chip is a real chip (and not a forgery or a clone) and to
establish a secure connection between the chip and the
reader, or between the chip and the service provider in the
case of online authentication.
Chip Authentication is based on Diffie-hellman key exchange,
in which the reader or terminal device uses an
ephemeral key pair and the chip a static pair. the chip’s
public key is signed during the process of generating it
(Passive Authentication – see section 4.3).
the use of the signed key verifies the authenticity of the chip;
at the same time, a strongly-encrypted and authenticated
end-to-end channel is established between the chip and – in
the case of online authentication – the service provider.
the advantage of PACE is that the length of the password
All data on the new identity card are treated as confidential
has no effect on the security level of the encryption. In other
and must be protected against being read by unauthorized
words, even when the CAn or PIn are used, which are short
persons. the terminal Authentication (tA) protocol was
compared to the MrZ, the data on the rF chip of the electro-
developed for this purpose. sensitive data can only be read
nic identity card are strongly protected during transmission.
when this protocol has been successfully executed on the
reader. the rF chip in the identity document is designed so
that it enables reading of specific data only when the reader
10 11
sECurIty

sECurIty
device (terminal) can demonstrate an explicit read authorization
for these specific data (e.g. only date of birth). the
Country Verifying Certificate Authority certificate (CVCA
certificate) is stored on the rF chip to verify this authorization.
this certificate forms the root of the Country Verifier
Public Key Infrastructure (CV-PKI), a hierarchy of authorization
certificates for reading sensitive data from identity
documents.
In Terminal Authentication, the reader (terminal) transmits
its read authorization to the rF chip in the form of a
terminal certificate. It also transmits the CVCA certificate
and all certificates in the hierarchy between these two
certificates. this enables the rF chip to verify the authenticity
and integrity of the terminal’s certificate. A positive
result requires that each of the subsequent certificates in the
hierarchy is signed with the private key of its predecessor,
starting with the CVCA certificate. the rF chip “knows” that
this certificate is trustworthy because it was stored on the rF
chip when it was manufactured.
once the authenticity and integrity of the terminal
certificate transmitted by the reader has been established,
the rF chip must verify that this certificate was really issued
for this device. to this end, the rF chip transmits a random
number to the reader, which signs it with a private key
belonging to the terminal certificate. the reader device
then transmits the signed random number back to the
rF chip. using the terminal device’s public key, which
is contained in the terminal certificate, the rF chip can
verify the signature of the random number and determine
whether the possesses has the private key that matches the
certificate.
EAC box
Key component for ID card amendment
Registration office PC
Authorization PKI
Each reader that wants to access the data of the electronic
identity card requires corresponding authorization certificates,
each with their own private and public keys, which
must be renewed regularly via a PKI. the EAC box provides
these functions in an encapsulated form in an evaluated
and certified environment and communicates with external
components and services via standardized interfaces
[tr-03131].
once the electronic identity card has been introduced, the
EAC box will be used as a reader device for changing address
data on the eID at municipal registration offices. Further
uses in addition to this scenario are conceivable (e.g. border
control).
12 13
Flow control
Crypto
protocols
Stored
certificates
and keys
EAC box core
sECurIty
Card
reader
Display
PIN pad
Specification: BSI Technical Guideline TR-03131 “EAC-Box Architecture and Interfaces”
Protection profile: “CC Protection Profile for Inspection Systems”
Secure channel

sECurIty
4.3 Passive Authentication (PA)
the purpose of Passive Authentication (PA) is to validate the
authenticity and integrity of the data on the rF chip of the
identity document.
In the course of manufacturing the electronic identity
document, the data stored on the rF chip are digitally
signed. this process uses something called a document
signing certificate, which in turn is signed with the Country
signing Certificate Authority certificate (CsCA certificate)
of the issuing nation and is available only to the officially
authorized ID manufacturer. this certificate forms the
bedrock of the Country signing Certificate Authority
Public Key Infrastructure (CsCA-PKI), a hierarchy of
certificates that verify the integrity of data on identity
documents.
When an identity document is read, Passive Authentication
verifies the signature of the data stored on the rF chip
and traces it back to the CsCA certificate. this enables it to
determine whether the data in the identity document were
written on the rF chip by the officially authorized ID manufacturer
and that their integrity is not compromised.
4.4 Public Key Infrastructures (PKI)
for electronic identity documents
the new identity card requires two Public Key Infrastructures
(PKI): one PKI for verifying the authenticity of
electronic identity documents (Passive Authentication), the
Country signing Certificate Authority (CsCA); and one PKI
to protect the fingerprints on electronic identity documents
(terminal Authentication), the Country Verifying Certificate
Authority (CVCA). technical Guideline tr-03128 describes
the basic functionalities and requirements of these infrastructures.
4.4.1 Country Signing Certificate Authority (CSCA)
InFrAstruCturEs
the Country signing Certificate Authority (CsCA) is operated
by the BsI. this authority generates the German root certificates
(CsCA certificates) on a regular basis, which in turn serve
as the source for the private keys of the document signing certificates
of the passport or ID card manufacturer. the passport
or ID card manufacturer uses the private keys of the document
signing certificates to sign files on the electronic identity
document that represent the document’s data. the document
signing certificate is also electronically stored on the identity
document.
using the root certificate, it is possible to verify whether an
electronic identity document was really created on behalf of
the issuing nation, and whether the data have been changed
in any way since production. this is realized using Passive
Authentication.
to enable the authenticity and integrity of German electronic
identity documents to be verified at border control points in
other countries, and passports of other countries to be tested
14 15

InFrAstruCturEs
at the German border for their authenticity and integrity,
the various nations must exchange their root certificates in a
secure manner. this is achieved either via diplomatic pouches
or via the ICAo Public Key Directory (ICAo-PKD).
4.4.2 Country Verifying Certificate Authority (CVCA)
the BsI also operates the Country Verifying Certificate
Authority (CVCA). this authority generates the German root
certificates on a regular basis; the private keys of these certificates
are used to sign the document verifier certificate of
the document verifier instances (DV instances).
the DV instances are responsible for issuing the certificates
authorizing the reading of electronic identity documents,
and also define the individual read rights, i.e. what information
can be read from the identity documents. this authorization
is verified by the rF chip of the electronic identity
document on reading during terminal Authentication.
CVCA Public Key Infrastructure
for citizen applications of the new identity card
CVCA
“ePass”
CVCA
DV(s)
CVCA
“ePass”
“ePass”
“ePass”
CVCA
Inspection
CVCA
“ePass”
“ePass”
authorities
BSI
VfB
CVCA - Country Verifying Certificate Authority
DV - Document Verifier
VfB - Issuing Unit for Terminal certificates
CVCA
CVCA
BerCa(s) “ePass”
“ePass”
CVCA
Service
CVCA
“ePass”
“ePass”
providers
CVCA
“eID”
DV
“eID”
Identity CVCA
CVCA
“ePass” card “ePass”
authority
CVCA
“eSign”
DV
“QES”
Verified CVCA
CVCA
signature “ePass”
“ePass”
terminal
BerCA - Certification Authority for eID service providers
QES - Qualified Electronic Signature
CVCA Public Key Infrastructure
in international context
Country A Country B
InFrAstruCturEs
Authorization certificates are issued solely to control
authorities (e.g. Federal Police) and registry offices (to enable
citizens to check the correctness of data) . these certificates
are also required to read fingerprints.
the diagram “CVCA Public Key Infrastructure for citizen
applications of the new identity card” illustrates the
spectrum of variants of national authorization certificates
for the new identity card. In addition to applications for
sovereign purposes, and for electronic identification, the
CVCA also supports the qualified electronic signature.
the new identity card also requires that authorization
certificates be issued for the control authorities of other
nations that are empowered to access the sovereign functions
of the new identity card. this authorization is issued
separately for each nation.
16 17
Terminal
Terminal
Terminal
CVCA CVCA
DV DV DV DV
Terminal
Terminal
Terminal
Terminal
Terminal
Terminal
Terminal
Terminal
Terminal

sECurIty FEAturEs
to sum up, the array of cryptographic protocols described
above offer protection against a range of attacks:
PACE has the advantage that the length of the password
has no effect on the security level of encryption.
this means that even when the CAn or PIn are used,
which are short compared to the MrZ, the data on
the rF chip of the electronic identity card are strongly
protected during transmission.
PACE protects cards against being accessed “in
passing” and creates an encrypted, integrity-secure
channel between the card and the reader.
PACE also enables entry/verification of a PIn, thus
tying authentication to the person and providing
protection against unauthorized use of the new
identity card.
terminal Authentication ensures that the reader/
service provider can perform only authorized access
operations. the read rights for the various data fields
are granted separately.
Chip Authentication creates a secure end-to-end
channel between the chip and the service provider.
together with Passive Authentication, Chip Authentication
also verifies the authenticity of the chip.
the integrity and authenticity of the read data are
implicitly ensured through authentication of the
chip.
5. The eID server – interface for
web applications
eID sErVEr
to simplify the use of the electronic identification function
in web applications, an eID server is required. the eID
server provides a simple interface for web applications,
encapsulating the complexity of the electronic identification
function. the guideline tr-03130 specifies the interface used
by web applications and the corresponding data formats for
exchanging information.
the eID server as a hardware and software component
establishes communication with AusweisApp and handles
the communication for requesting terminal authorization
certificates (DVCA certificates), revocation lists and CsCA
certificates.
the eID server is realized as a logically independent server, so
that it can be used by multiple web applications (principals);
it can also e.g. be operated remotely by a third party. to preserve
the confidentiality and integrity of the processed data,
the data must be encrypted and signed for transfer between
eID server
The steps of the electronic identification process
➀ Citizen selects authentication using
electronic ID on service provider’s
website.
➁ The webserver of the service provider
transmits the parameters necessary for
establishing the connection.
➂ The browser starts the local AusweisApp
application.
➃ AusweisApp establishes a secure channel
to the eID server of the service provider
and authentication commences.
18 19
Citizen
Browser
➂
AusweisApp
➀
➁
➃
CA - Certification Authority
PKD - Public Key Directory
Service provider
Webserver
eID server
CA, PKD,
revocation
lists

EVoCAtIon MAnAGEMEnt
the eID server and application server when transmitted via a
public network.
6. Revocation management in the new
German identity card
to prevent abuse of stolen or lost identity cards, the card
holder must be able to block or cancel them via revocation
management [Bender 2010].
Currently, chip cards, e.g. cards for the qualified electronic
signature, are cancelled by means of a chip-specific public
key that can be compared with a revocation list – in other
words, a global, chip-specific feature. however, a chipspecific
feature is always person-related, as it uniquely
identifies the chip and consequently the card holder.
such a mechanism would thus undermine the data
protection-friendly design of the eID function, in which only
those data from the chip are transmitted that are necessary
for the service. For example, an online service that only
requires proof of age for age-restricted services must not be
able to use a unique revocation attribute to cross-reference
these data with a service that receives name, address and
similar data from the identify document (this is particularly
important for the pseudonym).
one solution to this conflict is to use service-specific revocation
lists, i.e. every identity card transmits a service- and
card-specific revocation attribute to the service provider
during the electronic identification process, which the provider
then checks against his individual, i.e. service-specific
revocation list.
For each service that uses the eID function of the new identity
card, a service-specific revocation list is generated from a
global revocation list. A service- and card-specific attribute
sent to the service provider from the chip of the identity card
during the eID function can then be compared with a specific
revocation list in order to identify cancelled IDs.
the use of service- and card-specific revocation attributes
ensures that service providers cannot exploit these to
recognize identity documents across services. this applies
analogously for the revocation service: this central authority
is unable to derive the service- and card-specific revocation
attributes from the revocation key without the assistance of
the service providers and the authorization CAs – it is not possible
to trace identity cards via the revocation mechanism.
the use of revocation passwords and checksums also promotes
data protection.
Revocation management
Overview
Lost and stolen list
ID card authority
Revocation
password for entry
in register of IDs Hotline
Berechtigungs-CA
Berechtigungs-CA
Authorization CA
Dienstanbieter
Dienstanbieter
Service provider
rEVoCAtIon MAnAGEMEnt
20 21
Police
Loss reported
Revocation
initiated
Loss reported
Revocation
initiated
Citizen
Revocation initiated
with revocation password
Revocation password
in PIN letter
ID manufacturer
Revocation initiated
with revocation checksum
General revocation list
Service provicer-specific revocation list
eID revocation service

EVoCAtIon MAnAGEMEnt
A revocation key is required for generating service-specific
revocation lists. to ensure that the process complies with the
security requirements described above, this key has a length
of 256 bits – something the identity card holder will certainly
be unable to memorize.
Cancellation of lost identity cards must be possible at any
time: seven days a week, 24 hours a day, and especially while
travelling as well. one solution would be to store the personal
data of the card holder required for identification in the
revocation service, together with the revocation key, which
would in practice be equivalent to a nation-wide registry of
persons.
the methods used in the identity card take a different
approach: only the hash value (revocation checksum)
corresponding to the last and first names, date of birth and
cancellation password are stored with the revocation key.
this implementation permits effective cancellation of
identity cards without requiring a central registry holding
personal data.
7. References
rEFErEnCEs
[PAuswG 2010] German ID Card Act (Gesetz über Personalausweise
und den elektronischen Identitätsnachweis – Personalausweisgesetz
– PAuswG), 17 August 2010, German Federal
Law Gazette (Bundesanzeiger) I, p. 1346
[PAuswV 2010] German ID Card Regulation (Verordnung über
Personalausweise und den elektronischen Identitätsnachweis
– PAuswV), 2010, German Federal Law Gazette (Bundesanzeiger)
I
[Bender 2008] Jens Bender, Dennis Kügler, Marian Margraf,
Ingo naumann, Sicherheitsmechanismen für kontaktlose
Chips im deutschen elektronischen Personalausweis, DuD •
Datenschutz und Datensicherheit 3 | 2008, p. 173-177
[Bender 2010] Jens Bender, Dennis Kügler, Marian Margraf,
Ingo naumann, Das Sperrmanagement im neuen deutschen
Personalausweis, DuD • Datenschutz und Datensicherheit 5 |
2010, p. 295-298
[tr-03110] BsI technical Guideline, Advanced Security Mechanisms
for Machine Readable Travel Documents (BsI tr-03110)
[tr-03112] BsI technical Guideline, eCard-API-Framework (BsI
tr-03112)
[tr-03128] BsI technical Guideline, EAC-PKI‘n für den elektronischen
Personalausweis, Rahmenkonzept für den Aufbau und
den Betrieb von Document Verifiern (BsI tr-03128)
[tr-03130] BsI technical Guideline, eID-Server (BsI tr-03130)
[tr-03131] BsI technical Guideline, EAC-Box Architecture and
Interfaces (BsI tr-03131)
22 23

Published by
Federal office for
Information security (BsI)
Godesberger Allee 185 - 189
53175 Bonn, Germany
Version
september 2010
Editorial
teletrust Deutschland e.V.,
Berlin, Germany
Design / Production
Kesberg Consulting,
Bonn, Germany
Printing
Buersche Druckerei neufang KG,
Gelsenkirchen, Germany
Photos
German Federal Ministry of the Interior
(cover pictures), German Federal office
for Information security (graphics)