Download (PDF, 589 KB, Datei ist nicht barrierefrei
Download (PDF, 589 KB, Datei ist nicht barrierefrei
Download (PDF, 589 KB, Datei ist nicht barrierefrei
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
EVoCAtIon MAnAGEMEnt<br />
the eID server and application server when transmitted via a<br />
public network.<br />
6. Revocation management in the new<br />
German identity card<br />
to prevent abuse of stolen or lost identity cards, the card<br />
holder must be able to block or cancel them via revocation<br />
management [Bender 2010].<br />
Currently, chip cards, e.g. cards for the qualified electronic<br />
signature, are cancelled by means of a chip-specific public<br />
key that can be compared with a revocation l<strong>ist</strong> – in other<br />
words, a global, chip-specific feature. however, a chipspecific<br />
feature is always person-related, as it uniquely<br />
identifies the chip and consequently the card holder.<br />
such a mechanism would thus undermine the data<br />
protection-friendly design of the eID function, in which only<br />
those data from the chip are transmitted that are necessary<br />
for the service. For example, an online service that only<br />
requires proof of age for age-restricted services must not be<br />
able to use a unique revocation attribute to cross-reference<br />
these data with a service that receives name, address and<br />
similar data from the identify document (this is particularly<br />
important for the pseudonym).<br />
one solution to this conflict is to use service-specific revocation<br />
l<strong>ist</strong>s, i.e. every identity card transmits a service- and<br />
card-specific revocation attribute to the service provider<br />
during the electronic identification process, which the provider<br />
then checks against his individual, i.e. service-specific<br />
revocation l<strong>ist</strong>.<br />
For each service that uses the eID function of the new identity<br />
card, a service-specific revocation l<strong>ist</strong> is generated from a<br />
global revocation l<strong>ist</strong>. A service- and card-specific attribute<br />
sent to the service provider from the chip of the identity card<br />
during the eID function can then be compared with a specific<br />
revocation l<strong>ist</strong> in order to identify cancelled IDs.<br />
the use of service- and card-specific revocation attributes<br />
ensures that service providers cannot exploit these to<br />
recognize identity documents across services. this applies<br />
analogously for the revocation service: this central authority<br />
is unable to derive the service- and card-specific revocation<br />
attributes from the revocation key without the ass<strong>ist</strong>ance of<br />
the service providers and the authorization CAs – it is not possible<br />
to trace identity cards via the revocation mechanism.<br />
the use of revocation passwords and checksums also promotes<br />
data protection.<br />
Revocation management<br />
Overview<br />
Lost and stolen l<strong>ist</strong><br />
ID card authority<br />
Revocation<br />
password for entry<br />
in reg<strong>ist</strong>er of IDs Hotline<br />
Berechtigungs-CA<br />
Berechtigungs-CA<br />
Authorization CA<br />
Dienstanbieter<br />
Dienstanbieter<br />
Service provider<br />
rEVoCAtIon MAnAGEMEnt<br />
20 21<br />
Police<br />
Loss reported<br />
Revocation<br />
initiated<br />
Loss reported<br />
Revocation<br />
initiated<br />
Citizen<br />
Revocation initiated<br />
with revocation password<br />
Revocation password<br />
in PIN letter<br />
ID manufacturer<br />
Revocation initiated<br />
with revocation checksum<br />
General revocation l<strong>ist</strong><br />
Service provicer-specific revocation l<strong>ist</strong><br />
eID revocation service
Change language