EVoCAtIon MAnAGEMEnt A revocation key is required for generating service-specific revocation l<strong>ist</strong>s. to ensure that the process complies with the security requirements described above, this key has a length of 256 bits – something the identity card holder will certainly be unable to memorize. Cancellation of lost identity cards must be possible at any time: seven days a week, 24 hours a day, and especially while travelling as well. one solution would be to store the personal data of the card holder required for identification in the revocation service, together with the revocation key, which would in practice be equivalent to a nation-wide reg<strong>ist</strong>ry of persons. the methods used in the identity card take a different approach: only the hash value (revocation checksum) corresponding to the last and first names, date of birth and cancellation password are stored with the revocation key. this implementation permits effective cancellation of identity cards without requiring a central reg<strong>ist</strong>ry holding personal data. 7. References rEFErEnCEs [PAuswG 2010] German ID Card Act (Gesetz über Personalausweise und den elektronischen Identitätsnachweis – Personalausweisgesetz – PAuswG), 17 August 2010, German Federal Law Gazette (Bundesanzeiger) I, p. 1346 [PAuswV 2010] German ID Card Regulation (Verordnung über Personalausweise und den elektronischen Identitätsnachweis – PAuswV), 2010, German Federal Law Gazette (Bundesanzeiger) I [Bender 2008] Jens Bender, Dennis Kügler, Marian Margraf, Ingo naumann, Sicherheitsmechanismen für kontaktlose Chips im deutschen elektronischen Personalausweis, DuD • Datenschutz und Datensicherheit 3 | 2008, p. 173-177 [Bender 2010] Jens Bender, Dennis Kügler, Marian Margraf, Ingo naumann, Das Sperrmanagement im neuen deutschen Personalausweis, DuD • Datenschutz und Datensicherheit 5 | 2010, p. 295-298 [tr-03110] BsI technical Guideline, Advanced Security Mechanisms for Machine Readable Travel Documents (BsI tr-03110) [tr-03112] BsI technical Guideline, eCard-API-Framework (BsI tr-03112) [tr-03128] BsI technical Guideline, EAC-PKI‘n für den elektronischen Personalausweis, Rahmenkonzept für den Aufbau und den Betrieb von Document Verifiern (BsI tr-03128) [tr-03130] BsI technical Guideline, eID-Server (BsI tr-03130) [tr-03131] BsI technical Guideline, EAC-Box Architecture and Interfaces (BsI tr-03131) 22 23
Change language