Mandatory electronic identification card with RFID chip
Introduction
Last week it was announced that the Dutch company NXP was selected to produce the new identification (ID) card for Germany. Starting from the beginning of November this year, 60 million mandatory cards will replace the older ID cards.
The new identity card in brief
One of the main intentions and advantages with the new identity card is that it allows electronic identification and entering into legally binding agreements also in the digital world - by using electronic signature. This is not set up by default, but requires that an electronic certificate is obtained.
The ID card is not legal identification (like a passport) throughout the world. However, it will be legal ID in the European Union, and thereby able to substitute for passports in most circumstances for ordinary German citizens.
Obviously an identity card as the German has numerous advantages!
The most obvious is a nation-wide system which allows (secure) electronic signatures. The fact that it has been / is difficult in many countries to agree on a common or interchangeable system, has greatly restricted Internet-based commerce and the ability to enter into binding agreements online. This new ID card in Germany may have overcome this obstacle. The card also enables German citizens to interact online with the German authorities.
It will be interesting to see how this affects online transactions (all kinds) in the coming years.
RFID chip
The new identity card includes an integrated Radio-frequency identification (RFID) chip, which is the most interesting item seen from a security point of view.
RFID chips are constantly discussed in security gatherings, online forums and blogs, and have been the topic for two of our previous security articles:
The chip on the German national identity card enables storing personal information which may be read by (authorized) devices and organizations. It is for example optional for German citizens to store their fingerprints on this RFID chip. Technically other information may also be stored on the chip.
The fact that personal - and potentially very sensitive information - is stored on a chip raises interesting security issues. The security in RFID chip used on the first passports using this technology, were demostrated to be insecure. The new German RFID card technology uses an additional allegedly more secure protocol to protect the sensitive data on the ID card.
Skeptic comments regarding the use of RFID technology is nevertheless seen in abundance on web sites and blogs. One fundamental objection is that the RFID technology per se allows that information on the chip might be read without the owner's knowledge (providing the right equipment, of course). This in itself allows for privacy infringement if it is misused.
References (all opens in separate browser windows)
- NXP Selected to Secure New German National Identity Card (Press release from NXP 19 August 2010)
- Der neue Personalausweis ("The new identity card" - Information from Bundesamt für Sicherheit in der Informationtechnik - German text)
