Electronic ID: This is how ID cards work on mobile phones

The electronic ID card is currently being developed in both Switzerland and Germany – Nevis provides an overview of the current situation

The idea sounds good: Shop online with a single login, fill out tax returns or even sign up for popular initiatives. Thanks to the electronic identity, E-ID in short, this should be possible in Switzerland in the future. But in March 2021 the project’s referendum was halted for the time being. She was especially critical to this privacy concerns. Since then, alternatives that should take more into account the concerns of the Swiss have been discussed. Something is also happening in Germany regarding digital identity: from December, citizens should be able to identify themselves directly via their smartphone using a so-called Smart-eID. Will this concept be more successful than the previous digital ID, whose features appeared online only once Seven percent of German citizens Uses? Security provider Nevis addresses the topic of the E-ID and explains where to use the digital ID.

In Germany, the introduction of the new electronic identity is currently entering the critical stage: On September 1, 2021, the law introducing electronic proof of identity with a mobile device (Smart Electronic Identity Law) came into force. This creates the legal basis for the online ID card to be saved directly to the smartphone – unlike the previous one. The data required for this is transferred once from the chip in the identity document to the mobile phone and then becomes available within seconds. While previously it was necessary to read the ID chip card repeatedly using a smartphone or card reader for online identification, in the future this obstacle will not exist; The whole process takes about half the time.

Data security is a top priority – the Federal Bureau of Information Security (BSI) requirements catalog ensures this. The focus is on smartphone devices, because older models in particular do not meet the necessary requirements to protect identity data. As a partner in the BSI project, Samsung supports the entry of Smart-eID; Galaxy S model users have been able to use the new login since December. The majority of commercially available smartphones should support the functionality in the first half of 2022.

Pavilion in Switzerland

In Switzerland, private companies were originally supposed to issue electronic identity on behalf of the state. However, this concept is not on the table after the negative vote in the referendum held on March 7, 2021. Opponents of the solution had criticized above all that the state wants to unnecessarily hand a sovereign task into private hands. In the future, the issuance of electronic identity will remain the responsibility of the state.

Federal Council On May 26, 2021, a specialized committee composed of representatives of the Ministries of Justice and Police, the Ministry of Finance and the Federal Chancellery was commissioned to develop a rough concept of electronic identification in the future. As a basis for a public consultation on October 14, 2021, the Federal Office of Justice presented the document “electronic identity of the target image.” This clarifies what technical and international discussions are currently underway and which system the scope of which can be conceivable.

Electronic State ID or State Repository?

The ‘E-ID target image’ document distinguishes between the different possible levels of ambition for an e-ID ‘ecosystem’. They are not accessible with every technology; Therefore, the level of ambition should be clarified at the outset.

• Ambition Level 1 is a purely digital usable ID card with login functionality, issued by the federal government. However, experience from other countries shows that it is difficult to establish this limited functionality in practice.
• At Aspiration Level 2, the E-ID also forms the basis for many other state-regulated identifiers, such as a driver’s license.
• Aspiration level 3 includes a large number of digital proofs that can be associated with the E-ID, but can also be independent of it. This directory is stored decentrally in an “e-wallet” on the user’s smartphone. The government agency acts as the certification authority for the evidence, so that the credibility of the information shared is always guaranteed.

In order to implement these levels of ambition, three models are currently being discussed, which take different approaches in terms of their basic requirements (eg centralized or decentralized data storage) and in terms of technical implementation:

1. alternative: Public Key Infrastructure (PKI)

As part of a PKI solution The state issues a certificate signed as an E ID, which is then managed by users in the certificate application. The method is based on asymmetric encryption and provides a secure and confidential exchange of data using a pair of cryptographic keys. With this approach, the user has complete control over where their electronic identity data is located and who provides it. In addition, the procedure can be Technologies that have been tried and tested over many years So the implementation is safe and associated with some technical hurdles faced by the user. Compared to the SSI approach (see point 3), however, PKI is less data-efficient, as the entire electronic identifier must be handed over to the examiner each time to confirm identity.

the second choice: Basic IdP Policy

One second alternative is that the state provides an identity provider (IdP). Electronic identities are stored in a central database. Users can access this identity through a secure login and identify themselves in this way. This approach was initially favored in Switzerland, but was rejected by the population, most of whom criticized the involvement of state-approved but private identity providers.

the third option: Self-Identifying Digital Identity (SSI)

when The third possible alternative It is the so-called Sovereign Self-Identity (SSI), i.e. a self-identifying digital identity. As the name already suggests, with this model, users are responsible for managing their digital identities. Personal data such as surname, first name or date of birth are stored in an electronic wallet on the mobile phone. Verified Credentials are certified by a trustworthy institution – in the SSI model, a government agency is interfering for this purpose. For this assertion to work smoothly, the state must create a corresponding digital infrastructure – the federal government can implement this in cooperation with individual cantons, for example.

SSI provides the user with the advantage that they can decide anew each time which of the verified credentials to provide. Then only the data necessary to complete the relevant business or official transaction – this also meets the requirements of data protection officials for the data economy.

It remains to be clarified which procedure will be used in Switzerland in the context of the additional legislative action – but for Stefan Schweitzer, there is no doubt that an electronic identity solution will come. “Anyone who opens an online bank account today has to, for example, prove their identity through ID scanning or video chat. From the user’s point of view, these processes have to run multiple times, say for each banking relationship. In addition, the Such operations are relatively costly from the bank’s point of view.” Therefore, an electronic identity for a state that relies on social security would be attractive to banks. It provides a basic legal compliant identity and thus offers very high savings potential. In addition, electronic identification is faster and easier to use for citizens than, for example, video identification. In principle, these considerations can be transferred to many areas of economics as well as to management.”