Experience and Outcomes of the New German Electronic ID Card

nPA – The New German ID nPA The New German ID Card

The First Year

Experiences and Applications

17/11/2011

Experiences and Applications

17/11/2011Werner BraunAgenda

▶ Some Figures

▶ The Benefits

▶ The Functionality

▶ The Use Cases

▶What May Other Countries Benefit

2

17/11/2011Werner BraunSome Figures

▶Start November 1st, 2010

▶9.1 mio nPA eID cards to be issued until end of 2011▶30% with enabled ID-function ▶30% provide their fingerprints

▶275,000 AusweisApps downloaded

30 tifi d ID i id li t ▶30 certified eID service providers online – more to come …▶71 applied for eID service

▶> 5 eID service providers▶> 5 eID service providers

3

17/11/2011Werner BraunThree types of chip card readers

for the new identity cardfor the new identity card

Basic reader (Cat B) Simple chip card reader with a contactless interface

N PIN d f th PIN t No PIN pad for the secure PIN entry Qualified electronic signature is not supported Price: ca. € 35

Standard reader (Cat S) Multifunctional chip card reader with a contactless and an optional

contact interface

PIN pad for the secure PIN entryp y

QES of contact signature cards is supported*

Price: ca. € 37** or € 68

C f t d (C t K)Comfort reader (Cat K) Multi applicative chip card reader with a contactless and a contact interface

PIN pad for the secure PIN entry, display and own authorisation certificate

Qualified electronic signature with the nPA is supported

4

Q g pp

Price: ca. € 120** or € 160

* Current feature of available readers

** With state support

17/11/2011Werner BraunThe new German ID card’s benefits

….for citizens

Reliable and easy-to-use identification mechanism for online

….for citizens

yand offline services

Respect for the right to self-determination – card holder decides which of the ID data will be transmitted to the service providerprovider

Service providers have to prove the authenticity of their digital identity, via a digital certificate

Secure exchange of sensitive personal data via highly g p g yencrypted communication channel based on dual-factor authentication (ownership of the ID card and knowledge of the PIN)

Improved identification capabilities for police and border Improved identification capabilities for police and border authorities; enhanced security

5

Source:Federal Ministry of the Interior

17/11/2011Werner BraunThe new German ID card’s benefits

for service providers

Service providers can verify the identity of a person or

…. for service providers

Service providers can verify the identity of a person or customer

The authentication mechanism can be used for different applications in many areas

New services can be offered that were not possible before (for example, transactions requiring a signature of a person)

Integration effort is manageable – services and web applications can use a standardized interface in order to use the app ca o s ca use a s a da d ed e ace o de o use eeID functionality

No roll-out process for service providers High number of potential users – almost every citizen has to

)own a national ID card)

6

Source:Federal Ministry of the Interior

17/11/2011Werner Braun

The New FunctionalityeID und QESeID und QES

QES – Qualified Electronic SignatureeID – electronic identity service

„I‘ve signed it“

Display of document to be signed

„It‘s me“

Confirmation of service provider‘s identity

Document signing authorised by signature-PIN

f b

identity

Display of required data

Personal data PIN required Signature verification by recipient

Use cases: signature pf contracts, e-mails, mandatess

Personal data –PIN required

Personal data -Transmission

Use cases: application/registration, age verification pseudonym mails, mandatessage verification, pseudonym

Mutual Identity Verification Legally-binding electronic Signature

7

Source: Fraunhofer FOKUS

17/11/2011Werner BraunTechnical infrastructure

Service provider

7 D t t f t 7. Data transfer to the service provider

8. User authenticated

1. Display of th b it

2. Forwarding to the eID service

providerCitizenthe website

3. Chip and terminal authentication

Authorisation certificate

6. Data transfer 4. Display of the fields

5. Confirmation by PIN

Given nameSurname or:

ePA- Secrecy+ Provider

8

SurnameAge

…

+ Provider number= Pseudonym

17/11/2011Werner BraunUsage possibilities

Access with pseudonym Age verification Citizen services

Kiosk systems / info terminals Electronic signatureAutomatic form filling

Barrier free internet servicesAccess controlsOnline registration

9


eBusiness with the new German eID Card . . . live!

eBusiness

the new German eID Card . . . live!

InsurancePortals for customersPortals for brokers

Portal serviceCentral login for

many servicesPortals for brokers

BankPortals for customers

Online shop

many services

Mobile communicationUse of eID on

smartphonesOnline shopPortals for customers

Credit agencyCustomer self

service

smartphones

AirlineSubstitute for

member card

service

Social networkSecure identity

for members

Car dealershipService for

automated number plate

Cigarette industryCigarette industryVerification of age

at vending machine

Local transportation

Post Identification at

automated post office

10

transportation Identity verification

on vending machineCar rentalDoor code

17/11/2011Werner BraunUse Case

Forms Management SystemForms Management System

Default values for form fields

With data directly from nPA … and/or …

based on customer data bases leveraging the service provider specificleveraging the service provider specific characteristic

Here both sources are used.

Customer idenitifier Customer idenitifier

First and last name, degree

Birthday

Address

11


Health Application AssignioConsumer Centric HealthConsumer Centric Health

EU Vision

“ One of my priorities will be to accelerate the positive impact of ICT on everyday life. In this “ One of my priorities will be to accelerate the positive impact of ICT on everyday life. In this y p p p y yvision, eHealth will play a key part….I see eHealth as a way to offer more control for patients on their own health….I see eHealth as a means to achieving economic recovery…eHealth also requires collaboration among all players in the healthcare sector”Neelie Kroes, Vice President of European Commission and Commissioner for the Digital Agenda on eHealth Conference 2010 in Barcelona

y p p p y yvision, eHealth will play a key part….I see eHealth as a way to offer more control for patients on their own health….I see eHealth as a means to achieving economic recovery…eHealth also requires collaboration among all players in the healthcare sector”Neelie Kroes, Vice President of European Commission and Commissioner for the Digital Agenda on eHealth Conference 2010 in BarcelonaBarcelonaBarcelona

Consumer Partner

stay healthy and fit manage your health and fitness connect for better healthcare take care of your families health

stay healthy and fit manage your health and fitness connect for better healthcare take care of your families health

customer loyalty platform for innovative business models market new applications bundling of partners core competencies

customer loyalty platform for innovative business models market new applications bundling of partners core competencies

12

yy g p pwithin the Ecosystem

g p pwithin the Ecosystem

17/11/2011Werner BraunAssignio - a web based platform to manage

patient’s own health related data in a secure way

…with following actorsAssignio is an open platform…

The Consumer is the owner of his data, takes part on a voluntary basis and provides a consent to store his data in the Assignio

…with following actors

Partners with applications dealing with consumer data

Assignio is an open platform…

platform. All providers of medical and

wellness services such as hospitals, physicians, health plans, employers, fitness centers, device and software manufacturers may become a

Partners with applications dealing with consumer data

manufacturers may become a Assignio Partner.

Assignio uses established Identity Providers (ID-Providers) to identify the consumer before he gets access to health data in the platform

Provider of the platformID Providerpseudonym

Windows Live IDplatform.

Atos IT Solutions & Services is the Provider of the health platform -not using the data of consumers for ist own purposes.

Microsoft provides the Technology Technology partner

13

p gyof the platform.

13


Assignio for Private Hospitals Patient Portal and mobile AppPatient Portal and mobile App

14


Payment ApplicationWallet Server •Credit Card IssuerWallet Server

P t SP

•Debit Payment

Card dataOf holderile

r

Payment SP ai

ler Wallet Server

Of holder

xxxx xxxx xxxx 1234

xxxx xxxx xxxx 1234

DKK/pseudonymnlin

e R

etai

rtion

st

ratio

n

tarti

on

nist

arat

ion

tat.

Rea

ta

Wor

ldlin

eId

ent

On

Bank Bank

regi

star

adm

inis

Reg

ist

Adm

inS

15

Card holder Card holder

17/11/2011Werner BraunWhat may other Countries

benefit from Germany‘s Solution

Establish a dedicated „Competence Center“ for introducing the new eID with comprehensive expertise and clear competences

d ibiliti

benefit from Germany s Solution

and responsibilities.

Countries may deploy Germany’s technical solution as well no new and complicated developments necessaryuse a mature and proven solution

National security policies can be applied without creating barriers for international business activitiesbarriers for international business activities

Citizens can use services of other countries by means of their own smartcard -> they can further trust their national smartcards

Service providers can support authentication procedures with electronic cards of foreign countries (only authorization certificate of the foreign country required)

16

International electronic identity system that is effective, sustainable and secure


Atos the Atos logo Atos Consulting Atos Worldline Atos Sphere Atos Cloud and Atos WorldGrid

17

Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGridare registered trademarks of Atos SA. June 2011