At this year’s CeBIT, Giesecke & Devrient (G&D) and Wirecard Bank AG are showcasing an e-business application that utilizes the electronic ID card, which several European Union member states are planning to introduce. To use the application, consumers have to register with Wirecard Bank’s Internet payment service, and install special software and a simple contactless card reader on their home PCs. This new application allows banks and consumers to authenticate one another using an official personal identity document and a personal identification number (PIN) for the first time ever, according to G&D.
“This is a major milestone for e-government and e-business applications. Users and online service providers can benefit from added security in their internet transactions, thanks to secure mutual authentication based on an official electronic document,” noted Hans-Wolfgang Kunz, group executive for the Government Solutions business unit at Giesecke & Devrient.
Several European countries, including Germany, are planning to introduce electronic personal ID documents with integrated microchips. Citizens will thus be able to identify themselves to government offices on the Internet as well. At the same time, the electronic ID can also help make e-business applications more secure – and more convenient, since it eliminates the need to maintain numerous user names and passwords for various internet portals.
The personal information stored on the ID card’s chip – such as the user’s name, address or date of birth – is protected from unauthorized access in each transaction by Extended Access Control (EAC), a secure encryption protocol. Essentially, a secure channel is created between the server operated by the online service provider – like Wirecard Bank – and the microchip on the electronic ID card. The microchip verifies the service provider’s individual access certificate to ensure the provider only accesses the personal data needed for its business processes. Citizens remain in control of who uses their personal information, since they have to explicitly grant access to their data by entering their PIN.