Electronic ID in Germany. Dr. Stephan Klein Managing Director Governikus GmbH & Co. KG Logius Event

Transcription

1 Electronic ID in Germany Dr. Stephan Klein Managing Director Governikus GmbH & Co. KG Logius Event

2 Table of Contents Authentication in Germany Infrastructure (Client, Hardware, Participants) Authentication in Europe TREATS and eidas-middleware Notification German ID Card

3 About Governikus KG Location Governikus GmbH & Co. KG Am Fallturm 9, Bremen Unlimited Partners Unlimited Partner Governikus Bremen GmbH (100,0 % ownership by the Free Hanseatic City of Bremen) Foundation Founded in July 1999 (as bremen online services GmbH & Co. KG) Work Force roughly 130 employees Managing Director Dr. Stephan Klein Limited Partners Freie Hansestadt Bremen: 55,1 % Telekom Deutschland GmbH: 15,0 % Die Sparkasse Bremen: 15,0 % Brekom GmbH (EWE Gruppe): 14,9 % Head of Supervisory Board Dr. Martin Hagen

4 German ID Card Facts (October 2017) Issued electronic IDs More than 18,5 million FORECAST ELECTRONIC ID CARDS GERMANY Service Providers 157 Service Providers (October 2017): ca. 2/3 Public Sector ca. 1/3 Private Sector 18,5 26,5 34,5 42,

5 German eid Infrastructure Requires eid Client And eid Server For Mutual Authentication Figure: Overview of the German eid System / Federal Office for Information Security

6 Decentralized eid Infrastructure Germany Official Documents Card Verifiable Certificates Bundesdruckerei (Federal) D-Trust User / ID Official Client / AusweisApp2 Service Provider eid Server Governikus on behalf of the Federal Ministry of the Interior Different public and private organisations Private Providers (Governikus p.e.) Authentication Certificates and Blacklist Federal Office of Administration

7 AusweisApp2 German eid Client (developed by Governikus on behalf of the Federal Ministry of the Interior): user-friendly, lean, secure and certified Computer and mobile usage with support - Windows, Mac OS X - Android (ios under development / usability tests) Certified Software Development Kit (SDK) / Built-In - Integration in own Applications Certified Software - By Federal Office for Information Security Licenced under EUPL to create own clients, built-ins or other operating systems Smartphone as card reader - To avoid additional hardware Usability tested - Integration in own Applications Approx. 1 Mio. downloads Windows and Mac OS (since November 2014), approx downloads Android (since May 2017)

8 Smartphone (or Tablet) As Card Reader NFC Computer and NFC-Smartphone or NFC-Tablet in the same Wifi The devices have to be connected to the same Wifi NFC

9 Governikus Autent Multifunctional eid Server EU-Middleware POSeIDAS Application of the IT Planning Council Federal Government and Federal States hold the licence SLA silver, bronze und gold available Multiclient capable Multi-authentication possibilities (Certificate-based, Username/Password, ID card) Identity management/ directory service SAML and SOAP acc. totr-3130 Flexible modularisation POSeIDAS limited to SOAP Webservice acc. to TR ID Cards

10 eidas The Perspective Matters Each EU-/EFTA member state is both: sending or receiving member state 1. Sending member state: sends the eid Regarding eidas beeing an sending member state is optional. There is no obligation to notify an ID token 2. Receiving member state: accepts the eid Mandatory as of September 2018 regarding eidas: each country must accept notified ID tokens from other EU-/EFTA countries

11 eidas The Perspective Matters (Example)

12 eidas Middleware in The Netherlands The eidas Middleware, developed by Governikus on behalf of the Federal Ministry of the Interior was successfully deployed in The Netherlands (Demo Portal) (beginning of 2017) and is supplied by Germany as a virtual machine.

13 Motivation for TREATS Federal Ministry of the Interior realised necessary action to get the German infrastructure eidas-ready (2015) Adressed all eid-server manufacturers, call for interest Adressed some relevant service providers to think beyond Asked Governikus KG to coordinate the proposal in the name of Germany Set in addition the Federal Office for Information Security in controlling duty

14 Participants in the TREATS Consortium MTG (media transfer AG) OpenLimit SignCubes GmbH Governikus GmbH & Co. KG (consortial leader) eid server HSH Soft- und Hardware Vertriebs GmbH SiXFORM GmbH Bundesdruckerei GmbH Harz University of Applied Science Anstalt für Kommunale Datenverarbeitung in Bayern (AKDB) Services and Applications Guest / Observer: Federal Ministry of the Interior Federal Office for Information Security Functionality Visibility Mentoring / Observing

15 Goals of TREATS Scope of work in TREATS project Enable existing infrastructure to accept eid token from other EU Member States Provide multiplier effect at once for Germany Lead to an enhanced eid scheme in Germany Enhance selected applications as proof of concept Bring new eidas-enabled infrastructure into production Develop best practice guide for on-boarding process of other service applications

16 Notification of German ID card on How did Germany do this? German-eID/eIDASnotification/eIDAS_notification_node.html;jsessionid=652 4D09940CEDE43D3E644542B14ED7A.1_cid341 Responsible and successfully completed by the Federal Ministry of the Interior and the Federal Office for Information Security Maximum transparency (all documents are publicly available) Politically important / supported by ministerial letters What are the lessons learned? Plenty of work to do! Detailed documentation is essential.

17 Besuchen Sie uns auch in Thanks for your kind attention! Dr. Stephan Klein Tel: Governikus GmbH & Co. KG Am Fallturm Bremen Tel.: Albrechtstraße Berlin Tel.: