new German ID card - Der neue elektronische Personalausweis

The German government decided to renew the German ID card, not to be confused with the German passport that got renewed in 2007. Thus we (Germans) will all get an electronic ID card, called ePA or nPA, beginning in November 2010. Among other things, the ID card is smaller (so-called ID 1 format, like a driver's license), it has an electronic smart-card like chip that can be read wireless and, hey, after all it looks much more funky (see the pics below).





Basically, the ID card will show all the personal attributes that are printed on the current ID card, but they can be read with appropriate terminals, too. Before the data can be read, the terminal and the ID card perform mutual authentication using protocols such as PACE, Terminal Authentication and Chip Authentication. These protocols are part of Extended Access Control (EAC), a new standard by the German BSI to securely read machine-readable travel documents. Whenever personal attributes shall be read, an end-to-end encrypted channel is established between the ID card and the eID server. Thus, the data cannot be intercepted. In theory. They say.

OK, joking aside, to be serious, as far as I can tell, Extended Access Control with its protocols PACE, Terminal and Chip Authentication are, from an IT security perspective, really strong means to build-up a secure channel. We have put together some more information on our institute website (in German only).