Recently Giesecke & Devrient (G&D) and Wirecard Bank AG showcased the first e-business application that utilizes an electronic ID card, based on the European Citizen Card standards (ISO CEN prTS 15480). To use the application, consumers have to install a middleware software and a simple contactless card reader on their home PCs. This new application allows banks and consumers to authenticate one another using an official personal identity document and a personal identification number (PIN) for the first time ever. Giesecke & Devrient's new launch represents the first implementation of the standards for microchip-equipped European Citizen Cards along with the middleware to support commercial applications. Thus users and online service providers can benefit from added security in their internet transactions, thanks to secure mutual authentication based on an official electronic document.
The personal information stored on the ID card's chip - such as the user's name, address or date of birth - is protected from unauthorized access in each transaction by Extended Access Control (EAC 2.0 acc. to BSI-TR-03110), a highly secure encryption protocol. Essentially, a secure channel is created between the server operated by the online service provider - like Wirecard Bank -and the microchip on the electronic ID card. The microchip verifies the service provider's individual access certificate to ensure the provider only accesses the personal data needed for its business processes. Citizens remain in control of who uses their personal information, since they have to explicitly grant access to their data by entering their PIN.