The German eID as an Authentication Token on Android Devices
This addresses the problem of mobile digital identity authentication for German citizens, but it is incremental as it builds on existing eID infrastructure.
The paper tackles the lack of mobile solutions for the German eID by presenting a new approach that enables authentication on Android devices without the physical ID card or card reader, with a security evaluation identifying two non-critical vulnerabilities and a proof of concept revealing technical issues for future resolution.
Due to the rapid increase of digitization within our society, digital identities gain more and more importance. Provided by the German eID solution, every citizen has the ability to identify himself against various governmental and private organizations with the help of his personal electronic ID card and a corresponding card reader. While there are several solutions available for desktop use of the eID infrastructure, mobile approaches have to be payed more attention. In this paper we present a new approach for using the German eID concept on an Android device without the need of the actual identity card and card reader. A security evaluation of our approach reveals that two non-critical vulnerabilities on the architecture can't be avoided. Nevertheless, no sensitive information are compromised. A proof of concept shows that an actual implementation faces some technical issues which have to be solved in the future.