With the mobile eID, a solution is to be created which allows citizens to identify themselves securely to service providers in the context of e-business and e-government applications without media discontinuity. Already today, this is made possible by the online ID function, which, however, requires the use of the ID card for every transaction. With the introduction of the mobile eID, citizens can deposit their identity on their smartphone and subsequently identify themselves only by using the mobile device.
Technologically, the security of the mobile eID is guaranteed by using the established cryptographic protocols of the identity card (EAC protocols), which are executed by an applet on a security anchor within the smartphone (SE, UICC, or similar). The security anchor, whose properties must be proven by a certification, takes over the previous role of the chip in the identity card and serves for the secure storage and use of cryptographic keys and identity data. Furthermore, the mobile eID can only be used after entering a PIN assigned by the user, thus realising an effective two-factor authentication (possession of the smartphone and knowledge of the PIN).
By using the existing EAC protocols, the mobile eID can be integrated into the existing identity card recall infrastructure, which allows to block a mobile eID in case of loss or theft of the smartphone. Furthermore the compatibility to already existing services is enabled. For these services, communication with the mobile eID is carried out in the same way as before with the ID card, using an eID server which calls up the eID client on the user's device. This means that the mobile eID can be used directly with all services that already support the online ID function.