The smartphone manufacturer is working with the German Federal Office for Information Security (BSI), Bundesdruckerei and Deutsche Telekom Security ‘to develop a hardware-based security architecture that allows citizens to securely store their national ID on their smartphone as an eID,’ Samsung said.
The national eID will be available on selected Samsung Galaxy smartphones when the eID solution becomes available later this year.
Samsung explained that the enrolment process will be straightforward. After downloading and installing the Mobile ID application distributed by Bundesdruckerei from Play Store, Galaxy S20 owners can tap their near field communications (NFC) enabled national ID card on the back of their phone to verify their identity and get started. Once verified, the mobile eID will be stored securely on the smartphone.
Samsung stated that the use of eID on its devices stems from the development of a hardware security chip, the embedded Secure Element (eSE). The chip, which was announced in May, is reportedly tamper-proof and generates ‘unclonable keys’ for stronger authentication. Samsung also claims that it works independently from the main chipset’s security processes.
It has also made the software development kit for the eSE freely available to developers allowing them to create apps and services that plug into the eID platform.
‘This will enable service providers and app developers to create applets for the trusted service manager (TSM) that can be loaded into the secure chipset-based platform,’ Samsung said. ‘As a result, applications and services will be able to work seamlessly with the eID programme and German citizens can enjoy them with peace of mind, knowing their information will be protected.’
This new mobile eID solution was created as part of the OPTIMOS project, funded by the German Federal Ministry of Economics and Energy, whose goal is to create an open ecosystem that provides the technology and infrastructure for secure mobile authentication. As such, it was important for all partners to make sure that this new security architecture would be open to many identity service providers.
‘In addition to the identity card, almost every citizen in Germany owns a smartphone. Thanks to the OPTIMOS project, and in cooperation with Samsung and Deutsche Telekom Security, we now have the chance to combine the high level of trust in the physical document with the user friendliness of the smartphone,’ said Bundesdruckerei CEO Dr Stefan Hofschen.
‘We are thus creating the basis to ensure sovereignty and trust in a world that is becoming increasingly ‘digital’ and ‘mobile’. In the future, digital sovereign identities and authorisations can be used and managed by citizens in a self-determined manner via the app provided by Bundesdruckerei for this purpose.’
‘Our newly developed TSM system is used for the transport of the identities, data storage management and ultimately lifecycle management of each eID, which provides the basis for a multitude of other secure applications,’ added Deutsche Telekom Security CEO Thomas Fetten.
Samsung believes that national eID is only the beginning. Similar to contactless payments a few years ago, it feels that consumers will quickly realise the benefits of having key credentials including their driving licence, national health insurance cards, or even their car and apartment keys available on their mobile phone, securely stored at all times.
‘Soon, they may also be able to remotely verify their identity to access and send confidential medical records, open a bank account, or vote using their smartphone,’ Samsung said.
Whilst it’s not clear when the service will be adopted by other nations, Samsung’s system adheres to eIDAS, the EU’s legislation on digital identification, so we might see a wider European rollout in the months ahead.