The German eID as an Authentication Token on Android Devices

Abstract: Due to the rapid increase of digitization within our society, digital identities gain more and more importance. Provided by the German eID solution, every citizen has the ability to identify himself against various governmental and private organizations with the help of his personal electronic ID card and a corresponding card reader. While there are several solutions available for desktop use of the eID infrastructure, mobile approaches have to be payed more attention. In this paper we present a new approach for using the German eID concept on an Android device without the need of the actual identity card and card reader. A security evaluation of our approach reveals that two non-critical vulnerabilities on the architecture can't be avoided. Nevertheless, no sensitive information are compromised. A proof of concept shows that an actual implementation faces some technical issues which have to be solved in the future.