News

BSI certifies world's first Open Source "eID-Kernel" according to BSI TR-03124

[Michelau, March 22, 2019] It has been accomplished – ecsec GmbH proudly presents its certificate for Open eCard Version 1.3 received from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). The so-called "Open eCard Library" is thus not only the worldwide first Open Source "eID-Kernel" for Android, but also the first and currently the only eID-Kernel certified by the BSI according to the Technical Guideline TR-03124 (eID-Client), which is available freely available as Open Source. The certificate, which has been issued without deficiencies in the conformity assessment report, is valid until 21st of February 2024.

Open eCard – free and trustworthy eIDAS technology since 2012

Open technologies for electronic identities (eID) and trust services according to the eIDAS-Regulation are enjoying growing popularity. The Open eCard project was initiated in 2012 by industrial and academic experts in order to provide a platform-independent Open Source implementation of the eCard-API-Framework according to BSI TR-03112 and the related ISO/IEC 24727 standard in order to enable arbitrary applications to utilise arbitrary smart cards for authentication and signature purposes. Based on these standards the Open eCard App was developed and certified in 2015 by the BSI as the world's first Open Source eID-Client according to BSI TR-03124 (eID-Client), which not only supports the German eID (“Personalausweis”) but also several other European eID and signature cards.

Open eCard Version 1.3 certified by BSI as "eID-Kernel" according to BSI TR-03124

Version 1.3 of the Open eCard platform is the world’s first Open Source "eID-Kernel", which has been certified according to the Technical Guideline BSI TR-03124. With this library, the mobile identification with the German eID card, which has been notified with level of assurance „high“ according to Article 8 of the eIDAS-Regulation, can be seamlessly integrated into any Android-based smartphone app. This innovative and trustworthy key technology has already been used in practice for some time in the "FiftyFifty Taxi" project of the German districts of Lichtenfels and Kulmbach and the integration into the systems of identity Trust Management AG was recently started. In addition, further application scenarios in the field of electronic signatures, which are currently being developed in the EU-funded "FutureTrust" project, and further integrations with well-known partners will follow soon. Thanks to the international standard ISO/IEC 24727 implemented in Open eCard, additional contactless eID tokens, signature cards and electronic health as well as health professional cards can now also be used for mobile authentication and signatures.

Certificate without deficiencies valid until 2024 thanks to strict quality management

Thanks to the mature software development process, which has already been audited according to ISO 27001 on the Basis of IT-Baseline Protection, and the stringent quality management system based on the international standards such as ISO/IEC 9001 and ISO/IEC 90003, the certification procedure according to BSI TR-03124 for the current version 1.3 of the Open eCard platform was completed in a very short period of time. "We are very pleased that the BSI was able to complete the certification procedure for the mobile Open eCard platform that fast," adds Tobias Wich, Open eCard Maintainer. "This means that a formally certified Open Source eID-Kernel is now available in time for the go.eIDAS Summit on 27th of March 2019 and that the eIDAS-Ecosystem can now be mobilized even faster based on trustworthy and certified Open Source components. We are looking forward to demonstrating the ease of integrating the certified Open eCard Library into Android-based smartphone apps as part of the planned tutorial."

About the FutureTrust project

Against the background of the Regulation (EU) No. 910/2014 on electronic identification (eID) and trusted services for electronic transactions in the internal market (eIDAS), the FutureTrust project (https://futuretrust.eu), which is funded within the EU Framework Programme for Research and Innovation (Horizon 2020) under Grant Agreement No. 700542, aims at supporting the practical implementation of the regulation in Europe and beyond. For this purpose the FutureTrust project addresses the need for globally interoperable solutions for the efficient and trusted delivery of electronic services, actively supports the standardisation process in relevant areas, and provides open source software and trusted services which facilitate the use of electronic identity and signature in practical applications.

About the go.eIDAS Initiative

The go.eIDAS initiative (https://go.eID.AS) was initiated by leading European associations, projects and expert organizations in the field of eID and trust services and aims at the practical implementation of eIDAS Regulation (EU) 2014/910 on electronic identification and trust services for electronic transactions in the internal market. go.eIDAS is an open initiative that welcomes all interested organizations and individuals who want to support and promote the use of eIDAS in Europe and beyond.

About ecsec GmbH

ecsec (https://ecsec.de/en) is a specialized vendor of innovative solutions in the sector of security in the information and communication technology, security management, smart card technology, identity management, web security and electronic signature technology. Based on experiences from several consulting projects with international reach ecsec GmbH counts to the leading providers in this sector and supports well known customers within the conception and implementation of tailor-made solutions. Due to the observance of current results of science and technology and current and future international standards, an excellent consulting quality and sustainable customer prosperity are guaranteed

About Open Identity Summit

The Open Identity Summit (https://openidentity.eu) has been the open forum for international experts since 2013, combining practical requirements and hands-on experience and with academic innovation in the areas of identity management, trust services, open source, end-to-end encryption and cloud computing. It promotes the standardisation in these areas as well and the free use of these key technologies. The next Open Identity Summit will take place from 27th to 29th of March 2019, in the Congress Center Garmisch-Partenkirchen, at the foot of the highest German summit (Zugspitze).

Number of words: 986

Contact:

Dr. Detlef Hühnlein

Project Manager Open eCard

c/o ecsec GmbH

Sudetenstraße 16

96247 Michelau, Germany

E-Mail: info@openecard.org

https://openecard.org

Full Press Release