Samsung’s Galaxy S20 will be the first mobile device in Germany allowed to carry the mobile ID solution thanks to its secure chip
Today, Samsung Electronics, the German Federal Office for Information Security (BSI), Bundesdruckerei (bdr) and Deutsche Telekom Security GmbH announced Germany’s National electronic ID will be available on selected Samsung Galaxy smartphones when the eID solution becomes available later this year. As part of a long-term collaboration with an alliance of German government bodies to deliver upon its eGovernment initiative, Samsung partnered with the BSI, bdr and Telekom Security to develop a hardware-based security architecture that allows citizens to securely store their National ID on their smartphone as an eID. Once enrolled, their eID is transferred to a secure location on their phone.
Protecting What is Valuable to Users
Users expect their information to be protected. It is therefore essential to ensure that the eID mobile solution meets the strict security requirements of the federal government and keeps German citizens’ information safe. To do so, all four partners developed a holistic security architecture centered around the foundation of smartphone security – the hardware. Thanks to a highly secure chip built directly into the phone, information can be stored locally on the device and gives users full control over their data.
“In addition to the identity card, almost every citizen in Germany owns a smartphone. Thanks to the OPTIMOS project and in cooperation with Samsung and Deutsche Telekom Security, we now have the chance to combine the high level of trust in the physical document with the user-friendliness of the smartphone,” says Dr. Stefan Hofschen, CEO of Bundesdruckerei. “We are thus creating the basis to ensure sovereignty and trust in a world that is becoming increasingly ‘digital’ and ‘mobile’. In the future, digital sovereign identities and authorizations can be used and managed by citizens in a self-determined manner via the app provided by bdr for this purpose”.
An Open Security Platform
This new mobile eID solution was created as part of the OPTIMOS 2.0 project, whose goal is to create an open ecosystem that provides the technology and infrastructure for secure mobile authentication. As such, it was important for all partners to make sure that this new security architecture would be open to many identity service providers.
“The more we digitalize our daily lives, the more important it is to protect our digital identity. At BSI, we develop, promote and certify eID solutions and technologies designed to protect people’s digital identity. As part of the OPTIMOS 2.0 project, our role was to standardize the necessary components, interfaces and processes so that the technology developed would meet the high security standards and be available to as many end users as possible,” said Arne Schönbohm, President of the German Federal Office for Information Security.
To achieve this goal of creating an open ecosystem, Samsung made the Software Development Kit (SDK) for its embedded Secure Element (eSE) available to third parties.1 This will enable service providers and app developers to create applets for Trusted Service Manager (TSM) that can be loaded into the secure chipset-based platform. As a result, applications and services will be able to work seamlessly with the eID program and German citizens can enjoy them with peace of mind, knowing their information will be protected.
“Together with Samsung and Bundesdruckerei, we created a comprehensive ecosystem for secure digital authentication. This uses the trusted secure elements of smartphones for storing forgery-proof identity information. Our newly developed TSM system is used for the transport of the identities, data storage management and ultimately lifecycle management of each eID, which provides the basis for a multitude of other secure applications,” says Thomas Fetten, CEO of Deutsche Telekom Security GmbH.
The Galaxy S20 Will Be the First Device to Comply With the New Security Requirements
The Samsung Galaxy S20 lineup, including the Galaxy S20, Galaxy S20+ and Galaxy S20 Ultra, will be the first smartphone to comply with the BSI’s eID security framework for sovereign use.2 Thanks to the security embedded in Samsung’s Galaxy S20, the eID solution offers a “Substantial” level of assurance for secure and seamless electronic interactions under the EU eIDAS Regulation.3 This regulation was designed to ensure EU citizens can use their national eID across borders and helps prevent misuse or alteration of their government-issued IDs.
The Galaxy S20 lineup offers the highest level of encryption available, as illustrated by the Common Criteria Evaluation Assurance Level (CC EAL) 6+4 it recently received. It is the latest Samsung device to feature Samsung’s industry-leading embedded Secure Element (eSE) with other Samsung smartphones to follow. The eSE securely stores sensitive data on the device like credit card information, documents and keys and isolates them for maximum protection. Acting as a safe, a separate secure processor provides an extra layer of security designed to defend against hardware attacks and makes it difficult to access and copy information stored on the device.
“We’re incredibly proud that our Galaxy S20 series was the first line of mobile devices to meet such high security standards set out by the BSI. We always strive to offer the highest level of protection possible for our users. As we continue to move towards digitization, our goal is to ensure that mobile users around the world can enjoy these new services with true peace of mind, knowing that we’ll keep them safe,” said Daniel Ahn, Corporate SVP and Head of Security Team at Mobile Communications Business, Samsung Electronics.
What’s Next For Mobile eID?
This is only the beginning. Similar to contactless payments a few years ago, consumers will quickly realize the benefits of having key credentials including their driver’s license, national health insurance cards, or even their car and apartment keys available on their mobile phone, securely stored at all times. Soon, they may also be able to remotely verify their identity to access and send confidential medical records, open a bank account, or vote using their smartphone.