EU IDs to have photos and fingerprints by 2009

CeBIT 2007

Giesecke & Devrient has showcased its advanced smartcard technology at this year's CeBIT show in Hanover, where identity theft has been a major theme.

The company said that all EU member states will have equipped their electronic identity documents with facial images and fingerprints by 2009. Giesecke's smartcards will offer security for travel, e-government and the internet.

Giesecke was one of the first players to implement the Extended Access Control (EAC) protocol in national ID systems, and EAC-online now provides secure access to websites as well.

The firm foresees the EU adopting a single card standard, by which citizens will identify themselves in many parts of the real and virtual world.

The future European Citizen Card (ECC) can be fitted with an e-passport function and an electronic ID.

As such, users will be able to chat on websites, shop on the internet, or even change their official residence and confirm their identities online throughout Europe.

All of these activities use the same underlying technology. First, the online provider is given a certificate that authenticates it and tells the user what information to supply in order to complete an internet transaction.

During the transaction, the online provider sends the certificate to the citizen's card, which verifies the certificate. Essentially, the card acts like a bouncer. Importantly, it only lets data enter the internet if it is absolutely necessary for the transaction.

For booksellers, that might include the customer's name and address. For a kid's chat room, it might be the user's age. That way, children can only log in if they are under 16 years old, which helps protect them on the internet.

Hans Wolfgang Kunz, group executive at Giesecke, said: "If you want similar applications in the EU member states to be interoperable across national boundaries, you have to ensure compliance with the ECC standard."

Powerful encryption ensures that the sensitive data on the card can only be read by authorised parties with special authentication certificates using card readers.

Giesecke is one of the first companies to roll out the EAC protocol for passports and the EAC-online protocol for national ID cards in order to protect electronic business processes.

The ECC supplies the basic services for modern and secure ID cards, and contains a chip that holds not only personal data such as the holder's name, date of birth, height, and eye colour, but an electronic photo and two fingerprints.

At the same time, these ID documents will also be used for e-government applications. Individual countries will be free to add more features, including a digital signature if they desire.