EID System's Privacy Protection Enhancement Design

Abstract

Recently, eID system is proposed to settle security problems and even more important to fulfill the need of government administration and control. But the main obstacle of spreading eID systems is privacy worrying though they possessed some security and privacy protection measures. In this paper, we provided the enhancement design for protecting citizen privacy in an eID system (taking German eID system as analysis object).Firstly, we suggested to separate authorization eID server and authentication eID server physically to reduce the possibility of personal data breach since eID server could not avoid to be attacked if it was one part of the internet ; Secondly, we put forward that privacy data should be double-encrypted in the stage of applying service, and should be remain encryption except the service program using it, and more importantly , it should be deleted when service is ending ; Thirdly, in order to prevent fake eID server plus fake service provider attack, we devised the authentication flow when citizen access service which let citizen to take part in the authentication process actively. In addition, we present the remote delete personal data process which invoked by citizen to further privacy protection.