Cryptography Reference
In-Depth Information
The eID card scheme was motivated by the establishment of the 1999 European
Directive on Electronic Signatures, which created a framework that enabled
electronic signatures (see Section 7.1.2) to become legally binding. The first eID
cards were issued to Belgian citizens in 2003 and from 2005 all newly issued
identity cards were eID cards.
The eID card has four core functions:
Visual identification
. This allows the card holder to be visually identified by
displaying a photograph on the card alongside a handwritten signature and
basic information such as date of birth (see Figure 12.11). This functionality is
also provided by previous Belgian identity cards.
Digital data presentation
. This allows the data on the eID card to be presented
in electronic form to a verifying party. The card data has a specific format and
includes:
• a digital photograph of the card holder;
•an
identity file
which consists of:
- personal data such as name, national identity number, date of birth, and special
status (for example, whether the card holder has a disability);
- a hash of the digital photograph of the card holder;
- card-specific data such as chip number, card number and validity period;
•an
address file
which consists of the card holder's registered address.
Applications of digital data presentation include access control to facilities such
as libraries, hotel rooms and sports halls.
Digital card holder authentication
. This allows a card holder to use the eID
card to 'prove' their identity in real time to a verifying party. In other
words, it facilitates entity authentication of the card holder. The many listed
applications of digital card holder authentication include remote access to
various internet services, including official document requests (for example,
birth certificates), access to an online tax declaration application, and access to
patient record information.
Digital signature creation
. This allows the card holder to use the eID card to
digitally sign some data. Applications of digital signature creation include
signing of electronic contracts and social security declarations. Digital
signatures created using an eID card are legally recognised.
12.6.2
eID security requirements
The three digital functions of the eID card motivate the following three security
requirements:
Data origin authentication of the card data
. In order to provide digital data
presentation, assurance that the card data has not been changed since the card
was issued must be provided.
