Cryptography Reference
In-Depth Information
Citizen CA
certificate
request
3
4
certificates
request, signatures
2
National
Register
Card
Personaliser
6
AC
1
write
card
data
create
card
3
5
6
AC
1
request
6
card
AC
2
PIN
7
2
1
request
Registration
Authority
Applicant
7
AC
2
8
card
Figure 12.14.
eID card issuing process
4. The Citizen CA generates certificates and sends them to the CP, who stores
them on the card. The CA then immediately suspends these certificates.
5. The CP writes all the remaining card data onto the card and then deactivates
the card.
6. The CP sends:
• the first part of an activation code
AC
1 to the NR;
• the second part of the activation code
AC
2 and a PIN to the applicant;
• the inactive eID card to the RA.
7. The applicant revisits the RA and presents
AC
2. This is then combined with
AC
1, which the RA requests from the database of the NR.
8. The CA activates the suspended card certificates and the active eID card is
issued to the applicant.
eID CERTIFICATE REVOCATION
In Section 11.2.3 we discussed the challenges of public-key certificate revocation.
As well as the reasons identified in Section 10.6.2 for revoking a public-key
certificate, there are two special situations in which an eID card certificate has
the status of being revoked:
1. the eID card non-repudiation verification key certificate is revoked for juveniles
under the age of 18;
2. the eID card authentication verification key certificate is revoked for children
under the age of 6.
