Download (PDF, 589 KB, Datei ist nicht barrierefrei
Download (PDF, 589 KB, Datei ist nicht barrierefrei
Download (PDF, 589 KB, Datei ist nicht barrierefrei
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
sECurIty<br />
device (terminal) can demonstrate an explicit read authorization<br />
for these specific data (e.g. only date of birth). the<br />
Country Verifying Certificate Authority certificate (CVCA<br />
certificate) is stored on the rF chip to verify this authorization.<br />
this certificate forms the root of the Country Verifier<br />
Public Key Infrastructure (CV-PKI), a hierarchy of authorization<br />
certificates for reading sensitive data from identity<br />
documents.<br />
In Terminal Authentication, the reader (terminal) transmits<br />
its read authorization to the rF chip in the form of a<br />
terminal certificate. It also transmits the CVCA certificate<br />
and all certificates in the hierarchy between these two<br />
certificates. this enables the rF chip to verify the authenticity<br />
and integrity of the terminal’s certificate. A positive<br />
result requires that each of the subsequent certificates in the<br />
hierarchy is signed with the private key of its predecessor,<br />
starting with the CVCA certificate. the rF chip “knows” that<br />
this certificate is trustworthy because it was stored on the rF<br />
chip when it was manufactured.<br />
once the authenticity and integrity of the terminal<br />
certificate transmitted by the reader has been established,<br />
the rF chip must verify that this certificate was really issued<br />
for this device. to this end, the rF chip transmits a random<br />
number to the reader, which signs it with a private key<br />
belonging to the terminal certificate. the reader device<br />
then transmits the signed random number back to the<br />
rF chip. using the terminal device’s public key, which<br />
is contained in the terminal certificate, the rF chip can<br />
verify the signature of the random number and determine<br />
whether the possesses has the private key that matches the<br />
certificate.<br />
EAC box<br />
Key component for ID card amendment<br />
Reg<strong>ist</strong>ration office PC<br />
Authorization PKI<br />
Each reader that wants to access the data of the electronic<br />
identity card requires corresponding authorization certificates,<br />
each with their own private and public keys, which<br />
must be renewed regularly via a PKI. the EAC box provides<br />
these functions in an encapsulated form in an evaluated<br />
and certified environment and communicates with external<br />
components and services via standardized interfaces<br />
[tr-03131].<br />
once the electronic identity card has been introduced, the<br />
EAC box will be used as a reader device for changing address<br />
data on the eID at municipal reg<strong>ist</strong>ration offices. Further<br />
uses in addition to this scenario are conceivable (e.g. border<br />
control).<br />
12 13<br />
<br />
Flow control<br />
Crypto<br />
protocols<br />
Stored<br />
certificates<br />
and keys<br />
EAC box core<br />
sECurIty<br />
Card<br />
reader<br />
Display<br />
PIN pad<br />
Specification: BSI Technical Guideline TR-03131 “EAC-Box Architecture and Interfaces”<br />
Protection profile: “CC Protection Profile for Inspection Systems”<br />
Secure channel
Change language