Download (PDF, 589 KB, Datei ist nicht barrierefrei
29.11.2012 Views
Share Embed Flag

Download (PDF, 589 KB, Datei ist nicht barrierefrei

Download (PDF, 589 KB, Datei ist nicht barrierefrei

Download (PDF, 589 KB, Datei ist nicht barrierefrei

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
personalausweisportal.de

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

sECurIty<br />

4.3 Passive Authentication (PA)<br />

the purpose of Passive Authentication (PA) is to validate the<br />

authenticity and integrity of the data on the rF chip of the<br />

identity document.<br />

In the course of manufacturing the electronic identity<br />

document, the data stored on the rF chip are digitally<br />

signed. this process uses something called a document<br />

signing certificate, which in turn is signed with the Country<br />

signing Certificate Authority certificate (CsCA certificate)<br />

of the issuing nation and is available only to the officially<br />

authorized ID manufacturer. this certificate forms the<br />

bedrock of the Country signing Certificate Authority<br />

Public Key Infrastructure (CsCA-PKI), a hierarchy of<br />

certificates that verify the integrity of data on identity<br />

documents.<br />

When an identity document is read, Passive Authentication<br />

verifies the signature of the data stored on the rF chip<br />

and traces it back to the CsCA certificate. this enables it to<br />

determine whether the data in the identity document were<br />

written on the rF chip by the officially authorized ID manufacturer<br />

and that their integrity is not compromised.<br />

4.4 Public Key Infrastructures (PKI)<br />

for electronic identity documents<br />

the new identity card requires two Public Key Infrastructures<br />

(PKI): one PKI for verifying the authenticity of<br />

electronic identity documents (Passive Authentication), the<br />

Country signing Certificate Authority (CsCA); and one PKI<br />

to protect the fingerprints on electronic identity documents<br />

(terminal Authentication), the Country Verifying Certificate<br />

Authority (CVCA). technical Guideline tr-03128 describes<br />

the basic functionalities and requirements of these infrastructures.<br />

4.4.1 Country Signing Certificate Authority (CSCA)<br />

InFrAstruCturEs<br />

the Country signing Certificate Authority (CsCA) is operated<br />

by the BsI. this authority generates the German root certificates<br />

(CsCA certificates) on a regular basis, which in turn serve<br />

as the source for the private keys of the document signing certificates<br />

of the passport or ID card manufacturer. the passport<br />

or ID card manufacturer uses the private keys of the document<br />

signing certificates to sign files on the electronic identity<br />

document that represent the document’s data. the document<br />

signing certificate is also electronically stored on the identity<br />

document.<br />

using the root certificate, it is possible to verify whether an<br />

electronic identity document was really created on behalf of<br />

the issuing nation, and whether the data have been changed<br />

in any way since production. this is realized using Passive<br />

Authentication.<br />

to enable the authenticity and integrity of German electronic<br />

identity documents to be verified at border control points in<br />

other countries, and passports of other countries to be tested<br />

14 15

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!