Security mechanisms in electronic ID documents
Terminal Authentication (TA)
The sensitive data on electronic ID documents must be protected from being read by unauthorized persons. Sensitive data on the electronic passport are that kind of data which are not printed on it; all data on the electronic ID card is treated as sensitive.
Sensitive data can only be read when the protocol "Terminal Authentication" (TA) was successfully executed on the reader.
The RF chip of the ID card is designed so that it allows certain data to be read only when the reader can prove an explicit read permission for exactly these data (e.g. only the date of birth). In order to allow the RF chip to verify this permission, the CVCA certificate ("Country Verifier Certification Authority certificate) is stored on it. This certificate is the root of the CV PKI (Country Verifier Public Key Infrastructure), a hierarchy for the authorization certificates for the reading of sensitive data on ID documents.
During "Terminal Authentication", the reader transmits its access permission to the RF chip in the form of a terminal certificate (reading device certificate). In addition, the reader also transmits the CVCA certificate and all certificates that are between these two certificates in the certificate hierarchy. This way the RF chip can verify the authenticity and integrity of the terminal certificate. For a positive result, all of the certificates which follow in the hierarchy have to be signed with the secret key of their predecessor, starting with the CVCA certificate. This is trustworthy for the RF chip, since the key is additionally saved on the RF chip during production.
If the authenticity and integrity of the terminal certificate sent by the reader has been proved, then the RF chip yet has to ensure that this certificate has really been issued for this reader. Therefore, the RF chip sends a random number to the reader, which the device signs with the secret key that corresponds to the terminal certificate. Then the reader sends the signed random number back to the RF chip. With the public key of the reader, which is included in the terminal certificate, the RF chip can verify the signature of the random number and thus determine if the reader possesses the right certificate private key.