Note on the use of cookies
Cookies facilitate the provision of our services. By using our services, you agree that we use cookies. For more information on privacy, please visit the following link Data protection statement
Security mechanisms in electronic ID documents
The security mechanisms in electronic ID documents have the following security objectives:
- Data protection: first, the personal data of the card bearer should be protected against unauthorized access,
- Authenticity and protection against forgery: second, it has to be ensured that the ID document has been issued by a governmental institution and a possible forgery of the data content is detected.
There now follows a presentation of the protocols and other measures, which are used to support the security aspects referred to above:
| Abbr | Title | Scope |
|---|---|---|
| BAC | Basic Access Control | Basic access control, protects the RF chip against skimming (reading contents from a distance) |
| PACE | Password Authenticated Connection Establishment | Access control, protects the RF chip against skimming |
EAC | Extended Access Control | Extended access control consisting of different protocols |
| CA: Chip Authentication | Establishing a secure communication channel and detection of "cloned" RF chips, Chip Authentication belongs to the EAC protocol | |
| TA: Terminal Authentication | Reading device authentication for sensitive data access on the RF chip, Terminal Authentication belongs to the EAC protocol | |
| PA | Passive Authentication | Authenticity and integrity verification of the data on the RF chip |
PKI | Public Key Infrastructure | Hierarchy of digital certificates |
| CSCA: Country Signing Certification Authority | Hierarchy of digital certificates for data signing in electronic ID documents | |
| CVCA: Country Verifying Certification Authority | Hierarchy of digital certificates for reading permission of electronic ID documents |