By Benjamin Drisch und Adam Ross, cryptovision.
Modern eID document project requirements often ask for a variety of elements, but can be distilled into the four prime elements of multi-application, multi-segmentation, secure in-field application loading and data management. Each has its own set of unique challenges and care should be taken to cover each requirement adequately enough.
For a start, the idea of the card being able to carry multiple applications is vital, as so many eID projects are extending usage and are using smart cards for secure storage of document validation data and incorporating additional applications like ePKI for digital signature, electronic driving licenses, mass transit ticketing, or even payment applications.
The element of “multi-segmentation” – different secure containers on the card for different authorities – is also becoming just as important as multi-application but for slightly different reasons. By utilizing a trusted eID credential as a root for other services, different government ministries can utilize a multi-application document rather than issue their own document. Instead of having a single purpose voter identification card, a social security card, and a taxpayer ID card, each of these relevant ministries could leverage one eID card.
Facilitation and management of eID documents in the field is a topic that has garnered a lot of interest recently. Back-end data management in a secure environment is an accepted scenario within the secure document world but more and more it is a necessary requirement for both data management and application loading to be done in-field in a secure manner.
Take, for instance, secure in-field application loading after the document has been issued. Unlike electronic passports which are intended to be static documents with long effective lifetimes, and which are written once and read many times, eID cards are much more dynamic documents which may require both, changes to the cardholder data (update of current address, change of contact information) and additional card functions. Applications can easily be added as eID usage grows and the issuing authority manages deployment of new eID services. With a flexible card operating system, adding new functionalities can be accomplished in-field, even on previously issued eID cards.
As with secure in-field application loading, secure in-field data management (both read and write) is of paramount importance.
Historically, when an eID document was to be updated with new cardholder demographic data or new applications, the document needed to be re-issued or even replaced. However, using existing standards like EACv2, allows for setting fine grained permissions for the card content, which allows a delegation model where certain data on the card can be read by one agency but restricted to others. For example, a single eID card can hold data specific to two different ministries, as a voter identification card it might hold sensitive data such as party affiliation and voting jurisdiction as well as a tax payer identifier. By employing certificate-based authorization mechanisms, tax authorities could read the taxpayer ID, but not the voter information stored. Further, the permissions can be set in such a fashion where some information can be updated on authorized terminals such as change of political party affiliation made at an established voting location.
These factors can best be best achieved by an access certificate-based infrastructure composed of:
- A PKI backend system
- Authorized terminals
- A suitable certificate and terminal management system
- A flexible eID document solution
This is all based on existing standards, such as EACv1 and EACv2. Latest standardization and interoperability initiatives (eIDAS) also underline the continuation of this trend. While these standards are already very mature and well established for machine readable travel documents, they are also ideally suited for other types of documents, such as a health care card which carries patient data securely, but still allows for update of heath conditions, or student campus cards that carry both enrollment data and allow for on campus payments.
Such a system outlined does not have to be as complex or as expensive as, for example, the German eID system. The combination of core security mechanisms and lean technology components can provide a flexible and scalable solution by using open standards and supporting open platforms reduce overall costs of the system.
Cryptovision has proved that this model is effective with SCalibur (as well as ePasslet and CAmelot) and has been successfully deployed in numerous international projects around the world.