Cryptography for Identity Cards
Let’s learn about the use of cryptography in national identity cards.
The applications we’ve looked at so far have all had fairly specific goals, and hence well-defined specific security requirements. Our next use of cryptography is quite different in this regard. National (citizen) identity cards are normally intended to be general-purpose ‘tokens’ that can be used by a range of applications requiring information relating to the identity of a citizen.
They are thus tools that can be deployed in applications, rather than being applications in their own right. Since identity cards can be deployed with many different functionalities (and indeed, many such schemes do not deploy cryptography at all), we will focus our discussion on one specific scheme, the Belgian eID card scheme, which was one of the first such schemes to provide cryptographic signing capability on each identity card.
That is an example of cryptography being made widely available for use by other applications, rather than cryptography being deployed to provide specific support to a particular application.
eID background
Within a specific context, such as a workplace, most people accept cards containing and/or displaying data relating to the identity of the holder. However, the attitude towards national identity card schemes is surprisingly diverse and, to an extent, cultural. In some countries, such as the UK, there is much hostility to such schemes.
This is largely due to concerns over privacy issues, deployment costs, data management, and doubts about the utility of such a scheme. In many other countries, such as Belgium, national identity card schemes have been rolled out and are integrated into daily life.
The main application of national identity cards is to present independently issued evidence of the cardholder’s identity. Such cards typically display a photograph of the cardholder and some personal details, which may include a handwritten signature. However, the progress in smart card technology and the development of cryptographic applications has presented the opportunity for national identity cards to provide additional functionality and, thus, become more useful.
The eID card scheme was motivated by the establishment of the 1999 European Directive on Electronic Signatures, which created a framework enabling electronic signatures to become legally binding. The first eID cards were issued to Belgian citizens in 2003, and from 2005, all newly issued identity cards were eID cards.
The eID card has four core functions:
-
Visual identification: This allows the cardholder to be visually identified by displaying a photograph on the card alongside a handwritten signature and basic information such as date of birth (see illustration below). Previous Belgian identity cards also provided this functionality.
-
Digital data presentation: This allows the data on the eID card to be presented in electronic form to a verifying party. The card data has a specific format and includes:
-
A digital photograph of the cardholder.
-
An identity file which consists of:
-
Personal data such as name, national identity number, date of birth, and special status (for example, whether the cardholder has a disability).
-
A hash of the digital photograph of the cardholder.
-
Card-specific data such as chip number, card number, and validity period.
-
-
An address file that consists of the cardholder’s registered address.
-
Get hands-on with 1200+ tech skills courses.