Traditionally e-ID identification means using national ID card cryptography to verify the user is who he claims to be.

Browsers have “Client certificate authentication” where webserver is configured to accept certificate provided by the client to verify its identity. For this browser sends server its public certificate and also token that is signed with user private key. Private key in this case is located in the ID card and signing of the token takes place in there. Since token signing is only possible by the card owner who has the card and knows the pin codes then we can be sure that user is who he claims to be.

To make it all work then governments have published software that allows reading the ID card in the reader. Btw ID card readers are installed by default in most business class Lenovo and Dell laptops, in other cases you can buy reader for less than 10EUR that fits nicely in the USB port.

Another part of the software is browser plugin that governments also install as a part of the package. This will allow the apps in browser to talk with the ID card.

Now when the webserver has verified the data sent by the browser to prove that user is the one he claims to be then server will read user data from the certificate. Usually name, birthday and country are encoded into the certificate. However countries can decide to add any information to the card that they need.


0 Comments

Leave a Reply