You are here: Resources > FIDIS Deliverables > HighTechID > D3.6: Study on ID Documents > 

D3.6: Study on ID Documents

Chip Card Technologies (Smart Cards)  Title:
 Summary and Conclusions


Electronic Signatures and PKI

The process of creating using and verifying a digital signature provides important functions that can be utilised for ID documents in an e-government context:


  • Firstly, the asymmetric cryptography (PKI) ensures a high level of security in e-communications and of confidentiality of the context of a message sent over the Internet.

  • Secondly, digital signatures provide authentication of the identity of the signer by attributing the message to the signer; so it is known who participated in a transaction. The rationale of this function is based on the fact that digital signatures cannot easily be forged, unless the signer loses control of his private key either accidentally or intentionally.

  • Thirdly, the digital signature protects the integrity of the transmitted data so the recipient can be sure that there has been no alteration to the original message.


The non-repudiation of digital signatures can be guaranteed by the involvement of trusted third parties, the certification authorities (CA’s). The CA’s issue a certificate, which attributes explicitly a public key to a specific identity and confirms the identity of the subject of the certificate.

Even though these functions of digital signatures can guarantee security over open networks, certain challenges need to be confronted. The big question is how secure is the security provided by digital signatures? 


Risks of Using PKI

The incorporation of PKI can be very valuable to ID documents, however, it should be remembered that it is not without flaws. There are certain basic questions that need to be answered and precautions that should be taken while incorporating PKI in order to make it sufficiently secure and trustworthy. 

Private keys are usually stored on a conventional computer, which may not have a secure computing system, adequate network security and other protections. If it is protected by a password, how difficult is it to guess the password? If the key is stored on a smart-card, how attack resistant is the smart-card? If it is stored in a truly attack-resistant device, can an infected driving computer get the trustworthy device to sign something that was not intended to be signed?

For example, Alice’s digital signature does not prove that Alice signed the message, but that her private key did. If her computer were appropriately infected, the malicious code could use her key to sign documents without her knowledge or permission. Even if she needed to give explicit approval for each signature (for example, via a fingerprint scanner), the malicious code could wait until she approved a signature and sign its own message instead of hers.

If an attacker can manage to add his own public key to an existing list of legally registered keys, then he can issue his own certificates, which will be treated exactly like the legitimate certificates. They may match legitimate certificates in every other field except that they would contain a public key of the attacker instead of the correct one.

A key has a cryptographic lifetime. It also has a theft lifetime, as a function of the vulnerability of the subsystem storing it, the rate of physical and network exposure, attractiveness of the key to an attacker, etc. From these, one can compute the probability of loss of key as a function of time and usage. What probability threshold is used to consider a key invalid?

Certification authorities (forming the backbone of PKI) are vital to the use of digital signatures. However, some jurisdictions have no specific regulation dealing with certification authorities. The EU Directive prohibits mandatory prior authorisation schemes but does allow member states to set up voluntary accreditation schemes for certification authorities. If the PKI system has to have any value in terms of security, the certificate authorities have to be trusted sources. In certain countries, the government itself assumes the role of being the Certification authority.



The use of PKI in ID documents can guarantee time and cost-efficiency in the bureaucratic procedures by facilitating the handle, process, storage and transmission of data. However, countries have to find a means to overcome security problems arising from the use of PKI. For instance, in the Finnish eID system, private keys are held only by the certificate holder (e.g. on the ID card chip) and can be utilised only after inputting the PIN codes, but even then they cannot be read from the card. The PIN codes are known only to the cardholder, and he or she can change them, when necessary. Three false attempts at inputting the PIN code locks the card.  

It remains to be answered as to whether the questions and problems as stated above have been considered by member states and if so, if they have been effectively overcome in identity documents using PKI. 



Chip Card Technologies (Smart Cards)  fidis-wp3-del3.6.study_on_id_documents_03.sxw  Summary and Conclusions
Denis Royer 45 / 56