Wednesday, 2 December 2009

ENISA A new ENISA Position Paper on "Privacy and Security Risks when Authenticating on the Internet with European eID Cards"

A new ENISA Position Paper on "Privacy and Security Risks when Authenticating on the Internet with European eID Cards" has been published.

The paper is focusing on authentication risks with European eID Cards. It analyses seven vulnerabilities, identifies 15 threats and gives security recommendations.

Whenever we use internet services, the first steps we take are usually identification (we insert our names) and authentication (we prove that it is us). How we actually identify and authenticate ourselves depends on the security level of the application. The means used can vary from a simple combination of username and password, through a secret PIN, to a PIN generated by some external device or a smart card using cryptography. Smart cards are being used increasingly for authentication purposes. Many European identity cards now contain a smart-card chip, equipped with functionalities for online authentication. They are usually called 'electronic identity cards' (eID cards). The paper focuses on authentication using smart cards and compares this approach with other common means of authentication.

Press release:http://www.enisa.europa.eu/media/press-releases/position-paper-security-risks-online-banking-and-eid-cards

Full report:http://www.enisa.europa.eu/act/it/eid/eid-online-banking

No comments: