-
Privacy and Security Risks when Authenticating on the Internet with European eID Cards
-
Whenever we use internet services, the first steps we take are usually identification (we input our names) and authentication (we prove that it is us). How we actually identify and authenticate ourselves depends on the security level of the application. The means used can vary from a simple combination of username and password, through a secret PIN, to a PIN generated by some external device or a smart card using cryptography.
Smart cards are being used increasingly for authentication purposes. Many European identity cards now contain a smart-card chip, equipped with functionalities for online authentication. They are usually called 'electronic identity cards' (eID cards). This report focuses on authentication using smart cards and compares this approach with other common means of authentication.
Located in
Publications
-
Privacy Features of European eID Card Specifications
-
A national eID card is a gateway to personal information. Any unwanted disclosure of personal information constitutes a violation of the citizen’s privacy rights. Apart from considerations of fundamental rights, this is also a serious obstacle to the adoption of eID card schemes and to their cross-border interoperability. The aim of this paper is to allow easy comparison between privacy features offered by European eID card specifications and thereby to facilitate identification of best practice.
Located in
Publications
-
proceedings
-
Located in
Events
/
Workshop on Security Aspects of TSPs 2013
-
Recommendations for QTSPs based on Standards - Technical guidelines on trust services
-
Following the publication of the eIDAS Regulation, a set of secondary and co-regulatory acts had to be published in order to provide technical guidance on how to implement the specific requirements of the eIDAS Regulation (in the TSP part of eIDAS, the European Commission decided to publish only the mandatory ones). ENISA aimed to develop a concise set of technical guidelines implementing the eIDAS Regulation in the non-mandatory articles, for voluntary use of all stakeholders, including Trust Service Providers, Supervisory Bodies and Conformity Assessment Bodies.
The objective of this document is to provide guidelines for fulfilling requirements originating from the following articles of the eIDAS Regulation:
Located in
Publications
-
Registration form
-
This form allows you to register for this ENISA event.
Located in
Events
-
Security aspects of the new trust services defined in the draft Regulation
-
Alejandro Elices (Atos Research)
Located in
Events
/
Workshop on Security Aspects of TSPs 2013
/
proceedings
-
Security framework for Trust Service Providers - Technical guidelines on trust services
-
Article 19, which is the main focus of this document, of the eIDAS Regulation, states that Trust Service
Providers have to demonstrate due diligence, in relation to the identification of risks and adoption of
appropriate security practices, and notify competent bodies of any breach of security or loss of integrity
that has a significant impact on the trust service provided or on the personal data maintained therein.
Located in
Publications
-
Security guidelines on the appropriate use of qualified electronic time stamps
-
This document addresses qualified electronic time stamps and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery or website authentication certificates to understand the subject correctly as-well-as the potential benefits, amongst others, by giving examples of possible application. This series of documents also targets to give those parties some advice on how to correctly use the related qualified trust services.
Located in
Publications
-
Security guidelines on the appropriate use of qualified electronic seals
-
This document addresses qualified electronic seals and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery and website authentication certificates to understand the subject correctly as-well-as the potential benefits, amongst others, by giving examples of possible application. This series of documents also targets to give those parties some advice on how to correctly use the related qualified trust services.
Located in
Publications
-
Security guidelines on the appropriate use of qualified website authentication certificates
-
This document addresses qualified certificates for website authentication and is one out of a series of five documents which aim to assist parties wishing to use qualified electronic signatures, seals, time stamps, eDelivery or website authentication certificates to understand the subject correctly as-well-as the potential benefits, amongst others, by giving examples of possible application. This series of documents also targets to give those parties some advice on how to correctly use the related qualified trust services.
Located in
Publications