Sisene kasutajana

Anneta TNP Toetusfondi

Toeta siin Vaba Eesti Sõna!

Donate here to Vaba Eesti Sõna!

Otsing

Digiteeritud eesti ajalehed

digilehed

Should even one of Estonia's national ID cards be cracked, the certification center of the Police and Border Guard Board (PPA) would be obliged under law to void all of the approximately 750,000 cards containing the chip in which a security flaw was discovered at the end of August.

 

"In principle, if someone manages to crack the card and the Information System Authority (RIA) confirms this, the certificate will be revoked," PPA spokesperson Kirsti Ruul told BNS. "In such case all the cards with the security risk must be closed."

 

PPA Identity and Status Bureau chief Margit Ratnik likewise said that realization of the security risk in one case would mean that the certificates of all cards affected by the security risk will be revoked.

 

"In the event that there is sound evidence that the risk has materialized, the PPA  as the issuer of the document will revoke the certificates of all the cards affected by the security risk," she confirmed. "This means that it will not be possible to use these cards electronically anymore after the certificates have been revoked. The ID cards not affected by the security risk will remain valid and it will remain possible to continue to use them electronically."

 

The legal obligation to revoke the certificate arises from the Identity Documents Act, which states that the issuer of the document may revoke the certificate if  there is a reason to believe that it is possible to use the private key corresponding to the public key contained in the certificate without the consent of the certificate holder.

 

In addition, the Electronic Identification and Trust Services for Electronic Transactions Act puts an obligation on the trust service provider, that is, the certification center, to revoke a certificate if requested by a competent authority or the holder of the certificate. If a certificate holder has any doubts that it is possible to use the private key corresponding to a public key contained in the certificate without his or her consent, the certificate holder has the obligation to request revocation of the certificate.

 

Ruul noted that the discovery of the theoretical security risk by Czech scientists   of which Estonia was notified does not provide sufficient grounds for revoking the certificates of all the cards affect- ed by the risk. Such an obligation would arise if an actual card is cracked, however.

 

750,000 ID cards affected

 

On Aug. 30, an international group of researchers informed the RIA that they had discovered a security risk affecting all ID cards issued in Estonia beginning in Oct. 2014, including ID cards issued to Estonian e-residents. Nearly 750,000 ID cards are affected by the issue.

 

ID cards issued prior to Oct. 16, 2014 used a different kind of chip and are not affected by the current risk. The security risk likewise does not affect Mobile-ID users.

 

According to available information, the security risk has yet to materialize.  Nonetheless, Estonia has closed the public key database of the electronic ID cards, so the security flaw cannot be exploited for cracking the encryption on the chip of a card without knowing the public key.

 

ERR News

Tellimine

"Vaba Eesti Sõna" PDF-i täisversioon on tasuline. Kasutajakonto saamiseks tuleb täita tellimus. Maksmise ja tellimise info vaata sisukorrast Lehe tellimine. Tasuda saate krediitkaardiga PayPal'i kaudu siit.

Full PDF version of the paper costs $50 per year. To open your account, please click for more info Lehe tellimine. You can pay directly through PayPal. This is the safer, easier way to pay online.

Toeta ajalehte

Toeta siin Vaba Eesti Sona!

Donate here to Vaba Eesti Sõna!

Eesti Rahvuskomitee

eanc logo

NY Eesti Maja

em logo

NY Eesti Kool

nyek logo

Eesti Abistamiskomitee

erc logo

Järvemetsa Fund

2014 metsavaim

ESFUSA

eutf logo

Eesti Arhiiv USA's

eausa logo

LA Eesti Maja

laem logo

Kanada Metsaülikool

metsaulikool logo