Web eID authentication extension for biometric passports / ID cards
Organization
Software engineering
Abstract
The Estonian Information System Authority (RIA) is preparing to introduce "Web eID" – a new architecture solution for web authentication and signing. In this new architecture, a user of the Estonian ID card is authenticated to a website on the application level by signing the website's challenge with the help of the Web eID browser extension.
The latest generation Estonian ID cards are equipped with the a biometric passport (Electronic machine readable travel document - eMRTD) applet.
The eMRTD applet enables digital verification of the authenticity of the document and the verification of the authenticity of the data therein (the information printed on the data page, including the facial image of the cardholder).
The task of this project is to develop a Web eID authentication extension for eMRTDs. The providers of electronic services (i.e., websites) could use this extension to authenticate the cardholder (or more precisely - the document, as no PIN entry is required in this process) and send a request to share the information from the user’s document’s data page, including the facial image of the cardholder. As this information is digitally signed by the state that has issued the document, the website can verify the authenticity of the document and the shared data.
Potential tasks:
- Design and describe the API of the Web eID eMRTD extension.
- Implement an API in the Web eID browser extension. This requires:
-- implementing smart card communication with the ID card's eMRTD applet;
-- implementing the eMRTD use case specific browser extension GUI prompt;
-- implementing the API in the extension's JavaScript code.
- Develop a server-side library that verifies the authentication token issued by the Web eID eMRTD authentication extension.
- Set up a demo website that uses the provided functionality.
- Analyze the security of the solution and describe the potential use cases.
Links:
Description of the current Web eID API: https://github.com/web-eid/web-eid-system-architecture-doc
Thesis describing the eMRTD functionality provided by the Estonian ID cards: https://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=72515&year=2021&language=en
The latest generation Estonian ID cards are equipped with the a biometric passport (Electronic machine readable travel document - eMRTD) applet.
The eMRTD applet enables digital verification of the authenticity of the document and the verification of the authenticity of the data therein (the information printed on the data page, including the facial image of the cardholder).
The task of this project is to develop a Web eID authentication extension for eMRTDs. The providers of electronic services (i.e., websites) could use this extension to authenticate the cardholder (or more precisely - the document, as no PIN entry is required in this process) and send a request to share the information from the user’s document’s data page, including the facial image of the cardholder. As this information is digitally signed by the state that has issued the document, the website can verify the authenticity of the document and the shared data.
Potential tasks:
- Design and describe the API of the Web eID eMRTD extension.
- Implement an API in the Web eID browser extension. This requires:
-- implementing smart card communication with the ID card's eMRTD applet;
-- implementing the eMRTD use case specific browser extension GUI prompt;
-- implementing the API in the extension's JavaScript code.
- Develop a server-side library that verifies the authentication token issued by the Web eID eMRTD authentication extension.
- Set up a demo website that uses the provided functionality.
- Analyze the security of the solution and describe the potential use cases.
Links:
Description of the current Web eID API: https://github.com/web-eid/web-eid-system-architecture-doc
Thesis describing the eMRTD functionality provided by the Estonian ID cards: https://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=72515&year=2021&language=en
Graduation Theses defence year
2021-2022
Supervisor
Arnis Parsovs
Spoken language (s)
English
Requirements for candidates
Level
Bachelor, Masters
Keywords
Application of contact
Name
Arnis Parsovs
Phone
E-mail
See more