Chip Authentication Version 3 (CAv3)

This post describes a new version 3 of well-known protocol Chip Authentication, which is used in context of eID to authenticate the chip and to establish a strong secure channel between chip and terminal.

In context of the European eIDAS regulation, the German BSI and the French ANSSI have specified in TR-03110 a new version 3 of protocol Chip Authentication (CAv3). It bases on ephemeral-static Diffie-Hellman key agreement, that provides both secure communication and also unilateral authentication of the chip. This new protocol is an alternative to Chip Authentication Version 2 and Restricted Identification (RI) providing additional features. CAv3 provides the following benefits (see TR-03110 part 2):

  • message-deniable strong explicit authentication of the eIDAS token and of the provided sector-specific identifiers towards the terminal,
  • pseudonymity of the eIDAS token without the need of using the same keys on several chips,
  • possibility of whitelisting eIDAS token (even in case of a compromised group key),
  • implicit authentication of stored data by performing Secure Messaging using new session keys derived during CAv3.

Before CAv3 is started the well-known protocol Terminal Authentication Version 2 (TAv2) must performed because the terminal’s ephemeral key pair generated during TAv2 is used during CAv3. It is also recommend that Passive Authentication is performed before CAv3 to assure the authenticity of chip’s public key.

Following table describes the command during CAv3 respective PSA (Source ISO/IEC 19286):

Command description of Chip Authentication V3 (CAv3) protocol (Source ISO/IEC 19286)

Command description of CAv3 protocol (Source ISO/IEC 19286)

The protocol CAv3 consists of the following two steps (where terminal and eIDAS token are involved):

  1. Perform Key Agreement (based on Anonymous Diffie Hellman (ADH))
    • Kee Agreement is performed in this step of the protocol:
      • MSE:SET AT with CA-OID and reference to private key
      • GENERAL AUTHENTICATE with dynamic authentication data (ephemeral public key)
  2. Perform Pseudonymous Signature Authentication (PSA)
    • Pseudonymous Signature is computed in this step of the protocol:
      • MSE:SET AT with PSA-OID and reference to private key
      • GENERAL AUTHENTICATE with dynamic authentication data (public key for domain-specific identifier)

Additionally, the received sector-specific identifier can be checked if it is black-listed (or white-listed).

On this way the new protocol CAv3 can be used in addition to sign data under a chip and sector specific pseudonym as an alternative to Restricted Identification.


Author: .

Flattr this!

2 thoughts on “Chip Authentication Version 3 (CAv3)

  1. Yoram Oren

    Thank you for the explanation. One question comes to mind: If you have static data from the passive authentication, how is a pseudonym useful? The only use case I see is of an identity provider that knows all data, but passes only pseudonyms to service providers as part of the identity federation process. Are there any other use cases I miss?

    Thanks again. As far as I know this blog is the only one that writes about such protocols and its technical details.

  2. user

    Note the order: You run first Chip-Authentication, and only afterwards you can read out data from the chip (passive authentication). And reading out data is only possible a) if the the terminal has the right to do so (terminal authentication) and b) if the user consents during TA (TA is before CA in this context).

    In other words, CA3 allows true pseudonymous authentication and signing.

    But yes, if the terminal is allowed to, and the user consents to read out the data, then pseudonymous auth absolutely doesn’t make any sense


Leave a Reply

Your email address will not be published. Required fields are marked *