Tag Archives: TR-03105

BSI released version 1.2 of TR-03105 Part 3.3

The German BSI has released a new version 1.2 of TR-03105 Part 3.3 for eIDAS token. This test specification for chip assures conformity and interoperability of eIDAS token like eID cards or residence permits. TR-03105 Part 3.3 contains tests for protocols that are summarized under EACv2 and corresponding data groups.

Front page of German ID card (Personalauswweis) compliant to TR-03105 Part 3.3
Front page of German ID card (Source: Wikipedia)

In TR-03105 Part 3.3 Version 1.2 new test cases are added to verify and assure the correct handling of authorization extensions. Authorization extensions are specified in TR-03110 and they are a special type of certificate extensions. These extensions convey authorizations additional to those in the Certificate Holder Authorization Template (CHAT) contained in the certificate. Additionally, authorization extensions contain exactly one discretionary data object that encodes the relative authorization. The main changes of version 1.2 are:

  • Test cases to verify correct handling of authorization extensions
  • New certificates to perform test cases with authorization extensions
  • The tests for command COMAPRE can now be performed in a more detailed way (see new table in ICS in annex A.1)
  • A new test case to verify the TA migration according to the manufacturer’s implementation conformance statement where the AT trust point are replaced
  • Some minor editorial changes and clarifications

Modified test cases in version 1.2

  • EAC2_7816_L_36: Clarification in Purpose
  • EAC2_7816_N_1: Clarification in purpose
  • EAC2_7816_P_8: Added missing tag ‘7C’ in commands
  • EAC2_ISO7816_P9: Removed tag ‘97’ that is not necessary in command RESET RETRY COUNTER (step 6)
  • EAC2_7816_P_14: Added missing tag ‘7C’ in commands
  • EAC2_7816_P_14: Added missing tag ‘7C’ in commands
  • EAC2_7816_U_13: Expected results: Accept also a checking error in step 3 of preconditions
  • EAC2_7816_U_14: Expected results: Accept also a checking error in step 3 of preconditions
  • EAC2_DATA_B_11: Check a whitelist of SecurityInfos (PACEInfo, PACEDomainParameterInfo, PasswordInfo, ChipAuthenticationInfo, ChipAuthenticationDomainParameterInfo, PSAInfo, TerminalAuthenticationInfo, PSMInfo, CardInfo) and ignore PrivilegedTerminalInfos
  • EAC2_DATA_C_12: Editorial correction in Test-ID
  • EAC2_EIDDATA_B_6: Renamed data type ArtisticName by NomDePlume according to TR-03110

New test cases in version 1.2

  • EAC2_7816_L_38: Positive test with a valid terminal authentication process. The DV certificate and the terminal certificate grant access to an eID access function that is reserved for future use (RFU).
  • EAC2_7816_L_39: Positive test with a valid terminal authentication process. The DV certificate and the terminal certificate grant access to an eID special function that is reserved for future use (RFU).
  • EAC2_7816_L_40: Positive test with a valid terminal authentication process. The DV certificate and the terminal certificate contain a certificate extension (authentication terminals) extended by two empty bytes. The authorization extension in both certificates are extended with leading ‘00 00’ (56 bit instead of 40 bit).
  • EAC2_7816_L_41: Positive test with a valid terminal authentication process. The DV certificate and the terminal certificate contain a certificate extension (eID functions) extended by two empty bytes.
  • EAC2_7816_L_42: Positive test with a valid terminal authentication process. The DV certificate and the terminal certificate contain a certificate extension (special functions) extended by two empty bytes.
  • EAC2_7816_L_43: Positive test with a valid terminal authentication process. The DV certificate and the terminal certificate contain an unknown OID in CHA.
  • EAC2_7816_L_44: Positive test with a valid terminal authentication process. The DV certificate and the terminal certificate contain an unknown authorization extension OID in for eID access.
  • EAC2_7816_L_45: Positive test with a valid terminal authentication process. The DV certificate and the terminal certificate contain an unknown authorization extension OID in for special functions.
  • EAC2_ISO7816_M_9: Positive test to verify that a link certificate can activate a feature of the eID card. In this test case the right to read DG1 is used to verify that the eID card supports activation of features by link certificates.
  • EAC2_ISO7816_M_10: Positive test to verify that a link certificate can deactivate a feature of the eID card. In this test case the right to read DG1 is used to verify that the eID card supports deactivation of features by link certificates.
  • EAC2_ISO7816_M_11: Positive test to verify that rights are granted by the last link certificate and not a combination of all rights in the whole certificate chain. In this test case the right to read DG1 is used.
  • EAC2_ISO7816_M_12: Positive test to verify that a link certificate can activate a feature of the eID card. In this test case the right to compare DG8 is used to verify that the eID card supports activation of eID Access features by link certificates.
  • EAC2_ISO7816_M_13:  Positive test to verify that a link certificate can deactivate a feature of the eID card. In this test case the right to compare DG8 is used to verify that the eID card supports deactivation of eID Access features by link certificates.
  • EAC2_ISO7816_M_14: Positive test to verify that eID Access rights are granted by the last link certificate and not a combination of all rights in the whole certificate chain. In this test case the right to compare DG8 is used.
  • EAC2_7816_N_2: Positive test case to verify the TA mechanism migration according to the manufacturer’s implementation statement (replacement of the AT trust point)

As mentioned in my previous blog post describing latest version of TR-03105 Part 5.1, I’ve extended the focus of my blog from ePassports towards eID and eIDAS token. You can find a list of current test specifications here.

Version 1.5 of BSI TR-03105 Part 5.1 available

Introduction

The German BSI has released a new version 1.5 of TR-03105 Part 5.1. This technical guideline specifies conformity test cases for inspection system that are used in context of border control.

Cover of TR-03105 Part 5.1 Version 1.5
Cover of TR-03105 Part 5.1 Version 1.5

This new version replaces previous maintenance version 1.41, that was released in 2016. Most changes of the current release are based on comments of BSI, G+D Mobile Security and secunet Scurity Networks. This blog post decribes the changes, that took effect over the last months and were finalizied in version 1.5.

Important changes in version 1.5 of TR-03105 Part 5.1:

  • Several test cases are moved to ICAO Test Specification Part 4 for inspection systems
  • Removed transfer interface: specification deleted and test cases adopted.
  • Added new configuration for default EAC+PACE passport
  • Added new test suite for EF.CardSecurity (test suite LDS_J)
  • Added new test suite for EF.ATR/INFO (test suite LDS_K)
  • Added new test cases to verify trust anchor updates
  • Certificates:
    • Generic encoding of Certificate Holder Reference (CHR)
    • New certificates: DV_Cert_16, IS_Cert_16, CVCA_Link_Cert_16, CVCA_Link_Cert_17
  • New profile ‘DPRCTD-SHA1‘ for deprecated SHA-1 algorithm, including updated reference documents: several test cases require that an inspection system successfully validates any CSCA and DS certificate as well as SOD signed with RSA / DSA / ECDSA and SHA-1. This includes certificates and SOD signed 2019 or later. Doc9303 6th edition allowed for the usage of SHA-1, but Doc9303-12 7th edition (2015) clause 4.4.4 does not allow for the usage of these algorithms any longer: “SHA-224, SHA-256, SHA-384 and SHA-512, are the only permitted hashing algorithms”. There are plenty of eMRTDs with CSCA and DS certificates in circulation that follow the 6th edition and make use of SHA-1, i.e. an inspection system shall still support SHA-1. But the test specification should not explicitly require that an inspection system successfully validates a CSCA certificate, the corresponding DS certificate and the eMRTD’s SOD issued recently (or later during the life-time of the test specification) which are signed with RSA / DSA / ECDSA and SHA-1.
  • Deprecated algorithm SHA-1 is replaced by alternative hash algorithm if applicable:
    • Modified test cases: LDS_H_74, LDS_H_75, LDS_H_76, LDS_H_77, LDS_I_01, LDS_I_02, LDS_I_03
  • Updated list of abbreviations and reference documentation
  • Consistent wording of OID (ICAO guide lines and BSI guide lines)
  • Clarification concerning the usage of PACE (test suite ISO7816_G)
  • Updated and re-organised list of algorithms to be supported by inspection systems (chapter 7)
  • Updated list of abbreviations and reference documentation
  • Minor editorial changes

Moved test cases

  • ISO7816_A_01: moved to ICAO ISO7816_A_01
  • ISO7816_A_02: moved to ICAO ISO7816_A_02
  • ISO7816_A_03: moved to ICAO ISO7816_A_04 
  • ISO7816_B_01: moved to ICAO ISO7816_B_01
  • ISO7816_B_02: moved to ICAO ISO7816_B_02
  • ISO7816_B_03: moved to ICAO ISO7816_B_03
  • ISO7816_B_04: moved to ICAO ISO7816_D_01
  • ISO7816_B_05: moved to ICAO ISO7816_D_02
  • ISO7816_B_06: moved to ICAO ISO7816_D_03
  • ISO7816_B_07: moved to ICAO ISO7816_D_04
  • ISO7816_B_08: moved to ICAO ISO7816_D_05
  • ISO7816_B_09: moved to ICAO ISO7816_D_06
  • ISO7816_B_10: moved to ICAO LDS_D32
  • ISO7816_C_01: moved to ICAO ISO7816_F_01
  • ISO7816_C_02: moved to ICAO ISO7816_F_02    
  • ISO7816_C_03: moved to ICAO ISO7816_F_03
  • ISO7816_C_04: moved to ICAO ISO7816_F_04
  • ISO7816_C_05: moved to ICAO ISO7816_F_05
  • ISO7816_C_06: moved to ICAO ISO7816_F_06
  • ISO7816_C_07: moved to ICAO ISO7816_F_07
  • ISO7816_C_08: moved to ICAO ISO7816_F_08
  • ISO7816_D_01: moved to ICAO ISO7816_G_01
  • ISO7816_D_02: moved to ICAO ISO7816_G_02
  • ISO7816_D_03: moved to ICAO ISO7816_G_03
  • ISO7816_D_04: moved to ICAO ISO7816_G_04
  • ISO7816_D_05: moved to ICAO ISO7816_G_05
  • ISO7816_D_06: moved to ICAO ISO7816_G_06
  • ISO7816_D_07: moved to ICAO ISO7816_G_07
  • ISO7816_D_08: moved to ICAO ISO7816_G_08
  • ISO7816_D_09: moved to ICAO ISO7816_G_09
  • ISO7816_D_10: moved to ICAO ISO7816_G_10
  • ISO7816_D_11: moved to ICAO ISO7816_G_11
  • ISO7816_D_12: moved to ICAO ISO7816_G_12
  • ISO7816_D_13: moved to ICAO ISO7816_G_13
  • ISO7816_D_14: moved to ICAO ISO7816_G_14
  • ISO7816_D_15: moved to ICAO ISO7816_G_15
  • ISO7816_F_01: moved to ICAO ISO7816_E_01
  • ISO7816_F_02: moved to ICAO ISO7816_E_02
  • ISO7816_F_04: moved to ICAO ISO7816_E_03
  • ISO7816_F_05: moved to ICAO ISO7816_E_04
  • ISO7816_F_06: moved to ICAO ISO7816_E_05
  • ISO7816_F_07: moved to ICAO ISO7816_E_06
  • ISO7816_F_08: moved to ICAO ISO7816_E_07
  • ISO7816_F_09: moved to ICAO ISO7816_E_08
  • ISO7816_G_01: moved to ICAO ISO7816_C_01
  • ISO7816_G_02: moved to ICAO ISO7816_C_02
  • ISO7816_G_03: moved to ICAO ISO7816_C_03
  • ISO7816_G_04: moved to ICAO ISO7816_C_04
  • ISO7816_G_05: moved to ICAO ISO7816_C_05
  • ISO7816_G_06: moved to ICAO ISO7816_C_06
  • ISO7816_G_07: moved to ICAO ISO7816_C_07
  • ISO7816_G_08: moved to ICAO ISO7816_C_08
  • ISO7816_G_09: moved to ICAO ISO7816_C_09
  • ISO7816_G_10: moved to ICAO ISO7816_C_10
  • ISO7816_G_11: moved to ICAO ISO7816_C_11
  • ISO7816_G_12: moved to ICAO ISO7816_C_12
  • ISO7816_G_13: moved to ICAO ISO7816_C_13
  • ISO7816_G_14: moved to ICAO ISO7816_C_14
  • ISO7816_G_15: moved to ICAO ISO7816_C_15
  • ISO7816_G_16: moved to ICAO ISO7816_C_16
  • ISO7816_G_17: moved to ICAO ISO7816_C_17
  • ISO7816_G_18: moved to ICAO ISO7816_C_18
  • ISO7816_G_19: moved to ICAO ISO7816_C_19
  • ISO7816_G_20: moved to ICAO ISO7816_C_20
  • ISO7816_G_21: moved to ICAO ISO7816_C_21
  • ISO7816_G_22: moved to ICAO ISO7816_C_22
  • ISO7816_G_23: moved to ICAO ISO7816_C_23
  • ISO7816_G_24: moved to ICAO ISO7816_C_24
  • ISO7816_G_25: moved to ICAO ISO7816_C_25
  • ISO7816_G_26: moved to ICAO ISO7816_C_26
  • ISO7816_G_27: moved to ICAO ISO7816_C_27
  • ISO7816_G_28: moved to ICAO ISO7816_C_28
  • ISO7816_G_29: moved to ICAO ISO7816_C_29
  • ISO7816_G_30: moved to ICAO ISO7816_C_30
  • ISO7816_G_31: moved to ICAO ISO7816_C_31
  • ISO7816_G_32: moved to ICAO ISO7816_C_32
  • ISO7816_G_33: moved to ICAO ISO7816_C_33
  • ISO7816_G_34: moved to ICAO ISO7816_C_34
  • ISO7816_G_35: moved to ICAO ISO7816_C_35
  • ISO7816_G_38: moved to ICAO ISO7816_C_36
  • ISO7816_G_39: moved to ICAO ISO7816_C_37
  • ISO7816_G_40: moved to ICAO ISO7816_C_38
  • ISO7816_G_41: moved to ICAO ISO7816_C_39
  • LDS_A_01: moved to ICAO LDS_A_01
  • LDS_A_02: moved to ICAO LDS_A_02
  • LDS_A_03: moved to ICAO LDS_A_03
  • LDS_A_04: moved to ICAO LDS_A_04
  • LDS_A_05: moved to ICAO LDS_A_05
  • LDS_A_06: moved to ICAO LDS_A_06
  • LDS_A_07: moved to ICAO LDS_A_07
  • LDS_A_08: moved to ICAO LDS_A_08
  • LDS_A_09: moved to ICAO LDS_A_09
  • LDS_A_10: moved to ICAO LDS_A_10
  • LDS_B_01: moved to ICAO LDS_B_01
  • LDS_B_02: moved to ICAO LDS_B_02
  • LDS_B_03: moved to ICAO LDS_B_03
  • LDS_B_04: moved to ICAO LDS_B_04
  • LDS_B_05: moved to ICAO LDS_B_05
  • LDS_B_06: moved to ICAO LDS_B_06
  • LDS_B_07: moved to ICAO LDS_B_07
  • LDS_B_08: moved to ICAO LDS_B_08
  • LDS_B_09: moved to ICAO LDS_B_09
  • LDS_B_10: moved to ICAO LDS_B_10
  • LDS_B_11: moved to ICAO LDS_B_11
  • LDS_B_12: moved to ICAO LDS_B_12
  • LDS_B_13: moved to ICAO LDS_B_13
  • LDS_B_14: moved to ICAO LDS_B_14
  • LDS_B_15: moved to ICAO LDS_B_15
  • LDS_B_16: moved to ICAO LDS_B_16
  • LDS_B_17: moved to ICAO LDS_B_17
  • LDS_B_18: moved to ICAO LDS_B_18
  • LDS_B_19: moved to ICAO LDS_B_19
  • LDS_B_20: moved to ICAO LDS_B_20
  • LDS_B_21: moved to ICAO LDS_B_21
  • LDS_B_22: moved to ICAO LDS_B_22
  • LDS_B_23: moved to ICAO LDS_B_23
  • LDS_B_24: moved to ICAO LDS_B_24
  • LDS_B_25: moved to ICAO LDS_B_25
  • LDS_B_26: moved to ICAO LDS_B_26
  • LDS_B_27: moved to ICAO LDS_B_27
  • LDS_B_28: moved to ICAO LDS_B_28
  • LDS_C_01: moved to ICAO LDS_C_01
  • LDS_C_02: moved to ICAO LDS_C_02
  • LDS_C_03: moved to ICAO LDS_C_03
  • LDS_C_04: moved to ICAO LDS_C_04
  • LDS_C_05: moved to ICAO LDS_C_05
  • LDS_C_06: moved to ICAO LDS_C_06
  • LDS_C_07: moved to ICAO LDS_C_07
  • LDS_C_08: moved to ICAO LDS_C_08
  • LDS_C_09: moved to ICAO LDS_C_09
  • LDS_C_10: moved to ICAO LDS_C_10
  • LDS_C_11: moved to ICAO LDS_C_11
  • LDS_C_12: moved to ICAO LDS_C_12
  • LDS_C_13: moved to ICAO LDS_C_13
  • LDS_C_14: moved to ICAO LDS_C_14
  • LDS_C_15: moved to ICAO LDS_C_15
  • LDS_C_16: moved to ICAO LDS_C_16
  • LDS_C_17: moved to ICAO LDS_C_17
  • LDS_C_18: moved to ICAO LDS_C_18
  • LDS_C_19: moved to ICAO LDS_C_19
  • LDS_C_20: moved to ICAO LDS_C_20
  • LDS_C_21: moved to ICAO LDS_C_21
  • LDS_C_22: moved to ICAO LDS_C_22
  • LDS_C_23: moved to ICAO LDS_C_23
  • LDS_C_24: moved to ICAO LDS_C_24
  • LDS_C_25: moved to ICAO LDS_C_25
  • LDS_C_26: moved to ICAO LDS_C_26
  • LDS_C_27: moved to ICAO LDS_C_27
  • LDS_C_28: moved to ICAO LDS_C_28
  • LDS_H_17: moved to ICAO LDS_D_02
  • LDS_H_18: moved to ICAO LDS_D_03
  • LDS_H_19: moved to ICAO LDS_D_04
  • LDS_H_20: moved to ICAO LDS_D_05
  • LDS_H_21: moved to ICAO LDS_D_06
  • LDS_H_22: moved to ICAO LDS_D_07
  • LDS_H_23: moved to ICAO LDS_D_08
  • LDS_H_24: moved to ICAO LDS_D_09
  • LDS_H_25: moved to ICAO LDS_D_10
  • LDS_H_26: moved to ICAO LDS_D_11
  • LDS_H_27: moved to ICAO LDS_D_12
  • LDS_H_28: moved to ICAO LDS_D_13
  • LDS_H_29: moved to ICAO LDS_D_14
  • LDS_H_30: moved to ICAO LDS_D_15
  • LDS_H_31: moved to ICAO LDS_D_16
  • LDS_H_32: moved to ICAO LDS_D_17
  • LDS_H_33: moved to ICAO LDS_D_18
  • LDS_H_37: moved to ICAO LDS_D_19
  • LDS_H_38: moved to ICAO LDS_D_20
  • LDS_H_39: moved to ICAO LDS_D_21
  • LDS_H_40: moved to ICAO LDS_D_22
  • LDS_H_41: moved to ICAO LDS_D_23
  • LDS_H_42: moved to ICAO LDS_D_24
  • LDS_H_43: moved to ICAO LDS_D_25
  • LDS_H_44: moved to ICAO LDS_D_26 
  • LDS_H_48: moved to ICAO LDS_D_27 
  • LDS_H_49: moved to ICAO LDS_D_28 
  • LDS_H_53: moved to ICAO LDS_D_29 
  • LDS_H_67: moved to ICAO LDS_D_30 
  • LDS_H_68: moved to ICAO LDS_D_31 
  • LDS_H_86: moved to ICAO LDS_D_35
  • LDS_H_87: moved to ICAO LDS_D_36
  • LDS_H_88: moved to ICAO LDS_D_37
  • LDS_H_89: moved to ICAO LDS_D_38

New test cases

  • ISO7816_E_31: New test case to check dynamic binding between protocols
  • ISO7816_E_32: New test case to check TA including trust anchor update
  • ISO7816_E_33: New test case to check TA with two different trust anchors
  • ISO7816_E_34: New test case to check TA with offered but not needed trust anchor update
  • ISO7816_E_35: New test case to verify that the inspection system performs terminal authentication successfully with id-TA-RSA-v1-5-SHA-512 algorithm
  • ISO7816_E_36: New test case to verify that the inspection system performs terminal authentication successfully with id-TA-RSA-PSS-SHA-512 algorithm
  • ISO7816_E_37: New test case to verify that the inspection system performs terminal authentication successfully with id-TA-ECDSA-SHA-384 algorithm
  • ISO7816_E_38: New test case to verify that the inspection system performs terminal authentication successfully with id-TA-ECDSA-SHA-512 algorithm
  • LDS_H_90: New test case with EF.SOD inconsistent with EF.COM (more data groups)
  • LDS_H_91: New test case with EF.SOD inconsistent with EF.COM (less data groups)
  • LDS_H_92: New test case with EF.SOD inconsistent with EF.COM (different data groups)
  • LDS_H_93: New test case with EF.SOD with missing checksum of EF.CardAccess
  • LDS_H_94: New test case to verify that the inspection system performs correctly if EF.SOD contains RSASSA-PSS with SHA224, SHA224 DG hash, DS stored inside SOD
  • LDS_H_95: New test case to verify that the inspection system performs correctly if EF.SOD contains RSASSA-PSS with SHA384, SHA384 DG hash, DS stored inside SOD
  • LDS_H_96: New test case to verify that the inspection system performs correctly if EF.SOD contains RSASSA-PSS with SHA512, SHA512 DG hash, DS stored inside SOD
  • LDS_H_97: New test case to verify that the inspection system performs correctly if EF.SOD contains DSA with SHA224, SHA224 DG hash, DS stored inside SOD
  • LDS_H_98: New test case to verify that the inspection system performs correctly if EF.SOD contains DSA with SHA256, SHA256 DG hash, DS stored inside SOD
  • LDS_J_01: New test case with CardSecurity inconsistent with EF.CardAccess (more SecurityInfos)
  • LDS_J_02: New test case with CardSecurity inconsistent with EF.CardAccess (less SecurityInfos)
  • LDS_J_03: New test case with CardSecurity inconsistent with EF.CardAccess (different SecurityInfos)
  • LDS_J_03: New test case with an incorrect ChipAuthenticationPublicKeyInfo for PACE-CAM in EF.CardSecurity
  • LDS_J_04: New test case with an incorrect ChipAuthenticationPublicKeyInfo in EF.CardSecurity
  • LDS_K_01: New test case with valid encoding with two bytes length for APDU
  • LDS_K_02: New test case with valid encoding with three bytes length for APDU
  • LDS_K_03: New test case with only one valid value for command length
  • LDS_K_04: New test case with wrong tag 7F66

Modified test cases

  • ISO7816_E_01: Added profile ‚DPRCTD-SHA1‘
  • ISO7816_E_03: Added profile ‚DPRCTD-SHA1‘
  • ISO7816_E_05: Added profile ‚DPRCTD-SHA1‘
  • ISO7816_E_19: Clarification in purpose
  • LDS_H_01: Added profile ‚DPRCTD-SHA1 ‘
  • LDS_H_02: Added profile ‚DPRCTD-SHA1 ‘
  • LDS_H_08: Added profile ‚DPRCTD-SHA1 ‘
  • LDS_H_09: Added profile ‚DPRCTD-SHA1 ‘
  • LDS_H_10: Added profile ‚DPRCTD-SHA1 ‘
  • LDS_H_15: importance of test case changed form ‘Mandatory’ to ‘Optional’
  • LDS_H_79: Added profile ‚DPRCTD-SHA1‘
  • LDS_I_01: Clarification in purpose of test case

Deleted test cases

  • ISO7816_F_03: Test case deleted in version 1.5
  • LDS_H_16: Test case deleted in version 1.5

Focus extension of this blog to eIDAS token

Until today the focus of this blog was limited to ePassports or eMRTDs specified by BSI and ICAO. From now on this focus will be extended also to eIDAS token.

eIDAS Logo

An eIDAS token is specified also in BSI TR-03110. The technical guideline specifies a set of different algorithms and protocols that can be used in the area of identification and authorisation. One representative for a token like this is for example the German ID card (Personalausweis).

Additionally, a first prototype of an eIDAS token was implemented during a project called PersoSim on behalf of BSI. Goal of this project was to implement the functionality of a German ID card in a simulator including a virtual smart card reader.

Protocols specified in TR-03110 beyond eMRTD are:

  • Restricted Identification (RI)
  • Pseudonymous Signatures (PS)
  • Chip Authentication Version 2
  • Chip Authentication Version 3
  • Terminal Authentication Version 3
  • Enhanced Role Authentication (ERA)
  • Authorization Extension for additional attributes

From now on you can find test specifications for eIDAS token at the overview of test specifications. There are more and more eID documents using the protocols specified in in TR-03110 (e.g. Authorization Extension for LDS2 where entry and exit stamps are stored on the chip) and at the end of the day the corresponding test specifications are getting more and more important. That’s the reason why I decided to blog also about eIDAS token at this blog from now on.