Activation Users of Polymorphic structures are: AD, MU, EB and MR.
Usages of Polymorphic structures
Users of Polymorphic structures are: AD, MU, EB and MR.
Format for Polymorphic Identity or Pseudonym
A Polymorphic Identity or Pseudonym is a combination of points on an elliptic curve. In order for the Identity or Pseudonym to be properly usable in the scheme, some additional information is needed. This information is necessary for practical management and secure implementation of Identity or Pseudonym in the Scheme and consists of elements like versioning (for key management) and recipient. The syntax for expressing an Identity or Pseudonym with this information is listed below.
Values of the notations below SHALL be represented as (the base64 encoding of) the DER-encoded structure in ASN.1 notation.
Polymorphic Identity or Pseudonym
A Polymorphic Identity or Pseudonym consists of 3 points on an elliptic curve. Polymorphic Identity or Pseudonym are provided via the Interface spec BSNk: activate. They are used via the interface Interface spec BSNk: transform. The notation for a complete Polymorphic Identity or Pseudonym is as follows:
schemeVersion indicates the version of the cryptographic scheme and this syntax and SHALL start at 1. The
schemeKeySetVersion is a version that SHALL start at 1 and represents the effective set of long term scheme master keys (PP-M, PD-M, etc...). The
schemeVersion defines the elliptic curve used in the scheme as well. The
creator SHALL contain the entityID (OIN) of the creator, and the
recipient SHALL contain the entityID (OIN) of the recipient. The
recipientKeySetVersion holds the version number for the set of recipient's keys for Polymorphic Identities and Pseudonyms (PA-Di). Note: In
schemeVersion 1 the
recipientKeySetVersion for MUs, ADs, MRs and the EB is a sequence starting at 1. The
type defines the identity type the Pseudonym is derived of, e.g. from a BSN or an eIDAS Uniqueness Identifier. This field is not necessary in identity based forms as here the identity type will become clear as part of decryption of the final structure, i.e. the Encrypted Identity. The values currently defined are the ASCII value of '
B' (0x42) for BSN based and '
E' (0x45) when based on a eIDAS uniqueness identifier. ECPoint is identical to ECPoint as defined in BSI TR 03111 and ANSI X9.62 (2005). Here two encodings are specified, compressed and compressed. Both encodings are allowed, with a preference for uncompressed encoding.
A Polymorphic Identity of Polymorphic Pseudonym can be signed for integrity protection:
auditElement holds an audit value consisting of an identifier for the creator, a timestamp and a sequence number from that creator. This
auditElement is 16 bytes in big-endian (32-bit origin, 32-bit timestamp and 64-bit sequence-number). The origin identifies the party providing the Polymorphic/Encrypted Identity or Pseudonym and the unique device used. The timestamp and sequence number can be used in case of a compromise or dispute, so that mitigating measure or resolution can be accomplished. Note: the timestamp is 32-bit in seconds since 1 jan 1970 UTC. The
auditElement is encrypted under a key only retrievable by the supervisor of the scheme, which is provided to the supervisior by the keymanagement role.
signatureValue can be used to assert the authenticity of the (polymorphic/encrypted) Identity or Pseudonym. The signature is applied to the byte sequence of the complete DER-encoded signed sequence (e.g. signedPP in a SignedPolymorphicPseudonym). The public key for verification can be retrieved from the Metadata using the creator from the structure covered under the signature and the
PIP – PPCA optimized
For privacy enhanced implementation, Polymorphic Identities and Pseudonyms can be implemented on a smartcard. This is called a PP-card application, or PPCA. A Polymorphic Identity and a Polymorphic Pseudonym can be combined to 5 points on an elliptic curve rather than six, for optimization in a smartcard implementation. The PPCA-optimized PIP version of Polymorphic Identities or Pseudonyms are provided in Interface spec BSNk: activate.
The combined notation for an Polymorphic Identity and Pseudonym is as follows:
The first, second and fourth ECPoint of the
points in a PIP correspond to those of a PI. Similarly, the first, third and fifth correspond to those of a PP. In this fashion one can extract a PI and PP from a PIP.
There also exists a signed version of a PIP:
Which follows the same concepts as described for a Polymorphic Identity or Polymorphic Pseudonym.
When a PIP is personalized onto a smartcard, the issuer typically wants to perform some quality assurance prior to issuing the card. This is not straightforward due to the use of privacy enhancing technology. To allow quality assurance in combination with a PIP, a Verifiable PIP is described.
This Verifiable PIP is a PIP accompanied by a Proof of Conformity. Using this proof, a means issuer can verify a PIP is personalized correctly without the need to reveal the original stem (BSN) in the verifiable representation.
signedPIP is the signed PIP structure as defined above and allows for verification of authenticity. The
proofOfConformity can be used to verify the PIP is personalized correctly.