Education and Science, Estonia, Legislation, Technology

"Arnis Parsovs, doctoral students and lecturer at the University of Tartu, is one of the partners who has investigated the ID-card for years and with whom RIA and the Police and Border Guard Board actively cooperate. By analyzing the public keys database of ID-cards, Parsovs identified a flaw in the production process of the documents, as a result of which 15 cards had received weak keys that did not comply with the requirements," RIA said.

Parsovs in the framework of research that he will publish next spring showed on the ware of one faulty cards that in the event of such a production error it is possible to forge a digital signature. That faulty card had never been used electronically, RIA said.

The Police and Border Guard Board at the beginning of June closed those 15 faulty ID-cards and issued new cards to people under warranty. RIA also checked the public keys of the certificates of all other documents and no other cards with faulty keys were found.

RIA in cooperation with the Police and Border Guard Board has by now improved their working processes to such an extent that it is no longer possible for ID-cards with that type of a security risk to reach circulation, spokesperson for RIA Helen Uldrich told BNS.

RIA informed Gemalto, the company that manufactured the electronic ID-cards, and the certification service provider of the anomaly identified by the researcher and implemented measures, which no longer allow cards with such a flaw to be produced.

The described flaw is not linked to the Infineon chip security risk that was identified by Czech researchers and was announced to Estonia at the end of August.

Individual flawed cards have also been produced before and have always been closed after the identification of the flaw and the faulty cards have been replaced under warranty. Researchers have been unsuccessful in breaking any Estonian ID-cards that comply with the requirements.