Citizen Electronic Identities using TPM 2.0
This addresses the need for more secure and user-friendly eID tokens for citizens accessing government and other services, but it appears incremental as it builds on existing trusted hardware technology.
The authors tackled the problem of improving security and usability for electronic identification (eID) systems by proposing a new architecture based on the TPM 2.0 authorization model, aiming to enhance these aspects compared to traditional smart card-based solutions.
Electronic Identification (eID) is becoming commonplace in several European countries. eID is typically used to authenticate to government e-services, but is also used for other services, such as public transit, e-banking, and physical security access control. Typical eID tokens take the form of physical smart cards, but successes in merging eID into phone operator SIM cards show that eID tokens integrated into a personal device can offer better usability compared to standalone tokens. At the same time, trusted hardware that enables secure storage and isolated processing of sensitive data have become commonplace both on PC platforms as well as mobile devices. Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of the Trusted Platform Module (TPM) specification. We propose an eID architecture based on the new, rich authorization model introduced in the TCGs TPM 2.0. The goal of the design is to improve the overall security and usability compared to traditional smart card-based solutions. We also provide, to the best our knowledge, the first accessible description of the TPM 2.0 authorization model.