The Chip Authentication (CA) procedure is designed to establish a secure connection between RF chips and readers and detect cloned RF chips in identity documents.

Every RF chip in an identity document that supports this protocol contains a pair of keys (a public and a private key) for that specific chip. The private key is stored in an area of the RF chip where it cannot be accessed. Even if the entire chip is cloned, it is not possible to copy the private key along with it.

During Chip Authentication, the public key is sent to the reader in question along with a random number. For every reading procedure, the reader also generates a pair of keys of its own (again, a public and a private key) and sends its public key to the RF chip. At that point, both the RF chip and the reader can use their own private keys, the public key they have received, and the random number at hand to calculate the same secret key. This secret key ensures strong data encryption in the subsequent communication between the RF chip and the reader.

Using their shared secret key, the reader can check whether the chip is in possession of the correct private key. It is impossible for a cloned chip to have the original private key, and if it were to simply use a different private key, the resulting secret key would be incorrect. If a new pair of keys were to be generated for a cloned RF chip, this would be detected during Passive Authentication because the public key in question is protected against surreptitious changes by a digital signature.

Chip Authentication is part of the Extended Access Control (EAC) protocol. If you are interested in further details of this procedure, please refer to Technical Guideline BSI-TR-03110.