Attribute-based access control architectures with the eIDAS protocols

Citations of this article
Mendeley users who have this article in their library.
Get full text


The extended access control protocol has been used for the German identity card since November 2010, primarily to establish a cryptographic key between a card and a service provider and to authenticate the partners. The protocol is also referenced by the International Civil Aviation Organization for machine readable travel documents (Document 9303) as an option, and it is a candidate for the future European eIDAS identity system. Here we show that the system can be used to build a secure access system which operates in various settings (e.g., integrated, distributed, or authentication-service based architectures), and where access can be granted based on card's attributes. In particular we prove the protocols to provide strong cryptographic guarantees, including privacy of the attributes against outsiders.




Morgner, F., Bastian, P., & Fischlin, M. (2016). Attribute-based access control architectures with the eIDAS protocols. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10074 LNCS, pp. 205–226). Springer Verlag.

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free