Display "invalid PIN ... retry" when PIN in EAC is incorrect (... towards supporting all PIN-states of the German eID-card, see attached picture)
Currently, when the EAC protocol is running and, in conjunction with a basis reader, the PIN is incorrect, no error is displayed an the protocol flow is aborted.
Instead of this behavior, the PIN should be requested again (say for 3 times). The GUI dialog in the PIN capture step should be left open until the PIN is entered correctly, or a PIN entry threshold is reached.
#1 Updated by Detlef Hühnlein over 6 years ago
- File npa-pin.png added
- Subject changed from Display "invalid PIN ... retry" when PIN in EAC is incorrect to Display "invalid PIN ... retry" when PIN in EAC is incorrect (... towards supporting all PIN-states of the German eID-card, see attached picture)
In case of an invalid eID-PIN the number of available retries x is returned in the Response-APDU of GENERAL AUTHENTICATE, which is 63Cx in this case.
See section B.11.2 of https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03110/TR-03110_v2.1_P3pdf.pdf?__blob=publicationFile .
The value x must be evaluated and in case of x=2 the user may just enter the PIN again. If x=1 the PIN is suspended and the CAN needs to be entered first.
If x=0 the PIN is already blocked and needs to be reactivated with the PUK. More information about the PIN-management can be found in Section 2.5 of
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03110/TR-03110_v2.1_P2pdf.pdf?__blob=publicationFile and the attached picture.
Note that this information is available in structured form in the CardInfo file and may be used to provide a generic solution.
#3 Updated by Tobias Wich over 6 years ago
- Target version changed from 10 to 1.x
The retry issue has been fixed for EAC on a static basis. The next step is to use CardInfos with state tracking to determine the correct action when a PIN is incorrectly entered.
This is a long term goal, so the issue is moved to the long term vision version.