Some background first: Many countries and organizations issue smart cards that carry a certificate that can be used to authenticate the user. To log in, a service implements an https endpoint that asks for a client certificate. The client certificate is used only on this one endpoint to log in. After receiving the certificate, it creates a usual session that runs without the client certificate. This is very nice since it is free for service providers. Technically very simple. And for the user very safe. If the smart card gets lost, the certificate can be revoked. There is no fear of loss of access to an account because authorities verify the person and issue new card to regain access. The subject identifier has a serial number to identify the user even in the case that the subject has been issued a new card after name has been changed (marriage etc.). And use of the card stays between me and the service provider. Authorities do not know where it is used. I wish more services accepted these cards so I could be me at the services. You can see an example how it works at https://dvv.fi/en/test-the-use-of-a-certificate. You may not have a card, but you find everything up to that point there. Documentation is also close by. You sometimes need to access these services over mobile phone. Mobile phones do not have slot for smart card reader, but fortunately they often have NFC and the card can also be used over NFC. It of course requires the card be held against the phone when being accessed. And selecting one of the many certificates on the card. And typing a PIN to get the card to use the private key. But since the service asks for the certificate only once during login, there is only this one moment during the one TLS handshake accessing the endpoint where this acrobatics need to be performed. Curious mind can find the identification in production at https://www.suomi.fi/frontpage and clicking the Identification. The endpoint used for asking the certificate is at https://kortti.tunnistautuminen.suomi.fi/certcheck. I found a list of European countries where this would be useful at https://www.readid.com/blog/european-identity-cards. I believe India also has issued some cards, but am not sure if they would work with this. I expect it to become more common day by day. Has some potential in number of users.
... View more