I had to renew my eID card. Possessing an EAL-4+ certified card reader (cyberJack RFID komfort by REINER SCT) I tried to activate the ID function by replacing the transport PIN with a personal PIN. The card reader has the latest firmware and the drivers in Windows were up-to-date, too.
So I started the "Change PIN" dialogue, inserting the eID card into the reader. As I did not have the PIN letter ready at hand, I found out that the change dialog had timed out when I returned with the letter. To my surprise when retrying I noticed that one "bad PIN" had been counted, leaving only two attempts!
As I still had to rub free the transport PIN on the letter, I wanted to play safe and removed the eID card before the timeout would occur. When having rubbed-free the transport PIN, retrying the PIN change, I noticed that the removal of the card had been counted as yet another attempt to change the PIN, even if no PIN had ever been tried!
Fortunately I managed to change the PIN on my last attempt!
However the situation left me with an uneasy feeling: Should a "PIN change attempt" be counted whenever a PIN had been sent to be checked (what I'd think to be correct), or should a bad "PIN change attempt" be counted whenever a "connection" to the card had been established (that's what the implementation seems to do)?
Also: I see a problem with the observed behavior: If a bad guy manages to establish a remote (the eID is "wireless RFID") connection three times (not having to send any PIN), I'm basically locked out (needing the PUK to unlock).* Will security be weakened if some PIN has to be transferred to the card actually to make it count as bad authentication attempt (the implementation I would prefer)?
Some additional information can be found in ID-One eIDAS v1.0 in SSCD-4 configuration and below "3.5.1.1 Available operations" in Signature creation and administration for eIDAS token — Part 1: Functional Specification. Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token - Part 2 says in "2.2.1 PIN": "The PIN is a blocking password, i.e. the PIN is associated with a retry counter (RC) that is decreased for every failed authentication (cf. Section 2.2.3)"
*Well, actually the bad guy can only make two attempts, as he needs the CAN for the third one (hopefully).
