Test Report. For the participants of the SDW InterOp Final Report, secunet Security Networks AG
|
|
- Teresa Daniel
- 6 years ago
- Views:
Transcription
1 Test Report For the participants of the SDW InterOp 2013 Final Report, secunet Security Networks AG
2 Copyright 2013 by secunet Security Networks AG 2 Final Report,
3 SDW InterOp 2013 Contents Contents Contents... 3 List of Figures... 4 List of Tables... 5 Preface Participants Registered Document Provider Registered Document Verification System Provider Registered Conformity Test Laboratories Operations of tests Registration Tests Conformity Tests Cross Over Tests SDW InterOp 2013 Result Summary General Statistics Registration Test Results SAC/PACE Results Other Security Mechanisms Static vs. Dynamic Binding Windows 7 interoperability issue Conformity Results Cross Over Results Conclusion...18 Final Report,
4 List of Figures SDW InterOp 2013 List of Figures Figure 1: Definition of Dynamic Binding in BSI TR Figure 2 : Definition of Static Binding in BSI TR Figure 3: Process definition for dynamic and static binding from BSI TR Figure 4: Conformity testing: Passed vs. Failed test cases...15 Figure 5: Number of failures per test case...15 Figure 6: Number of samples read successfully per system...17 Figure 7: Successful reads of PACE per passport Final Report,
5 SDW InterOp 2013 List of Tables List of Tables Table 1: Scope of the Conformity Tests... 9 Table 2: General statistics...11 Table 3: PACE Mapping functions...12 Table 4: First PACE Algorithm in EF.CardAccess...12 Table 5: Complete list of all used PACE algorithms...13 Table 6: Other security mechanisms...13 Table 7: Conformity Test cases with the highest number of failures...16 Final Report,
6 Preface SDW InterOp 2013 Preface The SDW InterOp 2013 was held alongside the SDW 2013 on May in London. It continued the series of international epassport interoperability testing. The event was organized by Science Media Partners Ltd; the technical aspects have been supervised by secunet Security Networks AG. The event focused on the new Supplemental Access Control (SAC) mechanism, which will be implemented by various countries from December 31st SAC will be implemented as a supplement to the existing BAC mechanism. Global interoperability is important to make the enhancement reliable for the document verification process. This document summarizes the results of this event. Vendor specific results are only disclosed to the corresponding vendor. 6 Final Report,
7 SDW InterOp 2013 Participants 1 Participants The SDW InterOp 2013 targeted both document manufacturers and document verification system providers. 1.1 Registered Document Provider Registered document manufactures, listed below, could provide a maximum of two sets of documents. Each set contained three identical samples. During the registration process a unique ID (#1 28) was assigned to each document provider. The document sets were marked as Set A or Set B. 3M Security Systems AKD d.o.o. ASK SA Athena Smartcard Bundesdruckerei Canadian Banknote Cryptovision Gemalto Giesecke & Devrient HID Global Huntrust IRIS KOMSCO MaskTech Morpho Oberthur Technologies Orell Füssli Österreichische Staatsdruckerei OVD Kinegram PAV Card GmbH PWPW STC Final Report,
8 Participants SDW InterOp 2013 Toshiba Trüb Trusted Logic T-Systems 1.2 Registered Document Verification System Provider Registered document verification system providers, listed below, were identified by a unique ID (#1 13). 3M Security Systems ARH Inc Bundesdruckerei Canadian Banknote Cross Match Technologies Gemalto Giesecke & Devrient IRIS Morpho Morpho Trust USA PWPW Regula Toshiba 1.3 Registered Conformity Test Laboratories The conformity testing was conducted by four independent test laboratories listed below: They were identified by characters (A D). FIME HJP Consulting Keolabs UL Transaction Security 8 Final Report,
9 SDW InterOp 2013 Operations of tests 2 Operations of tests 2.1 Registration Tests Subsequent to the document registration, secunet started the initial registration test. All registered documents were read in a standard document verification scenario. For this purpose, the secunet Golden Reader Tool Platinum Edition was used. Before document readout, all provided certificates have been imported into the application. The reading process was started in Auto Detect mode. With this mode, the software used the PACE protocol if available; otherwise the BAC mechanism was used. Afterwards the Extended Access Control protocols were performed, if applicable. All data was read from the document and then logged to the hard disk. The logged data will only be available for the corresponding document provider. Chapter 3.2 contains the summary of these tests. 2.2 Conformity Tests Since the SDW InterOp 2013 event focused on the new Supplemental Access Control mechanism, the Conformity Tests applied an appropriate subset of the ICAO test plan for SAC Version %20RF%20and%20Protocol%20Testing%20Part%203%20V2.01.pdf Four independent test laboratories performed the following test units: Test Unit ISO7816_O ISO7816_P ISO7816_Q LDS_E LDS_I Test scope Security Conditions for PACE-protected emrtds Password Authenticated Connection Establishment (PACEv2) Select and Read EF CardAccess Data Group 14 (LDS_E_06 only) EF CardAccess Table 1: Scope of the Conformity Tests Final Report,
10 Operations of tests SDW InterOp 2013 The test results were reported in a standardized CSV file format. The specific results for the documents will only be provided to the corresponding document provider. Chapter 3.3 contains the summary of these tests. 2.3 Cross Over Tests The Cross Over test was performed by the 13 registered document verification systems. All registered document samples were sorted in 13 folders. Each folder contained 3 or 4 document samples. Each document verification system received one folder and conducted Cross Over tests with the received samples and their verification system. The findings of the Cross Over tests were noted on test protocol sheets. After each 30 minute time slot, the folders/samples were shifted to the next desk. During the day, all samples have been tested by all verification systems. The specific results reported by the verification system provider will only be disclosed to the corresponding document provider. Chapter 3.4 contains a summary of these tests. 10 Final Report,
11 SDW InterOp 2013 SDW InterOp 2013 Result Summary 3 SDW InterOp 2013 Result Summary 3.1 General Statistics Test participants Quantity Registered conformity test laboratories 4 Registered document verification systems 13 Registered document provider 27 Number of different document samples 48 Total number of document samples 139 Table 2: General statistics 3.2 Registration Test Results During the registration tests, 48 different sample configurations have been read. 1 sample couldn t be read at all, because of interoperability problem with Windows 7 (see additional note at the end of this chapter). For all remaining 47 samples the PACE protocol has been performed successfully SAC/PACE Results The ICAO standard for Supplemental Access Control (SAC) defines two different variants of the PACE protocols: Generic Mapping and Integrated Mapping. The mapping function used by the samples was distributed as follows: PACE Mapping functions Samples Using Generic Mapping only 43 Using Integrated Mapping only 2 Final Report,
12 SDW InterOp 2013 Result Summary SDW InterOp 2013 Using both Generic and Integrated Mapping 2 Table 3: PACE Mapping functions The PACE algorithms that are supported by the document are defined with the EF.CardAccess. It is possible that more than one algorithm is supported; in this case the EF.CardAccess file contains more than one PACEInfo element. 6 registered samples contained more than one PACEInfo element. Many verification systems use the first PACEInfo element listed in the EF.CardAccess. The following algorithms were listed in the first position of the EF.CardAccess: Algorithm Samples id-pace-ecdh-gm-3des-cbc-cbc 23 id-pace-ecdh-gm-aes-cbc-cmac id-pace-ecdh-gm-aes-cbc-cmac id-pace-ecdh-im-aes-cbc-cmac id-pace-dh-gm-aes-cbc-cmac Table 4: First PACE Algorithm in EF.CardAccess The following Table 5 contains all algorithms included in the EF.CardAccess: Algorithm Samples id-pace-ecdh-gm-3des-cbc-cbc 23 id-pace-ecdh-gm-aes-cbc-cmac id-pace-ecdh-gm-aes-cbc-cmac id-pace-ecdh-im-aes-cbc-cmac id-pace-dh-gm-aes-cbc-cmac id-pace-ecdh-gm-aes-cbc-cmac id-pace-ecdh-im-3des-cbc-cbc 2 12 Final Report,
13 SDW InterOp 2013 SDW InterOp 2013 Result Summary id-pace-ecdh-im-aes-cbc-cmac id-pace-ecdh-im-aes-cbc-cmac Table 5: Complete list of all used PACE algorithms Other Security Mechanisms Besides SAC the following security mechanisms were supported by the registered samples. Algorithm Samples Chip Authentication supported 39 Terminal Authentication supported (For 2 EAC samples, no certificates have been provided) 38 Active Authentication supported 23 CSCA certificate provided for Passive Authentication 46 Table 6: Other security mechanisms Static vs. Dynamic Binding For Terminal Authentication v1 the MRTD needs to bind the terminal s access rights to the secure messaging channel (BSI TR Part 1). This can be done via static or dynamic binding: Dynamic Binding: Figure 1: Definition of Dynamic Binding in BSI TR Final Report,
14 SDW InterOp 2013 Result Summary SDW InterOp 2013 Static Binding: Figure 2 : Definition of Static Binding in BSI TR Figure 3: Process definition for dynamic and static binding from BSI TR documents samples required static binding to access the document Windows 7 interoperability issue Windows 7 starts the communication with the chip as soon as the document is detected by the RF-reader. The smart card daemon tries to identify the chip configuration to determine the supported features of the document regarding login, encryption etc. Some samples are influenced by this communication and this could cause a failure in the subsequent document verification process. This Windows feature to access chips automatically can be disabled. The necessary steps are described in the Microsoft Knowledge Base ( 3.3 Conformity Results Over results were collected from the conformity test laboratories. Due to the limited testing time, not all samples could be tested by all labs. Depending on the sample configuration (for example supported algorithm), the number of applicable test cases is different between the samples. Therefore an effective number of test cases were performed. 93% of these tests were rated as PASS, while 7% failed. The following diagram shows the number of passed (green) vs. failed (red) test cases for each sample: 14 Final Report,
15 SDW InterOp 2013 SDW InterOp 2013 Result Summary Figure 4: Conformity testing: Passed vs. Failed test cases The test results in Figure 4 can be summarized as follows: 25 samples have 100 % positive test results 18 samples have between 90% and 100% positive test results 3 samples have between 50% and 90% positive test results 1 sample with more than 90% failed test cases The following diagram shows the distribution of the failed test cases: Figure 5: Number of failures per test case The following Table 7 details the test cases with the highest number of failures in Figure 5: Final Report,
16 SDW InterOp 2013 Result Summary SDW InterOp 2013 Test Case Description Failures ISO7816_P_10 ISO7816_P_30 ISO7816_P_09 ISO7816_Q_03 ISO7816_Q_04 MSE: Set AT command with an additional data object tag General Authenticate APDU to perform key agreement wrong point (value does not belong to the curve) MSE: Set AT command with a private key reference unknown from the chip Accessing EF.CardAccess with explicit file selection and Read Binary OddIns Accessing EF.CardAccess with implicit file selection (ReadBinary OddIns with SFI) Table 7: Conformity Test cases with the highest number of failures The evaluation of the Conformity Test results does not show any specific aggregation of problems within the ICAO SAC specification or the ICAO test plan. 3.4 Cross Over Results The 13 document verification system providers returned a total number of 619 protocol sheets. The results of the cross over test can be summarized as follows: 8 systems tested the BAC fall back in addition to PACE 10 systems used EAC on the EAC capable samples At least 4 system support Integrated Mapping Only 1 reader could read all 47 samples 70% of the reader were able to read 72% of the samples Only 1 sample could be read by all 13 readers 50% of the samples could be read by 77% of the readers In detail, Figure 6 shows the number of samples for each system that could be read successfully. 16 Final Report,
17 SDW InterOp 2013 SDW InterOp 2013 Result Summary Figure 6: Number of samples read successfully per system The following Figure 7 shows the successful operations of PACE for each sample. Figure 7: Successful reads of PACE per passport The evaluation of the Cross Over results indicates that establishing the Secure Messaging channel after performing the PACE protocol seems to be the biggest issue for the document verification systems. Final Report,
18 Conclusion SDW InterOp Conclusion The majority of the registered samples showed a stable implementation of the SAC mechanism. Even if performed conformity tests covered only a subset of the full test plan, the collected results are very positive. For the document verification system providers the situation is very complex. They have to support each and every algorithm and configuration that is possibly used by the documents in the field. Without the access to document samples it is difficult for them to provide a fully interoperable solution. This generates the need for further InterOp test events and extended conformity test plans for verification systems. 18 Final Report,
TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)
International Civil Aviation Organization WORKING PAPER TAG/MRTD/22-WP/8 16/04/14 English Only TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTY-SECOND MEETING Montréal, 21
More informationConformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek
Conformity and Interoperability Key Prerequisites for Security of eid documents Holger Funke, 27 th April 2017, ID4Africa Windhoek Agenda 1. About secunet Security Networks AG 2. Timeline of interoperability
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Supplemental Access Control for Machine Readable Travel Documents Version 1.1 Date 15 April 2014 Published by authority of the Secretary General ISO/IEC
More informationTECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)
International Civil Aviation Organization WORKING PAPER TAG/MRTD/22-WP/9 16/04/14 English Only TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTY-SECOND MEETING Montréal, 21
More informationWhitepaper: GlobalTester Prove IS
Whitepaper: GlobalTester Prove IS Testing of EAC inspection systems By HJP Consulting GmbH Introduction There have been a lot of activities in standardization to define conformity tests for e-passports.
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS ADVANCED SECURITY MECHANISMS FOR MACHINE READABLE TRAVEL DOCUMENTS EXTENDED ACCESS CONTROL (EACv1) COMPLEMENTARY TO TEST METHODS FOR MRTDs USING STATIC BINDING Version
More informationAdvanced Security Mechanisms for Machine Readable Travel Documents and eidas Token
Technical Guideline TR-03110-1 Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token Part 1 emrtds with BAC/PACEv2 and EACv1 Version 2.20 26. February 2015 History Version
More informationInteroperability Specification for ICCs and Personal Computer Systems
Interoperability Specification for ICCs and Personal Computer Systems Part 10 IFDs with Secure PIN Entry Capabilities Gemalto HID Global Identive NXP Semiconductors N.V. Oracle America Revision 2.02.08
More informationVerifying emrtd Security Controls
Blackhat Europe 2010 Verifying emrtd Security Controls Raoul D Costa 1 3M 2010. All Rights Reserved. Agenda Overview of ICAO / EU Specifications emrtds decomposed emrtd Infrastructure (PKI) Inspecting
More informationCONFORMITY TESTING OF EAC INSPECTION SYSTEMS
CONFORMITY TESTING OF EAC INSPECTION SYSTEMS By Dr. Michael Jahnich, Technical Director, HJP Consulting GmbH Testing the conformance of inspection systems for epassports is an ongoing and open issue. One
More informationRoadmap for Implementation of New Specifications for MRTDs
for MRTDs For Publication on the ICAO Website Roadmap for Implementation of New Specifications for MRTDs DISCLAIMER: All reasonable precautions have been taken by the International Civil Aviation Organization
More informationDocument reader Regula 70X4M
Document reader Regula 70X4M Full page passport reader with no moving parts inside. Automatic reading and authenticity verification of passports, IDs, visas, driver s licenses and other identification
More informationTest plan for eid and esign compliant smart card readers with integrated EACv2
Technical Guideline BSI TR-03105 Part 5.2 Test plan for eid and esign compliant smart card readers with integrated EACv2 Version: 2.0 Date: 2015-05-22 Bundesamt für Sicherheit in der Informationstechnik
More information2 Electronic Passports and Identity Cards
2 Picture source: www.bundesdruckerei.de Paper based Passport Radio Frequency (RF) Chip Electronic Passport (E Pass) Biographic data Human readable Partially machine readable (optically) Conventional
More information3D Face Project. Overview. Paul Welti. Sagem Défense Sécurité Technical coordinator. ! Background. ! Objectives. ! Workpackages
3D Face Project Paul Welti Sagem Défense Sécurité Technical coordinator Overview! Background! Objectives! Workpackages 2 1 ! Biometric epassport Biometrics and Border Control! EU-Council Regulation No
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 18013-3 Second edition 2017-04 Information technology Personal identification ISO-compliant driving licence Part 3: Access control, authentication and integrity validation
More informationThis paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems.
White Paper 1 INTRODUCTION As ICAO 1 -compliant epassports come into widespread use in Q4 of 2006, it is an appropriate moment to review some of the initiatives required for the next stage of development.
More informationAn emrtd inspection system on Android. Design, implementation and evaluation
An emrtd inspection system on Android Design, implementation and evaluation Halvdan Hoem Grelland Master s Thesis Spring 2016 An emrtd inspection system on Android Halvdan Hoem Grelland 2nd May 2016 ii
More informationOverview of cryptovision's eid Product Offering. Presentation & Demo
Presentation & Demo Benjamin Drisch, Adam Ross cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 General Requirements Government of Utopia Utopia Electronic
More informationSecurity Mechanism of Electronic Passports. Petr ŠTURC Coesys Research and Development
Security Mechanism of Electronic Passports Petr ŠTURC Coesys Research and Development Smartcard CPU 16/32 bit 3.57MHz (20MHz) 1.8 / 3/ 5 V ROM 16-300 kb RAM 1-8 kb EEPROM 8-128kB Contactless communication
More informationThe New Seventh Edition of Doc Barry J. Kefauver Nairobi, Kenya November 2015
The New Seventh Edition of Doc 9303 Barry J. Kefauver Nairobi, Kenya November 2015 July 2015 ICAO published the 7 th edition of Doc 9303 Part 1 Part 2 Part 3 Part 4 Part 5 Part 6 Part 7 Part 8 Part 9
More informationcryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH
cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 cryptovision cryptovision Gelsenkirchen
More informationFuture Expansion for emrtd PKI Mark Joynes, Entrust
Future Expansion for emrtd PKI Mark Joynes, Entrust 2013 MRTD Symposium 1 What are we trying to achieve Prevent: Production of credible false documents Tampering with legitimate documents Breach of sovereignty
More informationSecurity Target Bundesdruckerei Document Application
Security Target Bundesdruckerei Document Application Bundesdruckerei GmbH Author: Bundesdruckerei GmbH Version: 3.7 Date: 11.12.2012 Abstract This document is the Security Target (ST) for the Common Criteria
More informationICAO Regional Seminar on MRTDs and Traveller Identification Management Madrid, Spain June
ICAO Regional Seminar on MRTDs and Traveller Identification Management Madrid, Spain 25-27 June 2014 Regula Group facts and main activities Established in 1992 5 companies in Belarus, Brazil, Latvia, Russia,
More informationIntroduction of the Seventh Edition of Doc 9303
Introduction of the Seventh Edition of Doc 9303 Sjef Broekhaar Advisor ICAO TRIP IRAN SEMINAR Kish Island 17/05/2016 Footer 1 July 2015: ICAO publishes the 7th edition of Doc 9303 Part 1 Part 2 Part 3
More informationLegal Regulations and Vulnerability Analysis
Legal Regulations and Vulnerability Analysis Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) Germany Introduction of the BSI National Authority for Information
More informationBiometric Passport from a Security Perspective
Biometric Passport from a Security Perspective Gildas Avoine INSA Rennes/IRISA Institut Universitaire de France SUMMARY Passport Primer Memory Content Cryptographic Mechanisms defined by ICAO Additional
More informationThe epassport: What s Next?
The epassport: What s Next? Justin Ikura LDS2 Policy Sub-Group Co-chair Tom Kinneging Convenor of ISO/IEC JTC1 SC17 WG3 International Organization for Standardization (ISO) Strengthening Aviation Security
More informationCan eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010
Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010 Content eid Primary Functions eid Privacy Features and Security
More informationTechnical report. Signature creation and administration for eidas token Part 1: Functional Specification
Technical report Signature creation and administration for eidas token Part 1: Functional Specification Version 1.0 Date: 2015/07/21 Page 1 Foreword This technical report specifies an autonomous signature
More informationBSI TR Part 1.1 A framework for Official Electronic ID Document conformity tests
BSI TR-03105 Part 1.1 A framework for Official Electronic ID Document conformity tests Version 1.04.1 14.11.2008 CONTENTS 1 INTRODUCTION... 4 2 DEFINITIONS AND REFERENCES... 4 2.1 Definitions... 4 2.2
More informationSecurity Target Lite SK e-pass V1.0
Ref.: Security Target Lite SK e-pass V1.0 Table of Contents 1 INTRODUCTION... 6 1.1 ST AND ST-LITE IDENTIFICATION... 6 1.2 TOE IDENTIFICATION... 6 1.3 CC AND PP CONFORMANCE... 6 1.4 CONVENTIONS... 7 1.5
More informationMarket Trends and Veridos solutions for epassports & ID Documents
Market Trends and Veridos solutions for epassports & ID Documents Ludger Holtmann, Senior Product & Portfolio Manager Michael Ruhland-Bauer, Head of Product Mangement Documents Agenda Introducing Veridos
More informationPublic. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2
Atos Trustcenter Server Certificates + Codesigning Certificates Version 1.2 20.11.2015 Content 1 Introduction... 3 2 The Atos Trustcenter Portfolio... 3 3 TrustedRoot PKI... 4 3.1 TrustedRoot Hierarchy...
More informationThe EAC for MRTD. 26 January 2010
The EAC for MRTD Rafik Chaabouni Serge Vaudenay 26 January 2010 Outline MRTD? Standards - RFID - ICAO and BAC - EAC Solutions? 2 MRTD? Machine Readable Travel Document 3 Standards RFID ICAO and BAC EAC
More informationSecurity of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada
Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada CONTENTS Introduction to epassports Infrastructure required for epassports Generations
More informationDer elektronische Personalausweis Mehr oder weniger Sicherheit?
Der elektronische Personalausweis Mehr oder weniger Sicherheit? Lukas Grunwald DN-Systems GmbH Germany CeBIT 2010- Heise Forum 2010 Hannover The Government s Dream Multi biometric, double gates, anti-tailgating,
More informationID-One epass V2.2 on NXP In Supplemental Access Control (SAC) configuration With AA. Public Security Target. 1 FQR Ed1
ID-One epass V2.2 on NXP In Supplemental Access Control (SAC) configuration With AA Public Security Target 1 FQR 110 6261 Ed1 Table of contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 SECURITY TARGET IDENTIFICATION...
More informationSOMA-c004 e-passport (BAC) Version 1.0
122 CERTIFICATION REPORT No. CRP278 SOMA-c004 e-passport (BAC) Version 1.0 running on Infineon M7892 Integrated Circuit Issue 1.0 December 2014 Crown Copyright 2014 All Rights Reserved Reproduction is
More informationPast & Future Issues in Smartcard Industry
Past & Future Issues in Smartcard Industry Ecrypt 2 Summer School Guillaume Dabosville Oberthur Technologies Oberthur Technologies the group its divisions payment, mobile, transport and digital TV markets
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationTechnical Guideline TR eid-client Part 2: Conformance Test Specification. Version 1.3
Technical Guideline TR-03124-2 e-client Part 2: Conformance Test Specification Version 1.3 12. June 2017 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Phone: +49 22899 9582-0 E-Mail:
More informationTechnical report. Signature creation and administration for eidas token. Version 1.0 Release Candidate 6. Version 1.0 Release Candidate 6
Technical report Signature creation and administration for eidas token Version 1.0 Release Candidate 6 Version 1.0 Release Candidate 6 Page 1 on 80 Foreword This technical report specifies an autonomous
More informationCommon Criteria Protection Profile
Common Criteria Protection Profile Machine-Readable Electronic Documents based on BSI TR-03110 for Official Use [MR.ED-PP] BSI-CC-PP-0087 Document history Version 1.01, May 20th, 2015 Federal Office for
More informationMULTIAPP V2 PACE - SAC PUBLIC SECURITY TARGET
MultiApp v2 Pace SAC Common Criteria / ISO 15408 Security Target Public version EAL4+ Copyright Gemalto SA 2012. Page : 1/50 CONTENT 1. ST INTRODUCTION... 4 1.1 ST IDENTIFICATION... 4 1.2 ST OVERVIEW...
More informationCommon Criteria Protection Profile
Common Criteria Protection Profile Machine-Readable Electronic Documents based on BSI TR-03110 for Official Use [MR.ED-PP] BSI-CC-PP-0087-V2 Version 2.0.2 Document history Version 2.0.2, April 4th, 2016
More informationCertification Report. EAL 4+ (ALC_DVS.2) Evaluation of TÜBİTAK BİLGEM UEKAE. AKİS v1.4i PASAPORT
Certification Report EAL 4+ (ALC_DVS.2) Evaluation of TÜBİTAK BİLGEM UEKAE AKİS v1.4i PASAPORT issued by Turkish Standards Institution Common Criteria Certification Scheme SOFTWARE TEST and CERTIFICATION
More informationHP Partner First Portal Partner Application Process
HP Partner First Portal Partner Application Process 1 Copyright 2018 HP Development Company, L.P. The information contained herein is subject to change without notice. HP Partner First Portal: Application
More informationChip Authentication for E-Passports: PACE with Chip Authentication Mapping v2
v.2 Chip Authentication for s: with Chip Authentication Mapping v2 Lucjan Mirosław Wrocław University of Science and Technology, Poland ISC 2016, Honolulu Electronic Passport v.2 e-passport and ebooth:
More informationMulti-Vendor Key Management with KMIP
Multi-Vendor Key Management with KMIP Tim Hudson CTO & Technical Director tjh@cryptsoft.com 1 Abstract Practical experience from implementing KMIP and from deploying and interoperability testing multiple
More informationID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents
ID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents 3 Your Personal Identity: Unique, Secure, Multifaceted Every person has individual characteristics by which
More informationAthena IDProtect Duo (in BAC configuration) Version 10 running on Inside Secure AT90SC28880RCFV2
122 CERTIFICATION REPORT No. CRP283 Athena IDProtect Duo (in BAC configuration) Version 10 running on Inside Secure AT90SC28880RCFV2 Issue 1.0 July 2015 Crown Copyright 2015 All Rights Reserved Reproduction
More informationMDR-1 Mobile Document Reader
MDR-1 Mobile Document Reader SPC_MDR-1 1/7 Mobile Document Reader MDR-1 Security Printing Consulting AG The new MDR-1 document reader fulfill the needs for fast and reliable reading, verification and authentication
More informationHow To Secure Electronic Passports. Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201
How To Secure Electronic Passports Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201 Other personal info on chip Other less common data fields that may be in your passport Custody
More informationeid Consulting References
eid Consulting References Selection of References We are renown for running eid, epassport, eborder projects MOI Germany President of Nigeria Royal Oman Police MOI of U..A.E. MOI of Sudan European Commission
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationEU Passport Specification
Biometrics Deployment of EU-Passports EU Passport Specification (EN) 28/06/2006 (As the United Kingdom and Ireland have not taken part in the adoption of this measure, an authentic English version of the
More informationSecurity Target. SOMA-c003 Electronic Passport EAC-SAC-AA
the security technology provider http://www.gepitalia.it http://www.security.arjowiggins.com Arjowiggins Security SAS - Gep S.p.A. via Remo De Feo, 1 80022 Arzano (NA), ITALY Security Target SOMA-c003
More informationA National Public Key Directory
A National Public Key Directory Version 1.0 definite Date 21 July 2015 Author Jeen de Swart Judicial Information services Ministry of Security and Justice, Netherlands ABSTRACT This white paper is about
More informationCONFORMANCE TESTING OF SECOND GENERATION E-PASSPORTS ISSUED BY THE NETHERLANDS. Authors: J.-M. Chareau, M. Van den Steen Editor: P.
CONFORMANCE TESTING OF SECOND GENERATION E-PORTS ISSUED BY THE NETHERLANDS Authors: J.-M. Chareau, M. Van den Steen Editor: P. Chawdhry The mission of the IPSC is to provide research results and to support
More informationApplications using ECC. Matthew Campagna Director Certicom Research
1 Applications using ECC Matthew Campagna Director Certicom Research 2 Agenda About Certicom Pitney Bowes PC Smart Meter BlackBerry Smartcard Reader New techniques for financial applications and bandwidth
More informationOpen Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014
The enabler of solutions Alexander Summerer, Giesecke & Devrient 30th Oct. 2014 SIMalliance Allows usage of Secure Elements in Mobile Devices Designed for Open Handset OS platforms Common API for Apps
More informationIntegration Guide. SafeNet Authentication Client. Using SAC CBA with BitLocker
SafeNet Authentication Client Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information Document
More informationSharing Secrets using Encryption Facility - Handson
Sharing Secrets using Encryption Facility - Handson Lab Steven R. Hart IBM March 12, 2014 Session Number 14963 Encryption Facility for z/os Encryption Facility for z/os is a host based software solution
More informationVALIDATING E-PASSPORTS AT THE BORDER: THE ROLE OF THE PKD R RAJESHKUMAR CHIEF EXECUTIVE AUCTORIZIUM PTE LTD
VALIDATING E-PASSPORTS AT THE BORDER: THE ROLE OF THE PKD R RAJESHKUMAR CHIEF EXECUTIVE AUCTORIZIUM PTE LTD THE TRUST IMPERATIVE E-Passports are issued by entities that assert trust Trust depends on the
More informationCREDENTSYS CARD FAMILY
CREDENTSYS CARD FAMILY Credentsys is a secure smart card family that is designed for national ID systems, passports, and multi-use enterprise security environments. The family is certified to FIPS 140-2
More informationCryptographic Mechanisms: Recommendations and Key Lengths
Technical Guideline TR-02102-4 Cryptographic Mechanisms: Recommendations and Key Lengths Part 4 Use of Secure Shell (SSH) (Version 2018-01) Federal Office for Information Security P.O.B. 20 03 63 D-53133
More informationShort Public Report. 2. Manufacturer or vendor of the IT product / Provider of the IT-based service:
Short Public Report 1. Name and version of the IT product or IT-based service: DIGITTRADE High Security HDD HS256S 2. Manufacturer or vendor of the IT product / Provider of the IT-based service: Company
More informationPrivacy Notice Froneri South Africa (Pty) Ltd t\a Dairymaid ( Froneri ) ( Privacy Notice ) Froneri Froneri Froneri
Privacy Notice Effective on 10/05/2013; last updated on 08/09/2015 Froneri South Africa (Pty) Ltd t\a Dairymaid ( Froneri ) is committed to safeguarding your privacy and ensuring that you continue to trust
More informationeidas Standardisation What are the Issues and Concerns? Overview from CEN TC 224 WG 16 ESIGN Gisela Meister
eidas Standardisation What are the Issues and Concerns? Overview from CEN TC 224 WG 16 ESIGN Gisela Meister Table of contents 1 2 3 4 5 Status eidas Regulation and CEN TC 224 in the contect of the Cyber
More informationLogical Data Structure (LDS) for Storage of Data in the Contactless IC Doc LDS 2 New Applications
: Logical Data Structure (LDS) for Storage of Data in the Contactless IC Doc 9303-10 LDS 2 New Applications For Publication on the ICAO Website TECHNICAL REPORT Logical Data Structure (LDS) for Storage
More informationCardOS Secure Elements for Smart Home Applications
Infineon Security Partner Network Partner Use Case CardOS Secure Elements for Smart Home Applications Using cryptographic functionality provided by ATOS to secure embedded platforms in Smart Home applications.
More informationAuditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley
Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips
More informationsecunet Security Networks AG SINA an Overview Sofia,
secunet Security Networks AG SINA an Overview Sofia, 10.6.2014 Agenda 1 Some facts about secunet 2 SINA Portfolio 3 SINA References 4 Voice Solutions secunet Security Networks AG 2010 2 Some facts about
More informationAvaya Solution & Interoperability Test Lab Application Notes for configuring Ascom Myco V9.3 with Avaya IP Office Server Edition R Issue 1.
Avaya Solution & Interoperability Test Lab Application Notes for configuring Ascom Myco V9.3 with Avaya IP Office Server Edition R10.1 - Issue 1.0 Abstract These Application Notes describe the configuration
More informationMobile Driver s License Region IV May 24, 2017 Seattle, WA
Mobile Driver s License 2017 Region IV May 24, 2017 Seattle, WA Presenter: Loffie Jordaan Senior Project Manager, AAMVA 2 Introduction & background CDS Committee & eid WG What is a mdl? Functional requirements
More informationepass ICAO essential configuration BAC and EAC RSA or configuration BAC and EAC ECC, Version 1.0 running on SLE77CLFX2400P & SLE77CLFX2407P
122 CERTIFICATION REPORT No. CRP286 running on SLE77CLFX2400P & SLE77CLFX2407P Issue 1.0 September 2015 Crown Copyright 2015 All Rights Reserved Reproduction is authorised, provided that this report is
More informationInteroperability Test Guideline. For Optical Access Network Devices
Interoperability Test Guideline For Optical Access Network Devices HATS Conference (Promotion Conference of Harmonization of Advanced Telecommunication Systems) Steering Committee 2/28 Interoperability
More informationCisco Webex Messenger
Cisco Webex Messenger This describes the processing of personal data (or personal identifiable information) by Cisco Webex Messenger. 1. Overview of Cisco Webex Messenger Capabilities Cisco Webex Messenger
More informationCommon Criteria Protection Profile. Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP)
Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP) Version 1.0, 2nd November 2011 Foreword This Protection Profile Electronic Passport using Standard Inspection procedure
More informationMachine Assisted Document Security Verification
Machine Assisted Document Security Verification Dr. Uwe Seidel Germany New Technologies Working Group (NTWG) TAG/MRTD 20 20 th Meeting of the Technical Advisory Group on Machine Readable Travel Documents
More informationCERN Certification Authority
CERN Certification Authority Emmanuel Ormancey (IT/IS) What are Certificates? What are Certificates? Digital certificates are electronic credentials that are used to certify the identities of individuals,
More informationExam Preparation Guide HP0-M94: Advanced LoadRunner 9.5 Software Exam
HP Certified Professional Program Exam Preparation Guide HP0-M94: Advanced LoadRunner 9.5 Software Exam The intent of this guide is to set expectations about the context of the exam and to help candidates
More informationTynTec a VASCO Solution Partner Virtual Digipass / SMS Back-Up for Digipass March 2007
TynTec a VASCO Solution Partner Virtual Digipass / SMS Back-Up for Digipass March 2007 1 TynTec Positioning For financial service providers who wish to eliminate the risk of delays and poor data security
More informationApple Inc. Apple IOS 11 VPN Client on iphone and ipad Guidance Documentation
Apple Inc. Apple IOS 11 VPN Client on iphone and ipad Guidance Documentation April 2018 Version 1.2 1 Contents 1 Introduction... 4 1.1 Target of Evaluation... 4 1.2 Cryptographic Support... 5 1.3 Glossary...
More informationCIPURSE Certification Program
Conformance Type Approval Process v1.0 www.osptalliance.org Legal This document is copyright 2012 by the OSPT Alliance. 1. You may, without charge, copy (for internal purposes only) and share this document
More informationGuide Installation and User Guide - Mac
Guide Installation and User Guide - Mac With Fujitsu mpollux DigiSign Client, you can use your smart card for secure access to electronic services or organization networks, as well as to digitally sign
More information<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security
RSA SECURID ACCESS Authenticator Implementation Guide Check Point SmartEndpoint Security Daniel R. Pintal, RSA Partner Engineering Last Modified: January 27, 2017 Solution
More informationAbstract. Avaya Solution & Interoperability Test Lab
Avaya Solution & Interoperability Test Lab Application Notes for configuring Axis Communications AB AXIS C2005 Network Ceiling Speaker with Avaya IP Office Server Edition and 500v2 Expansion 10.1 Issue
More informationE-PASSPORT SCHEME USING AUTHENTICATION PROTOCOLS ALONG WITH FACE, FINGERPRINT, PALMPRINT AND IRIS BIOMETRICS
E-PASSPORT SCHEME USING AUTHENTICATION PROTOCOLS ALONG WITH FACE, FINGERPRINT, PALMPRINT AND IRIS BIOMETRICS 1 V.K. Narendira Kumar and 2 B. Srinivasan 1 Assistant Professor, Department of Information
More informationSymantec Encryption Desktop
RSA Ready Implementation Guide for RSA SecurID Last Modified: December 12, 2014 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product Description Symantec
More informationOverview on Test & Certification in Wi-SUN Alliance. Chin-Sean SUM Certification Program Manager Wi-SUN Alliance
Overview on Test & Certification in Wi-SUN Alliance Chin-Sean SUM Certification Program Manager Wi-SUN Alliance 1 Contents General Overview Technical Steering Committee (TSC) Test and Certification Committee
More informationA Trust Infrastructure for epassports
A Trust Infrastructure for epassports Building reliable, timely and cost-effective trust links for electronic travel document verification +1-888-690-2424 entrust.com Table of contents Trust in government
More informationSECURITY TARGET LITE FOR IDEAL PASS V2.0.1 EAC WITH PACE APPLICATION
SECURITY TARGET LITE FOR IDEAL PASS V2.0.1 EAC WITH PACE APPLICATION Reference: 2016_2000023040 Page: 2/141 Date Version Revision 01/12/2016 1.0 Document creation Page: 3/141 Table of contents 1.1 SECURITY
More informationTopSec Product Family Voice encryption at the highest security level
Secure Communications Product Brochure 01.01 TopSec Product Family Voice encryption at the highest security level TopSec Product Family At a glance The TopSec product family provides end-to-end voice encryption
More informationSéminaire sur la Certification Electronique
Séminaire sur la Certification Electronique Algiers Algeria, 8-9 December, 2009 International Telecommunication Arab Regional Office Assisting Governments in Developing e-commerce Ecosystems: A Synthesis
More informationFIPS Security Policy
FIPS 140-2 Security Policy BlackBerry Cryptographic Library Version 2.0.0.10 Document Version 1.2 BlackBerry Certifications, Research In Motion This document may be freely copied and distributed provided
More informationGiesecke+Devrient. Company Presentation
Giesecke+Devrient Company Presentation Our vision G+D makes the lives of billions of people more secure We want to be the global leading provider of security technologies, both in the digital and physical
More informationApplication Notes for configuring Fijowave Business DECT with Avaya IP Office IP500 V2 R10.1 using a WAN connection Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for configuring Fijowave Business DECT with Avaya IP Office IP500 V2 R10.1 using a WAN connection Issue 1.0 Abstract These Application Notes
More information