Verifying emrtd Security Controls
|
|
- Christiana Burke
- 5 years ago
- Views:
Transcription
1 Blackhat Europe 2010 Verifying emrtd Security Controls Raoul D Costa 1 3M All Rights Reserved.
2 Agenda Overview of ICAO / EU Specifications emrtds decomposed emrtd Infrastructure (PKI) Inspecting emrtd User Interface Design Conclusion 2 3M All Rights Reserved.
3 Introduction Section 1: Overview of emrtd Specifications 3 3M All Rights Reserved.
4 emrtd Specifications ICAO Travel Document - Doc 9303 Core Specifications set by the International Civil Aviation Organisation (ICAO) NTWG / SC17 collaboration Supplemented by BSI ASM for emrtds (EAC) Authenticated emrtds provide identity verification of emrtd holder Issuing Authorities in nation states or Int l bodies e.g. INTERPOL as enhanced identity security documents Commonly issued emrtds include national epassports and eid Cards but also Seafarers documents, Biometric Residence Permits use same specifications 4 3M All Rights Reserved.
5 emrtd Types 5 3M All Rights Reserved.
6 emrtd RFID Integrated Circuit Card 6 3M All Rights Reserved.
7 Symbol denoting Chipped emrtd 7 3M All Rights Reserved.
8 Nation States that issue MRTDs (2009) 8 3M All Rights Reserved.
9 emrtd Decomposed Section 2: emrtds Decomposed 9 3M All Rights Reserved.
10 emrtd Decomposed 10 3M All Rights Reserved.
11 emrtd Decomposed 11 3M All Rights Reserved.
12 emrtd Decomposed - Chip Master Files USER APPLICATION 12 3M All Rights Reserved.
13 Datagroup 1 Contains the following information Date of Birth Passport Number Expiry Date Access to the file is protected by Basic Access Control 13 3M All Rights Reserved.
14 Datagroup 2 Encoded photograph to ISO Standard to ensure quality of data image Access is protected by Basic Access Control Images encoded in JPEG or JPEG2000 formats Photographs are standardised to ensure visual comparison and automated biometric verification Images to overcome interoperability challenges (different biometric verification algorithms) 14 3M All Rights Reserved.
15 emrtd Verification 15 3M All Rights Reserved.
16 emrtd Decomposed - EF.COM 16 3M All Rights Reserved.
17 Datagroup 3 Fingerprints and Iris are a second generation feature of emrtds Sensitive Data protected by EAC as an enhancement to BAC Access is protected by Extended Access Control (separate PKI authorisation scheme) Images encoded in JPEG or JPEG2000 formats to overcome biometric interoperability problems No International Standard yet 17 3M All Rights Reserved.
18 EF.COM Data Contains a map of the tags, lengths values present in the file Is not protected (digitally signed) by issuing authority Cannot be trusted unless authenticated to EF.SOD 18 3M All Rights Reserved.
19 emrtd Decomposed EF.SOD Contains the hash values of all the data groups Hash values signed by a document signing authority with private key (SOD = Digital Signature) May contain the Document Signer Certificate (DSC) that corresponds public key element used the create the SOD or reference to DSC. Can be trusted provided the Document Signer Certificate is validated 19 3M All Rights Reserved.
20 EF.SOD 20 3M All Rights Reserved.
21 emrtd Deconstructed - EF.SOD SIGNATURE 21 3M All Rights Reserved.
22 Presenting the results 22 3M All Rights Reserved.
23 Verifying EF.SOD Part of the Passive Authentication process Verify the ASN.1 Structure Verify the hash values present Verify the signature against the public key element contained in related Document Signer Certificate Authenticate the Document Signer Certificate Verify the certificate chain of the DSC against the CSCA Certificate dynamically Pre-validated DSCs in protected Certificate Cache Store 23 3M All Rights Reserved.
24 Reliance on genuine passport numbers 24 3M All Rights Reserved.
25 emrtd Infrastructure (PKI) Section 3: emrtd Infrastructure (PKI) 25 3M All Rights Reserved.
26 epassport Infrastructure 1 st Generation ICAO PKD CSCA Authority National Infrastructure Document Signer Service Registration Authority Inspection System Issuance Verification 26 3M All Rights Reserved.
27 Second Generation Extensions SPOC CVCA DVCA Issuance Registration Authority Inspection System Issuance Verification 27 3M All Rights Reserved.
28 epassport Infrastructure 2 nd Generation 28 3M All Rights Reserved.
29 ICAO Public Key Directory Global repository of certificates used to validate emrtds Relies on Issuing Authority subscribers uploading data to the PKD Regularly updated with Document Signer Certificates CRLs Null CRLs MasterLists Serves as a trust anchor on emrtds 29 3M All Rights Reserved.
30 ICAO PKD M All Rights Reserved.
31 emrtd Verification 31 3M All Rights Reserved.
32 Inspecting emrtd Effectively Section 4: Inspecting emrtd Effectively 32 3M All Rights Reserved.
33 Inspection Terminals RFID Readers 33 3M All Rights Reserved.
34 emrtd Verification Process Holder provides emrtd MRTD to Be Inspected Perform Physical Checks Physical Check Y Extract MRZ Validate MRZ MRZ Valid Y Record Result N N Query against whitelist Y Record Result Perform BAC using MRZ Record Result BAC Sucessful N Perform Facial Checks Extract Data Y Record Result AA Present Perform AA Y Perform PA Checks Record Result N Record Result Perform EAC Y Contains 2 nd Gen Features N Produce Result EAC Sucessful N Perform Fingerprint matching Y 34 3M All Rights Reserved.
35 Physical Checks: Reliance on experts? 35 3M All Rights Reserved.
36 Physical Checks Check that the document has not been tampered with Check the document under various wavelengths of light Check that the document has not expired 36 3M All Rights Reserved.
37 Limitations of Physical Checks Difficult to automate Not standardised Can be subjective Physical inspection is not always logged 37 3M All Rights Reserved.
38 Validate MRZ Validate that the contents of the MRZ are valid Validate the checksum Validate that they match the contents of the passport 38 3M All Rights Reserved.
39 Validation of MRZ Checksum 39 3M All Rights Reserved.
40 BAC Extract the following fields Date of Birth Document Number Expiry Date Send these to the chip These should match DG1 40 3M All Rights Reserved.
41 Facial Biometrics Match the holder to the DG2 using facial biometrics DG2 is required to meet certain standards Used in some countries including Portugal Australia UK (Trial) 41 3M All Rights Reserved.
42 Biometric Facial Checking 42 3M All Rights Reserved.
43 Passive Authentication Check the validity of EF.SOD Check the hash values of the datagroups Check the signature of SOD Check the chain of the document signer certificate Check against null and non null CRLs ICAO PKD Maintains Certificates for subscribers 43 3M All Rights Reserved.
44 Active Authentication Ensures the emrtd is not cloned Challenge response between the terminal and the emrtd 44 3M All Rights Reserved.
45 Passive Authentication CSCAs can be exchanged By diplomatic channels Using CSCA MasterLists A CSCA is a trust anchor and can identify the emrtd Issuing Authority Inspection System Integrity and Performance Security controls must ensure that bogus CSCAs cannot be inserted during the verification process Inspection System Architecture designed to requirements (not one fits all) depends upon operating environment, devices, key management strategy, network reliability 45 3M All Rights Reserved.
46 Extended Access Control Consists of the following Chip Authentication Terminal Authentication Provides the following Mutual authentication between the chip and the terminal Some indication of the issuer of the emrtd Privacy of the fingerprints on the passport 46 3M All Rights Reserved.
47 Second Generation Features EAC requires the implementation of the EAC infrastructure to ensure verification EAC Protects the privacy of the fingerprints on the epassport EAC proves the issuer of the epassport EAC Ensures that only authorised terminals can read fingerprints 47 3M All Rights Reserved.
48 Fingerprint matching DG3 Contains the fingerprint 0 10 digits can be stored depending on the country where fingerprints are captured Fingerprint image contained (not a template) 48 3M All Rights Reserved.
49 Registration: A link in the chain 49 3M All Rights Reserved.
50 Consolidating Checks VALID INVALID NOT PRESENT Physical MRZ Expiry Check BAC TA AA Facial Biometric Fingerprint Biometric 50 3M All Rights Reserved.
51 Use Case 1: Valid 2 nd Gen emrtd VALID INVALID NOT PRESENT NOT IMPLEMENTED Physcial MRZ Expiry Check BAC PA TA AA Facial Biometric Fingerprint Biometric 51 3M All Rights Reserved.
52 Use Case: 1 st Gen Fake Passport VALID INVALID NOT PRESENT NOT IMPLEMENTED Physcial MRZ Expiry Check BAC PA TA AA Facial Biometric Fingerprint Biometric 52 3M All Rights Reserved.
53 Use Case: Cloned 2 nd Gen emrtd VALID INVALID NOT PRESENT NOT IMPLEMENTED Physcial MRZ Expiry Check BAC PA TA AA Facial Biometric Fingerprint Biometric 53 3M All Rights Reserved.
54 Use Case: Possible Fake Passport VALID INVALID NOT PRESENT NOT IMPLEMENTED Physcial MRZ Expiry Check BAC PA TA AA Facial Biometric Fingerprint Biometric 54 3M All Rights Reserved.
55 An expired emrtd VALID INVALID NOT PRESENT NOT IMPLEMENTED Physcial MRZ Expiry Check BAC PA TA AA Facial Biometric Fingerprint Biometric 55 3M All Rights Reserved.
56 Use Case: Fake Passport VALID INVALID NOT PRESENT NOT IMPLEMENTED Physcial MRZ Expiry Check BAC PA TA AA Facial Biometric Fingerprint Biometric 56 3M All Rights Reserved.
57 Usability of emrtd Inspection Systems Section 5: Usability of emrtd Inspection Systems 57 3M All Rights Reserved.
58 Usability Challenges Use their terminology Counterfeit (not PA has failed) Falsified (not Digital Signature is not verified) Cloned (not Active Authentication has been subverted) Access denied (Terminal Authentication does not have appropriate CV chains) Simplicity by design User Interface design aligns with tasks Clear feedback on processing State of device (security) Case Studies Engage with Users 58 3M All Rights Reserved.
59 Conclusion Section 6: Conclusion 59 3M All Rights Reserved.
60 Conclusion emrtds are complex documents and need to be verified appropriately Partial checking of some features is not enough to guarantee that the document is authentic Various designs and physical layouts of documents from various countries can easily lead to confusion although the electronic features are standardised and the same User interface design for emrtd verification apps should provide a result in a clear and concise manner 60 3M All Rights Reserved.
61 Questions? Raoul D Costa redcosta AT mmm DOT com uk.linkedin.com/in/raouldcosta M All Rights Reserved.
62 References Myths about epassports - ICAO 9303 Passport Standards - Wikipedia entry on biometric passports ID Documen ts/electronic Passport/Datenschutz en.html ICAO emrtd Report Volume 203 Number %20No.%202,% pdf UK ID Card - EAC Specification version _v202_pdf Golden Reader Tool for Reading emrtds - node.html 62 3M All Rights Reserved.
The epassport: What s Next?
The epassport: What s Next? Justin Ikura LDS2 Policy Sub-Group Co-chair Tom Kinneging Convenor of ISO/IEC JTC1 SC17 WG3 International Organization for Standardization (ISO) Strengthening Aviation Security
More informationVALIDATING E-PASSPORTS AT THE BORDER: THE ROLE OF THE PKD R RAJESHKUMAR CHIEF EXECUTIVE AUCTORIZIUM PTE LTD
VALIDATING E-PASSPORTS AT THE BORDER: THE ROLE OF THE PKD R RAJESHKUMAR CHIEF EXECUTIVE AUCTORIZIUM PTE LTD THE TRUST IMPERATIVE E-Passports are issued by entities that assert trust Trust depends on the
More informationEU Passport Specification
Biometrics Deployment of EU-Passports EU Passport Specification (EN) 28/06/2006 (As the United Kingdom and Ireland have not taken part in the adoption of this measure, an authentic English version of the
More informationAn Overview of Electronic Passport Security Features
An Overview of Electronic Passport Security Features Zdeněk Říha Faculty of Informatics, Masaryk University, Botanická 68A, 602 00 Brno, Czech Republic zriha@fi.muni.cz Abstract. Electronic passports include
More informationThis paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems.
White Paper 1 INTRODUCTION As ICAO 1 -compliant epassports come into widespread use in Q4 of 2006, it is an appropriate moment to review some of the initiatives required for the next stage of development.
More informationConformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek
Conformity and Interoperability Key Prerequisites for Security of eid documents Holger Funke, 27 th April 2017, ID4Africa Windhoek Agenda 1. About secunet Security Networks AG 2. Timeline of interoperability
More informationLDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance
LDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance Overview Current generation of epassports Benefits and Limits of an epassport Overview of the next generation epassport Applications
More informationTECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)
International Civil Aviation Organization WORKING PAPER TAG/MRTD/22-WP/4 16/04/14 English Only TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTY-SECOND MEETING Montréal, 21
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationAdvanced Security Mechanisms for Machine Readable Travel Documents and eidas Token
Technical Guideline TR-03110-1 Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token Part 1 emrtds with BAC/PACEv2 and EACv1 Version 2.20 26. February 2015 History Version
More informationAn Overview of Electronic Passport Security Features
An Overview of Electronic Passport Security Features Zdeněk Říha Faculty of Informatics, Masaryk University, Botanická 68A, 602 00 Brno, Czech Republic zriha@fi.muni.cz Abstract. Electronic passports include
More informationSecurity of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada
Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada CONTENTS Introduction to epassports Infrastructure required for epassports Generations
More informationBiometric Passport from a Security Perspective
Biometric Passport from a Security Perspective Gildas Avoine INSA Rennes/IRISA Institut Universitaire de France SUMMARY Passport Primer Memory Content Cryptographic Mechanisms defined by ICAO Additional
More informationThe EAC for MRTD. 26 January 2010
The EAC for MRTD Rafik Chaabouni Serge Vaudenay 26 January 2010 Outline MRTD? Standards - RFID - ICAO and BAC - EAC Solutions? 2 MRTD? Machine Readable Travel Document 3 Standards RFID ICAO and BAC EAC
More information2 Electronic Passports and Identity Cards
2 Picture source: www.bundesdruckerei.de Paper based Passport Radio Frequency (RF) Chip Electronic Passport (E Pass) Biographic data Human readable Partially machine readable (optically) Conventional
More informationFuture Expansion for emrtd PKI Mark Joynes, Entrust
Future Expansion for emrtd PKI Mark Joynes, Entrust 2013 MRTD Symposium 1 What are we trying to achieve Prevent: Production of credible false documents Tampering with legitimate documents Breach of sovereignty
More informationRoadmap for Implementation of New Specifications for MRTDs
for MRTDs For Publication on the ICAO Website Roadmap for Implementation of New Specifications for MRTDs DISCLAIMER: All reasonable precautions have been taken by the International Civil Aviation Organization
More informationA National Public Key Directory
A National Public Key Directory Version 1.0 definite Date 21 July 2015 Author Jeen de Swart Judicial Information services Ministry of Security and Justice, Netherlands ABSTRACT This white paper is about
More informationTechnology Advances in Authentication. Mohamed Lazzouni, SVP & CTO
Technology Advances in Authentication Mohamed Lazzouni, SVP & CTO Outline Optical Authentication Complexity of security features and their evolution Computing and optics Document analysis techniques Automation
More informationThe New Seventh Edition of Doc Barry J. Kefauver Nairobi, Kenya November 2015
The New Seventh Edition of Doc 9303 Barry J. Kefauver Nairobi, Kenya November 2015 July 2015 ICAO published the 7 th edition of Doc 9303 Part 1 Part 2 Part 3 Part 4 Part 5 Part 6 Part 7 Part 8 Part 9
More informationElectronic passports
Electronic passports Zdeněk Říha, Václav Matyáš, Petr Švenda Faculty of Informatics, Masaryk University, Brno, Czech Republic {zriha,matyas,svenda}@fi.muni.cz February 2008 A number of countries have been
More informationIntroduction of the Seventh Edition of Doc 9303
Introduction of the Seventh Edition of Doc 9303 Sjef Broekhaar Advisor ICAO TRIP IRAN SEMINAR Kish Island 17/05/2016 Footer 1 July 2015: ICAO publishes the 7th edition of Doc 9303 Part 1 Part 2 Part 3
More informationSecurity Mechanism of Electronic Passports. Petr ŠTURC Coesys Research and Development
Security Mechanism of Electronic Passports Petr ŠTURC Coesys Research and Development Smartcard CPU 16/32 bit 3.57MHz (20MHz) 1.8 / 3/ 5 V ROM 16-300 kb RAM 1-8 kb EEPROM 8-128kB Contactless communication
More informationE-Passport validation: A practical experience
E-Passport validation: A practical experience R Rajeshkumar Implementation & Capacity Building Working Group Antigua & Barbuda ICAO TRIP Regional Seminar Note This is an edited version of the presentation
More informationE-Passport Validation: A practical experience
E-Passport Validation: A practical experience R Rajeshkumar International Organization for Standardization (ISO) ICAO TRIP: Making the Air Travel more Secure and Efficient TOWARDS A BETTER TRAVELLER IDENTIFICATION
More informationA Trust Infrastructure for epassports
A Trust Infrastructure for epassports Building reliable, timely and cost-effective trust links for electronic travel document verification +1-888-690-2424 entrust.com Table of contents Trust in government
More informationExperiences of w S itz w e itz rland
Joining the PKD why? Experiences of Switzerland State of Play Switzerland The first generation e passport is being issued since 4 September 2006 Name, first name Passport number Date and place of issue,
More informationHash-based Encryption Algorithm to Protect Biometric Data in e-passport
Hash-based Encryption Algorithm to Protect Biometric Data in e-passport 1 SungsooKim, 2 Hanna You, 3 Jungho Kang, 4 Moonseog Jun 1, First Author Soongsil University, Republic of Korea, indielazy@ssu.ac.kr
More informationDer elektronische Personalausweis Mehr oder weniger Sicherheit?
Der elektronische Personalausweis Mehr oder weniger Sicherheit? Lukas Grunwald DN-Systems GmbH Germany CeBIT 2010- Heise Forum 2010 Hannover The Government s Dream Multi biometric, double gates, anti-tailgating,
More informationCan eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010
Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010 Content eid Primary Functions eid Privacy Features and Security
More informationE-PASSPORT SCHEME USING AUTHENTICATION PROTOCOLS ALONG WITH FACE, FINGERPRINT, PALMPRINT AND IRIS BIOMETRICS
E-PASSPORT SCHEME USING AUTHENTICATION PROTOCOLS ALONG WITH FACE, FINGERPRINT, PALMPRINT AND IRIS BIOMETRICS 1 V.K. Narendira Kumar and 2 B. Srinivasan 1 Assistant Professor, Department of Information
More informationSecurity Mechanisms and Access Control Infrastructure for e-passports and General Purpose e-documents
Journal of Universal Computer Science, vol. 15, no. 5 (2009), 970-991 submitted: 1/8/08, accepted: 28/2/09, appeared: 1/3/09 J.UCS Security Mechanisms and Access Control Infrastructure for e-passports
More informationAn emrtd inspection system on Android. Design, implementation and evaluation
An emrtd inspection system on Android Design, implementation and evaluation Halvdan Hoem Grelland Master s Thesis Spring 2016 An emrtd inspection system on Android Halvdan Hoem Grelland 2nd May 2016 ii
More informationTECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)
International Civil Aviation Organization WORKING PAPER TAG/MRTD/22-WP/8 16/04/14 English Only TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTY-SECOND MEETING Montréal, 21
More informationSecurity Target Lite SK e-pass V1.0
Ref.: Security Target Lite SK e-pass V1.0 Table of Contents 1 INTRODUCTION... 6 1.1 ST AND ST-LITE IDENTIFICATION... 6 1.2 TOE IDENTIFICATION... 6 1.3 CC AND PP CONFORMANCE... 6 1.4 CONVENTIONS... 7 1.5
More informationSecurity Target Lite for CEITEC epassport Module CTC21001 with EAC
Security Target Lite for CEITEC epassport Module CTC21001 with EAC Version 2.0 12/Dec/2016 Document History 1.0 First version 2.0 Clarifications to section 7.1 CEITECSA 5.410.052 1 Table of contents 1
More information3D Face Project. Overview. Paul Welti. Sagem Défense Sécurité Technical coordinator. ! Background. ! Objectives. ! Workpackages
3D Face Project Paul Welti Sagem Défense Sécurité Technical coordinator Overview! Background! Objectives! Workpackages 2 1 ! Biometric epassport Biometrics and Border Control! EU-Council Regulation No
More informationOverview of cryptovision's eid Product Offering. Presentation & Demo
Presentation & Demo Benjamin Drisch, Adam Ross cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 General Requirements Government of Utopia Utopia Electronic
More informationWhitepaper: GlobalTester Prove IS
Whitepaper: GlobalTester Prove IS Testing of EAC inspection systems By HJP Consulting GmbH Introduction There have been a lot of activities in standardization to define conformity tests for e-passports.
More informationDocument reader Regula 70X4M
Document reader Regula 70X4M Full page passport reader with no moving parts inside. Automatic reading and authenticity verification of passports, IDs, visas, driver s licenses and other identification
More informationHow To Secure Electronic Passports. Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201
How To Secure Electronic Passports Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201 Other personal info on chip Other less common data fields that may be in your passport Custody
More informationPart 9: Deployment of Biometric Identification and Electronic Storage of Data in MRTDs
Doc 9303 Machine Readable Travel Documents Seventh Edition, 2015 Part 9: Deployment of Biometric Identification and Electronic Storage of Data in MRTDs Approved by and published under the authority of
More informationCommon Criteria Protection Profile
Common Criteria Protection Profile Machine-Readable Electronic Documents based on BSI TR-03110 for Official Use [MR.ED-PP] BSI-CC-PP-0087 Document history Version 1.01, May 20th, 2015 Federal Office for
More informationTECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)
International Civil Aviation Organization WORKING PAPER TAG/MRTD/22-WP/9 16/04/14 English Only TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTY-SECOND MEETING Montréal, 21
More informationXSmart e-passport V1.2
KECS-CR-11-27 XSmart e-passport V1.2 LG CNS Certification Report Certification No : KECS-ISIS-0319-2011 National Intelligence Service IT Security Certification Center Revision Number Establishment & Revision
More informationCommon Criteria Protection Profile
Common Criteria Protection Profile Machine-Readable Electronic Documents based on BSI TR-03110 for Official Use [MR.ED-PP] BSI-CC-PP-0087-V2 Version 2.0.2 Document history Version 2.0.2, April 4th, 2016
More informationSeptember OID: Public Document
THE UNITED KINGDOM S NATIONAL CERTIFICATE POLICY for Extended Access Control Infrastructure for machine readable travel documents and biometric residence permits issued and read within the UK September
More informationCONFORMITY TESTING OF EAC INSPECTION SYSTEMS
CONFORMITY TESTING OF EAC INSPECTION SYSTEMS By Dr. Michael Jahnich, Technical Director, HJP Consulting GmbH Testing the conformance of inspection systems for epassports is an ongoing and open issue. One
More informationMULTIAPP V2 PACE - SAC PUBLIC SECURITY TARGET
MultiApp v2 Pace SAC Common Criteria / ISO 15408 Security Target Public version EAL4+ Copyright Gemalto SA 2012. Page : 1/50 CONTENT 1. ST INTRODUCTION... 4 1.1 ST IDENTIFICATION... 4 1.2 ST OVERVIEW...
More informationSECURITY TARGET LITE FOR IDEAL PASS V2.0.1 EAC WITH PACE APPLICATION
SECURITY TARGET LITE FOR IDEAL PASS V2.0.1 EAC WITH PACE APPLICATION Reference: 2016_2000023040 Page: 2/141 Date Version Revision 01/12/2016 1.0 Document creation Page: 3/141 Table of contents 1.1 SECURITY
More informationLogical Data Structure (LDS) for Storage of Data in the Contactless IC Doc LDS 2 New Applications
: Logical Data Structure (LDS) for Storage of Data in the Contactless IC Doc 9303-10 LDS 2 New Applications For Publication on the ICAO Website TECHNICAL REPORT Logical Data Structure (LDS) for Storage
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Supplemental Access Control for Machine Readable Travel Documents Version 1.1 Date 15 April 2014 Published by authority of the Secretary General ISO/IEC
More informationCommon Criteria Protection Profile. Machine Readable Travel Document with ICAO Application, Extended Access Control BSI-CC-PP-0056
Common Criteria Protection Profile Machine Readable Travel Document with ICAO Application, Extended Access Control BSI-CC-PP-0056 Foreword This Protection Profile Machine Readable Travel Document with
More informationChip Authentication for E-Passports: PACE with Chip Authentication Mapping v2
v.2 Chip Authentication for s: with Chip Authentication Mapping v2 Lucjan Mirosław Wrocław University of Science and Technology, Poland ISC 2016, Honolulu Electronic Passport v.2 e-passport and ebooth:
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS ADVANCED SECURITY MECHANISMS FOR MACHINE READABLE TRAVEL DOCUMENTS EXTENDED ACCESS CONTROL (EACv1) COMPLEMENTARY TO TEST METHODS FOR MRTDs USING STATIC BINDING Version
More informationCONFORMANCE TESTING OF SECOND GENERATION E-PASSPORTS ISSUED BY THE NETHERLANDS. Authors: J.-M. Chareau, M. Van den Steen Editor: P.
CONFORMANCE TESTING OF SECOND GENERATION E-PORTS ISSUED BY THE NETHERLANDS Authors: J.-M. Chareau, M. Van den Steen Editor: P. Chawdhry The mission of the IPSC is to provide research results and to support
More informationSecurity Target. SOMA-c003 Electronic Passport EAC-SAC-AA
the security technology provider http://www.gepitalia.it http://www.security.arjowiggins.com Arjowiggins Security SAS - Gep S.p.A. via Remo De Feo, 1 80022 Arzano (NA), ITALY Security Target SOMA-c003
More informationPRIVACY ISSUES OF ELECTRONIC PASSPORTS 1. INTRODUCTION
JOURNAL OF MEDICAL INFORMATICS & TECHNOLOGIES Vol. 17/2011, ISSN 1642-6037 access control, biometrics, electronic passport, privacy, skimming, tracking Zdeněk ŘÍHA 1, Vashek MATYÁŠ 1 PRIVACY ISSUES OF
More informationAthena IDProtect Duo v5 ICAO EAC optional AA. Public Security Target
Athena IDProtect Duo v5 ICAO EAC optional AA - Athena IDProtect Duo v5 Java Card on Inside Secure AT90SC28880RCFV Microcontroller embedding ICAO applet - Public Security Target Version 2.2 January 6, 2014
More informationTransportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005
Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005 Who Am I? How do you know? 2 TWIC Program Vision A high-assurance identity credential that
More informationSPass NX V1.0 on S3CT9KW/S3CT9KC/S3CT9K9 Certification Report
KECS-CR-12-38 SPass NX V1.0 on S3CT9KW/S3CT9KC/S3CT9K9 Certification Report Certification No.: KECS-ISIS-0394-2012 2012. 6. 15 IT Security Certification Center History of Creation and Revision No. Date
More informationTowards a more secure and scalable verifying PKI of emrtd
Journal of Computer Security 22 (2014) 1025 1049 1025 DOI 10.3233/JCS-140522 IOS Press Towards a more secure and scalable verifying PKI of emrtd Nicolas Buchmann and Harald Baier da/sec Biometrics and
More informationIntroduction Morpho The Art of Identification
Introduction Morpho The Art of Identification by Adriaan Kamphorst, Sales Manager Morpho Identity Documents Safran group businesses Aerospace Defense Security Morpho strengthens Safran s positioning to
More informationInternational Civil Aviation Organization TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTIETH MEETING
International Civil Aviation Organization WORKING PAPER TAG/MRTD/20-WP/7 01/08/11 English Only TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTIETH MEETING Montréal, 7 to
More informationVisible Digital Seals for Non-Electronic Documents
Technical Report: Visible Digital Seals for Non-Electronic Documents For Publication on the ICAO Website TECHNICAL REPORT Visible Digital Seals for Non-Electronic Documents DISCLAIMER: All reasonable precautions
More informationThe European Union approach to Biometrics
The European Union approach to Biometrics gerald.santucci@cec.eu.int Head of Unit Trust & Security European Commission Directorate General Information Society The Biometric Consortium Conference 2003 1
More informationTECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)
International Civil Aviation Organization INFORMATION PAPER TAG/MRTD/20-IP/4 22/08/11 English Only TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTIETH MEETING Montréal, 7
More informationPKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures
Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment
More informationPast & Future Issues in Smartcard Industry
Past & Future Issues in Smartcard Industry Ecrypt 2 Summer School Guillaume Dabosville Oberthur Technologies Oberthur Technologies the group its divisions payment, mobile, transport and digital TV markets
More informationID-One epass V2.2 on NXP In Supplemental Access Control (SAC) configuration With AA. Public Security Target. 1 FQR Ed1
ID-One epass V2.2 on NXP In Supplemental Access Control (SAC) configuration With AA Public Security Target 1 FQR 110 6261 Ed1 Table of contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 SECURITY TARGET IDENTIFICATION...
More informationSecurity Target Lite for CEITEC epassport Module CTC21001 with BAC
Security Target Lite for CEITEC epassport Module CTC21001 with BAC Version 3.0 07/Dec/2016 Document History 1.0 Initial version 2.0 Minor corrections 3.0 Clarifications to section 7.1 CEITECSA 5.410.051
More informationEvolution of Electronic Passport Scheme using Cryptographic Protocol along with Biometrics Authentication System
I. J. Computer Network and Information Security, 2012, 2, 50-58 Published Online March 2012 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2012.02.08 Evolution of Electronic Passport Scheme using
More informationGerman eid based on Extended Access Control v2
German eid based on Extended Access Control v2 Overview of the German eid system Version 1.2 21. August 2017 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Phone: +49 22899 9582-0
More informationRequiring Digital Signatures and Certificates
DocuSign Quick Start Guide Requiring Digital Signatures and Certificates Overview If you are doing business in an industry or region of the world that demands digital signatures, you can leverage DocuSign
More informationSecurity Target Lite
Security Target Lite for the PEACOS Extended Access Control MRTD Common Criteria version 3.1 revision 3 ISO/IEC 15408 Assurance Level EAL 4+ Developer Gep S.p.A. Corso Salvatore D Amato, 90 80022 Arzano
More informationTest Report. For the participants of the SDW InterOp Final Report, secunet Security Networks AG
Test Report For the participants of the SDW InterOp 2013 Final Report, 2013.06.30 secunet Security Networks AG Copyright 2013 by secunet Security Networks AG 2 Final Report, 2013.06.30 SDW InterOp 2013
More informationCommon Criteria Protection Profile. Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP)
Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP) Version 1.0, 2nd November 2011 Foreword This Protection Profile Electronic Passport using Standard Inspection procedure
More informationAustrian State Printing House
Austrian State Printing House Who we are Austrian company, located in Vienna Founded in 1804 Modern, forward looking identity management provider egovernment Services Turn-key solution provider of full
More informationLegal Regulations and Vulnerability Analysis
Legal Regulations and Vulnerability Analysis Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) Germany Introduction of the BSI National Authority for Information
More informationVerify your customers quickly and easily wherever they are in the world
Verify your customers quickly and easily wherever they are in the world AutoDoc-ID, automated ID document checks to enhance your customer acceptance process Automated Document authentication AutoDoc-ID
More informationChipDoc P60 on JCOP 3 SECID P60 (OSA) ICAO BAC Security Target Lite
ChipDoc P60 on JCOP 3 SECID P60 (OSA) ICAO BAC Rev. 1.0 28 September 2017 Final Document information Info Keywords Abstract Content Common Criteria,, ChipDoc P60 on JCOP 3 SECID P60 (OSA) ICAO BAC of ChipDoc
More informationSECURITY TARGET LITE FOR MICAO ON IDEALCITIZ TM OS 2.1 BAC CONFIGURATION
SECURITY TARGET LITE FOR Reference: 2016_2000022972 Page: 2/113 Date Version Revision 06/12/2016 1.0 Final version Page: 3/113 Table of contents 1.1 ST LITE IDENTIFICATION... 7 1.2 TOE REFERENCE... 7 1.3
More informationSecurity Target Bundesdruckerei Document Application
Security Target Bundesdruckerei Document Application Bundesdruckerei GmbH Author: Bundesdruckerei GmbH Version: 3.7 Date: 11.12.2012 Abstract This document is the Security Target (ST) for the Common Criteria
More informationThe Match On Card Technology
Precise Biometrics White Paper The Match On Card Technology Magnus Pettersson Precise Biometrics AB, Dag Hammarskjölds väg 2, SE 224 67 Lund, Sweden 22nd August 2001 Abstract To make biometric verification
More informationJTC 1 SC 37 Biometrics International Standards
JTC 1 SC 37 Biometrics International Standards Dr. Stephen Elliott Biometrics Standards, Performance, and Assurance Laboratory Purdue University www.bspalabs.org Overview Market Opportunities for Biometric
More informationepass ICAO essential ST lite EAC RSA FQR No: FQR Issue: 1
epass ICAO essential ST lite EAC RSA FQR No: 110 7563 FQR Issue: 1 Legal Notice OT. All rights reserved. Specifications and information are subject to change without notice. The products described in this
More informationManaging Certificates
CHAPTER 12 The Cisco Identity Services Engine (Cisco ISE) relies on public key infrastructure (PKI) to provide secure communication for the following: Client and server authentication for Transport Layer
More informationMachine Readable Travel Documents
Machine Readable Travel Documents GUIDANCE DOCUMENT PKI for Machine Readable Travel Documents Version -1.0 Date - 22 June, 2011 Pg. 1 of 24 Table of Contents 1 Introduction... 5 2 Structure of the document...
More informationUsing the Estonian Electronic Identity Card for Authentication to a Machine
Using the Estonian Electronic Identity Card for Authentication to a Machine Danielle Morgan 1 Arnis Parsovs 2,3 1 Tallinn University of Technology, Tallinn, Estonia 2 Software Technology and Applications
More informationThis is an HTML working draft that led to an article publication. A reference to this work should always be done using the following citation:
This is an HTML working draft that led to an article publication. A reference to this work should always be done using the following citation: Dimitrios Lekkas and Dimitrios Zissis, "Leveraging the e-passport
More informationAuthentication Technologies
Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys), something
More informationAthena IDPass ICAO BAC. Security Target Lite
Athena IDPass ICAO BAC - Athena IDProtect/OS755 Java Card on STMicroelectronics ST23YR48/80 Microcontroller embedding IDPass applet Security Target Lite Version 3.1 September 6, 2012 Contents 1. ST INTRODUCTION...
More informationImplementation of Inspection System for Biometric Passports based on ICAO Specifications
Implementation of Inspection System for Biometric Passports based on ICAO Specifications Technical Report February 11, 2009 Responsible Luis Terán Tamayo Prof. Andrzej Drygajlo Assistant: Dr. Jonas Richiardi
More informationcryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH
cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 cryptovision cryptovision Gelsenkirchen
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 18013-3 Second edition 2017-04 Information technology Personal identification ISO-compliant driving licence Part 3: Access control, authentication and integrity validation
More informationTest plan for eid and esign compliant smart card readers with integrated EACv2
Technical Guideline BSI TR-03105 Part 5.2 Test plan for eid and esign compliant smart card readers with integrated EACv2 Version: 2.0 Date: 2015-05-22 Bundesamt für Sicherheit in der Informationstechnik
More informationSecurity Target lite. Machine Readable Travel Document with ICAO Application, Basic Access Control MTCOS Pro 2.1 BAC/ST23YR80
Security Target lite Machine Readable Travel Document with ICAO Application, Basic Access Control MTCOS Pro 2.1 BAC/ST23YR80 MASKTECH INTERNATIONAL GMBH Document number: BSI-DSZ-CC-0671, ST lite, Version
More informationID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents
ID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents 3 Your Personal Identity: Unique, Secure, Multifaceted Every person has individual characteristics by which
More informationInteragency Advisory Board Meeting Agenda, February 2, 2009
Interagency Advisory Board Meeting Agenda, February 2, 2009 1. Opening Remarks (Tim Baldridge, NASA) 2. Mini Tutorial on NIST SP 800-116 AND PIV use in Physical Access Control Systems (Bill MacGregor,
More informationBSI TR Part 1.1 A framework for Official Electronic ID Document conformity tests
BSI TR-03105 Part 1.1 A framework for Official Electronic ID Document conformity tests Version 1.04.1 14.11.2008 CONTENTS 1 INTRODUCTION... 4 2 DEFINITIONS AND REFERENCES... 4 2.1 Definitions... 4 2.2
More information