The Target of Evaluation (TOE) is the contactless integrated circuit chip of machine readable travel documents (MRTD’s chip) programmed according to the Logical Data Structure (LDS) and providing the Basic Access Control, the Active Authentication and the Extended Access Control according to ‘ICAO Doc 9303’ [ICAO-01] and BSI TR-03110 [TR-03], respectively.
The TOE comprises of:
- the circuitry of the MRTD’s chip (the integrated circuit, IC NXP Secure SmartCard Controllers P5CD081V1A)
- the IC Dedicated Software with the parts IC Dedicated Test Software and ICDedicated Support Software,
- the IC Embedded Software (operating system Kona102 ePassport version1.1.2),
- the MRTD application and
- the associated guidance documentation.
The logical MRTD is protected in authenticity and integrity by a digital signature created by the document signer acting for the issuing State or Organization and the
security features of the MRTD’s chip.
The ICAO defines the baseline security methods Passive Authentication and the optional advanced security methods Basic Access Control to the logical MRTD, Active Authentication of the MRTD’s chip, Extended Access Control to and the Data Encryption of additional sensitive biometrics as optional security measure in the ‘ICAO Doc 9303’ [ICAO]. The Passive Authentication Mechanism and the Data Encryption are performed completely and independently on the TOE by the TOE environment.
The TOE covered by this Certification Report addresses the protection of the logical MRTD
(i) in integrity by write-only-once access control and by physical means, and
(ii) in confidentiality by the Extended Access Control Mechanism.
The TOE also addresses Active Authentication as stated in [ICAO-03].
The confidentiality by Basic Access Control is a mandatory security feature that shall be implemented by the TOE, too. Nevertheless this is not explicitly covered by this Certification Report as there are known weaknesses in the quality (i.e. entropy) of the BAC keys generated by the environment. Due to the fact that [PPBAC] does only consider extended basic attack potential to the Basic Access Control Mechanism (i.e. AVA_VAN.3) the MRTD has to be evaluated and certified separately.
The TOE is conformant with the Protection Profile, BSI-CC-PP-0056, Common Criteria Protection Profile Machine Readable Travel Document with ICAO Application, Extended Access Control, version 1.10 [PP-EAC].