Protection Profile List

Protection Profile for ePassport IC
with SAC (BAC + PACE) and Active Authentication

Ministry of Foreign Affairs, Japan
Last Updated 2022-07-15
Protection Profile Name :
Protection Profile for ePassport IC
with SAC (BAC + PACE) and Active Authentication
Version of PP :
Technology Type :
ICs for e-passports
Certification No. :
Date :
Version of Common Criteria:
3.1 release4
Conformance Claim :
EAL4 Augmented with ALC_DVS.2
PP Identifier :
Procurement Entity :


Description of PP

This PP specifies the security requirements compliant with the guideline defined by the ICAO for an ePassport IC, which will be filed in a passport booklet.
The ePassport IC (including the necessary software) consisting of IC chip hardware, basic software (OS) and an application program is defined as the TOE in this PP. The TOE in this PP, ePassport IC including the necessary software, will be embedded in a plastic sheet to be a part of passport booklet.

The TOE provides the functions to protect the stored data in the TOE from illegal read access and write access, and BAC (Basic Access Control) function, PACE (Password Authenticated Connection Establishment) function, and Active Authentication function, which are specified by ICAO Doc 9303 Part 11. As PACE will become the standard replacing the usage of BAC in the future, the TOE provides the function to disable the BAC control function in order to terminate the procedure of BAC after the certain time period. The TOE provides the protection functions against the attack via contactless interface of TOE and physical attack.


PP security functionality

The PP requests a TOE to have following security features:

- Basic Access Control function
- Password Authenticated Connection Establishment function
- Active Authentication function
- BAC termination
- Write protection
- Delivery protection
- Tamper resistance