- Protection Profile Name :
-
Protection Profile for ePassport IC
with SAC (BAC + PACE) and Active Authentication
- Version of PP :
- 1.00
- Technology Type:
- ICs for e-passports
- Certification No. :
- C0500
- Date :
- 2016-03-22
- Version of Common Criteria:
- 3.1 release4
- Conformance Claim :
- EAL4 Augmented with ALC_DVS.2
- PP Identifier :
- None
- Procurement Entity :
- -
- Sponsor :
- Ministry of Foreign Affairs, Japan
-
- POC :
- MAEDA Satoshi
- Division :
- Passport Division, Consular Affairs Bureau
- Phone :
- +81-3-3580-3311
- E-mail :
-
- Evaluation Facility :
- ECSEC Laboratory Inc. Evaluation Center
- Certification/Validation Report :
(333 KB)(2017-02-24)
- CC Certificate Image :
(406 KB)(2017-02-02)
- Protection Profile :
(317 KB)(2017-02-24)
PRODUCT DESCRIPTION
Description of PP
This PP specifies the security requirements compliant with the guideline defined by the ICAO for an ePassport IC, which will be filed in a passport booklet.
The ePassport IC (including the necessary software) consisting of IC chip hardware, basic software (OS) and an application program is defined as the TOE in this PP. The TOE in this PP, ePassport IC including the necessary software, will be embedded in a plastic sheet to be a part of passport booklet.
The TOE provides the functions to protect the stored data in the TOE from illegal read access and write access, and BAC (Basic Access Control) function, PACE (Password Authenticated Connection Establishment) function, and Active Authentication function, which are specified by ICAO Doc 9303 Part 11. As PACE will become the standard replacing the usage of BAC in the future, the TOE provides the function to disable the BAC control function in order to terminate the procedure of BAC after the certain time period. The TOE provides the protection functions against the attack via contactless interface of TOE and physical attack.
PP security functionality
The PP requests a TOE to have following security features:
- Basic Access Control function
- Password Authenticated Connection Establishment function
- Active Authentication function
- BAC termination
- Write protection
- Delivery protection
- Tamper resistance