Protection Profile for ePassport IC
with SAC (BAC + PACE) and Active Authentication
2.10

Protection Profile Name :

Protection Profile for ePassport IC
with SAC (BAC + PACE) and Active Authentication

Version of PP :

2.10

Technology Type :

ePassport IC

Certification Identification :

JISEC-C0738

Date :

2022-02-21

Version of Common Criteria:

3.1 release5

Conformance Claim :

EAL4 Augmented with ALC_DVS.2

PP Identifier :

None

Procurement Entity :

-

Sponsor :

Ministry of Foreign Affairs, Japan

 

POC :

MAEDA Satoshi

Division :

Passport Division, Consular Affairs Bureau

Phone :

+81-3-3580-3311

E-mail :

Evaluation Facility :

ECSEC Laboratory Inc. Evaluation Center

PRODUCT DESCRIPTION

Description of PP

This PP specifies the security requirements compliant with the guideline defined by the ICAO for ePassport IC, which is interfiled in a passport booklet.
ePassport IC (including necessary software) consisting of IC chip hardware, basic software (OS) and an application program is defined as the TOE in this PP. ePassport IC is embedded with the antenna to constitute a portion of a passport booklet.

The TOE provides the functions to protect the stored data in the TOE from unauthorized read and write access, and BAC (Basic Access Control) function, PACE (Password Authenticated Connection Establishment) function, and Active Authentication support function, which are defined by Part 11 of ICAO Doc 9303. As PACE will become the standard replacing the usage of BAC in the future, the TOE provides the function to disable the BAC function in order to terminate the procedure of BAC after the certain time period. The TOE provides the protection functions against the attack via contactless interface of TOE and physical attack

 

PP security functionality

The PP requests a TOE to have following security features:

-	BAC function
-	PACE function
-	Active Authentication support function
-	Disabling function of BAC function
-	Write protection function
-	Protection function in transport
-	Tamper resistance