Protection Profile List

Protection Profile for ePassport IC
with SAC (BAC + PACE) and Active Authentication
1.00

Ministry of Foreign Affairs, Japan
Last Updated 2017-02-24
Protection Profile Name :
Protection Profile for ePassport IC
with SAC (BAC + PACE) and Active Authentication
Version of PP :
1.00
Technology Type :
ICs for e-passports
Certification No. :
C0500
Date :
2016-03-22
Version of Common Criteria:
3.1 release4
Conformance Claim :
EAL4 Augmented with ALC_DVS.2
PP Identifier :
None
Procurement Entity :
-

PRODUCT DESCRIPTION

Description of PP

This PP specifies the security requirements compliant with the guideline defined by the ICAO for an ePassport IC, which will be filed in a passport booklet.
The ePassport IC (including the necessary software) consisting of IC chip hardware, basic software (OS) and an application program is defined as the TOE in this PP. The TOE in this PP, ePassport IC including the necessary software, will be embedded in a plastic sheet to be a part of passport booklet.

The TOE provides the functions to protect the stored data in the TOE from illegal read access and write access, and BAC (Basic Access Control) function, PACE (Password Authenticated Connection Establishment) function, and Active Authentication function, which are specified by ICAO Doc 9303 Part 11. As PACE will become the standard replacing the usage of BAC in the future, the TOE provides the function to disable the BAC control function in order to terminate the procedure of BAC after the certain time period. The TOE provides the protection functions against the attack via contactless interface of TOE and physical attack.

 

PP security functionality

The PP requests a TOE to have following security features:

- Basic Access Control function
- Password Authenticated Connection Establishment function
- Active Authentication function
- BAC termination
- Write protection
- Delivery protection
- Tamper resistance

 

Security functional requirements

PP requires the following security functional requirements:

Security audit Non-repudiation of origin/receipt Cryptographic functionality Access control
Data authentication Export data protection Information flow control Import data protection
Internal transfer data protection Residual information protection Rollback Stored data integrity
Transfer data confidentiality Transfer data integrity Identification and authentication Security management
Privacy Control Security functionality protection Resource utilisation management TOE access control
Trusted path/channels Random number generation