Secunet has been commissioned by the German Federal Office for Information Security (BSI) with the extension of the control infrastructure for electronic identity documents. Up to date border control applications like the “ePass-Client” or the e-Gate solution “EasyPASS” at Frankfurt airport read and check electronic data from e-passports. So that border officials can read all the data stored digitally on the new ID card, an infrastructure for cryptographic keys has to be set up and the applications have to be adapted.
The digitally stored data in the latest e-passports and in the new ID card is protected against unauthorized access by Extended Access Control (EAC). One of EAC’s requirements is that ID scanners prove they have the authorization to read out the electronic travel document. For this so-called Terminal Authentication protocol (TA), the scanner must have certificates and the corresponding cryptographic keys. To manage the keys and certificates an EAC Public Key Infrastructure (EAC PKI) will be set up.
The order of the German Federal Office for Information Security (BSI) covers the implementation of a decisive component of the EAC PKI – the Terminal Control Center (TCC). This is used to centrally perform cryptographical functions and key management for the connected ID scanners.
Within the framework of the order, TA will be added to the border control applications “ePass-Client” and “EasyPASS”, which are already successfully in use and will also be connected to the TCC. The first installations are expected to go live this summer in a pilot project by the German Federal Police.
Secunet already developed the ePass-Client application in cooperation with the BSI, which is used throughout Germany. secunet also delivered the central components for the semi-automated EasyPASS border control at Frankfurt airport and was responsible for project implementation as general contractor of the BSI. Once the extension has been implemented, travellers will be able to pass through the e-gate solution with the e-passport as well as with the new ID card in the future.