Giesecke & Devrient (G&D) is the first manufacturer in the world to offer a certified solution for the new security functions in electronic passports as well as residence permits and ID cards on the basis of the protection profile as newly defined by Germany’s Federal Office for Information Security (BSI).
The BSI has accordingly granted the Munich-based company a security certificate. What’s new in this protection profile is that passports, too, are covered by the PACE (Password Authenticated Connection Establishment) protocol. Countries belonging to the EU are obliged to use PACE in electronic passports and residence permits from December 2014.
Germany’s Federal Office for Information Security (BSI) has granted G&D’s new STARCOS 3.5 smart card operating system a security certificate under the Common Criteria Protection Profile (BSI-CC-PP-0056-V2-2012) for machine-readable travel documents with Extended Access Control and PACE.
“The PACE procedure ensures that a highly secure connection is established between the contactless chip in the identification document and the reader. Data is encrypted before being exchanged, making it impossible for hackers to read the data communication or decrypt it later,” explains Dr. Hermann Sterzinger, head of Giesecke & Devrient’s Government division.
The PACE security mechanism is already used in the new German national ID card, for which G&D is also supplying a certified solution (under the ID card protection profile BSI-CC-PP-0061-2009) with the STARCOS 3.5 operating system.
With this new smart card operating system, G&D is already offering its customers a security-certified solution to bring their electronic documents up to date with the latest technology and afford them effective protection against fraud.
It is planned that, in the future, the new security protocol will not only be used in official documents within EU countries but worldwide. The International Civil Aviation Organization (ICAO) recommends that all countries should change their biometric passports over to the PACE access mechanism by December 2014, replacing the Basic Access Control (BAC) protocol.