NXP Semiconductors announced that Germany and Switzerland are shipping supplemental access control electronic passports based on its SmartMX2 family of secure microcontrollers.
The two European countries are among the first to have rolled-out supplemental access control ePassports ahead of the European Union mandate requiring all new ePassports to be SAC compliant by the end of 2014. Built on NXP’s IntegralSecurity architecture, SmartMX2 products have achieved Common Criteria Evaluation Assurance Level 6+ certification.
Supplemental access control is an evolution of basic access control to future-proof security in travel documents. It is similar in function to basic access control and ensures that the contactless chip cannot be read without physical access to the travel document and that the data exchange between the chip and the reading device is encrypted.
The new standard is based on Password Authenticated Connection Establishment. During the authentication phase, it implements asymmetric cryptography whereas basic access control uses symmetric cryptography. In addition, during the authentication phase, data encryption is based on a shared key between the reader and the chip. This contrasts to basic access control, which generates a key based on the data in Machine Readable Zone. The latest spec aims to enhance data confidentiality and make eavesdropping impossible.
Passports typically have a lifespan of many years and as such the security needed to authenticate and safeguard identities must have longevity. The International Civil Aviation Organization introduced Supplemental access control in the third generation of ePassports to provide additional layers of security on top of those already deployed in the first two ePassport generations.