secunet was commissioned by the German Federal Office for Information Security with the extension of the control infrastructure for electronic identity documents.
Border control applications like the “ePass-Client” or the e-Gate solution “EasyPASS” at Frankfurt airport read and check electronic data from e-passports. In order for border officials to read the data stored on the new ID card, a cryptographic keys infrastructure has to be set up and the applications adapted.
The digitally stored data in the latest e-passports and in the new German ID card is protected against unauthorized access by Extended Access Control. One of security protocol’s requirements is that ID scanners prove they have the authorization to read out the electronic travel document. For this Terminal Authentication protocol the scanner must have certificates and the corresponding cryptographic keys. To manage the keys and certificates an Extended Access Control Public Key Infrastructure will be set up.
The order from the German Federal Office for Information Security covers the implementation of components for the Extended Access Control PKI – the Terminal Control Center. This is used to perform cryptographic functions and key management for the connected ID scanners.
Within the framework of the order, Terminal Authentication will be added to the border control applications “ePass-Client” and “EasyPASS,” which are already in use and will also be connected to the Terminal Control Center.
The first installations are expected to go live this summer in a pilot by the German Federal Police. secunet already developed the ePass-Client application in cooperation which is used throughout Germany.
secunet also delivered the central components for the semi-automated EasyPASS border control at Frankfurt airport and was responsible for project implementation as general contractor of the BSI. Once the extension has been implemented, travelers will be able to pass through the e-gate solution with the e-passport as well as with the new ID card in the future.