Munich-based Giesecke & Devrient GmbH has received a security certificate from Germany’s Federal Office for Information Security (BSI) for its STARCOS 3.5 smart card operating system.
The smart card OS covers new security functions in e-passports, residence permits and ID cards. The security certificate falls under the BSI Common Criteria Protection Profile (BSI-CC-PP-0056-V2-2012) for machine-readable travel document with Extended Access Control and PACE.
In the PACE procedure, the contactless chip in the card establishes a secure connection with the reader, and data is encrypted before it’s sent. This thwarts attacks from hackers who try to read or decrypt the information.
This security protocol will also be used in conjunction with official EU documents, and eventually worldwide, replacing the current Basic Access Control protocol. The International Civil Aviation Organization recommends that countries transition to the PACE protocol by December 2014.