New Conformity Tests for electronic Idenity Documents based on BSI-TR 3105 and ICAO
The German Federal Office for Information Security (BSI) has published a new version of the test specification TR-3105 Part 3 for conformity testing of eID documents.
The new version of the test specification includes changes for the conformance tests of the security protocols used in eMRTD and eID cards, which are specified in BSI TR-3105 Part 3.2 (EACv1) and Part 3.3. (EACv2). The Extended Access Control mechanism was developed to secure the sensitive biometric data stored in the chip of electronic identity documents. The further development of security mechanisms is important in order to sustainably prevent attacks and unauthorized access to the data in the chip. In addition to the security aspect, the data must be checked efficiently, for example in border control or eGovernment applications.
In this context, the new test specification BSI TR-3105 Part 3.2 contains a new test suite for the data group EF.ATR/INFO. Recommended by the ICAO, EF.ATR/INFO provides the ability to determine chip-specific buffers for datasets. This allows terminals to read the chip contents more efficiently. The test suites for chip authentication were moved to the ICAO test specification for eMRTD part 3. In part 3.3 of BSI TR-3105, the new chip features for eID cards (eIDAS tokens, for example) were implemented.
These include new test suites for the security mechanism Chip Authentication Version 3 (CAv3), for the command COMPARE and the ENVELOPE/GET RESPONSE mechanism. This mechanism is an alternative for terminals (or readers) that do not support "extended length" (primarily smartphones).
For an overview of the detailed changes in the test specifications, we recommend the blog entry of our eID expert Holger Funke. In addition to the technical changes, the test specifications contain maintenance updates (such as updated document references).
secunet GlobalTester already supports all changes of the TR-3105 Part 3 and the ICAO Test Specification for eMRTD Part 3.
The new open source version of secunet GlobalTester is available free of charge on our GlobalTester microsite. If you are interested in our test suites to perform conformity tests of your eID products, please contact us.