This posting describes the current relation between test specifications and the protocols used in context of ePassports (eMRTD) and eID cards including their associated readers (terminals) and inspection systems.
This mapping reflects the current(!) status quo of protocols and their test specifications. All these specifications are in intensive editing at present.
Mapping between protocols and test specifications
The following image represents the mapping between protocols and the corresponding test specifications:
You can see all protocols used currently in context of ePassports and eID cards in the rows and in the columns you can find specifications focusing on testing these protocols. For example you can find the test cases for Active Authentcation in the specification ICAO TR Protocol Testing Part 3 for chips and in BSI TR-03105 Part 5.1 for inspection systems.
As soon as there are updates available I will present here in this blog the new structure of these test specifications, including new protocols like Pseudonymous Signatures (PS), Chip Authentication Version 3 (CAv3) or Enhanced Role Authentication (ERA).
Abbreviation of protocols referred here
BAC: Basic Access Control
AA: Active Authentication
PACE: Password Authenticated Connection Establishment
SAC: Supplemental Access Control
CA: Chip Authentication
TA: Terminal Authentication
EAC: Extended Access Control
RI: Restricted Identification
eSign: electronic Signature
Test Specifications referred here
|TR-03105 3.1||BSI Test plan for eMRTD Application Protocol and Logical Data Structure|
|TR-03105 3.2||BSI Test plan for eMRTDs with EACv1|
|TR-03105 3.3||BSI Test plan for eID-Cards with Advanced Security Mechanisms EAC 2.0|
|TR-03105 3.4||BSI Test plan for eID-cards with eSign-application acc. to BSI TR-03117|
|TR – RF and Protocol Testing Part 3||ICAO TR – RF and Protocol Testing Part 3|
|TR-03105 5.1||BSI Test plan for ICAO compliant Inspection Systems with EAC|
|TR-03105 5.2||BSI Test plan for eID and eSign compliant eCard reader systems with EACv2|
Once again, you can find some discussions concerning this posting at LinkedIn.
i would like to say thank you for the blog. it is very useful and they can find lot information. I would like to ask you one question, do you know if there is a test standard part that covers the Chip authentication Mapping feature?
Thank you agian
Dear Marco, thanks for your compliments. Currently, there a some test cases specified for PACE-CAM. These test cases will be release in the next version of ICAO TR – RF and Protocol Testing Part 3.