Update of RF and Protocol Testing Part 4 V2.10 online

Introduction

Simultaneously with Part 3, the ICAO released also version 2.10 of the test specification ‘RF and Protocol Testing Part 4‘ to test the interoperability of inspection systems (IS) in context of eMRTD. While the Technical Advisory Group (TAG) of ICAO endorsed the update on the ICAO website, from now on the test specification can be referenced officially. Finally in version 2.10 of the test specification there are some significant modifications compared with the previous version 1.01 released in 2013:

  • Support of protocol PACE-CAM:
    • New test suite ISO7816_G to test Chip Authentication,ICAO Logo
    • New default configuration including Chip Authentication,
    • Updated implementation conformance statement (ICS) to specify IS supporting PACE-CAM,
    • Updated list of abbreviations,
  • Tests for LDS 1.8,
  • Updated references concerning Doc9303 7th edition,
  • Added Advanced Inspection Procedure (AIP),
  • Additionally, there are some clarifications and minor editorial changes.

Furthermore you can find a more detailed list of changes and modifications in version 2.10 to test interoperability of inspection systems.

New test cases in Version 2.10 Update

Basically the new test cases are testing the protocol PACE-CAM or make use of the new LDS 1.8 data structure where the LDS version number is stored in EF.SOD (additionally to EF.COM).

  • ISO7816_C_29: PACE-CAM with missing tag 8Ah but correct ECAD
  • ISO7816_C_30: PACE-CAM with incorrectly encoded ECAD (no octet string)
  • ISO7816_C_31: PACE-CAM with wrong ECAD
  • ISO7816_C_32: PACE-CAM with wrong tag 8Ah (use 8Bh) but correct ECAD
  • ISO7816_C_33: PACE-CAM with correct tag 8Ah but missing ECAD
  • ISO7816_C_34: PACE-CAM with Passive Authentication
  • ISO7816_C_35: Return additional tag 8Ah during PACE-GM
  • ISO7816_C_36: Use DG14 without SecurityInfo during PACE-CAM
  • ISO7816_C_37: Use EF.CardSecurity with wrong ChipAuthenticationPublicKey during PACE-CAM
  • ISO7816_C_38: Use EF.CardSecurity without ChipAuthenticationPublicKeyInfo during PACE-CAM
  • ISO7816_C_39: Check supported standardized Domain Parameters with Chip Authentication Mapping
  • ISO7816_G_01: Chip Authentication with DH
  • ISO7816_G_02: Chip Authentication with ECDH
  • ISO7816_G_03: DG14 with one key reference
  • ISO7816_G_04: DG14 with two key references
  • ISO7816_G_05: DG14 with three key references
  • ISO7816_G_06: DG14 with invalid key reference
  • ISO7816_G_07: DG14 with corrupted DH public key
  • ISO7816_G_08: DG14 with corrupted ECDH public key
  • ISO7816_G_09: Use old session keys after Chip Authentication
  • ISO7816_G_10: Verify lifetime of ephemeral keys
  • ISO7816_G_11: DG14 with invalid DH public key specification
  • ISO7816_G_12: DG14 with invalid ECDH public key specification
  • ISO7816_G_13: ChipAuthenticationPublicKeyInfo: key reference does not match key reference in ChipAuthenticationInfo
  • ISO7816_G_14: Chip Authentication with Extended Length
  • ISO7816_G_15: Use various status words for invalid key reference
  • LDS_A_10: EF.COM with LDS version 1.8
  • LDS_D_35: EF.SOD with LDS Version 1.8
  • LDS_D_36: Security Object with LDS Version 1.8 but Version wrong number
  • LDS_D_37: Security Object with LDS Version 1.7 but Version number 1
  • LDS_D_38: EF.SOD with future LDS Version 1.9

Modified test cases in Version 2.10 Update

Due to the new document structure of version 2.10, it’s difficult to detect all modifications. Therefore please be aware that the list of modified test cases may not be complete and there might be more changes compared to previous version 1.01.

  • ISO7816_C_04: Added new OID for PACE-CAM in table corresponding to test case
  • ISO7816_D_07: Test case deleted

With the release of this test specification, version 2.10 is relevant for certification. So from now on, your inspection system must fulfill these conformity tests to achieve a certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *