The KRIPTEX® Secure Smart Card Reader (KEC) is a terminal device of the Republic of Turkey Electronic Identity Verification System (EKDS) which is compliant with the issued standards of the Turkish Standards Institution (TSE) and protected with the CC EAL4+ Protection Profile. It provides online services over electronic media to verify that the Republic of Turkey Electronic Identity Card (TCKK) is issued by the authorized institution, and the card belongs to the real cardholder.
The Target of Evaluation (TOE) which mentioned in Common Criteria (CC) Protection Profile document is the Secure Smartcard Reader Application Firmware running on KEC Device. As the application firmware of the KEC, the TOE performs identity verification of Service Requester and Service Attendee according to EKDS, securely communicating with the other system components and as a result of the identity verification, produces an Identity Verification Assertion (IVA) signed by the Secure Access Module (SAM) inside the KEC. The root certificates used for the identification & authentication purposes are also covered by the TOE.
SAM is the security module of KEC which is developed to verify TCKK card in electronic applications and authenticate the owner of that card. In other words, SAM implements the cryptographic functions of KEC. By means of SAM, it becomes possible to access data fields such as the biometric data of the card owner, and to execute read/write operations on these fields.
Besides, the use of certificates and keys embedded in SAM enables a secure communication with TCKK Card. Concisely, SAM is the module which provides the secure use of KEC and consequently enables the secure authentication of identity information in electronic environment. With the help of the SAM included in the device, KEC can get access to the data fields such as the personal message and biometric data of the cardholder, which cannot be accessed with the standard card reader.
KEC displays the photograph of the cardholder within the card on its colored graphic display. This feature is one step of the identity authentication and requires confirmation of the photograph by the operator at the registration unit. KEC, with the touch screen based keyboard on it, provides the users to enter their PIN in a secure way. After the secure messaging session is established with the card, the device can read the personal message inside the card, belonging to the citizen and display it on its screen. This is a proof for the users that the operation is performed by using an authorized device. The device is tamper-proof and its application software has CC EAL4+ (ALC_DVS.2) security level certificate.
Security Features
The security features provide authentication using following methods,
Method-03 | |
---|---|
Method-04 | |
Method-05 | |
Method-06 | |
Method-08 | |
Method-09 | |
Method-10 | |
Method-11 |
Turkish Standards Documents related to Secure Card Access Devices for Electronic Identity Cards
SECURITY TARGET REFERENCE
TITLE Security Target of Kriptex Application Firmware v1.0 for SSR Type-I, SSR Type-II with or without SAS, SSR Type-III |
VERSION 1.0.7 |
DATE 23 August 2019, Friday |
AUTHOR Kriptex Bilişim ve Bilgi Güvenliği Teknolojileri Tic. Ltd. Şti. |
TOE REFERENCE
NAME Kriptex Application Firmware for SSR Type-I, SSR Type-II with or without SAS, SSR Type-III |
VERSION 1.0 |
DEVELOPER Kriptex Bilişim ve Bilgi Güvenliği Teknolojileri Tic. Ltd. Şti. |
CC CONFORMANCE Common Criteria for Information Technology Security Evaluation, Version 3.1 (Revision 5) |
PP CONFORMANCE Protection Profile for Application Firmware of Secure Smartcard Reader (SSR) for Electronic Identity Verification System, SSR_PP_2.8 |
ASSURANCE LEVEL EAL4+ with ALC_DVS.2 Augmentation |
COMMON CRITERIA TESTING LABORATORY
TEST CENTER Beam Teknoloji A.Ş., Ankara |
ACCREDITATION ISO IEC 17025 – Accredited Security Evaluation Center / AB-0914-T ISO/IEC 15408 – Evaluation Criteria for Information Technology Security |
STATUS certification in process |
certification in process