Utimaco Hardware Security Module facilitates secure border controls in the Netherlands

• Key component: In the infrastructure for an automated border control system of electronic passports, Utimaco’s CryptoServer acts as the root of trust

• Sophisticated: Hardware Security Modules (HSM) are used in terminal authentication, enforcing multi-level access to biometric data, and supporting all the necessary algorithms for ICAO compliance

• Continued: The successful cooperation with the Dutch Ministry of Justice and Security reaches a new stage

Aachen, June 11, 2018 – Utimaco, manufacturer of Hardware Security Module (HSM) technology, equips the automated ePassport control system in the Netherlands with CryptoServers. These HSMs are used for terminal authentication. While examining the electronic ID card the HSM verifies in multiple stages whether the terminal in question has the right to access sensitive personal data such as fingerprints. The protection of personal data and privacy are top priorities within the infrastructure set up by the Dutch Judicial Information Service.

“We have been using Utimaco HSMs for more than fifteen years now. Since the start, they have run continuously at a high-performance level, despite the fact that we’ve extended the requirements,” says Jeen de Swart, Senior Information Architect at the Judicial Information Service run by the Dutch Ministry of Justice and Security.

Requirement profile for an automated control of electronic ID documents

More specifically, the Judicial Information Service was faced with the challenge of introducing an automatic border control system, which passengers with an electronic passport (ePassport) can use in transit traffic, at airports and at seaports. The system is designed to process the registration and verification of electronic passports safely and quickly, thereby shortening the waiting time for passengers. In addition, the focus is on complying with the guidelines developed by the International Civil Aviation Organization (ICAO). The ICAO regulates, among other things, the handling of machine-readable travel documents, which include the ePassport. This electronic passport contains a chip with biometric data and the unique digital signature of the issuing country. When checking an ePassport at an international border, the chip is verified with the issuing country’s certification authority.

The root of trust in the verification infrastructure

The Dutch verification infrastructure for ePassports therefore places high demands on HSMs. Finally, data throughput, performance and high availability as well as the high quality of the Utimaco CryptoServer convinced the Dutch Ministry to choose this product line. “We’ve been using some of the modules in the context of this project for seven years now, and they are reliable and fully comply with the requirements,” says Jeen de Swart, the architecture and development manager of ePassport automatic control.

The reliability of the HSM from Utimaco is reflected, among other things, in the fact that the devices are used worldwide in many countries. “Our CryptoServer acts as root of trust in the verification infrastructure, supporting all the algorithms needed to establish ICAO compliance. In addition, the HSM used creates a high-security environment that can be used for other IT applications,” says Malte Pollmann, CEO of Utimaco, about the outcome of the joint project.

“So far, we’ve had very good experiences working with Utimaco. This fact, their expertise in the area of ICAO, as well as their comprehensive support of the required algorithms, were the decisive factors for choosing to collaborate with them for this project,” says Cor de Jonge, manager of the PKI department of the Judicial Information Service as part of the Ministry of Justice and Security in the Netherlands.

Background info: The principle of multi-level access to biometric data in the ePassport

The deployed infrastructure ensures the authenticity and integrity of the data and provides authorities with the basis to control electronic identifications such as the e-passport – via active and passive authentication of the chip data. Basic Access Control (BAC) and Supplemental Access Control (SAC) both are deployed on a standard basis, as well as Password Authenticated Connection Establishment (PACE) ID standards and the combination with Extended Access Control (EAC). This results in a multi-stage verification of an ePass: BAC / SAC actively authenticate whether the data on the chip is genuine and unadulterated. Passive authentication checks the digital signature, for which EAC builds a “security tunnel” between the reading terminal and the chip. EAC therefore has to ensure that only authorized terminals access and read the chip data. Utimaco’s HSM technology, the CryptoServer, provides the root of trust within the protocols that are responsible for reading personal data, such as fingerprints.