AKIS GEZGİN e-DRIVER LICENSE Application

-A +A

AKiS GEZGiN e-driving licence application is compatible with ISO/IEC 18013 standards (both ISO/IEC 18013-3:2009 and ISO/IEC 18013-3:2017)1. Basic Access Protection (BAP) ensures that only authorized terminals can read information from e-driving licences whereas Active Authentication prevents cloning. In addition, Extended Access Protection (EAP) mechanism (ISO/IEC 18013-3:2009 compatibility) protects all data groups (DG1 to DG24) and Extended Access Control (EAC) mechanism (ISO/IEC 18013-3:2017 compatibility) protects data groups containing biometric data (DG3 and DG4) from unauthorized access. EAP/EAC ensures that only authorized terminals can access these data groups. There exist at most 24 data groups (DG1 to DG24) in e-Driving Licence application among which the data group DG1 that contains licence holder’s demographic data as well as vehicle category and restrictions is mandatory; the others are optional.

FEATURES
▪ ISO/IEC 18013 LDS
▪ Basic Access Protection (BAP)
▪ Active Authentication (AA)
    - RSA (up to 2048 bits): SHA-1, SHA-256, SHA-384, SHA-512
    - ECC (up to 521 bits): SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
▪ Extended Access Protection (EAP)
    - ISO/IEC 18013-3:2009
    - RSA (up to 3072 bits): SHA-1, SHA-256, SHA-512
    - ECC (up to 521 bits): SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
▪ Extended Access Control (EAC)
    - ISO/IEC 18013-3:2017
    - EAC v1
    - RSA (up to 3072 bits): SHA-1, SHA-256, SHA-512
    - ECC (up to 521 bits): SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
▪ Contactless Communication
    - ISO/IEC 14443-3, 4 Type-A
    - Baud rate: 424/848 kbps
▪ Secure Messaging
    - DES3
    - AES-128, AES-192, AES-256
▪ Support for multiple chips2
    - Infineon SLE78CLFX3000P (88K EEPROM)
    - Infineon SLE78CLFX4000P (192K EEPROM)
    - NXP P71D320P (80K EEPROM)
▪ Compliance with standards
    - ISO/IEC 18013-3
    - ISO/IEC 14443-3, 4
    - ISO/IEC 7816-4, 8, 9
    - BSI TR-03110(EAC için)
    - BSI TR 03111

BASIC ACCESS PROTECTION (BAP)
Basic Access Protection (BAP) is a mechanism used in e-driving licences to prevent chip skimming and eavesdropping on the communication between e-driving licences and the terminals by encrypting the transmitted information. BAP ensures that only authorized terminals can read information from e-driving licences: before any data can be read, the terminal needs to prove that it has physical access to e-driving licence by using a session key derived from the MRZ (Machine Readable Zone) / SAI (Scanning Area Identifier).

EXTENDED ACCESS PROTECTION (EAP)
EAP is a mechanism that allows to check the authenticity of both e-driving licenses and the terminals: Chip Authentication (EAP – CA) updates secure messaging session keys with stronger session keys whereas Terminal Authentication (EAP – TA) uses role-based CVC certificates to control access to all data groups: only the authorized terminals can access these data groups.

EXTENDED ACCESS CONTROL (EAC)
EAC is a mechanism that allows to check the authenticity of both e-driving licenses and the terminals: Chip Authentication (EAC – CA) updates secure messaging session keys with stronger session keys whereas Terminal Authentication (EAC – TA) uses role-based CVC certificates to control access to optional data groups containing signature and biometric data: only the authorized terminals can access these data groups.

ACTIVE AUTHENTICATION (AA)
Active Authentication prevents cloning of the chip.

1 Although AKiS GEZGiN supports both ISO/IEC 18013-3:2009 and ISO/IEC 18013-3:2017 standards, AKiS GEZGiN cards can be ersonalized to support either ISO/IEC 18013-3:2009 or ISO/IEC 18013-3:2017.
2 Chips are certified for CC EAL 6+.