Gemalto is supplying the Citizenship and Migration Board of Estonian Republic with its complete
ePassport solution for the Estonian electronic passport.
Under the terms of the contract, Gemalto provides the Estonian authorities with a turnkey solution, from manufacturing and binding of passport booklets to the implementation of the personalization system in the premises of the Citizenship and Migration Board, part of the Interior Ministry.
Gemalto is manufacturing the travel documents based on its Sealys ePassport, including a powerful microprocessor for
biometric identification. First deliveries started in early 2007.
Gemalto is also providing the Estonian authorities with
Coesys Issuance solution, configured for central issuance in the premises of the Citizenship and Migration Board and for color photo printing by inkjet technique.
Furthermore, Gemalto provides its
Coesys Enrolment solution including software and equipment for capturing and digitizing the data, picture and signature.
Supplemental Access Control (SAC) for Estonia
Today, the Estonian ePassport integrates the SAC protocol as a European Union country member.
This new set of security features is an evolution of BAC (Basic Access Control) aimed at ensuring future-proof security in electronic travel documents. It is similar in function to BAC and ensures that the contactless chip
cannot be read without physical access to the travel document and that the data
exchange between the chip and the reading device
Due to its simplicity, BAC turned out to be a very successful protocol and it is now used in almost every ePassport. Unfortunately, BAC’s level of security is limited by the protocol’s symmetric (secret key) cryptography design and there is no straightforward way to strengthen it.
SAC offers dramatic advantages over first-generation techniques and is taking advantage of the past 30 years of public key research and analysis with the use of elliptic curve cryptography.
It is based on Password Authenticated Connection Establishment (PACE v2). During the authentication phase, it implements asymmetric cryptography and bases data encryption on a shared key between the reading device and the chip. Data confidentiality is thus enhanced and
eavesdropping becomes impossible.
Read the Press Release [PDF - 46kb]