Electronic passport expansion access control system and authentication method based on identification cipher technology

Abstract

The invention discloses an identification cryptographic technique-based electronic passport extended access control system and an identification cryptographic technique-based authentication method. The authentication method comprises the following steps that: a key service centre provides a key service; a passport verification center makes an application for sensitive biological characteristic information-reading authority, the key service center issues an authorization smart card to perform authorization, and the passport verification center distributes the authorization smart card to a verification terminal controlled thereby; and a passport issuing center applies the key service center for an authentication key and a public parameter for authentication and writes the authentication keyand the public parameter into passport smart card of an electronic passport. During passport verification, the authorization smart card and the passport smart card implement an identification cryptographic algorithm-based authentication protocol to judge if the verification terminal has the authority to read sensitive biological characteristic data. The system and the method avoid loopholes in authentication trust transmission in a European proposal, save the establishment of a complicate PKI system, and allow for low system construction cost. Compared with Singaporean EAC, the method provides flexible authorization for a certifying organization, and can still authorize the certifying organization after the issue of a passport.

Description

Electronic passport extended access control system and authentication method based on identification and encryption technology technical field The invention belongs to the field of anti-counterfeiting of electronic certificates, and specifically designs an implementation system and authentication method based on identification and encryption technology for the extended access control mechanism of electronic passports. Background technique In 2003, the International Civil Aviation Organization (ICAO) in Montreal adopted a globally harmonized plan to integrate biometric information into electronic passports. In order to ensure the security of electronic passports, ICAO has designed four security mechanisms for it, among which Extended Access Control (EAC) is designed to further protect the sensitive biometric information stored in passports. The fingerprint and iris data of the cardholder are considered sensitive biometric data, and ICAO regards them as optional biometric da...

AI Technical Summary

Problems solved by technology

The two main problems to be solved in the extended access control are: how to efficiently authorize the passport verification terminal to read sensitive information (that is, to design a reasonable authorization mechanism); when verifying the passport, how to judge whether the passport verification terminal has the right to read sensitive biometric information ( That is, designing a secure authentication protocol)

When performing extended access control verification, the verification terminal is required to provide a certificate chain. The chip needs to use its limited computing resources to verify the authenticity and validity of the certificate chain, and the verification work is heavy.

2) Certificate distribution and management are complicated, and the cost of system construction is high

Certificate management will be more complex over time

3) Its authorized chain of trust is unreliable

That is, when the issuing country CVCA issues a DVCA certificate to the passport verification agency DV, it cannot effectively control which verification terminals the DV authorizes to, and the DV may authorize verification terminals that the CVCA does not trust.

This is the biggest flaw of the EU EAC scheme

Images