Utimaco Hardware Security Module facilitates secure border controls in the Netherlands

Aachen, June 11, 2018 – Utimaco, manufacturer of Hardware Security Module (HSM) technology, equips the automated ePassport control system in the Netherlands with CryptoServers. These HSMs are used for terminal authentication. While examining the electronic ID card the HSM verifies in multiple stages whether the terminal in question has the right to access sensitive personal data such as fingerprints. The protection of personal data and privacy are top priorities within the infrastructure set up by the Dutch Judicial Information Service.

“We have been using Utimaco HSMs for more than fifteen years now. Since the start, they have run continuously at a high-performance level, despite the fact that we’ve extended the requirements,” says Jeen de Swart, Senior Information Architect at the Judicial Information Service run by the Dutch Ministry of Justice and Security.

Requirement profile for an automated control of electronic ID documents

More specifically, the Judicial Information Service was faced with the challenge of introducing an automatic border control system, which passengers with an electronic passport (ePassport) can use in transit traffic, at airports and at seaports. The system is designed to process the registration and verification of electronic passports safely and quickly, thereby shortening the waiting time for passengers. In addition, the focus is on complying with the guidelines developed by the International Civil Aviation Organization (ICAO). The ICAO regulates, among other things, the handling of machine-readable travel documents, which include the ePassport. This electronic passport contains a chip with biometric data and the unique digital signature of the issuing country. When checking an ePassport at an international border, the chip is verified with the issuing country’s certification authority.

The root of trust in the verification infrastructure

The Dutch verification infrastructure for ePassports therefore places high demands on HSMs. Finally, data throughput, performance and high availability as well as the high quality of the Utimaco CryptoServer convinced the Dutch Ministry to choose this product line. “We’ve been using some of the modules in the context of this project for seven years now, and they are reliable and fully comply with the requirements,” says Jeen de Swart, the architecture and development manager of ePassport automatic control.

The reliability of the HSM from Utimaco is reflected, among other things, in the fact that the devices are used worldwide in many countries. “Our CryptoServer acts as root of trust in the verification infrastructure, supporting all the algorithms needed to establish ICAO compliance. In addition, the HSM used creates a high-security environment that can be used for other IT applications,” says Malte Pollmann, CEO of Utimaco, about the outcome of the joint project.

“So far, we’ve had very good experiences working with Utimaco. This fact, their expertise in the area of ICAO, as well as their comprehensive support of the required algorithms, were the decisive factors for choosing to collaborate with them for this project,” says Cor de Jonge, manager of the PKI department of the Judicial Information Service as part of the Ministry of Justice and Security in the Netherlands.

For more information on how Utimaco HSMs can help governments and government agencies, click here.

Background info: The principle of multi-level access to biometric data in the ePassport

The deployed infrastructure ensures the authenticity and integrity of the data and provides authorities with the basis to control electronic identifications such as the e-passport – via active and passive authentication of the chip data. Basic Access Control (BAC) and Supplemental Access Control (SAC) both are deployed on a standard basis, as well as Password Authenticated Connection Establishment (PACE) ID standards and the combination with Extended Access Control (EAC). This results in a multi-stage verification of an ePass: BAC / SAC actively authenticate whether the data on the chip is genuine and unadulterated. Passive authentication checks the digital signature, for which EAC builds a “security tunnel” between the reading terminal and the chip. EAC therefore has to ensure that only authorized terminals access and read the chip data. Utimaco’s HSM technology, the CryptoServer, provides the root of trust within the protocols that are responsible for reading personal data, such as fingerprints.

The Utimaco CryptoServer implements the secure authentication of the reading terminals in the Dutch ePass control system and ensures ICAO compliance.

Malte Pollmann, CEO Utimaco

About the Judicial Information Service in the Dutch Ministry of Justice and Security

The Judicial Information Service is a Dutch governmental organization concerned with providing correct and reliable information about the identity of a person. The Judicial Information Service does not only serve as a trustworthy source of information, but also contributes to the creation of systems and information chains which can identify persons or documents. The Judicial Information Service initiated the creation of a system that verifies official documents by means of the chips on eDocuments and fingerprints on eDocuments (also known as the Extended Access Control (EAC)). The appropriate infrastructure is an essential asset to officers in the field to verify the integrity and authenticity of these chips and fingerprints. This infrastructure is exclusively to be controlled by a trusted government source and needs to be fully compliant to (international) ICAO and EU standards to cover all issued documents.

About Utimaco

Utimaco is a leading manufacturer of Hardware Security Modules (HSMs) that provide the Root of Trust to many industries, from financial services and payment to the automotive industry, cloud services and the public sector. We keep cryptographic keys and digital identities safe protecting your critical digital infrastructures and high value data assets. Our products enable innovation and support the creation of new business by helping to secure critical business data and transactions.

Founded in 1983, today Utimaco HSMs are deployed across more than 80 countries in more than 1,000 installations. Utimaco employs a total of 200 people, with sales offices in Germany, the US, the UK and Singapore. For more information, visit https://hsm.utimaco.com/.

Follow us: LinkedIn, Twitter, YouTube.