kriptex

KRIPTEX®
SECURE SMARTCARD READER

Kart Erişim Cihazı (KEC)

The KRIPTEX® Secure Smart Card Reader (KEC) is a terminal device of the Republic of Turkey Electronic Identity Verification System (EKDS) which is compliant with the issued standards of the Turkish Standards Institution (TSE) and protected with the CC EAL4+ Protection Profile. It provides online services over electronic media to verify that the Republic of Turkey Electronic Identity Card (TCKK) is issued by the authorized institution, and the card belongs to the real cardholder.

The Target of Evaluation (TOE) which mentioned in Common Criteria (CC) Protection Profile document is the Secure Smartcard Reader Application Firmware running on KEC Device. As the application firmware of the KEC, the TOE performs identity verification of Service Requester and Service Attendee according to EKDS, securely communicating with the other system components and as a result of the identity verification, produces an Identity Verification Assertion (IVA) signed by the Secure Access Module (SAM) inside the KEC. The root certificates used for the identification & authentication purposes are also covered by the TOE.

SAM is the security module of KEC which is developed to verify TCKK card in electronic applications and authenticate the owner of that card. In other words, SAM implements the cryptographic functions of KEC. By means of SAM, it becomes possible to access data fields such as the biometric data of the card owner, and to execute read/write operations on these fields.

Besides, the use of certificates and keys embedded in SAM enables a secure communication with TCKK Card. Concisely, SAM is the module which provides the secure use of KEC and consequently enables the secure authentication of identity information in electronic environment. With the help of the SAM included in the device, KEC can get access to the data fields such as the personal message and biometric data of the cardholder, which cannot be accessed with the standard card reader.

KEC displays the photograph of the cardholder within the card on its colored graphic display. This feature is one step of the identity authentication and requires confirmation of the photograph by the operator at the registration unit. KEC, with the touch screen based keyboard on it, provides the users to enter their PIN in a secure way. After the secure messaging session is established with the card, the device can read the personal message inside the card, belonging to the citizen and display it on its screen. This is a proof for the users that the operation is performed by using an authorized device. The device is tamper-proof and its application software has CC EAL4+ (ALC_DVS.2) security level certificate.

Security Features

The security features provide authentication using following methods,

Method-03 Y3
Method-04 Y4
Method-05 Y5
Method-06 Y6
Method-08 Y8
Method-09 Y9
Method-10 Y10
Method-11 Y11

Abbreviations


Turkish Standards Documents related to Secure Card Access Devices for Electronic Identity Cards

TSE



MULTI-FACTOR IDENTITY VERIFICATION

KEC Factor1
KEC Factor4
KEC Factor2
KEC Factor3
KEC Factor4




TRUSTED IDENTITY VERIFICATION

Crypto Module
Generates a random password sequence for cryptographic operations
CM
Tamper Protection
Provides safety against unauthorized opening of device hardware
TPM
Secure Boot
Prevents manipulation of any software
SB
KEC R803
RTC
Real Time Clock
Continuous operation even when the device is powered off
PM
Personal Message
Allows detection of unauthorized or manipulated devices
SAM
Secure Access Module
Maintains logon and whole of the transaction security


Kriptex KEC Front
Kriptex KEC Back
Kriptex KEC Lower Front
Kriptex KEC Lower Front
Kriptex KEC Right
Kriptex KEC Left
Kriptex KEC Lower Front






COMMON CRITERIA TEST DETAILS

Kriptex KEC Front

SECURITY TARGET REFERENCE

TITLE
Security Target of Kriptex Application Firmware v1.0 for SSR Type-I, SSR Type-II with or without SAS, SSR Type-III
VERSION
1.0.7
DATE
23 August 2019, Friday
AUTHOR
Kriptex Bilişim ve Bilgi Güvenliği Teknolojileri Tic. Ltd. Şti.

TOE REFERENCE

NAME
Kriptex Application Firmware for SSR Type-I, SSR Type-II with or without SAS, SSR Type-III
VERSION
1.0
DEVELOPER
Kriptex Bilişim ve Bilgi Güvenliği Teknolojileri Tic. Ltd. Şti.
CC CONFORMANCE
Common Criteria for Information Technology Security Evaluation, Version 3.1 (Revision 5)
PP CONFORMANCE
Protection Profile for Application Firmware of Secure Smartcard Reader (SSR) for Electronic Identity Verification System, SSR_PP_2.8
ASSURANCE LEVEL
EAL4+ with ALC_DVS.2 Augmentation
KRIPTEX KEC TOE
Beam Logo

COMMON CRITERIA TESTING LABORATORY

TEST CENTER
Beam Teknoloji A.Ş., Ankara
ACCREDITATION
ISO IEC 17025 – Accredited Security Evaluation Center / AB-0914-T
ISO/IEC 15408 – Evaluation Criteria for Information Technology Security
STATUS
certification in process

CCEAL4+

certification in process