BACHandler

internal final class BACHandler

The BACHandler class acts as a handler for Basic Access Control (BAC), which allows access to the contactless Integrated Circuit (IC) of an eMRTD by implementing a Chip Access Control mechanism.

BAC is a cryptographic protocol that enables the inspection system to prove its authorization to access the contactless IC using information derived from the physical document, such as the Machine Readable Zone (MRZ) information.

The BAC mechanism is purely based on symmetric cryptography and provides protection against skimming, misuse and eavesdropping during communication between the eMRTD and the inspection system.

Protocol Specification

Authentication and Key Establishment is provided by a three-pass challenge-response protocol according to ISO/IEC 11770-2 Key Establishment Mechanism 6 using 3DES [FIPS 46-3] as block cipher. A cryptographic checksum according to ISO/IEC 9797-1 MAC Algorithm 3 is calculated over and appended to the ciphertexts. Exchanged nonces MUST be of size 8 bytes, exchanged keying material MUST be of size 16 bytes. The IFD (i.e. the inspection system) and the contactless IC MUST NOT use distinguishing identifiers as nonces.

Cryptographic Specifications

• Encryption of Challenge and Response: Two-key 3DES in CBC mode with zero IV is used for computation of EIFD and EIC. Padding for the input data must not be used when performing the EXTERNAL AUTHENTICATE command.

• Authentication of Challenge and Response: Cryptographic checksums MIFD and MIC are calculated using ISO/IEC 9797-1 MAC Algorithm 3 with block cipher DES and zero IV, following ISO/IEC 9797-1 padding method 2. The MAC length is 8 bytes.