National operating system for passports

The computer program “NOS” is installed on the integrated chip (information medium) of the electronic document and provides the interaction of devices for reading and checking the data document with the data contained on the integrated chip.

The computer program”NOS”  allows to produce the following types of documents with an integrated scheme: an internal passport of a citizen (ID-card), biometric passport for traveling abroad, certificates and references (temporary and permanent stay in the country, crew members, sailors, etc.) .

The computer program “NOS” provides Access Control to the data on an electronic medium of information and includes:

  • passive authentication – determination of the fact whether the data on the electronic media is authentic (signed by the authorized body and have not been changed);
  • active authentication – determination of the fact that the data is read from the authentic information carrier (the integral chip has not been replaced);
  • Basic Access Control (BAS) – the formation of an encrypted communication channel using a pair of session keys, which prevents interception of data during the exchange of messages;
  • Extended Access Control (EAC) – Restricting access to specific data requiring additional protection (biometric data, etc.) in accordance with BSI TR-03110-1 Advanced Security Mechanism for Machine Readable Travel Documents.

During data transmission, the computer program “NOS” provides support for cryptographic algorithms, in particular:

  • algorithms of symmetric cryptography (DES, 3DES, AES with key length up to 256 bits);
  • algorithms of asymmetric cryptography (RSA with key length up to 2048 bits, ECC with key length up to 521 bits);
  • cryptographic algorithms that meet the state standards of Ukraine: the formation and verification of electronic digital signature by the algorithms defined by DSTU 4145-2002, in the polynomial basis with the degree of field 163 using primitive polynomials according to table 1 of DSTU 4145-2002, the base points according to section 7 DSTU 4145-2002 and the corresponding elliptic curves specified in Annex D to DSTU 4145-2002 (with the calculation of the hex function in accordance with GOST 34.311-95).

The computer program NOS meets the requirements of Common Methodology for IT Security Evaluation (CEM) Version 3.1, Common Criteria for IT Security Evaluation (CC) Version 3.1 and is compatible with the Machine Readable Travel Document with “ICAO Application”, Extended Access Control with PACE (EAC PP), Version 1.3.2, December 5, 2012, BSI-CC-PP-0056-V2-2012-MA-02 and Machine Readable Travel Document with “ICAO Application” Basic Access Control, Version 1.10, March 25, 2009, BSI-CC-PP-0055-2009. Assurance level of assessment: EAL 4, supplemented by ALC_DVS.2, ATE_DPT.2 and AVA_VAN.5.

The certificates of compliance  and additional information are available on the official website of the Federal Office for Information Security (BSI) via the following links: