Part 11 to Doc 9303 provides specifications to enable States and suppliers to implement cryptographic security features for electronic machine readable travel documents (“eMRTDs”) offering contactless integrated circuit (IC) access. Cryptographic protocols are specified to:

• prevent skimming of data from the contactless IC;

• prevent eavesdropping on the communication between contactless IC and reader;

• provide authentication of the data stored on the contactless IC based on the Public Key Infrastructure (PKI) described in Part 12; and

• provide authentication of the contactless IC itself.

The Eighth Edition of Doc 9303 incorporates the specifications for the optional Travel Records, Visa Records, and Additional Biometrics applications (known as LDS2 applications) as an optional extension of the eMRTD. This part of Doc 9303 includes the necessary extended access control protocols to protect writing and reading of the data of the respective LDS2 applications. These access control protocols may also be used for the protection of the secondary biometrics in the eMRTD Application.

The authentication of the data stored on the contactless IC is the basic security feature to enable the use of the IC for manual and/or automated inspection. This feature is therefore REQUIRED.

Implementation of a protocol to prevent skimming of the data stored on the contactless IC and to prevent eavesdropping on the communication between IC and terminal is REQUIRED.

Implementation of the other protocols is OPTIONAL, allowing the issuing State or organization to decide on the necessary set of security features according to national regulations/demands.

This part shall be read in conjunction with the following Parts of Doc 9303:

• Part 1 — Introduction;

• Part 10 — Logical Data Structure (LDS) for Storage of Biometrics and Other Data in the Contactless Integrated Circuit (IC); and

• Part 12 — Public Key Infrastructure for MRTDs.