icao mrtd and emrtd standards and specifications · icao mrtd and emrtd standards and...

ICAO MRTD and eMRTD Standards and Specifications

Tom Kinneging Senior expert standardization, Morpho, Netherlands

Convenor ISO/IEC JTC1 SC17 WG3

ICAO‐ISO collaborationISO/IEC ICAO

JTC1

SC37 SC17

WG8 WG4 WG3

TF5TF4TF3TF2TF1

Council

ATC

TAG-MRTD

NTWG ICBWG

ISO/IEC 7501ICAO Doc 9303

• Part 1 - Machine Readable Passports, Sixth edition - 2006• Part 2 - Machine Readable Visas, Third edition - 2005• Part 3 - Machine Readable Official Travel Documents,

Third edition - 2008

Doc 9303

• Introduction• References and definitions• Security of design, manufacture and issuance

o Security standardso Machine assisted document security verificationo Prevention of fraud associated with the issuance process

• Technical specifications of MRPso Physical charasteristicso Layouts and zoneso Data structureso Representations of States, Nationalities, Dateso Three letter codeso Transliterationso Guidelines for portraits

Doc 9303 Part 1Machine Readable Passports

Doc 9303 Part 1• Data Page

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VI - Optional data elements on back of data pageo Zone VII - Machine Readable Zone (2x 44 characters)

Doc 9303 Part 1• Data Page

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VI - Optional data elements on back of data pageo Zone VII - Machine Readable Zone

Doc 9303 Part 1• Data Page

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VI - Optional data elements on back of data pageo Zone VII - Machine Readable Zone

Doc 9303 Part 1• Data Page

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VI - Optional data elements on back of data pageo Zone VII - Machine Readable Zone

Doc 9303 Part 1• Data Page

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VI - Optional data elements on back of data pageo Zone VII - Machine Readable Zone

Doc 9303 Part 1• Data Page

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VI - Optional data elements on back of data pageo Zone VII - Machine Readable Zone

• Introduction• Technical specifications for Machine Readable Visas• Technical specifications common to all MRVs

o Physical charasteristicso Security aspectso Layouts and zoneso Representations of States, Nationalities, Dateso Machine reading requirementso Three letter codeso Transliterations

• Technical specifications for format-A MRVs• Technical specifications for format-B MRVs

Doc 9303 Part 2Machine Readable Visas

Doc 9303 Part 2• MRV-A

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VII - Machine Readable Zone (2x 44 characters)

Doc 9303 Part 2• MRV-B

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VII - Machine Readable Zone (2x 36 characters)

74 +/- 1 mm

105 +/- 1 mm

• Introduction• References and definitions• Security of design, manufacture and issuance

o Security of the MRtd and its personalizationo Machine assisted document security verificationo Prevention of fraud associated with the issuance process

• Technical specifications common to both Size 1 and Size 2o Physical charasteristicso General layouts and zoneso Representations of States, Nationalities, Dateso Three letter codeso Transliterationso Guidelines for portraits

• Technical specifications unique to Size 1o Dimensionso Data structures

• Technical specifications unique to Size 2o Dimensionso Data structures

Doc 9303 Part 3Machine Readable Official Travel Documents

Doc 9303 Part 3• Size 1

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VI - Optional data elementso Zone VII - Machine Readable Zone (3x 30 characters)

Doc 9303 Part 3• Size 2

o Zone I - Headero Zone II - Personal data elementso Zone III - Document data elementso Zone IV - Signatureo Zone V - Identification featureo Zone VI - Optional data elementso Zone VII - Machine Readable Zone (2x 36 characters)

74 +/- 1 mm

105 +/- 1 mm

Doc 9303 Part 1/3, Volume 2• Physical document

o Data Pageo Personal and Document data elementso MRZo Physical security features

• Electronic documento RFID chipo Personal and Document data elementso MRZo Electronic security features

Electronically enabled MRTDs

Doc 9303 Part 1/3, Volume 2• RFID chip

o High capacityo Independent of location in documento Capable of performing cryptographic operationso Existing standards (ISO/IEC)

• Biometrics - Faceo Least cultural obstructionso Everybody has ito Capture at a distanceo Interoperable (image)o Also usable without biometric verification

Doc 9303 Part 1/3, Volume 2• Logical data Structure (LDS)

o Data Group 01 - Machine Readable Zoneo Data Group 02 - Encoded faceo Data Group 03 - Encoded fingerso Data Group 04 - Encoded Iriseso Data Group 05 - Displayed portraito Data Group 06 - Reserved for future useo Data Group 07 - Displayed signature or usual marko Data Group 08 - Data featureso Data Group 09 - Structure featureso Data Group 10 - Substance featureso Data Group 11 - Additional personal detailso Data Group 12 - Additional document featureso Data Group 13 - Optional detailso Data Group 14 - Security options for secondary biometricso Data Group 15 - Active Authentication public key infoo Data Group 16 - Persons to notify

Doc 9303 Part 1/3, Volume 2• Electronic security

o Basic Access Controlo Passive Authenticationo Active Authenticationo Public Key Infrastructure

• You can’t read a closed booko Hand over willinglyo Open passport book

• Skimmingo Unauthorized contacting and reading

• Eavesdroppingo On existing communications

Basic Access ControlPrivacy protection

???

• Machine Readable Zoneo Document Numbero Date of Birtho Date of Expiry

• Anti Skimmingo Access to the chip

• Anti Eavesdroppingo Encrypted communications

Basic Access ControlPrivacy protection

• Digital Signatureo Cryptographic operationo Calculated over LDS Data Groups contentso Stored on the MRTDs chipo Verifiable at inspection

• Private / Public key pairo Private Key for signingo Public Key for verification

Passive AuthenticationIntegrity and Authenticity

• Digital Signatureo Private Key in chip’s secure memoryo Public Key in LDS Data Group 15

Active AuthenticationAnti copying

12345

@!#^&

Passive Authentication√

√

• Digital Signatureo Private Key for signingo Public Key for verification

• Private Key safe keepingo Confidentialityo HSM

• Public Key distributiono Trusto Authenticityo Integrityo Public Key Certificate

Public Key Infrastructurefor Passive Authentication

• Document Signer• DS certificate

o Trusto Many documentso Short lifetimeo Automated distribution

• Document Signer• Country Signing Certification Authority

o Not so many Document Signerso Longer lifetimeo CSCA certificateo Manual (bilateral) distributiono Trust

DS

DS

CSCA

CSCA

CSCA

CSCA cert.

DS cert.

Public Key InfrastructureCertificates

• CSCA Master Listo State-to-State serviceo Automated distribution

State WState X

State Y

State ZX

Y

Z

Sign_W

W

State A

Z

Sign_Z

W

A

Public Key InfrastructureCertificates

• Master List Signer• Master List Signer certificate

o Signed by CSCAo Automated distribution

DS

DS

CSCA

CSCA

CSCAMLS

CSCA

MLS cert.

CSCA cert.

DS cert.

ML

Public Key InfrastructureCertificates

• Private Key compromisedo Trust in certificates damagedo Trust in ePasports damaged?

• Inform relying parties• Certificate Revocation List (CRL)

o Signedo Revoked certificateso … or Nullo Automated distribution

Public Key InfrastructureRevocation

• Document Signer certificateso ePassport chipo PKD

• Country Signing CA certificateso Bilateralo CSCA Master List

• CSCA Master Listso PKD

• Certificate Revocation List (CRL)o Bilateralo PKD

Public Key InfrastructureDistribution

• The PKD is a Central Repositoryo Upload and download facilitieso Document Signer Certificateso CSCA Master Listso Certificate Revocation Listso Doc 9303 compliancy reference and validation service

• The PKD is noto A Certification Authorityo An inspection systemo Replacing border control systems and policieso Preventing illegal entry

Public Key InfrastructureICAO Public Key Directory (PKD)

• Part 1 - Machine Readable Passports, Sixth edition - 2006o Volume 1 - Passports with Machine Readable data stored in OCR formato Volume 2 - Electronically enabled Passports with Biometric Identification Capability

• Part 2 - Machine Readable Visas, Third edition - 2005• Part 3 - Machine Readable Official Travel Documents,

Third edition - 2008o Volume 1 - MRtds with Machine Readable data stored in OCR formato Volume 2 - Electronically enabled MRtds with Biometric Identification Capability

The Doc 9303 standard

http://www.icao.int/security/mrtd/pages/default.aspx

THANK YOU