pki trust root concepts acp working group – i april 2009
TRANSCRIPT
![Page 1: PKI Trust Root Concepts ACP Working Group – I April 2009](https://reader036.vdocuments.us/reader036/viewer/2022082701/55154a5c55034673228b61f9/html5/thumbnails/1.jpg)
PKI Trust Root Concepts
ACP Working Group – I
April 2009
![Page 2: PKI Trust Root Concepts ACP Working Group – I April 2009](https://reader036.vdocuments.us/reader036/viewer/2022082701/55154a5c55034673228b61f9/html5/thumbnails/2.jpg)
Root Concepts
• The "global trust root" concept for the NextGEN that has been developed from piece parts of several groups and that it has been conceptually validated with PKI industry leaders.
• The concept is to create three unique individually signed digital components as follows that taken together should provide an internationally acceptable authentication and identification for the next generation of global air traffic management systems.
![Page 3: PKI Trust Root Concepts ACP Working Group – I April 2009](https://reader036.vdocuments.us/reader036/viewer/2022082701/55154a5c55034673228b61f9/html5/thumbnails/3.jpg)
Trust Root Construction
1. Aircraft manufacturer creates the aircraft digital identity similar to that proposed in the “Aircraft Digital Identity” paper and signs the "aircraft digital identity" modules as conceptually presented in the Airbus ARTIST presentation.
![Page 4: PKI Trust Root Concepts ACP Working Group – I April 2009](https://reader036.vdocuments.us/reader036/viewer/2022082701/55154a5c55034673228b61f9/html5/thumbnails/4.jpg)
Trust Root Construction
2. ICAO assign the aircraft it's 24 bit ID (maybe its ATN DNS name) and its network addresses then digitally signs across the ADI and the manufacturer signature and their own designators.
![Page 5: PKI Trust Root Concepts ACP Working Group – I April 2009](https://reader036.vdocuments.us/reader036/viewer/2022082701/55154a5c55034673228b61f9/html5/thumbnails/5.jpg)
Trust Root Construction
3 The airline assigns the aircraft it tail numbers and other designators (maybe DNS names) then digitally signs across manufacturers ADI and signature and the ICAO's designators and signatures and its own designators.
This completes the construction of the three part trust root. To compromise the aircraft’s digital identity, the three digital signatures from completely independent entities must all be comprised simultaneously.
![Page 6: PKI Trust Root Concepts ACP Working Group – I April 2009](https://reader036.vdocuments.us/reader036/viewer/2022082701/55154a5c55034673228b61f9/html5/thumbnails/6.jpg)
Trust Root Use
The airline then applies to the various NSPs through whose airspace they will operate the aircraft.
The NSPs could then accept the aircraft “trust root” as it exists or may individually sign across all the above identities and designators as the final step.
If each NSP requires their signature on the aircraft, it then ends up with the aircraft carrying a “digital key ring" of certificates with one for each NSP in whose airspace they will operate.
![Page 7: PKI Trust Root Concepts ACP Working Group – I April 2009](https://reader036.vdocuments.us/reader036/viewer/2022082701/55154a5c55034673228b61f9/html5/thumbnails/7.jpg)
Airline/Operator Digital Signature
Airline/Operator Aircraft Designations
ICAO Digital Signature
ICAO Aircraft Designators
Manufacturer’s Signature
Root Construction
Aircraft Digital ID