white paper - security document news · white paper trustedide-passport2015 1 – enrolment in this...

www.opentrust.com

white paperE-passport overview

Dan Butnaru - Trusted Identity Product Line Manager

2White paper TrustedID_e-passport_2015 © OpenTrust. All rights reserved.

contents1 Objective 4

2 intrOductiOn 4

3 the challenge 5

3.1 Secure Travel Document’s Objectives ................................................................................................................................. 5

4 the electrOnic PassPOrt 6

4.1 Proven Technology .......................................................................................................................................................... 6

4.2 An International Standard ................................................................................................................................................. 7

4.3 A World Wide Success Story ............................................................................................................................................ 7

4.4 One document – Several projects ..................................................................................................................................... 8

5 security sOlutiOns 9

5.1 Introduction .................................................................................................................................................................... 9

5.2 Production ..................................................................................................................................................................... 9

5.3 Inspection .................................................................................................................................................................... 10

5.3.1 Verification of Document Authenticity .......................................................................................................................... 10

5.3.2 Verification of Traveller Identity ................................................................................................................................... 11

5.4 Interoperability for International Information Exchange ......................................................................................................... 12

5.4.1 ICAO Public Key Directory (PKD) ............................................................................................................................... 12

5.4.2 Single Point of Contact (SPOC) ................................................................................................................................. 13

5.5 FutureTrends ................................................................................................................................................................ 14

5.5.1 LDS 2.0 ................................................................................................................................................................ 14

5.5.2 Automated Border Control ........................................................................................................................................ 14

5.5.3 Evidence of Identification .......................................................................................................................................... 15

6 dePlOyment scenariOs 15

6.1 Phase 1 - Production System ......................................................................................................................................... 16

6.2 Phase 2 - EAC-Ready Approach ..................................................................................................................................... 16

6.3 Phase 3 - Fully Operational Inspection Infrastructure ........................................................................................................... 17

6.4 Phase 4 - Platforms for International Information Exchange.................................................................................................. 18

7 cOnclusiOn 19

8 acrOnyms 21

9 references 22

abOut the authOr 23


figures

Figure 1 The MRTD ......................................................................................................................................7

Figure 2 Scheme of an e-Passport .................................................................................................................8

Figure 3 ICAO Statistics .................................................................................................................................9

Figure 4 e-Passport Projects Phases ............................................................................................................10

Figure 5 e-Passport Production System ........................................................................................................11

Figure 6 e-Passport Passive Authentication ...................................................................................................12

Figure 7 EAC PKI for Terminal Authentication .................................................................................................13

Figure 8 ICAO PKD Use Case .....................................................................................................................14

Figure 9 SPOC Use Case ...........................................................................................................................15

Figure 10 PKI for Production ........................................................................................................................17

Figure 11 PKI for Production (incl. EAC) ........................................................................................................18

Figure 12 EAC PKI for Inspection .................................................................................................................18

Figure 13 PKD System ..............................................................................................................................19


1 Objective

This whitepaper’s objective is to describe step by step all phases of e-Passport projects, from secure production to secure verification

of document’s and traveler’s identity.

A particular focus is given to interoperability schemes as we are evolving in a context which is driven by international standards

As summary, recommendations are given, in terms of technogly, deployment best practices and future evolutions, based on return

of experience from projects in-the-field.

2 intrOductiOn

Travel Documents have undergone a significant transformation since more than a decade, particularily pushed by September 11th

events.

The paper based document which aims to prove that the holder is the person he claims to be, has been constantly improved and more

and more security features have been added along with the exposure to new counterfeiting attacks.

The International Civil Aviation Organization (ICAO), a sub group of the International Air Transport Association (IATA), has specified a

smart card chip based electronic, machine readable travel document, which aims to guarantee the authenticity of such an electronic

document, aka the electronic passport.

Besides the pure proof that the issued passport in genuine, meaning issued by the official authority, border control has also to verify

the identity of the passport holder.

This has been typically performed by comparing the photo with the face of the traveler.

As fraud is extensively based on wrong pictures, look-alike people, and good quality photos are often not the case, the only reliable

verification of identity is to compare securely chip memory stored biometrics with captured ones.

The European Union has therefore introduced, the so-called electronic biometric passport (aka biometric passport), which includes

fingerprint and/or iris information in the smart card chip.

Due to long lasting and coordinated efforts from international experts, ICAO issued the first ePassport standards in 2005 (Document

9303). The US Visa Waiver initiative motivated several countries to implement rapidly electronic passports. Within merely a decade,

more than 50% of the world issues now secure electronic passports and another half of them biometric ones (source ICAO 2013).

As issuance is moving forward, the current challenge for a country is to shift from production to inspection.

Indeed the passports objective is by definition to be inspected, or verified. As security mechanisms are electronic (smart card based),

the methods of inspection are too.

The term Automated Border Control is generally used to describe here electronic gates (aka e-Gates), which are in charge of verifiying

all security features of the passport and biometrics of its holder.

From a sheer security point of view, ABC will become of utmost importance in the next years, due to the dramatic increase of air traffic.


According to IATA’s latest figures, air traffic volume will increase by 113% in 2030!

Managing huge traffic flows of people, goods, but also associated information records are the challenges of today and tomorrow.

Key to these challenges is international information exchange and interoperability.

3 the challenge

3.1 secure travel dOcument’s Objectives

When travelling from one country to another, two questions arise:

Is the passport genuine?

Is the passport holder the right person?

Therefore, a travel document’s purpose is quite straight forward:

To prove traveler’s identity by presenting an official document issued by a trustworthy organization.

The primary objective is hence to guarantee the authenticity of a travel document

Counterfeiting official documents has always existed. More and more features were implemented to enhance security of documents,

from reinforcement of physical anti-counterfeiting mechanisms like Optically Variable Devices (OVD), invisible ink, micro printing, etc.

to the Machine Readable Travel Document (MRTD), enabling automated verification through Optical Character Recognition (OCR).

Figure 1 The MRTD

The latest evolution has been the electronic passport, which makes use of smart card technology to increase security.

The second objective is to verify traveller’s identity.

Besides the fact whether a document is authentic or not, the other important information is to make sure that the passport holder is

the one indicated in the (official) document.


To achieve this, real-time comparison between captured traveler biometrics and stored personal data can prove unambiguously the

identity of the individual.

These two objectives represent the daily business for Border Control Systems, implying important human and technological

investments to maintain security. Thus the issuance and inspection of unforgeable, unambiguously verifiable travel documents is a

key driver for all Nations to enable free movement of their citizens abroad and to control migration.

4 the electrOnic PassPOrt

4.1 PrOven technOlOgy

The electronic passport or electronic Machine Readable Travel Document (e-MRTD) is a paper document embedding a contactless

smart card and antenna in order to be read by a terminal, also known as the Inspection System.

Using a smart card chip allows to store data in a tamper proof device and thus make it de-facto impossible to copy and counterfeit

personal data.

Figure 2 Scheme of an e-Passport

Personal Data (Photo and machine Readable Zone, MRZ) is digitally signed and at personalization phase stored on the Passport’s

smart card chip.

By combining chip technology with cryptography and Public Key Infrastructure (PKI) one can achieve two principle goals of

information security:

Authentication:

Data is digitally signed by a state authority’s (secret) key and can be thus verified by cryptographic means.

Confidentiality:

Based on Mutual Authentication mechanisms only authorized systems are able to read out personal data. Depending on the criticity

of information, different levels of access control can be used.


4.2 an internatiOnal standard

The International Civil Aviation Organization (ICAO) has published in 2005 international standards for “electronic Machine Readable

Travel Documents and electronic Visas”. It specifies through a set of documents all technical details of an electronic passport,

enabling thus countries to verify that a foreign electronically secured travel document is authentic. This specification is known as

ICAO Document 9303.

For proving traveler identity, fingerprints and iris have been chosen as most viable and economically reasonable biometric verification

data (optional datagroups DG3 and DG4 defined by ICAO specifications).

The European Union has elaborated a scheme where these biometric data are protected and subject to a particular access control

mechanism. In order to be able to read out fingerprints or iris information, a dedicated infrastructure has been specified in EU-TR

03110.

We therefore speak of an electronic biometric passport, aka biometric passport.

It has to be underlined, as fingerprint and iris are optional datagroups. Therefore, not all electronic passports are biometric, but all

biometric are by definition electronic passports.

In 2010, a European Decrete was published asking member countries to issue electronic passports with additional optional

biometrics stored and protected by Extended Access Control.

Several other countries outside Europe did also deploy biometric passports, for instance in Africa and Middle East.

4.3 a WOrld Wide success stOry

The electronic passport has definitely demonstrated to be by far the most successful international e-ID endeavor at present.

Since the very first deployments in 2005, projects were implemented all over the world with nowadays 101 out of 193 member

countries issuing more than 500 Million electronic travel documents (cf. ICAO MRTD Report Q2/2013).

The other are issuing Machine Readable Travel Documents (MRTD) or even still paper based ones (approx. 20 countries). ICAO has

issued a deadline for paper based documents that will have to be at least MRTD by November 24th of 2015.

This evolution is based on extensive efforts in standardization and security, allowing to use an e-Passport all over the world.

Driven by governmental regulations, all regions are concerned. Especially in countries where control of migration constitutes a real

challenge, the electronic travel document allows to manage more efficiently the free movement of individuals.


Figure 3 ICAO Statistics

Given ICAO’s projection of air traffic, which will increase by 113% in 2030, we can expect new challenges for all countries, making

Automated Border Control necessary in order to reduce check-in time. Verification of traveler’s biometrics will become a neccesisity

to increase processing throughput and security.

4.4 One dOcument – several PrOjects

When analyzing the electronic passport in detail, one has to underline that it is a phased project approach.

Indeed, producing the electronic document is only one part of the global picture.

Managing the issuing request beforehand and implementing inspection for usage in-the-field are as important as issuance. They

present real benefits for government and citizens and are large opportunites for a whole e-ID ecosystem.

Figure 4 depicts these phases:

Figure 4 e-Passport Projects Phases


1 – enrOlment

In this phase all personal data are gathered to issue the passport. Typically, capturing biometrics and proof of identity are main

topics.

2 – PrOductiOn

The physical document including smart card is manufactured. Datapage personalization with Machine Readable Zone and smart

card chip electrical personalization are performed.

3- insPectiOn

An e-passport has no value, if its “e”-security features are not exploited. Therefore a terminal infrastructure is deployed typically at

border control to read out information for verification of document and traveler.

4 – exchange Of infOrmatiOn

Travel documents are by definition of international concern. Hence, setting up interoperable information systems is a necessity and

natural evolution of all issuing countries. The ability to unambiguously verify foregin passports is as important as issuing ones.

5 security sOlutiOns

5.1 intrOductiOn

As illustrated in previuos chapters the electronic passport has a variety of benefits, like increased protection against counterfeiting

and accelerating traveler check-in procedures through automated procedures. Nonetheless, this only can be achieved if adapted

security technology is implemented.

Public Key Infrastructure (PKI) based on science (cryptography) and technology (Hardware and Software) has proven to be the best

adapted choice.

ICAO has clearly underlined this importance by making PKI usage mandatory for production and inspection of electronic travel

documents.

5.2 PrOductiOn

As outlined in chapter 3.1, an electronic passport is used, amongst others, to store in digital form the same visible information

(Photo, MRZ) which can be found in the datapage.

To prevent fraud, this information is cryptographically signed by a dedicated server, accredited by a national authority. In ICAO terms

these entities are called Document Signer (DS) and Country Signing Certification Authority (CSCA), as depicted in Figure 5.


Technically the Document Signer is a Signature Server, which interfaces a personalization chain producing the passport. Passport

data is signed by the DS in form of hashed data groups (DGs), so citizen related information is never exposed in clear text to the DS.

In ICAO terms we talk about Logical Data Structure (LDS) which after signature becomes the Signature Object Data (SOD). The

underlying PKI has therefore following objectives:

- Producing signature services, performed by a DS.

- Managing lifecycle of Document Signers digital identity, performed by the CSCA.

All identities are implemented through X.509 v3 digital certificates.

5.3 insPectiOn

5.3.1 verificatiOn Of dOcument authenticity

In order to prove the authenticity of an electronic passport, a two steps mechanism is used:

1) The Machine Readable Zone is read out by automatic means (OCR).

2) Based on this MRZ information, a session key is calculated and access granted to the chip containing the MRZ in

digitally signed format

3) Digitally signed data is converted to plain text and compared to optically read out information in 1). This is achieved by

using the Document Signer’s public key included in its digital certificate and stored in the chip.

Figure 5 e-Passport Production System


The access mechanism described in 2) is known as Basic Access Control (BAC).

BAC has been showing some weaknesses against cryptographic attacks. Therefore a new protocol, the Supplemental Access

Control has emerged and will be mandatory in Europe by end of 2014:

SAC includes a chip specific Card Access Number (CAN) in the calculation of the access key and makes it therefore impossible to

copy data from one chip to another. Through SAC, it is now possible to verify not only authenticity but also unicity of the electronic

travel document.

Basic Access Control and Supplemental Access Control are also defined as Passive Authentication.

5.3.2 verificatiOn Of traveller identity

As stated in chapter 3.2, additional biometric data (fingerprint, iris) requires protection and can be accessed only after an Extended

Access Control mechanism. According to specifications published by the European Union, these access rights are managed by a

dedicated Public Key Infrastructure, as shown in Figure 7.

Figure 6 e-Passport Passive Authentication

Figure 7 EAC PKI for Terminal Authentication


The core element in this mechanism is the Mutual Authentication between ePassport and Terminal (Inspection System). It ensures

that only well identified entites talk to each other.

In detail, the terminal verifies authenticity of the document through BAC or SAC (see chapter 4.3.1).

Once the document is authentified, it verifies the identity of the terminal as follows:

• At production stage, the National Root Authority certificate is stored into the chip as a trusted reference, the trustpoint.

• All terminal digital identities are issued by a PKI, based on this Root CA as issuer.

• The passport compares the issuing root authority found in the terminal certificate chain with the trust point

stored in his chip memory.

• If they are the same, so the terminal is authorized to read out biometric data.

Thus, for managing Terminal Authentication, each country implements a PKI consisting of one National Root Authority (Country

Verifying Certification Authority - CVCA) and an Intermediate Authority (Document Verifier Certification Authority - DVCA) which issues

digital certificates to Inspection Systems (IS).

Reflecting the smart card’s technical capabilities, a particular certificate format based on ISO 7816-X standards has been choses,

the Card Verifiable Certificate (CVC).

Verifying the identity of a traveler means capturing his biometrics and comprare them to the one stored in the e-Passport chip.

By default, each country issues Inspection System digital identities to read out biometrics of their citizens, since they have stored the

National Root CA. If foreign travel documents need to be read, the issuing foreign country must authorize other countrie’s Inspection

Systems and therefore issue certificates for foreign Inspection Systems. This can be defined as a cross certification, which means a

forgeign authority generated a trustchain (i.e. a nested structure of Root CA + DV CA+ IS certificate).

5.4 interOPerability fOr internatiOnal infOrmatiOn exchange

5.4.1 icaO Public Key directOry (PKd)

When verifying document authenticity, the validity of the Document Signer certificate must be checked to make sure that the

passport has been produced by a valid environment (see chapter 4.2).

This verification is of utmost importance when foreign ePassports have to be checked.

Border Control infrastructure must be able to analyze most recent data provided by every country for its issued documents.

The ICAO defined PKI system foresees to publish Certificate Revocation Lists. It is thus possible to check whether a given Document

Signer is valid or not.

In order to establish an international repository where verification data is managed centrally, ICAO has set up the Public Key Directory

(PKD) where all countries are encouraged to publish their reference data, as outlined in Figure 8.


Figure 8 ICAO PKD Use Case

The PKD Board regroups all ICAO member countries which publish their national data into the system. Today (2013) almost 40

countries adhere to this system for information exchange and future schemes for air traffic check-in procedures rely heavily on

Automated Border Control based on PKD connectivity.

Other countries exchange their information by bilateral means (e.g. dimplomatic suitcase, etc.) or are not yet deploying border

control systems for electronically verify e-Passports.

5.4.2 single POint Of cOntact (sPOc)

Interoperability schemes are even more important when biometrics are concerned. Indeed, the inspection of foreign citizen personal

data can only be performed with prior authorization by the issuing country.

The European Union has therefore specified an international standard, known as CSN 369791, to harmonize the (automated)

exchange of IS certificates. This scheme is called Single Point of Contact (SPOC) and defines a secured communication protocol on

international level, see Figure 9.

Moreover, the Europen Common Policy settles workflows in order to define the interaction between a national EAC PKI and the

national SPOC level.

It has to be underlined that though SPOC is an European initiative, other countries have also implemented this approach.


5.5 future trends

5.5.1 lds 2.0

Since several years, significant work has been done on ICAO level to encourage countries to implement electronic Machine

Readable Travel Documents, known as the MRTD initiative.

Latest standardization initatives are working on Logical Data Structure 2.0 (LDS 2.0) which in brief will enable post issuance of

ePassport data. The typical application field targets the electronic visa.

From a PKI point-of-view, LDS 2.0 is an interesting use case, since the existing EAC infrastructure can be reused 100%.

Today, EAC (Extended Access Control) is used to manage read rights. One can therefore imagine easily having a similar mechanism

for write rights. The only thing which needs modification is a dedicated CV certificate type. Thus existing CVCA/DVCA infrastructure

can be reused, with only minimal updates.

This clearly encourages countries to move onto the biometric passport as standard deployment scheme of the nearest future.

5.5.2 autOmated bOrder cOntrOl

Deploying e-Gates is already a reality in countries in Europe, Middle East and Asia and will become wide spread with the forseen

increase of air traffic.

Figure 9 SPOC Use Case


In order to tackle with the ever growing number of passenger at border control and check-in, two major evolutions are crucial:

• Possiblity of instant optical verification by human beings

• Fast, automatic verification of authenticity and identity of document and travelers.

The airport is and extremely representative usecase:

Border Control is required to make sure frontiers are respected and undesired individuals identified before entering a country.

Airlines wish to accelerate check-in procedures for increase customer satisfaction and decreasing costs.

Current and future PKI technology accompagnies these requirements by providing the most recent information at the point of

verification, meaning when and where it is needed.

5.5.3 evidence Of identificatiOn

As shown in previous chapter, the electronic passport has become extremely difficult to counterfeit given ways to protect production

and allow detection of false and lost or stolen documents.

Naturally, fraudsters focus nowadays on the weakest elements of the issuance scheme, which are the so-called breeder documents,

which means all paper based identification proofs, such as birth certificates, driving licence, ID cards.

In has been estimated that in one European country up to 1 Million e-Passports could have been obtained by frauded breeder

documents.

ICAO has identified the breeder document phenomenon as a core subject for future programs.

As the last years were dedicated to the promotion of e-MRTD production with support for standards comprehension and best

practices for issuance, the next years will see a focus for usage and inspection.

Thus, the Traveler Identification Program (TRIP) has been set up by ICAO to reflect the concerns. A special group for Evidence of

Identification has been created where best practices and technology aspects are analyzed. Hence this wide spread issue is source

for different possible technical solutions ranging from dematerialization of the production request to chip based breeder documents

such as the e-Driving Licence. A clear trend towards PKI based solution is visible.

With already toady existing technology highly reliable systems can be set up to prevent weaking the issuance scheme through lower

security in enrollment. Biometry, PKI based authentication and digital signature of sealable and therefore unmodifiable application

forms are quick wins and easy to be set up. Fast evolving mobile solutions can contribute to better user experiences.

The challenge today for Evidence of Identification is to get hold of the right technology for the most appropriate usage.

6 dePlOyment scenariOs

As shown in chapter 3.4, an e-passport project runs through different stages, depending on the primary objective of a Nation at a

given timeframe. Experience shows that the hereunder listed phases may be combined, but none of them is omitted during a project

life cycle.


6.1 Phase 1 - PrOductiOn system

The most straight forward approach and today widely implemented, is sheer production of electronic passports.

The datapage information is transformed, digitally signed and stored into the contactless smart card chip, as described in

chapter 4.2.

A typical PKI System can be set up with only few investments, consisting of a Country Signing CA (CSCA) and a Document

Signer, as depicted herunder:

Figure 10 PKI for Production

6.2 Phase 2 - eac-ready aPPrOach

If a country wishes to include also biometrics into the passport, the EAC scheme has to be deployed.

In case of issuance only (inspection of these biometrics will be done in the future), one can limit investments to an EAC-ready

approach. This means that only production relevant items are to be implemented, namely the Country Verifying Root Certification

Authority (CVCA), known as the Trustpoint and stored into the epassport chip.

Figure 11 shows this approach:


6.3 Phase 3 - fully OPeratiOnal insPectiOn infrastructure

In a nationwide initiative of in-the-field verification, a country needs to deploy a complete Border Control Infrastructure with fix

and mobile Inspection Systems and terminals.

This will imply, besides an information system and database projects, also a full fledge EAC PKI with CVCA and online DVCA to

interface Inspection System terminals of the Border Control Infrastructure..

Since Production and Verification are managed by independent PKI Systems, one can simply deploy one PKI after the other

without any problems.

Figure 11 PKI for Production (incl. EAC)

Figure 12 EAC PKI for Inspection


6.4 Phase 4 - PlatfOrms fOr internatiOnal infOrmatiOn exchange

Once a country has managed to issue and verify passport from a domestic point of view, it neccessairly wants to be able to

verify foreign documents and facilitate citizens to travel abroad. At this stage interoperability comes up.

The evident advantage of a country to stick to ICAO compliance is key in this scenario, since Document 9303 compliance will

assure that citizen can travel securely and with peace in mind.

The ICAO PKD enables propagation of most recent verification data to make sure that the travel document is authentic.

A country interfaces with the ICAO PKD through its National PKD, which synchronizes data between the domestic and

international level. Here again, the deployment of a National PKD infrastructure can be done in a second step and is not

mandatory at production stage.

The same need for interoperability applies to electronic biometric passports where countries exchange their autorizations in order to

read out biometrics. Thus, two countries are able to verify the identity of the other country’s citizens and vice-versa.

Based on the Europen Common Policy, all EU countries are guided towards the usage of SPOC as the sole automatic means to

exchange data. Therefore SPOC can be considered as a natural upgrade of EAC PKI and is deployed separately.

Figure 13 PKD System


7 cOnclusiOn

E-Passport projects are well defined, clearly guided programs and highly visible initiatives, for which citizens massively buy in.

Given the relatively short timeframe, one can clearly consider this as extraordinary success story. Within only ten years, more than half of

the globe is now issuing electronic travel documents and has reduced fraud significantly.

ICAO, as the federating organization does a lot of promotion and helps through different working groups to better understand and deploy

elelctronic travel document programs.

A Nation wishing to set up electronic passport projects can rely on public and private actors for providing consultancy, hardware and

software equipment.

Besides security, the other advantage brought by e-Passports is the ability to automate check-in procedures.*

With a 113% increase of air traffic volumes by year 2030, all implied actors look for ways to tackle with this increase. Automated

Boarder Control systems have been designed for this scope and will contribute to avoid travelers from long check-in procedures.

As travelling by definition means cross border information exchange, no e-Passport project can neglect this aspect. Interoperability is

required not only for being sure that national documents are recognized abroad, but also to be able to detect false foreign passports.

To sum this withepaper up, our recommendations are as follows:

1 – get infOrmed

ICAO publishes a lot of information about standards, best practices and background information.

Experts and Working groups are set up to make sure that standards are reviewed and that countries get help to set up programs.

ICAO’s TAG (Technical Advidsory Group), NTWG (New Technology Working Group) and ICBWG (Implementation Capacity Building

Working Group) are organizing regular meetings.

The PKD Board does a lot of promotion to help countries joining the directory. A lot of valuable information can be found.

2 – learn frOm existing dePlOyments

No need to reinvent the wheel. Countries all over the world have implemented e-Passports and generally follow proven

methodologies. Industrial solutions exist and are proven.

Be part of ICAO’s working groups. Especially institutions like the PKD are ideal to share experience and follow latest technological

evolutions.

3 – thinK lOng term strategy

Shifting from paper to electronic is a major step. Setting up enrollment infrastructure needs planning. Think about the country’s

long term position and evaluate whether electronic passport is sufficient or if it could be better to go for additional biometrics. At

least production wise, to be preparded for future traveler identification programs.


4 – cOnsider e-PassPOrt nOt as One single PrOject

As stated in this paper, e-passport projects run trough different phases and don’t neccessarilly have to be coupled immediately. On

the other hand, they are often the first step of a governmental e-ID strategy and set milestones.

5 – Pay attentiOn tO breeder dOcuments

As outlined in chapter 5.5.3, fraud attempts shift from e-Passport counterfeiting to all paper based proofs at the enrollment process.

Analyze your workflows and infrastructure and strengthen it. There are a lot of ways to do so, and the most successful approach is

to combine technology with process. Secure Printing, PKI, Databases, etc.

6 – chOOse carefully yOur Public Key infrastructure

Last, but not least, it shall be underlined that PKI is the backbone of ePassport system security.

Hence governments seeking for a reliable, yet evolutive and secure solution shall consider following subjects:

• e-Passport means several PKis

Secure the production process, issue terminal certificates, create National Root Certification Authorities are different domains.

Choose systems and providers which have a complete offer and not just some bricks

• e-Passport means Processes

There are several type of PKI documents to create and even “standard” ones need careful attention. Choose professional companies

that either do the work for you or assist you in setting them up.

PKI is not only software, but even more a question of expertise.

• e-Passport means interoperability

As stated in chapter 5.4, electronic travel documents only develop their full potential by sharing verification data on international

cross border level. It is therefore of utmost importance that your PKI provider cover also these aspects in his offer.

• e-Passport means references

It is always a good indication to analyse the number and type of references of a PKI solution. Compared to single customer/single

market enterprises, a company with proven record of project deployments in different countries and regions has certainly more

experience and the capacity to cope with changing environments.


Acronym Definition

AA “Active Authentication”. Challenge-Response protocol to authentify the unique ePassport.

BAC “Basic Access Control”. Procedure to grant read access to ePassport (MRZ) in a well-defined protocol using

symmetric algorithms.

EAC “Extended Access Control”. Procedure to grant access to ePassport (biometric data) in a specified protocol

using asymmetric algorithms e-MRTD Electronical Machine Readable Travel Document, the e-Passport.

CSCA “Country Signer Certification Authority”

The ICAO designation of the state root authority who signs the certificates of the “Document Signer” machinesDS “Document Signer”

The ICAO designation of the machines that sign electronic passportsPKD Public Key Directory

CVCA “Country Verifying Certification Authority”

DVCA “Document Verifier Certificate Authority”

DV “Document Verifier” (DV = DVCA)

HSM “Hardware Security Module”

A cryptographic resource which creates, hosts and operates signature keysIS “Inspection System “. Entity that is in charge of reading out relevant data from the eMRTD.

LDS “Logical Data Structure”

The ICAO designation for the format of the signed data groups that make up an electronic passport, as defined

by ICAOMRTD “Machine Readable Travel Document”.

MRZ “Machine Readable Zone”

OCSP Online Certificate Status Protocol. Communication Protocol indication the validity status of a certificate in real-

time.PKI Public Key Infrastructure

PA « Passive Authentication ». Protocol to verify the authenticity of an e-Passport

TA “Terminal Authentication”. Protocol to authentify the Terminal (IS) by means of its certificate.

TSA TimeStamping Application. Service producing a signed token, certifying the exact time.

RA Registration Authority. Entity in charge of validation of certificate requests and the identity of the requester.

8 acrOnyms


9 references

[ICAO1] ICAO Document 9303 Part 1 Vol 1


[ICAO3] ICAO Document 9303 Part 2



[ICAO6] Supplement to Document 9303 Release 11, 28/11/2011

[BSI1] BSI TR_03110 v1.11

[SPOC1] ČESKÁ TECHNICKÁ NORMA, Information technology – Country Verifying Certification Authority Key Management

Protocol for SPOC, ČSN 36 9791, ed. A, Prosinec 2009

[FRONTEX1] “Operational and Technical Security of Electronic Passports”, FRONTEX, Warzaw July 2011


abOut the authOr

Dan Butnaru is an expert in e-ID and e-Government subjects. At OpenTrust Marketing department,

he is is in charge of the Trusted Identity Product Line and responsible for the market segments e-Passport, e-ID,

and e-Government.

Dan has been working since 20 years for R&D, Marketing, and Business Development, in the field of

cryptographic smart cards, IT solutions, e-Banking and Public Key Infrastructures in different companies.

He is a regular speaker in world renowned eID conferences and has published several articles.

Dan holds a degree in Electrical Engineering and Control Theory from the Darmstadt

University of Technology, Germany.

In case of comments or further questions, please contact Dan at [email protected]