Safelayer’s ePassport eMRTD solution is a complete set of components that are part of the KeyOne product family. It supports implementing the public key infrastructure (PKI) related standards for eMRTDs to ensure interoperability in the identification of people at border controls.

The International Civil Aviation Organization (ICAO) created an international standard for the first generation of ePassports that uses an RFID chip containing personal data together with simple biometric data. This standard, known as Basic Access Control (BAC), entails using digital signatures on the personal data to support the detection of cloned and modified ePassports. Introduced eMRTD digital data validation at inspection systems.

This solution comprises the following entities:

  • The Country Signing Certification Authority (CSCA) which manages digital certificates of the national Document Signers (DS) and publication in the Public Key Directory (ICAO PKD)
  • The Document Signers (DS) which sign digitalized data on eMRTD chip (Signed Object Document)
  • The National Public Key Directory (N-PKD) which replicates and complements ICAO PKD data at the national level
    • CSCA Master List Signer (ML Signer) - Issues Master Lists of trusted CSCAs to be used in the inspection process.
    • Defect List Signer (DL Signer) – To handle errors that affects national or foreign eMRTDs

In addition, the European Commission's "Article 6 Committee" is carrying out the coordination and standardization effort between the countries adopting the Extended Access Control (EAC) standard for the second generation of eMRTD. These eMRTD provide stronger security mechanisms against the fraudulent use of the personal identity information stored on the eMRTD chip.

This solution comprises the following entities:

  • The Country Verifying Certification Authority (CVCA) which issues Card Verifiable (CV) certificates to the Document Verifiers (DV)
  • The Document Verifier (DV) which acts as a subordinate CA that issues CV certificates to the  national Inspection Systems (IS)
  • The Single Point of Contact (SPOC) which controls which domestic and foreign Document Verifiers can access the eMRTD biometric information

ICAO recommends SAC for ePassports worldwide in 2014. Those are the 3rd Generation ePassports, Supplemental Access Control (SAC), introduces security mechanisms to protect against skimming and eavesdropping.

(*) KeyOne PKI 4.0 (CA/XRA/VA) and KeyOne ePassport (CSCA/CVCA/DV) 4.0 with a CC EAL4+ (ALC_FLR.2) guarantee level in compliance with the security level 3 CIMC Protection Profile ("Certificate Issuing and Management Component", NIST). For more information:

Download full KeyOne eMRTD Whitepaper:

KeyOne eMRTD videos:

CA registration

KeyOne SPOC: registering a foreign country in an e-Passport validation system

CA registration

Processing ICAO certificates with KeyOne e-Passport National PKD

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.I accept cookies from this site