Safelayer’s eMRTD solution provides a complete set of components for implementing public key infrastructure (PKI) standards in electronic machine readable travel documents (eMRTD) to ensure interoperability in the identification of people at border controls.
The International Civil Aviation Organization (ICAO) created an international standard for the first generation of e-passports that uses an RFID chip containing personal data together with simple biometric data. This standard, known as Basic Access Control (BAC), entails using digital signatures on the personal data to detect cloned and modified e-passports. In other words, it introduces the validation of the eMRTD digital data in inspection systems.
Elements in this solution:
- The Country Signing Certification Authority (CSCA), which manages digital certificates of the national Document Signers (DS) and publication in the Public Key Directory (ICAO PKD)
- The Document Signers (DS), which sign the data on eMRTD chips
- The National Public Key Directory (N-PKD), which replicates and complements ICAO PKD data at the national level
- CSCA Master List Signer (ML Signer), which issues Master Lists of trusted CSCAs to be used in the inspection process.
- Defect List Signer (DL Signer), which handles errors that affecting national or foreign eMRTDs
In addition, the European Commission's "Article 6 Committee" is carrying out the coordination and standardization effort between the countries adopting the Extended Access Control (EAC) standard for the second generation eMRTDs. These passports provide stronger security mechanisms against the fraudulent use of the personal identity information stored on the eMRTD chip.
Elements in the solution:
- The Country Verifying Certification Authority (CVCA), which issues Card Verifiable (CV) certificates to the Document Verifiers (DV)
- The Document Verifier (DV), which acts as a subordinate CA for issuing CV certificates to the national Inspection Systems (IS)
- The Single Point of Contact (SPOC) which controls which domestic and foreign Document Verifiers can access the eMRTD biometric information
ICAO recommends SAC (Supplemental Access Control) for e-passports worldwide in 2014. These third generation e-passports with SAC introduce security mechanisms to protect against skimming and eavesdropping.
(*) KeyOne PKI 4.0 (CA/XRA/VA) and KeyOne ePassport (CSCA/CVCA/DV) 4.0 with a CC EAL4+ (ALC_FLR.2) guarantee level in compliance with the security level 3 CIMC Protection Profile ("Certificate Issuing and Management Component", NIST). For more information: http://oc.ccn.cni.es/