Electronic passport deployment in Spain

Recently the implementation of new measures improving the security and complicating the forgery of the traditional passport has been accelerated worldwide. The electronic passport (ePassport) issued by the Ministry of Interior of the Spanish Government uses the KeyOne family products. International standards for issuing and managing ePassports force the implementation of a public key infrastructure that is relatively complex to manage. Safelayer has developed specific components that greatly simplify the management and permanently assure the correct functioning of the global system.

Introduction

ePassportThe Ministry of Interior of the Spanish Government is in charge of issuing, through Police Headquarters and Police Stations, the ordinary Spanish passport, which is a public document, personal, individual and non-transferable. It proves abroad the identity and nationality of around forty million and a half Spanish citizens. This document has a validity of a maximum of 10 years.

Challenges

The events of September 11th, 2001 in the United States of America have accelerated the adoption of global measures to improve security and complicate the forgery of the traditional passport. After several resolutions from international organizations, ICAO (International Civil Association Organization) has started up the Technical Advisory Group that has published the specification of the characteristics of the so-called MRTD (Machine Readable Travel Documents) (ICAO Doc 9303). ICAO obliges member states to adopt them as stated in articles 22, 23 and 37 of the Chicago convention.

Success Strategy

"Safelayer has generated special components in the electronic passport validation process that guarantee the easiness in its use and the constant good functioning of the system."

INDRA presented a proposal including KeyOne products which was selected by the Spanish Government. Safelayer KeyOne family products already implement the Public Key Infrastructure (PKI) issuing the electronic National Identification Document (DNI-e). This project has also been the fruit of the partnership of, among others, INDRA and Safelayer.Safelayer has developed extensions to KeyOne products called Document Signer (DS), Document Verifier (DV) and Country Verifying Registration Authority (CVRA) specifically for the electronic passport (ePassport) issuing.

Inspection systems installed at borders controls can verify ePassports issued by any other country following the ICAO requirements on the use of RFID smart cards.According to these recommendations, two independent hierarchies have been assembled with their corresponding certification authorities: one for creating documents called Country Signing Certification Authority (CSCA) and another one for validating any Spanish or foreign ePassport called Country Verifying Certification Authority (CVCA).CVCAs are in charge of offering trust points for receiving countries of issued travel documents. These CAs are found in highly protected off-line environments since a malfunction of any CVCA would cause a global system collapse.The validation hierarchy, where the Spanish CVCA is located, must allow a minimum of 200 simultaneous Inspection System (IS). Any of these Inspection Systems holds a digital certificate issued by each of the states with established agreements.When an ePassport is presented to an Inspection System it challenges this IS to identify itself. The IS must then present a digital certificate issued by the same CA hierarchy as the challenging electronic passport. Otherwise, the ePassport will not allow the Inspection System to read the information it has stored.Inspection Systems, according to the requirements, must be off-line. The robbery of one IS would allow illegal reading of data stored in electronic passports. Since Inspection Systems are off-line, and stored digital certificates cannot be revoked, their digital certificates are generated with a very restricted duration reducing the damage caused by a subtraction.The previously explained procedure causes a considerable volume of digital certificate renewal. To help manage the high amount of digital certificate renewals, Safelayer has generated other special components in a second hierarchy, the so-called Document Verifier (DV) and Country Verifying Registration Authority (CVRA). These extensions simplify the use and guarantee the well functioning of the system.

Benefits

Since August 28th, 2006, the so-called electronic passport (ePassport) is issued embedding a chip in its back-cover that stores biometric data about the face of the document holder. Personal data is also contained in the machine-readable OCR text. It is expected to incorporate the fingerprint of both index fingers, before 2010, without changing the ePassport model.

Further information

ePassport EAC support in KeyOne 3.0

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.I accept cookies from this site