PKI

Public Key Infrastructure (PKI) components used as part of document protection for Passive Authentication (PA) and Extended Access Control (EAC).

Solutions

FEATURES
  • CSCA certificates and key profiles are compliant to ICAO 9303 7th specification.
  • Key Pair generation and protection by HSM cryptographic devices.
  • Graphical User Interface for configuration, management and auditing.
  • Supports multiple CSCA dedicated to different document types.
  • Flexible User Access Control policies (m-of-n).
FEATURES
  • DS certificates and key profiles are in full compliance with ICAO 9303 7th specification.
  • Key Pair generation and protection by HSM cryptographic devices.
  • Graphical User Interface for configuration, management and auditing.
  • Integration with Personalization Solution to simplify
    infrastructure and reduce cost.

The CVCA stores private keys in a HSM (Hardware Security Module) cryptographic device and operates in an offline environment highly protected from any outside or unauthorized access.

FEATURES
  • CVCA certificates and key profiles are in full compliance with BSI TR-03110 technical guidelines.
  • Key Pair generation and protection by HSM cryptographic devices.
  • Graphical User Interface for configuration, management and auditing.
  • Flexible User Access Control policies (m-of-n).

Document Verifier requests and obtains Document Verifier certificates from the CVCA of each country whose electronic documents it is authorized to access.
DV issues Inspection System certificates in response to certificate requests from Inspection Systems. These certificates authorize an Inspection System to access protected sensitive data on electronic document chips.

FEATURES
  • DV certificates and key profiles are in compliance with BSI-EAC and BSI TR-03139.
  • Operates in compliance with BSI TR-03129 protocols.
  • Key Pair generation and protection by HSM cryptographic devices.
  • Graphical User Interface for configuration, management and auditing.

TCC provides a Document Terminal Authentication (TA) service that allows Inspection Systems to access sensitive personal data (fingerprints, iris) on the document’s chip and to use advanced mechanisms of biometric authentication.

The mechanism is based on the integration with a Document Verification (DV) system that issues card verifiable certificates which are valid only for a short time period, typically between 1 day and 1 month.

The TCC solution also provides a Document Passive Authentication service to verify the authenticity of а document by comparing the Document Signer certificate to certificates received from the ICAO PKD or National PKD.

Extended Access Control (EAC) PKI architecture is currently the most advanced standard in secure travel documents.

SPOC implements international standards, protocol and certificate management for EAC ePassports in order to exchange Document Verifying (DV) and Country Verifying Certification Authority (CVCA) certificates between countries. The solution is compliant with ICAO and BSI standards and guidelines, allowing ease operation and integration with third party systems.

The comprehensive solution acts as a central broker to manage exchange of Document PKI certificates and certificate revocation lists on a country level. It creates a centralized database of document certificates received from multiple sources such a Country Signing Certification Authority (CSCA), ICAO PKD and Foreign nPKD systems.