PKI

Public Key Infrastructure components for BAC and EAC document verification.

Solutions

X Infotech CSCA is a PKI solution that issues public key certificates for one or more Document Signers and optionally for other entities such as Master List Signers.

The CSCA stores private keys in a HSM cryptographic device and operates in an offline environment highly protected from any outside or unauthorized access.

FEATURES
  • CSCA certificates and key profiles are compliant to ICAO 9303 specification.
  • Key Pair generation and protection by HSM cryptographic devices.
  • Graphical User Interface for configuration, management and auditing.
  • Supports multiple CSCA dedicated to different document types.
  • Flexible User Access Control policies (m-of-n).
X Infotech DS is a PKI solution that digitally signs data on electronic documents. A digital signature ensures integrity and authenticity of a document. In turn, it is validated using a CSCA certificate during Passive Authentication to confirm that the chip data is authentic to the issuing state.
FEATURES
  • DS certificates and key profiles are in full compliance with ICAO 9303 specification.
  • Key Pair generation and protection by HSM cryptographic devices.
  • Graphical User Interface for configuration, management and auditing.
  • Integration with Personalization Solution to simplify
    infrastructure and reduce cost.
X Infotech CVCA is a national PKI trust point that authorizes domestic and foreign Document Verifiers (DVs) to access sensitive data from electronic documents like fingerprints or iris biometrics to which access is protected via Extended Access Control (EAC).

The CVCA stores private keys in a HSM cryptographic device and operates in an offline environment highly protected from any outside or unauthorized access.

FEATURES
  • CVCA certificates and key profiles are in full compliance with BSI TR03110 technical guidelines.
  • Key Pair generation and protection by HSM cryptographic devices.
  • Graphical User Interface for configuration, management and auditing.
  • Flexible User Access Control policies (m-of-n).
X Infotech DV is a PKI solution that determines which Inspection System (IS) will get authorization to read sensitive data like finger-prints or iris biometrics from electronic documents with Extended Access Control (EAC) protection.

Document Verifier requests and obtains Document Verifier certificates from the CVCA of each country whose electronic documents it is authorized to access.
DV issues Inspection System certificates in response to certificate requests from Inspection Systems. These certificates authorize an Inspection System to access protected sensitive data on electronic document chips.

FEATURES
  • DV certificates and key profiles are in compliance with BSI-EAC and BSI TR-03139.
  • Operates in compliance with BSI TR-03129 protocols.
  • Key Pair generation and protection by HSM cryptographic devices.
  • Graphical User Interface for configuration, management and auditing.
X Infotech TCC solution automates verification of National and Foreign Machine readable Travel Documents (MRTD) both by manual and fully automated Border Control Inspection Systems.

TCC provides a Document Terminal Authentication (TA) service that allows Inspection Systems to access sensitive personal data (fingerprints, iris) on the document’s chip and to use advanced mechanisms of biometric authentication.

The mechanism is based on the integration with a Document Verification (DV) system that issues card verifiable certificates which are valid only for a short time period, typically between 1 day and 1 month.

The TCC solution also provides a Document Passive Authentication service to verify the authenticity of а document by comparing the Document Signer certificate to certificates received from the ICAO PKD or National PKD.

X Infotech SPOC manages exchange of CVCA certificates between various countries in order to grant access to sensitive biometric data on ICAO compliant EAC Documents at border control points.

Extended Access Control (EAC) PKI architecture is currently the most advanced standard in secure travel documents.

SPOC implements international standards, protocol and certificate management for EAC ePassports in order to exchange Document Verifying (DV) and (CVCA) certificates between countries. The solution is compliant with ICAO and BSI standards and guidelines, allowing ease operation and integration with third party systems.

X Infotech nPKD is a PKI solution component that manages electronic document PKI certificates on a national level.

The comprehensive solution acts as a central broker to manage exchange of Document PKI certificates and certificate revocation lists on a country level. It creates a centralized database of document certificates received from multiple sources such a Country Signing Certification Authority (CSCA), ICAO PKD and Foreign nPKD systems.