Today more than 40 countries in the world issue electronic passports (ePassports). While this number is increasing step by step the number of valid ePassports in circulation rises in a breathtaking manner. Without doubt the technology of ePassports can be characterised as being matured in our days.
However, ePassports still lack a thorough check of the digital security features at most borders and domestic places. This is the point where the ICAO Public Key Directory (PKD) comes in.
The basic idea of the PKD is to provide a worldwide accessible service that offers for download all the necessary cryptographic elements needed to examine the digital security features of ePassports. This information comprises
This information can be used to check whether the ePassport chip is genuine and the data stored therein are uncompromised. On that basis a consolidated identity check of the ePassport holder can be carried out as the classical document security features and the digital security features complement one another in a way that an undetected compromise of document security is more or less excluded. Such a check is the basis for automated border control scenarios where ePassport holders can cross borders worldwide without human intervention.
The PKD is based on well defined procedures for handling the information mentioned above and receives full support of ICAO. As of today ten ICAO Contracting States are PKD Participants where five of them already use the PKD actively. There is an increasing interest in PKD participation.
This broad support cannot be underestimated. In the long term more and more ICAO Contracting States and non-state ePassport issuing entities will be in a need to ensure that their customers can enjoy easy automated border crossing on the basis of a secured identity. Instead of increasing workload through bilateral exchange of digital certificates etc. the advantages of a central information broker like the PKD will more and more materialise.
While download of information from the PKD is for free moderate fees for an active full participation cannot be avoided. However, compared to the heavy investments in ePassport production establishment and ePassport enrolment those costs are negligible.
The Public Key Directory is the answer to the demand for world wide compatibility of ePassport checks as a precondition for further facilitation of an ever growing international travel.
Since its introduction on November 1st 2005 Germany has issued about 4.6 million electronic passports (“e-passports”) of the first generation (containing only the data of the machine readable zone – MRZ – and the photograph in the chip). On November 1st 2007 Germany started issuing the second generation of e-passports containing fingerprints stored additionally in the chip. By now, more than 2.2 million e-passports of the second generation have been issued.
The holder’s personal data stored in the chip of e-passports issued between November 1st 2005 and October 31st 2007 are protected by Basic Access Control (BAC) and Passive Authentication. Second generation e-passports are in addition protected by Extended Access Control (EAC). All e-passports are in compliance with Council Regulation (EC) No 2252/2004 of 13th December 2004.
The presentation will focus on the EAC implementation in Germany, in particular the 6,500 EAC capable e-passport readers (“Inspection Terminals”) that have been installed in 5,300 passport authorities countrywide. This system has been set up in order to allow German citizens to get his/her personal data (stored in the e-passport chip) displayed in accordance to his/her right of access to personal data.
When a German e-passport is put on a reader at the passport authority the chip data is accessed according to the following sequence of steps:
1. BAC: optically reading the printed MRZ and generating a shared session key; reading the holder’s personal data and photograph stored in the chip;
2. Passive Authentication (verifying the signatures of the chip data along the complete signature chain).
If the e-passport contains fingerprints the EAC protocol consists of Chip Authentication and Terminal Authentication:
3. Chip Authentication: establishing a strong connection between the chip and the inspection terminal, also ensuring that the chip is original.
4. Terminal Authentication: In contrast to BAC, Passive Authentication and Chip Authentication, this specific implementation of the Terminal Authentication protocol is not based on a communication between inspection terminal and chip only. Yet, in order to prove that the inspection terminal has the authority to read fingerprints it has to establish an online connection to the central signature service that signs a random number (chosen by the e-passport chip) with the secret key of the inspection system. The chip is able to verify this signature by verifying the certificate chain Country Verification Certification Authority (CVCA) certificate – Document Verifier (DV) certificate – Inspection System (IS) certificate. If the signature is correct the chip sends the fingerprint data to the inspection terminal.
After describing the concept the presentation will go into more details of the EAC implementation in Germany:
The presentation ends with a short summary of the status regarding e-passport control at the borders.