Government

Overview

Security concerns, developing technologies and emerging standards have led national governments to pursue the issuance of more sophisticated machine readable travel documents (MRTD) to their citizens. Commonly known as "ePassports," these documents contain a chip that stores information that can be verified against the data on the passport.

In order to facilitate interoperability across countries, the International Civil Aviation Organization (ICAO) has set global standards for ePassports. Since the ePassport contains sensitive personal information, the security and integrity of the ePassport are critical. As a result, two ePassport standards have been developed to help migrate countries from traditional paper-based travel documents.

• Basic Access Control (BAC): Created to mitigate passport forgery, first-generation ePassports use a Basic Access Control RFID chip containing a simple biometric (usually a photo of the individual) along with the identity information of an individual duplicated on the paper document. Entrust provides the digital signatures on BAC ePassports that help prevent a cloned or modified passport, when it is properly processed, from being used to cross a border.
• Extended Access Control (EAC): The second generation of ePassports, the EAC standard allows governments to leverage a stronger biometric that is more difficult to impersonate on the RFID chip, typically a fingerprint or iris scan. EAC ePassports also require the encryption of the chip contents; even if a criminal has the ability to impersonate the enhanced biometric, access to the chip contents is denied with encryption.

PKI is an integral technology for the security and verification infrastructure around ePassports. Entrust, who released the first commercial PKI in 1994, is providing leadership for the security of these important and sensitive documents through innovative solutions, which reduce fraud by verifying the integrity of the personal and biometric data contained on the chip imbedded in the ePassport.

Why Entrust

Entrust has been a trusted advisor to many countries as they pursue ePassport projects and our software is currently in production use in a number of countries issuing a high volume of ePassports including the United States, the United Kingdom, Taiwan, Singapore, Ireland, Slovakia, Croatia, Slovenia, New Zealand, Canada and Finland.

To help facilitate international ePassport interoperability, Entrust has developed a BIG test SPOC facility.

Entrust would be pleased to share our experiences and lessons learned related to ePassport and citizen identification. Expertise in information security has been a hallmark of Entrust since we began developing innovative, award-winning solutions more than a decade ago.

For more on Entrust's solutions for government, click here.

Resources

Data Sheets

• Entrust ePassport Solutions Single Point of Contact (SPOC)
• Entrust PKI Secures National ID Initiatives
• Entrust Solutions for ePassport

White Papers

• Protecting Biometric Data with Extended Access Control
• The Trust Framework for ePassport Extended Access Control
• A Trust Infrastructure for ePassports

Demos

• EAC Demonstration and SPOC Interop Facility

Podcasts

• The PKI Phoenix Rises

Webinars

• Extended Access Control: The Future of ePassports

EAC Demo

Extended Access Control (EAC) is the process defined for ensuring that only authorized entities are able to access biometric data (iris scan and/or fingerprint) stored on the contactless chip on an electronic passport. EAC includes the authentication of a passport Inspection Station (IS) to the contactless chip as well as the authorization of that IS to access the protected biometrics.

To learn more, try our interactive demo that highlights the capabilities of Entrust's EAC ePassport Solutions.

To access the EAC demonstration site, click here.

Countries are beginning to evolve their ePassport programs to include capabilities for Extended Access Control (EAC). Entrust is participating in related standards bodies and is consulting with our customers as technical specifications solidify and progress is made towards implementation of EAC. With flexible solutions for Basic Access Control (BAC) passive authentication (CSCA PKI) today, Entrust is also releasing security solutions to meet the certificate management requirements of Extended Access Control (CVCA PKI).

With flexible solutions for Basic Access Control (BAC) passive authentication (CSCA PKI) today, Entrust is also releasing security solutions to meet the certificate management requirements of Extended Access Control (CVCA PKI).

SPOC Demo

The SPOC model and certificate management protocol were defined by the Brussels Interoperability Group (BIG), operating under the direction of the European Union Article 6 Committee. The specification was approved by the EU Article 6 Committee in June 2009.

This Entrust demonstration fully implements the standardized key management protocol that will be used across international borders, emulates a fully functional SPOC interface and enables users to test their SPOC implementations online.

It is capable of registering other SPOCs, receiving and responding to Document Verifying (DV) certificate requests from registered SPOCs on behalf of its own Country Verifying Certification Authority (CVCA), as well as sending certificate requests to, and receiving responses from, other SPOCs on behalf of its own DV. The demonstration site includes separate synchronous and automated asynchronous endpoints, which allow full testing of all operations of the SPOC protocol in both synchronous and asynchronous modes.

To receive credentials for the SPOC Interop Facility, click here.