National Public Key Directory
The PrimeKey NPKD is a National Public Key Directory solution, designed to manage certificates for ePassports in compliance with International Civil Aviation Organization (ICAO) standards.
A complete system for handling national certificates for ePassports
Anton and Maikel
- PrimeKey
What is a National Public Key Directory?
Many countries have implemented Biometric Passports (or ePassports), allowing their citizens to travel more securely and efficiently.
All efforts to standardize travel documents are done under the umbrella of the International Civil Aviation Organization (ICAO). This makes travelers’ documents easy to recognize, read and validate by the foreign countries people visit. To facilitate the exchange of required information to authenticate ePassports, ICAO has created the centralized Public Key Directory (PKD) for sharing information between countries.
Each sovereign nation handles a PKD list on its own, as it finds appropriate and secure. The PrimeKey National Public Key Directory (NPKD) addresses the needs of a country to have an efficient, secure and robust system of importing other nations’ certificates from the PKD, as well as exporting its own certificates to the PKD.
Features of PrimeKey NPKD
PrimeKey NPKD makes it easy to manage the imported top-level certificates from other countries – to decide if and how much they trust these certificates – to be able to swiftly revoke a certificate if needed. NPKD exchanges digital certificates and other security data with the ICAO PKD, and makes them available for inspection systems. The ICAO PKD works as a hub for exchanging information required to authenticate ePassports.
Compliant and secure
PrimeKey NPKD is developed by engineers with extensive experience of ePassport solutions. All NPKD operations are compliant with ICAO and the solution has solid security application features such as user access control, secure audit logging and database rows authenticity protection. All security data is checked for ICAO conformity and the test results are visible to the user. Auditors can easily search and filter through all audit logs.
PrimeKey NPKD includes configurable schedulers. This makes the application server automatically run all the necessary tasks to keep valid PKD object published and available for inspection systems.
Integration in existing infrastructures
PrimeKey NPKD, which is used by numerous nations to issue their citizen passports, can be integrated with your existing PKI and works seamlessly with EJBCA Enterprise or SignServer Enterprise.
Included use cases
- Download security data (Master List, Deviation Lists, DS certificates and CRL) of a specific country or all countries
- Extract Master Lists and inspecting their certificates
- Run ICAO checks on security data and store them in a database for later use
- Construct a Master List or Deviation List
- Publish CSCA certificates and other security data to a local NPKD LDAP server and make them available for inspection systems
- Upload security data to ICAO PKD
- Automate all routine tasks such as download from and upload to ICAO, publish to a local NPKD LDAP, revocation check of all certificates and create database backups
- Find the CSCA that has signed a DS certificate or Master Lists that contain a CSCA certificate
- Audit all access control and integrity-change logs
- Keep and update a record of all registry contact information
Solutions based on product
More information
See the links for more information on NPKD.
Contact us
Fill in your contact information below and we will get in touch with you.