National Public Key Directory

The PrimeKey NPKD is a National Public Key Directory solution, designed to manage certificates for ePassports in compliance with International Civil Aviation Organization (ICAO) standards.

Contact us Download Product Sheet

A complete system for handling national certificates for ePassports

Fully compliant

All NPKD operations are compliant with ICAO and NPKD has been successfully tested against ICAO Public Key Directory (PKD) Test Bench v3.0.

Rich graphical user interface

PrimeKey's NPKD is operated through a rich graphical user interface that makes it easy to manage the imported top-level certificates. Users can search through ICAO PKD, download, inspect, store, publish, and more.

 

Open and interoperable

NPKD is designed to perform well with the PrimeKey products EJBCA Enterprise and SignServer Enterprise as well as with other PKIs.

NPKD-Anton-Maikel

Anton and Maikel
- PrimeKey

What is a National Public Key Directory?

Many countries have implemented Biometric Passports (or ePassports), allowing their citizens to travel more securely and efficiently.

All efforts to standardize travel documents are done under the umbrella of the International Civil Aviation Organization (ICAO). This makes travelers’ documents easy to recognize, read and validate by the foreign countries people visit. To facilitate the exchange of required information to authenticate ePassports, ICAO has created the centralized Public Key Directory (PKD) for sharing information between countries.

Each sovereign nation handles a  PKD list on its own, as it finds appropriate and secure. The PrimeKey National Public Key Directory (NPKD) addresses the needs of a country to have an efficient, secure and robust system of importing other nations’ certificates from the PKD, as well as exporting its own certificates to the PKD.

Features of PrimeKey NPKD

PrimeKey NPKD makes it easy to manage the imported top-level certificates from other countries – to decide if and how much they trust these certificates – to be able to swiftly revoke a certificate if needed. NPKD exchanges digital certificates and other security data with the ICAO PKD, and makes them available for inspection systems. The ICAO PKD works as a hub for exchanging information required to authenticate ePassports. 

compliant-720×720

Compliant and secure

PrimeKey NPKD is developed by engineers with extensive experience of ePassport solutions. All NPKD operations are compliant with ICAO and the solution has solid security application features such as user access control, secure audit logging and database rows authenticity protection. All security data is checked for ICAO conformity and the test results are visible to the user. Auditors can easily search and filter through all audit logs. 

PrimeKey NPKD includes configurable schedulers. This makes the application server automatically run all the necessary tasks to keep valid PKD object published and available for inspection systems. 

integration-720×720

Integration in existing infrastructures

PrimeKey NPKD, which is used by numerous nations to issue their citizen passports, can be integrated with your existing PKI and works seamlessly with EJBCA Enterprise or SignServer Enterprise.

complete-720×720

Included use cases

  • Download security data (Master List, Deviation Lists, DS certificates and CRL) of a specific country or all countries 
  • Extract Master Lists and inspecting their certificates 
  • Run ICAO checks on security data and store them in a database for later use 
  • Construct a Master List or Deviation List 
  • Publish CSCA certificates and other security data to a local NPKD LDAP server and make them available for inspection systems 
  • Upload security data to ICAO PKD
  • Automate all routine tasks such as download from and upload to ICAO, publish to a local NPKD LDAP, revocation check of all certificates and create database backups
  • Find the CSCA that has signed a DS certificate or Master Lists that contain a CSCA certificate
  • Audit all access control and integrity-change logs
  • Keep and update a record of all registry contact information

Solutions based on product

Enabling ePassports

Produce and verify ePassports with our dedicated PKI solution

More information

See the links for more information on NPKD.

Contact us

Fill in your contact information below and we will get in touch with you.