PrimeKey NPKD

A complete system for handling National Certificates within epass solutions

What is NPKD

Many countries have implemented Biometric Passports (or e-Passports), allowing their citizens to travel more secure and efficient.

All efforts in standardization of travel documents are done under the umbrella of the International Civil Aviation Organization (ICAO). This makes travellers’ documents easy to recognize, read and validate by the foreign countries people visit. ICAO is in charge and operates a directory of certificates used to issue passports; each of the associated countries has its own certificate. The directory is called the Public Key Directory (PKD).

Explaining PKI

PrimeKey NPKD

Each sovereign nation handles the PKD list on its own, as it finds appropriate and secure. The PrimeKey NPKD product addresses the needs of a country to have an efficient, secure and robust system of importing other nations’ certificates from the PKD, as well as exporting its own certificates to the PKD. PrimeKey NPKD makes it easy to manage the imported top-level certificates from other countries – to decide if and how much they trust these certificates – to be able to swiftly revoke a certificate in case of need.

PrimeKey NPKD works seamlessly with EJBCA Enterprise or SignServer Enterprise, used by several nations to issue their citizen passports. In fact, we have built in some of the security features used by EJBCA to the NPKD.

As we are committed to open standards, one of them being ICAOs specifications, our PrimeKey NPKD is designed and works well even for those nations who have not yet migrated to EJBCA Enterprise.

NPDK setup

“Country A” represents a country using PrimeKey NPKD and “Country X” represents all other countries either using PrimeKey NPKD or another solution.


Included Use Cases in PrimeKey NPKD

  • Downloading Master Lists from a specific country
  • Extracting Master Lists and inspecting their certificates
  • Running ICAO checks on Master List CSCA certificates
  • Storing Master Lists in databases for later use
  • Publishing CSCA certificates to an NPKD LDAP server
  • Downloading all Master Lists from ICAO PKD
  • Downloading all DS certificates and CRLs from ICAO PKD
  • Uploading Master Lists to ICAO PKD
  • Finding the CSCA that has signed DS certificates
  • Finding Master Lists that contain CSCA certificates
  • Auditing all access control and integritychange logs

Contact us

Fill in your contact information below and we will get in touch with you.

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.