ePassport PKI Solution

Electronic passports are modern security documents with many security features. Several components are required in order to produce and inspect ePassports. The important security features are standardized by ICAO and the EU. Thanks to the standardization, possible ePassport fraud is easier to detect at member states’ border checkpoints.

From a PKI perspective the ePassport security features can be divided into two categories: Basic Access Control (BAC) ensuring the authenticity of the passport and Extended Access Control (EAC) protecting privacy of fingerprints stored in the passport chip. To produce ePassports, PKI and a Digitial Signature solution is needed. To verify ePassports from different countries, you need PKI and a Directory for different countries (NPKD), and also a Single Point of Contact (SPOC) for exchanging on-line information with other countries.

Working PKI

PrimeKey’s ePass Solution

Our ePassport Solution contains all the PKI and digital signature components needed to produce and handle ePassports securely, and your ePassport implementation will automatically benefit from PrimeKey’s extensive experience in many strategic, mission-critical, large-scale PKI projects.

All software within our ePassport offering is reliable during production operations and integrate well with other necessary ePassport technologies. When needed, the software is easily adapted to evolving legal and technical demands. All included technology meet the requirements of ICAO and the EU.

Country Signing and Country Verifying

PrimeKey’s EJBCA PKI implements Country Signing Certificate Authority (CSCA), Country Verifying CA (CVCA) and Document Verifier (DV). Compliant with the ICAO 9303 and EAC specifications, EJBCA PKI has full support for both RSA and ECC algorithms.

Document Signing

A server-side signature service, PrimeKey’s SignServer is suitable for signing biometric ePassport (MRTD) data compliant with the ICAO specification. SignServer stores its keys in a hardware security module (HSM) to enhance security and performance.

SPOC Communication

PrimeKey’s EJBCA SPOC application implements a standard mechanism for certificate management of the Extended Access Control (EAC) for passports. By handling incoming and outgoing certificate requests and responses, it acts as a front end between a country’s EAC implementation and SPOCs of other nations. EJBCA SPOC is compliant with the specification defined by Brussels Interoperability Group (BIG).

NPKD Storage

The NPKD provides a local repository for ICAO PKD objects. In addition to storage, the NPKD validates and controls the distribution of these objects. The NPKD manages content from the upstream ICAO PKD, including master and defect lists. The NPKD distributes this to inspection systems, to ensure that the content is validated and current.

Products used in ePassport Solution

EJBCA Enterprise

EJBCA Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System.

SignServer Enterprise

Server side digital signatures give maximum control and security, allowing your staff and applications to conveniently sign code and documents.

PrimeKey NPKD

A complete system for handling National Certificates within epass solutions.

Success Story

Epassports for Turkey

Contact us

Fill in your contact information below and we will get in touch with you.

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.