Government Root Certification Authority

Electronic passports are modern security documents with many security features, and functions such as Government Root Certification Authority and Country Signing Certificate Authority plays an important role in the solution. Several components are required in order to produce and inspect ePassports. The important security features are standardized by ICAO and the EU. Thanks to the standardization, possible ePassport fraud is easier to detect at member states’ border checkpoints.

From a PKI perspective, the ePassport security features can be divided into two categories: Basic Access Control (BAC) ensuring the authenticity of the passport and Extended Access Control (EAC) protecting privacy of fingerprints stored in the passport chip. To produce ePassports, PKI and a Digital Signature solution is needed. To verify ePassports from different countries, you need PKI and a Directory for different countries (NPKD).

government root certification authority - discussing and working

PrimeKey’s ePass Solution and Country Signing Certificate Authority

Our ePassport Solution contains all the PKI and digital signature components needed to produce and handle ePassports securely, and your ePassport implementation with country root certification authority and country signing certificate authority will automatically benefit from PrimeKey’s extensive experience in many strategic, mission-critical, large-scale PKI projects.

All software within our ePassport offering is reliable during production operations and integrate well with other necessary ePassport technologies. When needed, the software is easily adapted to evolving legal and technical demands. All included technology meet the requirements of ICAO and the EU.

Country Signing Certificate Authority and Country Verifying

PrimeKey’s EJBCA® PKI implements Country Signing Certificate Authority (CSCA), Country Verifying CA (CVCA) and Document Verifier (DV). Compliant with the ICAO 9303 and EAC specifications, EJBCA PKI has full support for both RSA and ECC algorithms.

Document Signing

A server-side signature service, PrimeKey’s SignServer is suitable for signing biometric ePassport (MRTD) data compliant with the ICAO specification. SignServer stores its keys in a hardware security module (HSM) to enhance security and performance.

NPKD Storage

The NPKD provides a local repository for ICAO PKD objects. In addition to storage, the NPKD validates and controls the distribution of these objects. The NPKD manages content from the upstream ICAO PKD, including master and defect lists. The NPKD distributes this to inspection systems, to ensure that the content is validated and current.

Products used in ePassport Solution

EJBCA Enterprise

EJBCA® Enterprise is a powerful and flexible Certificate Authority and a complete PKI (Public Key Infrastructure) Management System.

SignServer Enterprise

Server-side digital signatures give maximum control and security, allowing your staff and applications to conveniently sign code and documents.

PrimeKey NPKD

A complete system for handling National Certificates within epass solutions.

Success Story

Epassports for Turkey

Contact PrimeKey to implement Country Signing Certificate Authority and Government Root Certification Authority

In the process of investigating possible ePassport solutions and finding a partner which can help you with Country Signing Certificate Authority as well as Government Root Certification Authority? PrimeKey has worked with several countries to secure the biometric data in ePassports. Contact us today for further guidance!

  • Hidden
    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.

How can we help?

  • Hidden
    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.
Contact us