Electronic passports are standardized modern security documents with many security features. Typical PKI and digital signature functions such as Government Root Certification Authority and Country Signing Certificate Authority play an important role in the solution.
PrimeKey's ePassport solution contains all the PKI and digital signature components needed to produce and handle ePassports securely. The important security features are standardized by ICAO and the EU.
Country Signing and Country Verifying CAs
EJBCA Enterprise implements Country Signing Certificate Authority (CSCA), Country Verifying CA (CVCA) and Document Verifier (DV). Compliant with the ICAO 9303 and EAC specifications.
SignServer supports signing biometric ePassport (MRTD) data compliant with the ICAO specification.
ICAO PKD objects local storage
The National Public Key Directory (NPKD) from PrimeKey enables management of ICAO PKD objects in a provided local repository.
ePassport security features
From a PKI perspective, the ePassport security features can be divided into two categories:
Basic Access Control (BAC)
Ensures the authenticity of the passport.
Extended Access Control (EAC)
Protects the privacy of biometric data stored in the ePassport chip.
Benefits of PrimeKey's ePassport solution
An ePassport PKI solution can contain several PKI services such as CSCA, CVCA, DVCA and DS. Demands on what PKI services are needed can differ depending on the targeted region.
Our ePassport Solution contains all the PKI and digital signature components needed to produce and handle ePassports securely.
All included technology meets the requirements of ICAO and the EU.
Flexibility and integration
All software within our ePassport offering is reliable during operations and integrates well with other necessary ePassport technologies from major players such as Thales and Mühlbauer. The solution can be deployed as a flexible software appliance or as a fit-for-purpose hardware appliance that also includes a FIPS-certified HSM.
PrimeKey has extensive experience in many strategic, mission-critical, large-scale PKI projects and has already delivered ePassport solutions to more than 20 customers.
Products for ePassports
To produce ePassports, you need PKI (EJBCA Enterprise) and a digital signing solution (SignServer Enterprise).
To verify ePassports from different countries, you need PKI (EJBCA Enterprise) and a Directory for different countries (NPKD).
Complete public key infrastructure (PKI) and certificate management
Server-side, PKI-based, multipurpose digital signature solution
National Public Key Directory from PrimeKey, a system for national certificates in e-passports
Customer stories from PKI implementations around the globe
EJBCA Enterprise, ePassport, Government, SignServer Enterprise
Turkish Delight – or how to issue 10,000 high-quality e-Passports every day
See the links for more information:
ePassport signing documentation
Fill in your contact information below and we will get in touch with you.