1 / 14

Technical Report

Technical Report. PKI for Machine Readable Travel Documents offering ICC read-only access. TAG_15 Montreal, 2004-05-18 Tom Kinneging. Authenticity and Integrity. Document Security Object Standardized data structure (RFC3369) Containing hash-representations of LDS data groups

corazon
Download Presentation

Technical Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging

  2. Authenticity and Integrity • Document Security Object • Standardized data structure (RFC3369) • Containing hash-representations of LDS data groups • Digitally signed by issuing State

  3. Document Security Object LDS SOD Data Group 1 (MRZ) Hash DG_1 Data Group 2 (Encoded Face) Hash DG_2 Data Group 3 (Encoded Finger) Hash DG_3 Data Group 4 (Encoded Iris) Hash DG_5 Data Group 5 (Displayed Face) Digital Signature Data Group 6 (Future use) Data Group 7 - 15 Data Group 16 (Persons to notify)

  4. Key Management • Document Signer Certificates • Country Signing CA Certificates • Certificate Revocation • ICAO Public Key Directory

  5. Document Signer Certificate Country Signing CA Certificate Key Management Country Signing CA Document Signer 1 1 2 Issue & sign Issue & Sign Sign SOD Hash DG_1 1 2 Hash DG_2 Hash DG_3 Hash DG_5 Digital Signature Document Security Object Inspection system MRTD chip

  6. Additional options • Basic Access Control • Active Authentication • Securing additional biometrics

  7. Basic Access Control • MRZ based key derivation • Skimming • Access to chip data • Eavesdropping • Secure communications chip / reader

  8. Basic Access Control

  9. Basic Access Control 10011101111001 Inspection system

  10. Active Authentication • Chip Substitution • Data Copying • Document’s Key pair

  11. Active Authentication LDS SOD Data Group 1 (MRZ) Hash DG_1 Data Group 2 (Encoded Face) Hash DG_2 Data Group 3 (Encoded Finger) Hash DG_3 Data Group 4 (Encoded Iris) Hash DG_5 Data Group 5 (Displayed Face) Hash DG_15 Data Group 6 (Future use) Digital Signature Data Group 7 - 14 Data Group 15 (AA Public Key) AA Private Key Data Group 16 (Persons to notify)

  12. Next steps • Implementation experiences • Further development

  13. Frequently Asked Questions • TAG-MRTD-WP/10 • Keep up-to-date

  14. Action by the TAG/MRTD The TAG/MRTD is invited to endorse the Technical Report, “PKI for Machine Readable Travel documents Offering ICC Read-only Access”, Version 1.0.

More Related