Post on 27-Mar-2015
Technical Report
PKI for Machine Readable Travel Documents offering ICC read-only access
TAG_15 Montreal, 2004-05-18
Tom Kinneging
Authenticity and Integrity
Document Security Object Standardized data structure (RFC3369)Containing hash-representations of LDS
data groupsDigitally signed by issuing State
Document Security Object
Data Group 1 (MRZ)
Data Group 2 (Encoded Face)
Data Group 3 (Encoded Finger)
Data Group 4 (Encoded Iris)
Data Group 5 (Displayed Face)
Data Group 6 (Future use)
Data Group 16 (Persons to notify)
LDS
Data Group 7 - 15
Hash DG_1
Hash DG_2
Hash DG_3
Hash DG_5
SOD
Digital Signature
Key Management
Document Signer Certificates Country Signing CA CertificatesCertificate RevocationICAO Public Key Directory
Key Management
Country Signing CA Document Signer
Issue & sign Issue & Sign Sign
Country Signing CA Certificate
Hash DG_1Hash DG_2Hash DG_3Hash DG_5
SOD
Digital Signature
Document Security Object
Document SignerCertificate
Inspection system MRTD chip
2
2
11
1
Additional options
Basic Access ControlActive AuthenticationSecuring additional biometrics
Basic Access Control
MRZ based key derivationSkimming
Access to chip data Eavesdropping
Secure communications chip / reader
Basic Access Control
Basic Access Control
Inspection system
10011101111001
Active Authentication
Chip SubstitutionData CopyingDocument’s Key pair
Active Authentication
Data Group 1 (MRZ)
Data Group 2 (Encoded Face)
Data Group 3 (Encoded Finger)
Data Group 4 (Encoded Iris)
Data Group 5 (Displayed Face)
Data Group 6 (Future use)
LDS
Data Group 7 - 14
Hash DG_1
Hash DG_2
Hash DG_3
Hash DG_5
SOD
Digital Signature
Data Group 16 (Persons to notify)
Data Group 15 (AA Public Key)
Hash DG_15
AA Private Key
Next steps
Implementation experiencesFurther development
Frequently Asked Questions
TAG-MRTD-WP/10Keep up-to-date
Action by the TAG/MRTD
The TAG/MRTD is invited to endorse the Technical Report, “PKI for Machine Readable Travel documents Offering ICC Read-only Access”, Version 1.0.