technical report pki for machine readable travel documents offering icc read-only access tag_15...
TRANSCRIPT
![Page 1: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/1.jpg)
Technical Report
PKI for Machine Readable Travel Documents offering ICC read-only access
TAG_15 Montreal, 2004-05-18
Tom Kinneging
![Page 2: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/2.jpg)
Authenticity and Integrity
Document Security Object Standardized data structure (RFC3369)Containing hash-representations of LDS
data groupsDigitally signed by issuing State
![Page 3: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/3.jpg)
Document Security Object
Data Group 1 (MRZ)
Data Group 2 (Encoded Face)
Data Group 3 (Encoded Finger)
Data Group 4 (Encoded Iris)
Data Group 5 (Displayed Face)
Data Group 6 (Future use)
Data Group 16 (Persons to notify)
LDS
Data Group 7 - 15
Hash DG_1
Hash DG_2
Hash DG_3
Hash DG_5
SOD
Digital Signature
![Page 4: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/4.jpg)
Key Management
Document Signer Certificates Country Signing CA CertificatesCertificate RevocationICAO Public Key Directory
![Page 5: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/5.jpg)
Key Management
Country Signing CA Document Signer
Issue & sign Issue & Sign Sign
Country Signing CA Certificate
Hash DG_1Hash DG_2Hash DG_3Hash DG_5
SOD
Digital Signature
Document Security Object
Document SignerCertificate
Inspection system MRTD chip
2
2
11
1
![Page 6: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/6.jpg)
Additional options
Basic Access ControlActive AuthenticationSecuring additional biometrics
![Page 7: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/7.jpg)
Basic Access Control
MRZ based key derivationSkimming
Access to chip data Eavesdropping
Secure communications chip / reader
![Page 8: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/8.jpg)
Basic Access Control
![Page 9: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/9.jpg)
Basic Access Control
Inspection system
10011101111001
![Page 10: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/10.jpg)
Active Authentication
Chip SubstitutionData CopyingDocument’s Key pair
![Page 11: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/11.jpg)
Active Authentication
Data Group 1 (MRZ)
Data Group 2 (Encoded Face)
Data Group 3 (Encoded Finger)
Data Group 4 (Encoded Iris)
Data Group 5 (Displayed Face)
Data Group 6 (Future use)
LDS
Data Group 7 - 14
Hash DG_1
Hash DG_2
Hash DG_3
Hash DG_5
SOD
Digital Signature
Data Group 16 (Persons to notify)
Data Group 15 (AA Public Key)
Hash DG_15
AA Private Key
![Page 12: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/12.jpg)
Next steps
Implementation experiencesFurther development
![Page 13: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/13.jpg)
Frequently Asked Questions
TAG-MRTD-WP/10Keep up-to-date
![Page 14: Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging](https://reader031.vdocument.in/reader031/viewer/2022013011/5515494d550346c77d8b629f/html5/thumbnails/14.jpg)
Action by the TAG/MRTD
The TAG/MRTD is invited to endorse the Technical Report, “PKI for Machine Readable Travel documents Offering ICC Read-only Access”, Version 1.0.