Give us a call
Call us at +41 41 555 20 40
Connect the chip of an eMRTD with the secure DocVal Server
Capture data from an NFC enabled chip on an eMRTD
An electronic Machine Readable Travel Document (eMRTD) stores the various identification details of the holder on the integrated chip, including a photograph (or digital image) with mandatory and optional identification elements. An eMRTD has a contactless integrated circuit embedded in it and the capability of being used for biometric identification of the MRTD holder, in accordance with the specified standards.
The eMRTD Connector is fully compliant with ICAO Doc 9303 standards. This makes it a perfect fit for interoperable e-passport or eID solutions. It is the basis for the secure reading of data from the chip on the eMRTD. Supported authentication protocols include Basic Access Control (BAC), Password Authenticated Connection Establishment (PACE), Active Authentication (AA) and Extended Access Control (EAC).
Fully compliant with relevant standards, the eMRTD connector can also be used for electronic driver’s licenses and other travel documents following the ICAO 9303 standard.
How the eMRTD Connector reads data from the chip
The eMRTD contains an RFID chip that can be read by NFC. This chip stores data from the travel document data page and the holder’s mandatory biometric: the photo. Data is organized in data groups (DG1, DG2, SOD, etc.).
To read the data from the chip on an eMRTD, the eMRTD Connector uses the data captured from the MRZ Scanner to securely log into the chip, and then to read and verify the data stored on the chip. The data is passed over to the Document Validation Server (DocVal Server).
Reading an NFC enabled chip involves these steps
- Access to the chip
- Authentication of the chip and data
- Reading the data
- Parse data into structures
- Transfer of data from DocVal Server to customer server
Access to the Chip
To read the contents of the eMRTD chip, access control must be established. The access control mechanism will ensure that the data on the eMRTD chip will not be read without the knowledge of the holder of the travel document.
The ICAO has defined two protocols for access control
- PACE – Password Authenticated Connection Establishment
- This protocol will be used if it is supported by the chip
- PACE is the newer, cryptographically more secure standard
- BAC – Basic Access Control
- This protocol is in use if the PACE protocol is not supported by the chip
Both access control protocols use an access key that is generated from the MRZ Scanner. The access key is generated from the document number, date of birth and date of expiration stored in the MRZ.
Once access control has been established, the chip allows access to the data groups stored on the chip.
Authentication of the Chip
Chip authentication prevents copying of data and proves that it has been read from the authentic chip and that the chip has not been replaced. The first supported protocol of these three is used:
- PACE Access Control Protocol with chip authentication mapping
- Chip authentication
- Active authentication
PACE or BAC are always required, while CA and AA are optional.
Our eMRTD Connector supports all the above-mentioned protocols.
Authentication of Data
Data authentication proves that the content is authentic and has not been tampered in any way. It does not prevent copying or replacing chip contents. For this purpose, the Passive Authentication protocol is used. eMRTD Connector users must provide a list of country signing certificate authority certificates for data authentication.
Country Signing Certificate Authority
OVD Kinegram does not provide data authentication certificates to its customers. It is the customer’s responsibility to obtain the necessary certificates, either from the ICAO organization or from the country’s government organizations. Doing so allows customers to be notified of new updated certificates.
Many countries make their certificates available in the ICAO Public Key Directory. It is possible to retrieve a list of appropriate certificates from this directory.
The DIGITAL SEAL App and the Document Validation Server preferably use the Country Signing Certificate Authority Masterlist provided by the BSI.
Integration of the eMRTD Connector into mobile or web apps
The eMRTD Connector is part of the OVD Kinegram MOBILE CHIP SDK (available for iOS and Android). With the SDK, you are able to enrich your apps with features for secure reading and validating the data stored on the chip of an eMRTD. The data then is being transferred to the DocVal-Server.
The eMRTD Connector connects the DocVal Server with the chip.
Experience seamless identity document verification in an instant
Instantly verify passports, ID cards, driver’s licenses and other identity documents to really know your customers.
Smooth identity verification
The OVD Kinegram eMRTD Connector is based on the MOBILE CHIP SDK (available for iOS and Android) and ensures a secure and seamless customer experience. It’s designed to make identity verification easy, fast, and fraud-proof, regardless of credential.
