Give us a call
Call us at +41 41 555 20 40
Connect an eMRTD with the secure DocVal Server
Capture data from an NFC enabled chip on an eMRTD
An electronic Machine Readable Travel Document (eMRTD) stores the various identification details of the holder on the integrated chip, including a photograph with mandatory and optional identification elements. An eMRTD has a contactless integrated circuit embedded in it and the capability of being used for biometric identification of the MRTD holder, in accordance with the ICAO standards.
The DocVal Server is fully compliant with ICAO Doc 9303 standards. This makes it a perfect fit for KYC solutions. It is the basis for the secure reading of data from the chip on the eMRTD. Supported access control protocols include Basic Access Control (BAC) and Password Authenticated Connection Establishment (PACE).
Fully compliant with relevant standards, the eMRTD connector can be used for travel documents following the ICAO 9303 standard.
How the eMRTD Connector reads data from the chip
The eMRTD contains an RFID chip that can be read by NFC. This chip stores data from the travel document data page and the holder’s mandatory biometric: the photo. Data is organized in data groups.
To read the data from the chip on an eMRTD, the eMRTD Connector uses the data captured from the MRZ Scanner to securely access the chip, and then to read and verify the data stored on the chip. The data is passed over to the Document Validation Server (DocVal Server).
Reading an NFC enabled chip involves these steps
- Access to the chip
- Reading the data
- Authentication of the chip and data
- Parse data into structures
- Transfer of data from DocVal Server to customer server
Access to the Chip
To read the contents of the eMRTD chip, access control must be established. The access control mechanism will ensure that the data on the eMRTD chip will not be read without the knowledge of the holder of the travel document.
The ICAO has defined two Access Control Protocols, Basic Access Control (BAC) and Password Authenticated Connection Establishment (PACE).
Both access control protocols use an access key. The access key is generated from the document number, date of birth and date of expiry stored in the MRZ.
Once access control has been established, the chip allows access to the data groups stored on the chip.
Authentication of the Chip
Chip authentication proves that data has been read from the original chip and that the chip has not been replaced or cloned. To verify that the following steps are performed
- Access Control (BAC or PACE)
- Chip Authentication (CA)
According to the ICAO Standard from 1st January 2018, PACE or BAC are required, while CA and AA are optional.
The eMRTD Connector together with the DocVal Server supports all the above-mentioned protocols.
Authentication of Data
With Passive Authentication, the integrity and authenticity of the data (like MRZ info, photo of face) is verified based on a list of trusted country certificates.
CSCA-Certificates
OVD Kinegram provides a Docker container that includes data authentication certificates to its customers.
Many countries make their certificates available in the ICAO Public Key Directory. It is possible to retrieve a list of appropriate certificates from this directory.
The DIGITAL SEAL app and the Document Validation Server use the Country Signing Certificate Authority Masterlist provided by the BSI.
Integration of the eMRTD Connector into mobile or web apps
The eMRTD Connector is part of the OVD Kinegram MOBILE CHIP SDK (available for iOS and Android). With the SDK, you are able to enrich your apps with features for secure reading and validating the chip and the data stored on the chip of an eMRTD.
The eMRTD Connector connects the DocVal Server with the chip.
Experience seamless identity document verification in an instant
Instantly verify passports and ID cards to really know your customers.
Smooth identity verification
The OVD Kinegram eMRTD Connector is part of the MOBILE CHIP SDK (available for iOS and Android) and ensures a secure and seamless user experience. It’s designed to make identity verification easy, fast and fraud-proof.
