eMRTD Connector

The eMRTD Connector handles the communication between the chip of an electronic machine readable travel document (eMRTD) and supports the Document Validation Server (DocVal Server) to perform ICAO conform tests

Connect the chip of an eMRTD with the secure DocVal Server

Capture data from an NFC enabled chip on an eMRTD

An electronic Machine Readable Travel Document (eMRTD) stores the various identification details of the holder on the integrated chip, including a photograph (or digital image) with mandatory and optional identification elements. An eMRTD has a contactless integrated circuit embedded in it and the capability of being used for biometric identification of the MRTD holder, in accordance with the specified standards.

The eMRTD Connector is fully compliant with ICAO Doc 9303 standards. This makes it a perfect fit for interoperable e-passport or eID solutions. It is the basis for the secure reading of data from the chip on the eMRTD. Supported authentication protocols include Basic Access Control (BAC), Password Authenticated Connection Establishment (PACE), Active Authentication (AA) and Extended Access Control (EAC).

Fully compliant with relevant standards, the eMRTD connector can also be used for electronic driver’s licenses and other travel documents following the ICAO 9303 standard.

How the eMRTD Connector reads data from the chip

The eMRTD contains an RFID chip that can be read by NFC. This chip stores data from the travel document data page and the holder’s mandatory biometric: the photo. Data is organized in data groups (DG1, DG2, SOD, etc.).

To read the data from the chip on an eMRTD, the eMRTD Connector uses the data captured from the MRZ Scanner to securely log into the chip, and then to read and verify the data stored on the chip. The data is passed over to the Document Validation Server (DocVal Server).

Reading an NFC enabled chip involves these steps

  1. Access to the chip
  2. Authentication of the chip and data
  3. Reading the data
  4. Parse data into structures
  5. Transfer of data from DocVal Server to customer server

Access to the Chip

To read the contents of the eMRTD chip, access control must be established. The access control mechanism will ensure that the data on the eMRTD chip will not be read without the knowledge of the holder of the travel document.

The ICAO has defined two protocols for access control

  • PACE – Password Authenticated Connection Establishment
    • This protocol will be used if it is supported by the chip
    • PACE is the newer, cryptographically more secure standard
  • BAC – Basic Access Control
    • This protocol is in use if the PACE protocol is not supported by the chip

Both access control protocols use an access key that is generated from the MRZ Scanner. The access key is generated from the document number, date of birth and date of expiration stored in the MRZ.

Inspect Chip on Passport

Once access control has been established, the chip allows access to the data groups stored on the chip.

Authentication of the Chip

Chip authentication prevents copying of data and proves that it has been read from the authentic chip and that the chip has not been replaced. The first supported protocol of these three is used:

  • PACE Access Control Protocol with chip authentication mapping
  • Chip authentication
  • Active authentication

PACE or BAC are always required, while CA and AA are optional.

Our eMRTD Connector supports all the above-mentioned protocols.

Authentication of Data

Data authentication proves that the content is authentic and has not been tampered in any way. It does not prevent copying or replacing chip contents. For this purpose, the Passive Authentication protocol is used. eMRTD Connector users must provide a list of country signing certificate authority certificates for data authentication.

Country Signing Certificate Authority

OVD Kinegram does not provide data authentication certificates to its customers. It is the customer’s responsibility to obtain the necessary certificates, either from the ICAO organization or from the country’s government organizations. Doing so allows customers to be notified of new updated certificates.

Many countries make their certificates available in the ICAO Public Key Directory. It is possible to retrieve a list of appropriate certificates from this directory.

The DIGITAL SEAL App and the Document Validation Server preferably use the Country Signing Certificate Authority Masterlist provided by the BSI.

Integration of the eMRTD Connector into mobile or web apps

The eMRTD Connector is part of the OVD Kinegram MOBILE CHIP SDK (available for iOS and Android). With the SDK, you are able to enrich your apps with features for secure reading and validating the data stored on the chip of an eMRTD. The data then is being transferred to the DocVal-Server.

The eMRTD Connector connects the DocVal Server with the chip.

Experience seamless identity document verification in an instant

Instantly verify passports, ID cards, driver’s licenses and other identity documents to really know your customers.

Smooth identity verification

The OVD Kinegram eMRTD Connector is based on the MOBILE CHIP SDK  (available for iOS and Android) and ensures a secure and seamless customer experience. It’s designed to make identity verification easy, fast, and fraud-proof, regardless of credential.

See how easy identity verification can be

Get more information about
secure identity verification

Contact

    First Name *

    Last Name *

    Company *

    Position

    E-Mail *

    Phone *

    Message *

    *

    I agree that my data from the contact form will be collected and processed to answer my request. You can find more information in our privacy policy.

    Contact
    Close