How the Security Mechanisms in our Products Work

This article delves into the specifics of documents and the eMRTD applet, exploring its features, functionality, and the security, it provides.

Our products are designed around robust security mechanisms, ensuring the protection and integrity of sensitive data. The structure and operation are guided significantly by ICAO 9303 standards, primarily focused on eMRTD (electronic Machine-Readable Travel Documents) applets and the supporting DocVal Server system.

Documents and the eMRTD Applet

In the evolving landscape of international travel, the integration of technology in travel documents is paramount for enhancing security and streamlining border control processes. One of the pivotal technologies at the forefront of this innovation is the electronic Machine-Readable Travel Document (eMRTD), particularly through the implementation of the eMRTD applet.

Chip Inside Symbol

The “Chip Inside” symbol on an electronic Machine-Readable Travel Document (eMRTD) such as a biometric passport is an indicator of the presence of an embedded microprocessor chip within the document.

Chip Inside Symbol on Identity Documents

The chip has the following functions

Security and Protection

The chip is a critical component for storing and processing data securely. It contains sensitive information including personal details, biometric data, and digital signatures which are protected against unauthorized access and tampering.

Data Integrity

By housing data in a secure chip, the integrity of the stored information is maintained, ensuring that the data cannot be altered without detection.

Enhanced Verification

The chip facilitates automated identity verification processes in Know your Customer and customer onboarding processes. It allows for the use of digital technology such as the MOBILE CHIP SDK to access and verify the data quickly and accurately, reducing the risk of human error and fraud.

Technological Advancement

The presence of the chip represents a move towards more advanced, technology-driven security measures in travel documents, aligning with global trends towards digitalization and enhanced security protocols.

In essence, the Chip Inside symbol on an eMRTD not only assures the holder and authorities of the document’s authenticity and advanced security features but also facilitates a more streamlined and secure identity verification process.

Access Control

Access control on an electronic Machine-Readable Travel Document (eMRTD) such as a biometric passport is a fundamental security feature designed to protect the sensitive personal data stored on the chip within the document.

Here is how access control mechanisms work on an eMRTD:

Password Protection

Access to the chip’s data begins with the verification of a password. This can either be the Machine-Readable Zone (MRZ), which includes data such as the passport number, the document holder’s birth date, and the document’s expiry date, or a Card Access Number (CAN), which might be required for additional security in certain situations.

Basic Access Control (BAC)

BAC is implemented to prevent unauthorized reading of the chip’s data. It uses key agreement and data encryption techniques. The keys for these operations are derived from the MRZ information, ensuring that only parties with physical access to the passport and knowledge of its printed data can access the chip.

Password Authenticated Connection Establishment (PACE)

An enhancement over BAC, PACE uses a password to establish a secure connection between the chip and the reader. It provides stronger security by using more robust cryptographic methods and helps in protecting the confidentiality and integrity of the communication.

Secure Messaging

Once the initial access control checks (BAC or PACE) are passed, all subsequent communication between the chip and the reader is protected through secure messaging. This involves encrypting the data sent between the two to prevent eavesdropping and ensuring that the data remains tamper-proof during transmission.

Chip Authentication

This is an optional feature used to verify the authenticity of the chip itself. It utilizes cryptographic keys stored on the chip to confirm that the chip is genuine and not a cloned or unauthorized copy.

Active Authentication

Designed to prevent cloning of the chip, Active Authentication involves the chip proving its authenticity by using a private key to sign a challenge sent by the reader, which verifies the signature using a corresponding public key.

These layers of access control ensure that the data on eMRTDs is protected against unauthorized access and manipulation, thus maintaining the security and integrity of personal and biometric data essential for international travel.

SOD (Signed Document)

The SOD (Signed Document) in the context of an electronic Machine-Readable Travel Document (eMRTD) is a critical security feature that ensures the integrity and authenticity of the document’s stored data.

Here’s what the SOD means and its role in eMRTDs:

Digital Signature Container

It contains the Document Signing Certificate which is signed by the issuing country. The signed content (signed with the Document Signing Certificate) includes (among other details) hash values for each Data Group present.

Integrity and Authenticity

The primary function of the SOD is to verify that the data stored on the chip has not been tampered with. When the eMRTD is scanned, the digital signatures in the SOD are checked against the data they represent. If the data has been altered in any way, the signature will not match, indicating a breach of security.


The SOD uses cryptographic techniques to create and verify digital signatures. This involves the use of public key infrastructure (PKI), where a private key (held securely by the issuing authority) is used to sign the data, and a public key (which can be widely distributed) is used for verification.

Compliance with International Standards

The implementation of the SOD in eMRTDs adheres to international standards recommended by the International Civil Aviation Organization (ICAO). This standardization ensures that eMRTDs are universally compatible with border control systems worldwide, facilitating smooth and secure international travel.

Enhanced Security Protocols

The presence of an SOD not only helps in the electronic authentication of the document’s holder but also adds a layer of security that makes forgery and data manipulation significantly more difficult.

In summary, the SOD plays a pivotal role in safeguarding the data contained within eMRTDs, providing a mechanism for verifying data integrity and authenticity which is crucial for maintaining the security of international travel documents.

Data Groups

The data groups (DGs) of an electronic Machine-Readable Travel Document (eMRTD) store structured data in a secure microprocessor chip embedded within the document. Each DG holds specific types of information, crucial for verifying the identity and authenticity of the document holder.

Here are the key data groups and their contents:

DG1 – Machine Readable Zone (MRZ) Information

This contains the data printed in the MRZ of the travel document, such as the document holder’s name, document number, nationality, and date of birth. This information is critical for initial verification and is used to login to the chip.

DG2 – Biometric Information

Typically holds the facial image of the document holder, used for biometric checks at border controls.

DG3 (optional) – Fingerprints

This group is used to store the fingerprint images of the document holder, usually required by countries implementing higher security measures. To be able to read the contents of this DG, special certificates are required.

DG4 (optional) – Iris Data

DG4 stores iris scan information, which some countries use for advanced biometric verification. To access the contents of this DG, special certificates are required.

DG5 (optional) – Displayed Portrait

Contains one or more portrait of the document holder used for visual inspection, which can differ from the biometrically captured image in DG2.

DG6 (optional) – Specific national applications

This group is reserved for future use or for specific national applications. It is not universally defined and vary by the issuing country.

DG7 (optional) – Signature or Usual Mark

Image of the Signature or Usual Mark

DG8 to DG10 (optional)

These groups are reserved for future use or for specific national applications. They are not universally defined and vary by the issuing country.

DG11 (optional) – Personal Data Additional Details

Stores additional personal details like the document holder’s profession, titles, or proof marks.

DG12 (optional) – Additional Document Details

Contains information about the issuing authority or other administrative entries related to the document issuance.

DG13 (optional) – Details

Used for optional or additional data not covered by other groups, again varying by country.

DG14 (optional) – Cryptographic Info

Holds public key information and security objects, enhancing the security of the communication between the chip and the reader.

DG15 (optional) – Active Authentication Public Key

Contains the public key used for Active Authentication, designed to prove the authenticity of the chip and combat forgery.

These layers of access control ensure that the data on eMRTDs is protected against unauthorized access and manipulation, thus maintaining the security and integrity of personal and biometric data essential for international travel.

Data Authenticity (“Passive Authentication”)

Data authenticity, often referred to as “Passive Authentication,” is a crucial security process designed to verify the integrity of the data stored on the chip.

Here’s how passive authentication works, focusing on its verification steps and the role of the CSCA Master List:

Verification Steps

  • Read the Document Security Object (SOD), which contains the Document Signer Certificate (CDS) from the contactless IC.
  • Build and validate a certification path from a Trust Anchor to the Document Signer Certificate used to sign the Document Security Object (SOD).
  • Use the verified Document Signer Public Key to verify the signature of the Document Security Object (SOD).
  • Read relevant Data Groups from the contactless IC.
  • Ensure that the contents of the Data Group are authentic and unchanged by hashing the contents and comparing the result with the corresponding hash value in the Document Security Object (SOD).

CSCA Master List

  • Function: The Country Signing Certification Authority (CSCA) Master List is a collection of digital certificates used to verify the signatures on eMRTDs issued by participating countries. Each certificate in the Master List is issued by a CSCA and represents the root of trust for all eMRTDs issued by that country.
  • Role in Verification: During passive authentication, the digital signature in the SOD must be verified using a certificate that can trace its validity back to a trusted CSCA. The CSCA Master List provides the necessary public keys to authenticate these certificates. When an eMRTD is scanned, the verifying system uses the CSCA Master List to confirm that the digital certificate used for signing the SOD is valid and trustworthy.
  • Global Interoperability: The CSCA Master List facilitates international acceptance of eMRTDs by ensuring that border control systems worldwide can verify the authenticity of eMRTDs from other countries reliably.

Passive Authentication is a fundamental security measure in eMRTDs that ensures the data contained within these documents is legitimate and unchanged, providing a reliable basis for identity verification across international borders. This process, underpinned by the CSCA Master List, establishes a standardized method of trust that enhances the security of global travel.

Chip Authenticity

Chip authenticity is vital for verifying that the chip embedded in the document is genuine and secure. This is crucial in preventing the fraudulent replication and manipulation of sensitive biometric and personal data stored on the chip.

The two primary mechanisms used to ensure chip authenticity are Chip Authentication and Active Authentication:

Chip Authentication

  • Purpose: Chip Authentication is designed to confirm that the chip itself is legitimate and has not been tampered with. It establishes a cryptographic challenge-response protocol between the chip and the reader.
  • Process: Generate a new public-private key pair and send the public key to the chip. Calculate a shared secret using its private key and the “Public Key for Chip Authentication” from Data Group 14. Derive new communication keys from the shared secret.
  • Benefits: This method strengthens the security of the communication channel between the chip and the reader, ensuring data confidentiality and integrity. It also confirms the chip’s identity, proving that it is not a clone.

Active Authentication

  • Purpose: Active Authentication is specifically aimed at preventing the cloning of eMRTD chips. It ensures that the chip within the eMRTD is unique and cannot be copied illicitly.
  • Process: The Chip signs (using RSA or ECDSA) a random challenge with a private key. If the ECDSA is used, the Hash algorithm is mentioned in the “Active Authentication Info” from DG14. The signature can be verified using the Public Key for AA from Data Group 15. If the signature is valid, it confirms the presence of the authentic, original chip.
  • Benefits: Active Authentication provides a high level of security by ensuring that each chip can prove its identity independently through cryptographic means. It effectively combats the risk of unauthorized chip duplication, adding a robust layer of security to the eMRTD.

Together, Chip Authentication and Active Authentication form a comprehensive security framework that protects the integrity of eMRTDs by ensuring each chip is authentic and secure. This not only prevents potential fraud and identity theft but also enhances the trust in the authenticity of travel documents across international borders.


The security mechanisms embedded in our products are meticulously designed to comply with the stringent guidelines set forth by the International Civil Aviation Organization (ICAO) and the German Federal Office for Information Security (BSI). These guidelines ensure that our security solutions not only meet international standards but also address emerging threats effectively.

Here’s how our security mechanisms are referenced and aligned with ICAO and BSI standards:

ICAO Compliance

  • Document and Data Security: Our products adhere to ICAO 9303 specifications, which mandate secure storage and processing of biometric data and personal identifiers in electronic Machine-Readable Travel Documents (eMRTDs). This includes the use of a secure embedded chip that stores encrypted data protected by access control mechanisms such as Basic Access Control (BAC) and Password Authenticated Connection Establishment (PACE).
  • Passive and Active Authentication: In line with ICAO guidelines, our eMRTDs implement both passive and active authentication mechanisms to ensure data integrity and prevent unauthorized cloning of the chip, respectively.
  • Interoperability: We read and check “security features” according to ICAO standard and are therefore ICAO compliant.

BSI References

  • Advanced Security Protocols: Our security protocols incorporate BSI standards for advanced cryptography and chip security. This includes the implementation of strong encryption methods and secure cryptographic algorithms recommended by the BSI for protection against unauthorized access and data breaches.
  • Chip Authentication and Integrity Checks: Following BSI’s guidelines, our products utilize chip authentication mechanisms that verify the authenticity of the chip through cryptographic means, ensuring that the chip has not been tampered with or replaced.
  • Regular Security Assessments and Updates: Consistent with BSI practices, our security measures remain effective against new vulnerabilities and threats. This proactive approach includes updates and patches that keep our products resilient in a dynamic security landscape.

Integration of ICAO and BSI Standards

By referencing both ICAO and BSI standards, our products achieve a very high level of security through comprehensive, internationally recognized practices. This dual compliance not only enhances the protective features within our products but also boosts user confidence in their reliability and safety. These rigorous standards are integral to our commitment to safeguarding sensitive information and ensuring the integrity of our security systems, thus maintaining the highest levels of trust and compliance globally.

DocVal Server

The DocVal Server is an innovative solution that leverages mobile technology to enhance the security and verification process of electronic Machine-Readable Travel Documents (eMRTDs). Specifically, it uses a smartphone as a proxy to access the chip embedded within an eMRTD.

Here’s how this technology works and its benefits:


  • Connection via Smartphone: The DocVal Server system utilizes the eMRTD Connector on a smartphone to act as an intermediary device between the eMRTDs chip and the server. This is accomplished by using the phone’s Near Field Communication (NFC) capability to communicate directly with the chip.
  • Data Transmission: Once the phone establishes a connection with the eMRTDs chip, it can read the encrypted data stored on the chip. The smartphone then securely transmits this data to the DocVal Server for processing and verification.


  • Enhanced Accessibility: By using a standard smartphone as a proxy, the DocVal Server allows for the verification of eMRTDs anywhere and anytime, significantly improving accessibility compared to traditional systems that require specialized equipment.
  • Increased Security: The server performs comprehensive checks, including the authentication of digital signatures and verification against international security standards. This process ensures the integrity and authenticity of the data read from the eMRTD.
  • Streamlined Processes: This method streamlines the verification process, making it faster and more efficient. It reduces the need for physical verification systems and can handle large volumes of verifications quickly due to the widespread availability and use of smartphones.


  • User Interface: The smartphone application interface is designed to be user-friendly, requiring minimal interaction from the user while ensuring maximum security during data transmission.
  • Security Protocols: Robust encryption protocols are used during the data transmission between the smartphone and the DocVal Server to prevent interception and ensure that data integrity is maintained.

In summary, the use of a smartphone as a proxy by the DocVal Server to access the chip in eMRTDs represents a significant advancement in document verification technology. It not only simplifies the verification process but also enhances its security, making it a valuable tool for authorities and organizations involved in identity management and border control.

Kinegram Digital Solutions

More articles in our blog series “Why Our Solution is Secure”

Why Our Solution is Secure - Enhancing security with MOBILE CHIP SDK: Traditional techniques of identity verification face several challenges. In this article we take a closer look why the MOBILE CHIP SDK is a great solution to prevent identity fraud.
Why Our Solution is Secure - Why is the MOBILE CHIP SDK technology safe and reliable? In this article, we take a look at the MOBILE CHIP SDK technology from different angles.
Why Our Solution is Secure - Security and Quality Measures in the MOBILE CHIP SDK. In this article, we take a detailed look at the various security and quality measures in the MOBILE CHIP SDK.
Why Our Solution is Secure - Components of the MOBILE CHIP SDK. This article outline the products and components of the MOBILE CHIP SDK. They are designed to offer a robust and secure solution for integrating and managing identity verification processes.
Why Our Solution is Secure - How the Security Mechanisms in our Products work. This article delves into the specifics of documents and the eMRTD applet, exploring its features, functionality, and the security, it provides.

Get more information about
secure identity verification


    First Name *

    Last Name *

    Company *


    E-Mail *

    Phone *

    Message *


    I agree that my data from the contact form will be collected and processed to answer my request. You can find more information in our privacy policy.