Give us a call
Call us at +41 41 555 20 40
Our products are designed around robust security mechanisms, ensuring the protection and integrity of sensitive data. The structure and operation are guided significantly by ICAO 9303 standards, primarily focused on eMRTD (electronic Machine-Readable Travel Documents) applets and the supporting DocVal Server system.
In the evolving landscape of international travel, the integration of technology in travel documents is paramount for enhancing security and streamlining border control processes. One of the pivotal technologies at the forefront of this innovation is the electronic Machine-Readable Travel Document (eMRTD), particularly through the implementation of the eMRTD applet.
The “Chip Inside” symbol on an electronic Machine-Readable Travel Document (eMRTD) such as a biometric passport is an indicator of the presence of an embedded microprocessor chip within the document.
The chip is a critical component for storing and processing data securely. It contains sensitive information including personal details, biometric data, and digital signatures which are protected against unauthorized access and tampering.
By housing data in a secure chip, the integrity of the stored information is maintained, ensuring that the data cannot be altered without detection.
The chip facilitates automated identity verification processes in Know your Customer and customer onboarding processes. It allows for the use of digital technology such as the MOBILE CHIP SDK to access and verify the data quickly and accurately, reducing the risk of human error and fraud.
The presence of the chip represents a move towards more advanced, technology-driven security measures in travel documents, aligning with global trends towards digitalization and enhanced security protocols.
In essence, the Chip Inside symbol on an eMRTD not only assures the holder and authorities of the document’s authenticity and advanced security features but also facilitates a more streamlined and secure identity verification process.
Access control on an electronic Machine-Readable Travel Document (eMRTD) such as a biometric passport is a fundamental security feature designed to protect the sensitive personal data stored on the chip within the document.
Access to the chip’s data begins with the verification of a password. This can either be the Machine-Readable Zone (MRZ), which includes data such as the passport number, the document holder’s birth date, and the document’s expiry date, or a Card Access Number (CAN), which might be required for additional security in certain situations.
BAC is implemented to prevent unauthorized reading of the chip’s data. It uses key agreement and data encryption techniques. The keys for these operations are derived from the MRZ information, ensuring that only parties with physical access to the passport and knowledge of its printed data can access the chip.
An enhancement over BAC, PACE uses a password to establish a secure connection between the chip and the reader. It provides stronger security by using more robust cryptographic methods and helps in protecting the confidentiality and integrity of the communication.
Once the initial access control checks (BAC or PACE) are passed, all subsequent communication between the chip and the reader is protected through secure messaging. This involves encrypting the data sent between the two to prevent eavesdropping and ensuring that the data remains tamper-proof during transmission.
This is an optional feature used to verify the authenticity of the chip itself. It utilizes cryptographic keys stored on the chip to confirm that the chip is genuine and not a cloned or unauthorized copy.
Designed to prevent cloning of the chip, Active Authentication involves the chip proving its authenticity by using a private key to sign a challenge sent by the reader, which verifies the signature using a corresponding public key.
These layers of access control ensure that the data on eMRTDs is protected against unauthorized access and manipulation, thus maintaining the security and integrity of personal and biometric data essential for international travel.
The SOD (Signed Document) in the context of an electronic Machine-Readable Travel Document (eMRTD) is a critical security feature that ensures the integrity and authenticity of the document’s stored data.
It contains the Document Signing Certificate which is signed by the issuing country. The signed content (signed with the Document Signing Certificate) includes (among other details) hash values for each Data Group present.
The primary function of the SOD is to verify that the data stored on the chip has not been tampered with. When the eMRTD is scanned, the digital signatures in the SOD are checked against the data they represent. If the data has been altered in any way, the signature will not match, indicating a breach of security.
The SOD uses cryptographic techniques to create and verify digital signatures. This involves the use of public key infrastructure (PKI), where a private key (held securely by the issuing authority) is used to sign the data, and a public key (which can be widely distributed) is used for verification.
The implementation of the SOD in eMRTDs adheres to international standards recommended by the International Civil Aviation Organization (ICAO). This standardization ensures that eMRTDs are universally compatible with border control systems worldwide, facilitating smooth and secure international travel.
The presence of an SOD not only helps in the electronic authentication of the document’s holder but also adds a layer of security that makes forgery and data manipulation significantly more difficult.
In summary, the SOD plays a pivotal role in safeguarding the data contained within eMRTDs, providing a mechanism for verifying data integrity and authenticity which is crucial for maintaining the security of international travel documents.
The data groups (DGs) of an electronic Machine-Readable Travel Document (eMRTD) store structured data in a secure microprocessor chip embedded within the document. Each DG holds specific types of information, crucial for verifying the identity and authenticity of the document holder.
This contains the data printed in the MRZ of the travel document, such as the document holder’s name, document number, nationality, and date of birth. This information is critical for initial verification and is used to login to the chip.
Typically holds the facial image of the document holder, used for biometric checks at border controls.
This group is used to store the fingerprint images of the document holder, usually required by countries implementing higher security measures. To be able to read the contents of this DG, special certificates are required.
DG4 stores iris scan information, which some countries use for advanced biometric verification. To access the contents of this DG, special certificates are required.
Contains one or more portrait of the document holder used for visual inspection, which can differ from the biometrically captured image in DG2.
This group is reserved for future use or for specific national applications. It is not universally defined and vary by the issuing country.
Image of the Signature or Usual Mark
These groups are reserved for future use or for specific national applications. They are not universally defined and vary by the issuing country.
Stores additional personal details like the document holder’s profession, titles, or proof marks.
Contains information about the issuing authority or other administrative entries related to the document issuance.
Used for optional or additional data not covered by other groups, again varying by country.
Holds public key information and security objects, enhancing the security of the communication between the chip and the reader.
Contains the public key used for Active Authentication, designed to prove the authenticity of the chip and combat forgery.
These layers of access control ensure that the data on eMRTDs is protected against unauthorized access and manipulation, thus maintaining the security and integrity of personal and biometric data essential for international travel.
Data authenticity, often referred to as “Passive Authentication,” is a crucial security process designed to verify the integrity of the data stored on the chip.
Passive Authentication is a fundamental security measure in eMRTDs that ensures the data contained within these documents is legitimate and unchanged, providing a reliable basis for identity verification across international borders. This process, underpinned by the CSCA Master List, establishes a standardized method of trust that enhances the security of global travel.
Chip authenticity is vital for verifying that the chip embedded in the document is genuine and secure. This is crucial in preventing the fraudulent replication and manipulation of sensitive biometric and personal data stored on the chip.
Together, Chip Authentication and Active Authentication form a comprehensive security framework that protects the integrity of eMRTDs by ensuring each chip is authentic and secure. This not only prevents potential fraud and identity theft but also enhances the trust in the authenticity of travel documents across international borders.
The security mechanisms embedded in our products are meticulously designed to comply with the stringent guidelines set forth by the International Civil Aviation Organization (ICAO) and the German Federal Office for Information Security (BSI). These guidelines ensure that our security solutions not only meet international standards but also address emerging threats effectively.
By referencing both ICAO and BSI standards, our products achieve a very high level of security through comprehensive, internationally recognized practices. This dual compliance not only enhances the protective features within our products but also boosts user confidence in their reliability and safety. These rigorous standards are integral to our commitment to safeguarding sensitive information and ensuring the integrity of our security systems, thus maintaining the highest levels of trust and compliance globally.
The DocVal Server is an innovative solution that leverages mobile technology to enhance the security and verification process of electronic Machine-Readable Travel Documents (eMRTDs). Specifically, it uses a smartphone as a proxy to access the chip embedded within an eMRTD.
In summary, the use of a smartphone as a proxy by the DocVal Server to access the chip in eMRTDs represents a significant advancement in document verification technology. It not only simplifies the verification process but also enhances its security, making it a valuable tool for authorities and organizations involved in identity management and border control.
Give us a call
Call us at +41 41 555 20 40
Contact by e-mail
Contact us via our contact form.
Personal meeting
Arrange a personal meeting.