Entrust Digital Signatures Help Protect ePassports

  • Jan 10, 2008

When the Department of State decided to move to digital passports -- also known as ePassports -- it also recognized there was an opportunity to add another layer of security to these credentials, and tapped Entrust Inc. to provide the public key infrastructure (PKI)-enabled digital signatures.

A function known as non-repudiation, the digital signature verifies that the digital credential has, in fact, been issued by the Department of State and that it has not been tampered with since its issuance. To date, the Department of State has surpassed the 18 million milestone mark for deploying the new ePassports.

"The digital signatures on the new passports illustrate how PKI technology is being used in a number of new applications, reinforcing PKI as the gold standard for digital security," said Entrust Chairman, President and CEO Bill Conner. "It's really a 'PKI 2.0' trend we're seeing in the market right now. More organizations are realizing the value and unprecedented scalability PKI technology affords them when deploying and managing security for digital identities and information -- especially on a mass scale like this."

Since August 2006 only ePassports have been issued in the United States. As security guidelines to travel between the United States, Mexico, Canada and the Caribbean now require a valid passport, the issuance of ePassports has risen dramatically. This increase is expected to continue, with an eventual production of 15 to 18 million ePassports annually.

"Along with the U.S., we have been able to help secure ePassports and national ID cards in Spain, Singapore, Saudi Arabia, New Zealand, Slovenia and others," Conner said. "This security feature can also help prevent these credentials from being counterfeited, which adds a greater level of assurance to both the border patrol officials, as well as the travelers themselves."

ePassport travel documents contain an electronic chip that stores sensitive personal information that can be verified against the data on the passport as well as against the individual at the border control point. Although U.S. ePassports currently store a digital facial image, the documents have the capability to securely include digitized photographs, fingerprints or other biometrics. To protect these assets, PKI is an integral technology for the security and verification infrastructure of ePassports. The Entrust Authority PKI portfolio is one of the leading solutions to support this capability.

The Department of State has employed a multilayered approach to protect the privacy of the information contained on the ePassport. In addition to a metallic cover that prevents skimming or eavesdropping of the information while the document is closed, Basic Access Control (BAC) technology is used to "unlock" the data on the chip. A PKI digital signature enables alteration or modification of the data on the chip to be detected and enables authorities to validate and authenticate the data.

Modular and fully integrated, the Entrust Authority PKI portfolio is built on the foundation of Entrust Authority Security Manager, the certification authority (CA) system responsible for issuing and managing digital identities. Optional components help organizations manage the entire lifecycle of PKI certificates. Approximately 1,000 government and commercial organizations have purchased Entrust PKI solutions since Entrust brought its first PKI to market in the 1990s.

On the horizon, the next generation of ePassport technology is already being considered. Enhanced security, known as Extended Access Control (EAC), provides an additional layer of security to control access to sensitive information, such as biometric fingerprints and iris scans on these next-generation ePassports. EAC also specifies protocols for authenticating the chip and inspection system to each other. Not based on the X.509 standard, EAC will leverage a different type of certificate known as a card verifiable (CV) certificate.

The EAC concept was introduced by the International Civil Aviation Organization (ICAO) in liaison with the International Organization for Standardization (ISO). EAC technical details, including certificate profiles and protocol specifications, are initially being defined by the Brussels Interoperability Group (BIG) for use within Europe. Entrust actively is participating in BIG as well as in the ISO Task Force on Security for ePassports. These next-generation ePassports, using EAC, will be required by all European Union (EU) Schengen member States by June 2009. Deployment mandates for the United States have yet to be determined.

Featured

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

  • Right-Wing Activist Charlie Kirk Dies After Utah Valley University Shooting

    Charlie Kirk, a popular conservative activist and founder of Turning Point USA, died Wednesday after being shot during an on-campus event at Utah Valley University in Orem, Utah Read Now

Most   Popular

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.