Comprehensive Infrastructure for Modern Identity Documents

Double protection for modern eIDs

By adding electronic and biometric data to ID documents, new security-relevant requirements arise: the data stored on the chip must be protected from manipulation and forgery, on the one hand; on the other hand, by using adequate security-mechanisms it must be ensured that the data can only be accessed by people who are verifiably authorised to do so. To achieve this, various requirements and measures have been defined on an international level by the ICAO and on the European level by the EU.

One solution for both worlds of the eID PKI

Even though all of the requirements for the protection of electronic data described above are based on Public Key Infrastructures (PKI), there are technical differences which need to be considered in the process of implementing these infrastructures: whereas the ICAO-PKI is based on the use of standardised X.509 certificates and certificate revocation lists and uses electronic signatures to protect authenticity and integrity of data, the EAC-PKI uses so-called Card Verifiable certificates (CV-certificates). This results from the particular requirements for the features of the chip in an electronic passport. The experts at secunet support you in developing a reliable solution which connects the various requirements in an optimum way.