white paper E-passport overview Dan Butnaru - Trusted Identity Product Line Manager

Transcription

1 white paper E-passport overview Dan Butnaru - Trusted Identity Product Line Manager

2 contents 1 Objective 4 2 Introduction 4 3 The Challenge Secure Travel Document s Objectives The electronic Passport Proven Technology An International Standard A World Wide Success Story One document Several projects Security Solutions Introduction Production Inspection Verification of Document Authenticity Verification of Traveller Identity Interoperability for International Information Exchange ICAO Public Key Directory (PKD) Single Point of Contact (SPOC) FutureTrends LDS Automated Border Control Evidence of Identification Deployment ScenariOS Phase 1 - Production System Phase 2 - EAC-Ready Approach Phase 3 - Fully Operational Inspection Infrastructure Phase 4 - Platforms for International Information Exchange Conclusion 19 8 Acronyms 21 9 References 22 About the Author 23 2

3 figures Figure 1 The MRTD...7 Figure 2 Scheme of an e-passport...8 Figure 3 ICAO Statistics...9 Figure 4 e-passport Projects Phases...10 Figure 5 e-passport Production System...11 Figure 6 e-passport Passive Authentication...12 Figure 7 EAC PKI for Terminal Authentication...13 Figure 8 ICAO PKD Use Case...14 Figure 9 SPOC Use Case...15 Figure 10 PKI for Production...17 Figure 11 PKI for Production (incl. EAC)...18 Figure 12 EAC PKI for Inspection...18 Figure 13 PKD System

4 1 OBJECTIVE This whitepaper s objective is to describe step by step all phases of e-passport projects, from secure production to secure verification of document s and traveler s identity. A particular focus is given to interoperability schemes as we are evolving in a context which is driven by international standards As summary, recommendations are given, in terms of technogly, deployment best practices and future evolutions, based on return of experience from projects in-the-field. 2 INTRODUCTION Travel Documents have undergone a significant transformation since more than a decade, particularily pushed by September 11th events. The paper based document which aims to prove that the holder is the person he claims to be, has been constantly improved and more and more security features have been added along with the exposure to new counterfeiting attacks. The International Civil Aviation Organization (ICAO), a sub group of the International Air Transport Association (IATA), has specified a smart card chip based electronic, machine readable travel document, which aims to guarantee the authenticity of such an electronic document, aka the electronic passport. Besides the pure proof that the issued passport in genuine, meaning issued by the official authority, border control has also to verify the identity of the passport holder. This has been typically performed by comparing the photo with the face of the traveler. As fraud is extensively based on wrong pictures, look-alike people, and good quality photos are often not the case, the only reliable verification of identity is to compare securely chip memory stored biometrics with captured ones. The European Union has therefore introduced, the so-called electronic biometric passport (aka biometric passport), which includes fingerprint and/or iris information in the smart card chip. Due to long lasting and coordinated efforts from international experts, ICAO issued the first epassport standards in 2005 (Document 9303). The US Visa Waiver initiative motivated several countries to implement rapidly electronic passports. Within merely a decade, more than 50% of the world issues now secure electronic passports and another half of them biometric ones (source ICAO 2013). As issuance is moving forward, the current challenge for a country is to shift from production to inspection. Indeed the passports objective is by definition to be inspected, or verified. As security mechanisms are electronic (smart card based), the methods of inspection are too. The term Automated Border Control is generally used to describe here electronic gates (aka e-gates), which are in charge of verifiying all security features of the passport and biometrics of its holder. From a sheer security point of view, ABC will become of utmost importance in the next years, due to the dramatic increase of air traffic. 4

5 According to IATA s latest figures, air traffic volume will increase by 113% in 2030! Managing huge traffic flows of people, goods, but also associated information records are the challenges of today and tomorrow. Key to these challenges is international information exchange and interoperability. 3 THE CHALLENGE 3.1 Secure Travel Document s Objectives When travelling from one country to another, two questions arise: Is the passport genuine? Is the passport holder the right person? Therefore, a travel document s purpose is quite straight forward: To prove traveler s identity by presenting an official document issued by a trustworthy organization. The primary objective is hence to guarantee the authenticity of a travel document Counterfeiting official documents has always existed. More and more features were implemented to enhance security of documents, from reinforcement of physical anti-counterfeiting mechanisms like Optically Variable Devices (OVD), invisible ink, micro printing, etc. to the Machine Readable Travel Document (MRTD), enabling automated verification through Optical Character Recognition (OCR). Figure 1 The MRTD The latest evolution has been the electronic passport, which makes use of smart card technology to increase security. The second objective is to verify traveller s identity. Besides the fact whether a document is authentic or not, the other important information is to make sure that the passport holder is the one indicated in the (official) document. 5

6 To achieve this, real-time comparison between captured traveler biometrics and stored personal data can prove unambiguously the identity of the individual. These two objectives represent the daily business for Border Control Systems, implying important human and technological investments to maintain security. Thus the issuance and inspection of unforgeable, unambiguously verifiable travel documents is a key driver for all Nations to enable free movement of their citizens abroad and to control migration. 4 THE ELECTRONIC PASSPORT 4.1 Proven Technology The electronic passport or electronic Machine Readable Travel Document (e-mrtd) is a paper document embedding a contactless smart card and antenna in order to be read by a terminal, also known as the Inspection System. Using a smart card chip allows to store data in a tamper proof device and thus make it de-facto impossible to copy and counterfeit personal data. Figure 2 Scheme of an e-passport Personal Data (Photo and machine Readable Zone, MRZ) is digitally signed and at personalization phase stored on the Passport s smart card chip. By combining chip technology with cryptography and Public Key Infrastructure (PKI) one can achieve two principle goals of information security: Authentication: Data is digitally signed by a state authority s (secret) key and can be thus verified by cryptographic means. Confidentiality: Based on Mutual Authentication mechanisms only authorized systems are able to read out personal data. Depending on the criticity of information, different levels of access control can be used. 6

7 4.2 An International Standard The International Civil Aviation Organization (ICAO) has published in 2005 international standards for electronic Machine Readable Travel Documents and electronic Visas. It specifies through a set of documents all technical details of an electronic passport, enabling thus countries to verify that a foreign electronically secured travel document is authentic. This specification is known as ICAO Document For proving traveler identity, fingerprints and iris have been chosen as most viable and economically reasonable biometric verification data (optional datagroups DG3 and DG4 defined by ICAO specifications). The European Union has elaborated a scheme where these biometric data are protected and subject to a particular access control mechanism. In order to be able to read out fingerprints or iris information, a dedicated infrastructure has been specified in EU-TR We therefore speak of an electronic biometric passport, aka biometric passport. It has to be underlined, as fingerprint and iris are optional datagroups. Therefore, not all electronic passports are biometric, but all biometric are by definition electronic passports. In 2010, a European Decrete was published asking member countries to issue electronic passports with additional optional biometrics stored and protected by Extended Access Control. Several other countries outside Europe did also deploy biometric passports, for instance in Africa and Middle East. 4.3 A World Wide Success Story The electronic passport has definitely demonstrated to be by far the most successful international e-id endeavor at present. Since the very first deployments in 2005, projects were implemented all over the world with nowadays 101 out of 193 member countries issuing more than 500 Million electronic travel documents (cf. ICAO MRTD Report Q2/2013). The other are issuing Machine Readable Travel Documents (MRTD) or even still paper based ones (approx. 20 countries). ICAO has issued a deadline for paper based documents that will have to be at least MRTD by November 24th of This evolution is based on extensive efforts in standardization and security, allowing to use an e-passport all over the world. Driven by governmental regulations, all regions are concerned. Especially in countries where control of migration constitutes a real challenge, the electronic travel document allows to manage more efficiently the free movement of individuals. 7

8 Figure 3 ICAO Statistics Given ICAO s projection of air traffic, which will increase by 113% in 2030, we can expect new challenges for all countries, making Automated Border Control necessary in order to reduce check-in time. Verification of traveler s biometrics will become a neccesisity to increase processing throughput and security. 4.4 One document Several projects When analyzing the electronic passport in detail, one has to underline that it is a phased project approach. Indeed, producing the electronic document is only one part of the global picture. Managing the issuing request beforehand and implementing inspection for usage in-the-field are as important as issuance. They present real benefits for government and citizens and are large opportunites for a whole e-id ecosystem. Figure 4 depicts these phases: Figure 4 e-passport Projects Phases 8

9 1 Enrolment In this phase all personal data are gathered to issue the passport. Typically, capturing biometrics and proof of identity are main topics. 2 Production The physical document including smart card is manufactured. Datapage personalization with Machine Readable Zone and smart card chip electrical personalization are performed. 3- Inspection An e-passport has no value, if its e -security features are not exploited. Therefore a terminal infrastructure is deployed typically at border control to read out information for verification of document and traveler. 4 Exchange of Information Travel documents are by definition of international concern. Hence, setting up interoperable information systems is a necessity and natural evolution of all issuing countries. The ability to unambiguously verify foregin passports is as important as issuing ones. 5 SECURITY SOLUTIONS 5.1 Introduction As illustrated in previuos chapters the electronic passport has a variety of benefits, like increased protection against counterfeiting and accelerating traveler check-in procedures through automated procedures. Nonetheless, this only can be achieved if adapted security technology is implemented. Public Key Infrastructure (PKI) based on science (cryptography) and technology (Hardware and Software) has proven to be the best adapted choice. ICAO has clearly underlined this importance by making PKI usage mandatory for production and inspection of electronic travel documents. 5.2 Production As outlined in chapter 3.1, an electronic passport is used, amongst others, to store in digital form the same visible information (Photo, MRZ) which can be found in the datapage. To prevent fraud, this information is cryptographically signed by a dedicated server, accredited by a national authority. In ICAO terms these entities are called Document Signer (DS) and Country Signing Certification Authority (CSCA), as depicted in Figure 5. 9

10 Figure 5 e-passport Production System Technically the Document Signer is a Signature Server, which interfaces a personalization chain producing the passport. Passport data is signed by the DS in form of hashed data groups (DGs), so citizen related information is never exposed in clear text to the DS. In ICAO terms we talk about Logical Data Structure (LDS) which after signature becomes the Signature Object Data (SOD). The underlying PKI has therefore following objectives: - Producing signature services, performed by a DS. - Managing lifecycle of Document Signers digital identity, performed by the CSCA. All identities are implemented through X.509 v3 digital certificates. 5.3 Inspection Verification of Document Authenticity In order to prove the authenticity of an electronic passport, a two steps mechanism is used: 1) The Machine Readable Zone is read out by automatic means (OCR). 2) Based on this MRZ information, a session key is calculated and access granted to the chip containing the MRZ in digitally signed format 3) Digitally signed data is converted to plain text and compared to optically read out information in 1). This is achieved by using the Document Signer s public key included in its digital certificate and stored in the chip. 10

11 The access mechanism described in 2) is known as Basic Access Control (BAC). BAC has been showing some weaknesses against cryptographic attacks. Therefore a new protocol, the Supplemental Access Control has emerged and will be mandatory in Europe by end of 2014: SAC includes a chip specific Card Access Number (CAN) in the calculation of the access key and makes it therefore impossible to copy data from one chip to another. Through SAC, it is now possible to verify not only authenticity but also unicity of the electronic travel document. Basic Access Control and Supplemental Access Control are also defined as Passive Authentication. Figure 6 e-passport Passive Authentication Verification of Traveller Identity As stated in chapter 3.2, additional biometric data (fingerprint, iris) requires protection and can be accessed only after an Extended Access Control mechanism. According to specifications published by the European Union, these access rights are managed by a dedicated Public Key Infrastructure, as shown in Figure 7. Figure 7 EAC PKI for Terminal Authentication 11

12 The core element in this mechanism is the Mutual Authentication between epassport and Terminal (Inspection System). It ensures that only well identified entites talk to each other. In detail, the terminal verifies authenticity of the document through BAC or SAC (see chapter 4.3.1). Once the document is authentified, it verifies the identity of the terminal as follows: At production stage, the National Root Authority certificate is stored into the chip as a trusted reference, the trustpoint. All terminal digital identities are issued by a PKI, based on this Root CA as issuer. The passport compares the issuing root authority found in the terminal certificate chain with the trust point stored in his chip memory. If they are the same, so the terminal is authorized to read out biometric data. Thus, for managing Terminal Authentication, each country implements a PKI consisting of one National Root Authority (Country Verifying Certification Authority - CVCA) and an Intermediate Authority (Document Verifier Certification Authority - DVCA) which issues digital certificates to Inspection Systems (IS). Reflecting the smart card s technical capabilities, a particular certificate format based on ISO 7816-X standards has been choses, the Card Verifiable Certificate (CVC). Verifying the identity of a traveler means capturing his biometrics and comprare them to the one stored in the e-passport chip. By default, each country issues Inspection System digital identities to read out biometrics of their citizens, since they have stored the National Root CA. If foreign travel documents need to be read, the issuing foreign country must authorize other countrie s Inspection Systems and therefore issue certificates for foreign Inspection Systems. This can be defined as a cross certification, which means a forgeign authority generated a trustchain (i.e. a nested structure of Root CA + DV CA+ IS certificate). 5.4 Interoperability for International Information Exchange ICAO Public Key Directory (PKD) When verifying document authenticity, the validity of the Document Signer certificate must be checked to make sure that the passport has been produced by a valid environment (see chapter 4.2). This verification is of utmost importance when foreign epassports have to be checked. Border Control infrastructure must be able to analyze most recent data provided by every country for its issued documents. The ICAO defined PKI system foresees to publish Certificate Revocation Lists. It is thus possible to check whether a given Document Signer is valid or not. In order to establish an international repository where verification data is managed centrally, ICAO has set up the Public Key Directory (PKD) where all countries are encouraged to publish their reference data, as outlined in Figure 8. 12

13 Figure 8 ICAO PKD Use Case The PKD Board regroups all ICAO member countries which publish their national data into the system. Today (2013) almost 40 countries adhere to this system for information exchange and future schemes for air traffic check-in procedures rely heavily on Automated Border Control based on PKD connectivity. Other countries exchange their information by bilateral means (e.g. dimplomatic suitcase, etc.) or are not yet deploying border control systems for electronically verify e-passports Single Point of Contact (SPOC) Interoperability schemes are even more important when biometrics are concerned. Indeed, the inspection of foreign citizen personal data can only be performed with prior authorization by the issuing country. The European Union has therefore specified an international standard, known as CSN , to harmonize the (automated) exchange of IS certificates. This scheme is called Single Point of Contact (SPOC) and defines a secured communication protocol on international level, see Figure 9. Moreover, the Europen Common Policy settles workflows in order to define the interaction between a national EAC PKI and the national SPOC level. It has to be underlined that though SPOC is an European initiative, other countries have also implemented this approach. 13

14 Figure 9 SPOC Use Case 5.5 Future Trends LDS 2.0 Since several years, significant work has been done on ICAO level to encourage countries to implement electronic Machine Readable Travel Documents, known as the MRTD initiative. Latest standardization initatives are working on Logical Data Structure 2.0 (LDS 2.0) which in brief will enable post issuance of epassport data. The typical application field targets the electronic visa. From a PKI point-of-view, LDS 2.0 is an interesting use case, since the existing EAC infrastructure can be reused 100%. Today, EAC (Extended Access Control) is used to manage read rights. One can therefore imagine easily having a similar mechanism for write rights. The only thing which needs modification is a dedicated CV certificate type. Thus existing CVCA/DVCA infrastructure can be reused, with only minimal updates. This clearly encourages countries to move onto the biometric passport as standard deployment scheme of the nearest future Automated border control Deploying e-gates is already a reality in countries in Europe, Middle East and Asia and will become wide spread with the forseen increase of air traffic. 14

15 In order to tackle with the ever growing number of passenger at border control and check-in, two major evolutions are crucial: Possiblity of instant optical verification by human beings Fast, automatic verification of authenticity and identity of document and travelers. The airport is and extremely representative usecase: Border Control is required to make sure frontiers are respected and undesired individuals identified before entering a country. Airlines wish to accelerate check-in procedures for increase customer satisfaction and decreasing costs. Current and future PKI technology accompagnies these requirements by providing the most recent information at the point of verification, meaning when and where it is needed Evidence of Identification As shown in previous chapter, the electronic passport has become extremely difficult to counterfeit given ways to protect production and allow detection of false and lost or stolen documents. Naturally, fraudsters focus nowadays on the weakest elements of the issuance scheme, which are the so-called breeder documents, which means all paper based identification proofs, such as birth certificates, driving licence, ID cards. In has been estimated that in one European country up to 1 Million e-passports could have been obtained by frauded breeder documents. ICAO has identified the breeder document phenomenon as a core subject for future programs. As the last years were dedicated to the promotion of e-mrtd production with support for standards comprehension and best practices for issuance, the next years will see a focus for usage and inspection. Thus, the Traveler Identification Program (TRIP) has been set up by ICAO to reflect the concerns. A special group for Evidence of Identification has been created where best practices and technology aspects are analyzed. Hence this wide spread issue is source for different possible technical solutions ranging from dematerialization of the production request to chip based breeder documents such as the e-driving Licence. A clear trend towards PKI based solution is visible. With already toady existing technology highly reliable systems can be set up to prevent weaking the issuance scheme through lower security in enrollment. Biometry, PKI based authentication and digital signature of sealable and therefore unmodifiable application forms are quick wins and easy to be set up. Fast evolving mobile solutions can contribute to better user experiences. The challenge today for Evidence of Identification is to get hold of the right technology for the most appropriate usage. 6 DEPLOYMENT SCENARIOS As shown in chapter 3.4, an e-passport project runs through different stages, depending on the primary objective of a Nation at a given timeframe. Experience shows that the hereunder listed phases may be combined, but none of them is omitted during a project life cycle. 15

16 6.1 Phase 1 - Production System The most straight forward approach and today widely implemented, is sheer production of electronic passports. The datapage information is transformed, digitally signed and stored into the contactless smart card chip, as described in chapter 4.2. A typical PKI System can be set up with only few investments, consisting of a Country Signing CA (CSCA) and a Document Signer, as depicted herunder: Figure 10 PKI for Production 6.2 Phase 2 - EAC-Ready Approach If a country wishes to include also biometrics into the passport, the EAC scheme has to be deployed. In case of issuance only (inspection of these biometrics will be done in the future), one can limit investments to an EAC-ready approach. This means that only production relevant items are to be implemented, namely the Country Verifying Root Certification Authority (CVCA), known as the Trustpoint and stored into the epassport chip. Figure 11 shows this approach: 16

17 Figure 11 PKI for Production (incl. EAC) 6.3 Phase 3 - Fully Operational Inspection Infrastructure In a nationwide initiative of in-the-field verification, a country needs to deploy a complete Border Control Infrastructure with fix and mobile Inspection Systems and terminals. This will imply, besides an information system and database projects, also a full fledge EAC PKI with CVCA and online DVCA to interface Inspection System terminals of the Border Control Infrastructure.. Since Production and Verification are managed by independent PKI Systems, one can simply deploy one PKI after the other without any problems. Figure 12 EAC PKI for Inspection 17

18 6.4 Phase 4 - Platforms for International Information Exchange Once a country has managed to issue and verify passport from a domestic point of view, it neccessairly wants to be able to verify foreign documents and facilitate citizens to travel abroad. At this stage interoperability comes up. The evident advantage of a country to stick to ICAO compliance is key in this scenario, since Document 9303 compliance will assure that citizen can travel securely and with peace in mind. The ICAO PKD enables propagation of most recent verification data to make sure that the travel document is authentic. A country interfaces with the ICAO PKD through its National PKD, which synchronizes data between the domestic and international level. Here again, the deployment of a National PKD infrastructure can be done in a second step and is not mandatory at production stage. Figure 13 PKD System The same need for interoperability applies to electronic biometric passports where countries exchange their autorizations in order to read out biometrics. Thus, two countries are able to verify the identity of the other country s citizens and vice-versa. Based on the Europen Common Policy, all EU countries are guided towards the usage of SPOC as the sole automatic means to exchange data. Therefore SPOC can be considered as a natural upgrade of EAC PKI and is deployed separately. 18

19 7 CONCLUSION E-Passport projects are well defined, clearly guided programs and highly visible initiatives, for which citizens massively buy in. Given the relatively short timeframe, one can clearly consider this as extraordinary success story. Within only ten years, more than half of the globe is now issuing electronic travel documents and has reduced fraud significantly. ICAO, as the federating organization does a lot of promotion and helps through different working groups to better understand and deploy elelctronic travel document programs. A Nation wishing to set up electronic passport projects can rely on public and private actors for providing consultancy, hardware and software equipment. Besides security, the other advantage brought by e-passports is the ability to automate check-in procedures.* With a 113% increase of air traffic volumes by year 2030, all implied actors look for ways to tackle with this increase. Automated Boarder Control systems have been designed for this scope and will contribute to avoid travelers from long check-in procedures. As travelling by definition means cross border information exchange, no e-passport project can neglect this aspect. Interoperability is required not only for being sure that national documents are recognized abroad, but also to be able to detect false foreign passports. To sum this withepaper up, our recommendations are as follows: 1 Get informed ICAO publishes a lot of information about standards, best practices and background information. Experts and Working groups are set up to make sure that standards are reviewed and that countries get help to set up programs. ICAO s TAG (Technical Advidsory Group), NTWG (New Technology Working Group) and ICBWG (Implementation Capacity Building Working Group) are organizing regular meetings. The PKD Board does a lot of promotion to help countries joining the directory. A lot of valuable information can be found. 2 Learn from existing deployments No need to reinvent the wheel. Countries all over the world have implemented e-passports and generally follow proven methodologies. Industrial solutions exist and are proven. Be part of ICAO s working groups. Especially institutions like the PKD are ideal to share experience and follow latest technological evolutions. 3 Think long term strategy Shifting from paper to electronic is a major step. Setting up enrollment infrastructure needs planning. Think about the country s long term position and evaluate whether electronic passport is sufficient or if it could be better to go for additional biometrics. At least production wise, to be preparded for future traveler identification programs. 19

20 4 Consider e-passport not as one single project As stated in this paper, e-passport projects run trough different phases and don t neccessarilly have to be coupled immediately. On the other hand, they are often the first step of a governmental e-id strategy and set milestones. 5 Pay attention to breeder documents As outlined in chapter 5.5.3, fraud attempts shift from e-passport counterfeiting to all paper based proofs at the enrollment process. Analyze your workflows and infrastructure and strengthen it. There are a lot of ways to do so, and the most successful approach is to combine technology with process. Secure Printing, PKI, Databases, etc. 6 Choose carefully your Public Key Infrastructure Last, but not least, it shall be underlined that PKI is the backbone of epassport system security. Hence governments seeking for a reliable, yet evolutive and secure solution shall consider following subjects: e-passport means several PKIs Secure the production process, issue terminal certificates, create National Root Certification Authorities are different domains. Choose systems and providers which have a complete offer and not just some bricks e-passport means Processes There are several type of PKI documents to create and even standard ones need careful attention. Choose professional companies that either do the work for you or assist you in setting them up. PKI is not only software, but even more a question of expertise. e-passport means Interoperability As stated in chapter 5.4, electronic travel documents only develop their full potential by sharing verification data on international cross border level. It is therefore of utmost importance that your PKI provider cover also these aspects in his offer. e-passport means References It is always a good indication to analyse the number and type of references of a PKI solution. Compared to single customer/single market enterprises, a company with proven record of project deployments in different countries and regions has certainly more experience and the capacity to cope with changing environments. 20

21 8 acronyms Acronym Definition AA Active Authentication. Challenge-Response protocol to authentify the unique epassport. BAC EAC e-mrtd CSCA DS PKD CVCA DVCA DV HSM IS LDS MRTD MRZ OCSP PKI PA TA TSA RA Basic Access Control. Procedure to grant read access to epassport (MRZ) in a well-defined protocol using symmetric algorithms. Extended Access Control. Procedure to grant access to epassport (biometric data) in a specified protocol using asymmetric algorithms Electronical Machine Readable Travel Document, the e-passport. Country Signer Certification Authority The ICAO designation of the state root authority who signs the certificates of the Document Signer machines Document Signer The ICAO designation of the machines that sign electronic passports Public Key Directory Country Verifying Certification Authority Document Verifier Certificate Authority Document Verifier (DV = DVCA) Hardware Security Module A cryptographic resource which creates, hosts and operates signature keys Inspection System. Entity that is in charge of reading out relevant data from the emrtd. Logical Data Structure The ICAO designation for the format of the signed data groups that make up an electronic passport, as defined by ICAO Machine Readable Travel Document. Machine Readable Zone Online Certificate Status Protocol. Communication Protocol indication the validity status of a certificate in realtime. Public Key Infrastructure «Passive Authentication». Protocol to verify the authenticity of an e-passport Terminal Authentication. Protocol to authentify the Terminal (IS) by means of its certificate. TimeStamping Application. Service producing a signed token, certifying the exact time. Registration Authority. Entity in charge of validation of certificate requests and the identity of the requester. 21

22 9 REFERENCES [ICAO1] ICAO Document 9303 Part 1 Vol 1 [ICAO2] ICAO Document 9303 Part 1 Vol 2 [ICAO3] ICAO Document 9303 Part 2 [ICAO4] ICAO Document 9303 Part 3 Vol 1 [ICAO5] ICAO Document 9303 Part 3 Vol 2 [ICAO6] Supplement to Document 9303 Release 11, 28/11/2011 [BSI1] BSI TR_03110 v1.11 [SPOC1] ČESKÁ TECHNICKÁ NORMA, Information technology Country Verifying Certification Authority Key Management Protocol for SPOC, ČSN , ed. A, Prosinec 2009 [FRONTEX1] Operational and Technical Security of Electronic Passports, FRONTEX, Warzaw July

23 ABOUT THE AUTHOR Dan Butnaru is an expert in e-id and e-government subjects. At OpenTrust Marketing department, he is is in charge of the Trusted Identity Product Line and responsible for the market segments e-passport, e-id, and e-government. Dan has been working since 20 years for R&D, Marketing, and Business Development, in the field of cryptographic smart cards, IT solutions, e-banking and Public Key Infrastructures in different companies. He is a regular speaker in world renowned eid conferences and has published several articles. Dan holds a degree in Electrical Engineering and Control Theory from the Darmstadt University of Technology, Germany. In case of comments or further questions, please contact Dan at dan.butnaru@opentrust.com 23