The International Civil Aviation Organization (ICAO) has issued online the new “Master List” of e-passport authentication certificates in a move to improve access for authorities as they endeavor to strengthen modern border security.
“Improved access to the authentication certificates will enhance global e-passport validation effectiveness, in particular for authorities which have faced difficulties in obtaining them in the past,” said ICAO Secretary General Dr. Fang Liu in a statement dated March 3. “And importantly, all the certificates in the Master List have been personally delivered to ICAO by its Member States, thereby enhancing the mutual trust upon which secure and efficient e-passport verification must depend.”
The new ICAO Master List contains the Country Signing Certificate Authority (CSCA), and its publication complements existing sources of certificates, including those disseminated through the ICAO Public Key Directory (PKD) and by national authorities.
CSCA certificates are foundational, “root” certificates used for digitally signing documents over a relatively long period (typically 3-5 years). In comparison, the “Document Signer” (DS) certificates that can also be used to validate electronic signatures are typically used for only a few months. The 71 entities issuing electronic passports that are currently members of ICAO’s Public Key Directory (PKD) use the PKD to exchange these DS certificates. From now on, a master list of CSCA certificates prepared by ICAO will also be shared.
The master list is digitally signed by an ICAO Master List Signer certificate, which is in turn itself signed by the United Nations CSCA certificate. Its authenticity can therefore be confirmed through use of the same certificates used in the production of UN passports which are already available to authorities globally, further enhancing trust.
“We are also making these certificates available for non-state non-commercial use,” Liu added, “in recognition of the inherent public good in assuring as wide a capability to authenticate e-passports as is feasible.”
More than two-thirds of states issue e-passports today, making use of their chip-based features to store traveller identity information and to leverage the win-win benefits which chip-based documents provide in terms of strengthened security features and shorter processing times for cross-border travellers.
The chips are digitally secured or “signed” by the issuing authority, using enciphered data in the form of linked private and public “keys” which are generated by cryptographic algorithms. The security of the verification process is further strengthened by the need for a digital authentication certificate issued by a reliable authority which binds the public key with the traveller’s identity.
The validation of e-passports and digital travel credentials (DTCs) by non-state entities, including the private sector and the traveling public, is envisioned today in the context of several seamless travel initiatives. But just as with nationally issued e-passports, all digital identity initiatives must fundamentally rely on the availability the CSCA and other certificates required to assure their secure verification.
“The new development on behalf of ICAO serves to bolster the traveller identification management processes which are so important to modern aviation security and passenger facilitation approaches,” said the statement.
Photo courtesy of ICAO
