Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Data in ePassports Policy Issues ICAO/NTWG.

Published byRebecca Melton Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing Data in ePassports Policy Issues ICAO/NTWG."— Presentation transcript:

1 Securing Data in ePassports Policy Issues ICAO/NTWG

2 John Davies Director of Systems, UK Passport Service Chairman NTWG PKI Task Force

3 ICAO/NTWG The presentation will address: Why secure electronic data? Why use PKI/encryption? How a globally interoperable PKI could work for passports

4 ICAO/NTWG To ensure the electronic data was loaded by the appropriate passport issuing authority To ensure the electronic data has not been overwritten or amended in any way. To protect inappropriate access to data by unauthorised persons or organisations. Why secure electronic data?

5 ICAO/NTWG –Biometric information Portrait Data (mandatory) Finger print and iris data (optional) –Personal details from the passport biodata page ( name, date of birth, passport number, etc.) e-Passports will initially contain the following electronic data:

6 ICAO/NTWG –e-Passport specifications will offer read only access to the electronic data and will not initially offer any updating facility. –This limitation will facilitate a simple form of security implementation in the first instance.

7 ICAO/NTWG There is a tension between : –Ensuring the electronic data is secure from inappropriate access –Ensuring the electronic data can be accessed easily by immigration authorities.

8 ICAO/NTWG The PKI scheme is based on open access but allows individual states to choose optional additional security methods to protect personal data.

9 ICAO/NTWG PKI is a well established method of protecting and authenticating data held on computer chips. No other scheme offers equivalent security for chip technology. Why use a public key infrastructure (PKI)?

10 ICAO/NTWG The proposals do not include encryption for basic personal data or the facial biometric. Encryption of fingerprint or iris data could be considered by states who choose to use these forms of biometric, but encryption specifications have not been developed. Why use encryption?

11 ICAO/NTWG –A peer-based environment with each state independent and autonomous with respect to passport security. –An agreed means of sharing and updating public keys. The PKI scheme proposes:

12 ICAO/NTWG –Generate key sets and protect from unauthorised access. –Manage distribution of country signing certificates using bilateral secure diplomatic means. –Manage certificate revocations when a key is compromised. –Facilitate dissemination of information about public keys via ICAO public key directory. Responsibilities for states issuing e- passports:

13 ICAO/NTWG –RSA or DSA or elliptic curve and related hashing algorithms are included in the specifications. The PKI specifications recognise many individual states already have a PKI infrastructure :

14 ICAO/NTWG –Maintain up to date information about public keys and certificate revocations on their systems. –Provide suitable reader infrastructures. PK1 responsibilities for states reading e-Passports :

15 ICAO/NTWG –To provide an efficient and reliable public key directory –Ensure the directory is only updated by member states. –Provide open access to public key information to participating states and organisations. ICAO Responsibilities:

16 ICAO/NTWG –Aimed at specialists familiar with PKI. –Proposes a technical framework and guidelines to enable each country to develop secure e-Passports. The PKI Technical report:

17 ICAO/NTWG The technical report includes an annex on PKI and security threats. This is intended to aid individual states with their own risk analysis and mitigation decisions.

Download ppt "Securing Data in ePassports Policy Issues ICAO/NTWG."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging.

Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, Tom Kinneging.
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.

AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Nairobi, Kenya 29-31October 2007 1 Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.

Nairobi, Kenya 29-31October Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport.

Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1 19 February 2013 Findings from the ePassport.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 MRTD Programme: Consolidating Comprehensive Security and Enhancing Facilitation Mauricio Siciliano Mauricio Siciliano ICAO MRTD Programme ICAO/McGill.

1 MRTD Programme: Consolidating Comprehensive Security and Enhancing Facilitation Mauricio Siciliano Mauricio Siciliano ICAO MRTD Programme ICAO/McGill.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.
Biometrics – updates on ISO and ICAO Asbjørn Hovstø Porvoo7 Reykjavik, Iceland 27th May 2005.

Biometrics – updates on ISO and ICAO Asbjørn Hovstø Porvoo7 Reykjavik, Iceland 27th May 2005.
Www.asverk.is The Icelandic biometric passport The Porvoo Group 7th Seminar Hotel Loftleidir, Reykjavik, Iceland 26.-27. May 2005 Þorsteinn Helgi Steinarsson.

The Icelandic biometric passport The Porvoo Group 7th Seminar Hotel Loftleidir, Reykjavik, Iceland May 2005 Þorsteinn Helgi Steinarsson.

Similar presentations

Ads by Google