Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

Time To Reflect: Where Have we BeenWhere Do We Go Barry J. Kefauver Best Practices Workshop Bogota, Colombia November 10-12, 2008.

1 The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena Polytechnic.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone:

1. Documents types Visas (ID-2) ICAO standard passports (ID-3) ID cards and driving licences (ID-1) Travel and identity documents.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

O X Click on Number next to person for a question.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.

GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.

Addition 1’s to 20.

Test B, 100 Subtraction Facts

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.

O X Click on Number next to person for a question.

E- passports Erik Poll Digital Security Group Radboud University Nijmegen.

Review of Patents Agenda Item 3: Report of the New Technologies Working Group.

Nairobi, Kenya 29-31October Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.

FAL Programme Presentation to ACI July 2004 Mary McMunn Chief FAL section Presentation to ACI July 2004 Mary McMunn Chief FAL section.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Biometrics – updates on ISO and ICAO Asbjørn Hovstø Porvoo7 Reykjavik, Iceland 27th May 2005.

Dr. Kim Nguyen, ECC Workshop, Bochum, , 1 Identity in the digital age Travel documents & Cryptography Dr. Kim Nguyen Bundesdruckerei GmbH, Berlin.

PIV Data Model Testing Ketan Mehta March 3, 2006.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

E-Passport standard status and efforts at Japan IC passport study committee  Head of Japan ISO/IEC JTC1/SC17/WG3  Member of ICAO-NTWG  Manager of Japanese.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Integrated Solutions for Secure Identity Técnicas ctiptográficas para la Protección de Datos Biométricos en el E-Passport / E-DNI f-ID Security Technologies.

Securing Data in ePassports Policy Issues ICAO/NTWG.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

New Technologies and Travel Documents ICAO 12 th Meeting of the Facilitation Division Cairo March 23, 2004.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

TAG/15 Montreal May 17-21, To indicate in the MRZ, the presence of the chip. ANY change to the MRZ will be disruptive. e.

European Electronic Identity Practices Country Update of Estonia Speaker: Ivar Jung Date:

Trusted identities | secure transactions™

TAG Presentation 18th May 2004 Paul Butler

Ketan Mehta March 3, 2006 PIV Data Model Testing Ketan Mehta March 3, 2006.

Securing Data in ePassports

“e-Passport” Indicator: Version identifier &

Technical Report PKI for

ESign Aashutosh.

Agenda Item 3: Report of the New Technologies Working Group

TAG Presentation 18th May 2004 Paul Butler

New Technologies and Travel Documents

“e-Passport” Indicator: Version identifier &

Securing Data in ePassports

Technical Report PKI for

ICAO BLUEPRINT BIOMETRIC TECHNOLOGY IN MRTDs

Install AD Certificate Services

Microsoft Virtual Academy

Agenda Item 3: Report of the New Technologies Working Group

National Trust Platform

Presentation transcript:

Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, Tom Kinneging

Authenticity and Integrity Document Security Object Standardized data structure (RFC3369) Containing hash-representations of LDS data groups Digitally signed by issuing State

Document Security Object Data Group 1 (MRZ) Data Group 2 (Encoded Face) Data Group 3 (Encoded Finger) Data Group 4 (Encoded Iris) Data Group 5 (Displayed Face) Data Group 6 (Future use) Data Group 16 (Persons to notify) LDS Data Group Hash DG_1 Hash DG_2 Hash DG_3 Hash DG_5 SO D Digital Signature

Key Management Document Signer Certificates Country Signing CA Certificates Certificate Revocation ICAO Public Key Directory

Key Management Country Signing CADocument Signer Issue & signIssue & SignSign Country Signing CA Certificate Hash DG_1 Hash DG_2 Hash DG_3 Hash DG_5 SO D Digital Signature Document Security Object Document Signer Certificate Inspection systemMRTD chip

Additional options Basic Access Control Active Authentication Securing additional biometrics

Basic Access Control MRZ based key derivation Skimming Access to chip data Eavesdropping Secure communications chip / reader

Basic Access Control

Inspection system

Active Authentication Chip Substitution Data Copying Documents Key pair

Active Authentication Data Group 1 (MRZ) Data Group 2 (Encoded Face) Data Group 3 (Encoded Finger) Data Group 4 (Encoded Iris) Data Group 5 (Displayed Face) Data Group 6 (Future use) LDS Data Group Hash DG_1 Hash DG_2 Hash DG_3 Hash DG_5 SO D Digital Signature Data Group 16 (Persons to notify) Data Group 15 (AA Public Key) Hash DG_15 AA Private Key

Next steps Implementation experiences Further development

Frequently Asked Questions TAG-MRTD-WP/10 Keep up-to-date

Action by the TAG/MRTD The TAG/MRTD is invited to endorse the Technical Report, PKI for Machine Readable Travel documents Offering ICC Read-only Access, Version 1.0.