Entrust Inc. is providing PKI-based e-passport technology to help the Malaysian government (Jabatan Imigresen Malaysia) migrate to the International Civil Aviation Organization’s (ICAO) Basic Access Control standard and eventually go to the Extended Access Control standard.
Entrust provides a commercial off-the-shelf, dual-rooted solution that enables an upgrade from Basic Access Control to the more advanced Extended Access Control standard. Based on Entrust’s trusted public key infrastructure (PKI) technology, Entrust e-passport security solutions enable a “point-and-click” PKI system for strong border control and authentication of identities and biometric datasets on today’s machine-readable travel documents.
Facilitated by one of Malaysia’s authorized certification authorities, Digicert enables the Entrust e-passport solution to provide document-signing capabilities at the time a Malaysian e-passports is issued. Digicert is a leading local certificate authority and its signed documents are legally recognized under Malaysian law.
In order to facilitate interoperability across countries, the ICAO has set global standards for e-passports. Since the e-passports contains sensitive personal information, the security and integrity of the e-passports are critical. As a result, two e-passport standards — Basic Access Control and Extended Access Control — help migrate countries from traditional paper-based travel documents.
Created to mitigate passport forgery, first-generation e-passport use a Basic Access Control contactless smart card containing a simple biometric — usually a digitized photo of the individual — along with the digitized identity information of an individual duplicated on the paper document. Entrust provides the digital signature on e-passports that is designed to help prevent a cloned or modified passport, when it is properly processed, from being used to illegally cross a border.
The second generation of e-passports, the Extended Access Control standard allows governments to leverage a stronger biometric that makes impersonation of the legitimate document-holder more difficult. The use of biometrics — typically a digitized fingerprint or iris scan — establishes a much stronger binding between the individual and the travel document.
To safeguard the biometric data, Extended Access Control-enabled e-passport enforce strong mutual authentication between the chip and the reader before biometric data is released. The combination of BAC and EAC mechanisms establishes a strong defense to mitigate the threats of forgery and impersonation.