Comprehesive Security Infrastructure for ePass, Residence Permits, National eIDs and Visas.

The issuer of identity documents bears also responsibility for their security. When opening borders, it is still possible to control reliably who passes these borders. Here, it is an advantage if you are able to use the full potential of modern ID documents: digital storage of personal data on the integrated RF-chip, for instance, allows for automated border controls and establishing mobile control-scenarios. But before these new processes can be implemented, 194 states worldwide must exchange information such as certificates with each other – and that for an estimated number of one billion flight-passengers per year, in addition to the travellers on land and sea.


Document Verification Infrastructure

A wide range of information, such as various certificates or revocation information, is required in order to check the authenticity and integrity of ID documents. For accessing protected biometric data like fingerprints, there is also a requirement for authorisation certificates and keys that need to be updated regularly, in some cases daily.



The International Civil Aviation Organization (ICAO) has defined a Public Key Infrastructure (PKI) to ensure the authenticity and integrity of electronic data in electronic machine readable travel documents (eMRTDs). This PKI manages certificates and digital signatures issued by national document authorities. As part of the document verification process information provided by ICAO PKI is being used to check the authenticity and integrity of eMRTDs.



The Extended Access Control (EAC) PKI describes certificate based security mechanisms which allow an eMRTD to verify an access request generated by an inspection terminal. This is necessary to allow only authorized terminals to read protected biometric data from eIDs. To access these biometric data, the terminal has to be equipped with the corresponding national and foreign certificates.


National PKD

The National Public Key Directory (N-PKD) serves as a storage that manages all public cryptographic elements and makes them available to national control agencies. By establishing a national counterpart to the ICAO PKD the benefits of this central PKD can be optimized.



The ICAO PKD is an international and central Public Key Directory (PKD) specified and implemented by ICAO. Its main purpose is to store and to provide access to all public keys and certificates used by countries to sign their eMRTDs. Moreover, it stores further elements of the ICAO PKI like master and revocation lists.

Schließen Secunet BioMiddle


At this point of the border-control-process, a solution working as the mediator between Client-applications and the biometric technologies established on the market is needed. The latter comprise hardware, such as cameras for face-capturing, fingerprint-scanners or document-readers, as well as software and complex background- and authorisation-systems. secunet biomiddle is such a solution – and it has alsready been field-tested and established as a middleware in all scenarios of verification and identification. Thanks to its standard-compliant interfaces, all partial components of the entire system can be added and replaced as modules whenever it may be required (in the future).

So in order to enable the visible processes to become remarkably faster, more flexible and even more secure, a complex (security) infrastructure is demanded in the background.

The secunet eID PKI Suite embeds identity documents into a high security infrastructure. This is the best protection against manipulation and unauthorised access and it enables border controls to utilise the full potential of modern electronic ID documents.