Ensure countries border controls have all the cryptographic artefacts required to successfully validate the digital signature on ePassports
Ascertia ADSS ePassport Server’s NPKD service module enables automatic download and distribution of Country Signed Certificate Authority (CSCA) and Document Signer (DS) Certificates as well as Certificate Revocation Lists which are all required by border control for signature validation.
Ascertia’s ADSS ePassport Server Master List Signer (MLS) service module enables countries to create digitally signed lists of CSCA certificates, this can be deployed via NPKD to border control to eradicate the possibility of fake CSCA certificates being injected into the border control system and eliminate the possibility of fake passports being validated.
Signature verification is a key step in verifying the integrity of an electronic passport, Ascertia ADSS NPKD and MLS play a key part in ensuring border control is always updated with the latest certificates and CRLs needed to validate signatures on ePassports.
As with any PKI deployment, keys and certificates have set lifetimes, the ePassport world is no different, ICAO defines the lifetime for which CSCA and Document Signer keys and certificates may be used, this can become challenging at border control when border control systems need to validate the authenticity of a passport.
Ascertia NPKD provides an in-country repository of public certificates from the global ePassport ecosystem, NPKD can connect to the ICAO Public Key Directory to automatically download materials from countries that are participating in the ICAO PKD, NPKD also enables countries to manually import certificates from countries that have chosen to provide their certificates via alternate exchange mechanisms.
The Ascertia ADSS Master List Signer enables countries to create a secure, cryptographically signed list of CSCA certificates that can be uploaded to ICAO and shared with border control via NPKD to be used as trust anchors that are used as part of the signature validation process when a passport is inspected, signed master lists of CSCA certificates signed by Ascertia ADSS MLS Module prevent rouge administrators or border staff injecting fake CSCA certificates into the border management system, this prevents fake passports from being validated.
Like Ascertia ADSS ePassport PKI Server, NPKD supports BSI TR-03129 part 1 and 2, this means that Ascertia NPKD not only easily integrates with Ascertia ADSS ePassport PKI Server but also with any 3rd party product that has implemented the use of these web services, this can help to reduce the amount of time taken to integrate Ascertia products into a new or existing ePassport deployment.
Being completely GUI based with its own purpose built installer ensures ADSS Signing Server can be set-up and be operational in minutes. Automated tasks such as auto-archiving of transaction logs and real-time alerting ensure minimum operator time is required for maintenance or house-keeping. Comes with detailed management reporting for each service which provides dashboard level information that can easily be drilled into for detailed information.
These are essential qualities for a centralised e-trust security server. ADSS Server is packed with features capable of ensuring it meets even the highest demands placed upon it by Managed Service Providers servicing multiple customers.
ADSS Server has been designed with maximum security in mind – from strong identification and authentication of client applications and operators, service access control and secure detailed logging, through to automated system integrity checking, and dual control features.
Undergoing evaluation for Common Criteria EAL4 augmented with ALC_FLR.2
Ccertified to meet the CWA 14167-1 requirements for trustworthy systems