Simplifying digital certificate management
Electronic Machine Readable Passports have gained rapid adoption in recent years.
documents support advanced security designed to ensure
the protection of sensitive data stored on the chip, ranging
from the holder’s biographic data to fingerprints and iris
For European Union (EU) ePassports and other secondgeneration
ePassports, sensitive data are protected
against unauthorized or accidental access by an enhanced
security protocol called Extended Access Control (EAC).
EAC requires digital certificates read by terminals at
passport inspection points to be
exchanged between countries and
These digital certificates are
obtained from the domestic or foreign
electronic document issuer.
are stored in designated repositories
hosted on dedicated, secure servers.
Border management authorities must
ensure that inspection systems can be
granted Card Verifiable Certificates
(CVCs) enabling their terminals to
read sensitive data. Servers are
queried periodically to check for renewals before the
current certificates in use expire.
What's the story here?
Despite the strong authentication enabled by EAC,
management and distribution of keys and certificates can
quickly become untenable for a country working with the
28 other EU member states, the four European Free Trade
Association (EFTA) states and other countries outside
To verify electronic and biometric passports from different countries, a Public Key Infrastructure (PKI) is needed and a directory for different countries (NPKD). In addition a Single Point of Contact (SPOC) for exchanging on-line information with other countries is requested.
ePassport Single Point Of Contact (SPOC)
Single Point of Contact (SPOC) is a standardized
interoperability mechanism developed under the direction
of the EU. Serving as an interface for
communications between member
states, SPOC enables efficient online
communication to carry out key
certificate management tasks.
SPOC is essentially a communications
channel. The exchange of Document
Verifier (DV) certificates with other
nations is contingent upon each
individual country’s SPOC, through
which international DV certificate
requests and DV certificates are
The software simplifies inter-country certificate management for electronic passports.
It comprises two modules:
- nPKD (national Public Key Directory) is a software module gathering countries Public Key Infrastructure certificates and revocation lists. The PKI certificates validation would ultimately allow border control authorities (IS) to confirm that passports are genuine and unaltered.
- SPOC (Single Point of Contact) is a gateway between countries agreeing to have their citizens’ sensitive biometrics data read at the border control.
Drawing on our extensive knowledge of electronic travel
documents for EU nationals, we have developed a SPOC
solution that is easy to deploy and simple to operate.
Gemalto’s SPOC solution
The solution supports all EAC-enabled
- biometric residence
- eID cards.
The Gemalto solution can register other SPOCs and
receive, collate and relay DV certificate requests from
It is also capable of relaying requests
to and receiving responses from foreign SPOCs for
foreign CVCAs on behalf of national DVs.
Interoperability is a critical success factor for certificate
exchange at international level.
As an integral part of
streamlined EAC deployment the EU, SPOC simplifies
inter-country certificate management.
Where do we fit?
to over 30 national ePassport programs to date, Gemalto
is ensuring that full SPOC interoperability allows the
greatest number of governments to maximize the benefits
of EAC’s advanced security.
Contact your Gemalto representative for more
information on our SPOC solution.