National Public Key Directory and Single Point of Contact by Gemalto


​​​​​​​​​​​

Simplifying digital certificate management 

Electronic Machine Readable Passports have gained rapid adoption in recent years. 

These documents support advanced security designed to ensure the protection of sensitive data stored on the chip, ranging from the holder’s biographic data to fingerprints and iris scans. 

For European Union (EU) ePassports and other secondgeneration ePassports, sensitive data are protected against unauthorized or accidental access by an enhanced security protocol called Extended Access Control (EAC). 

EAC requires digital certificates read by terminals at passport inspection points to be exchanged between countries and renewed periodically​.

These digital certificates are obtained from the domestic or foreign electronic document issuer. 

They are stored in designated repositories hosted on dedicated, secure servers. Border management authorities must ensure that inspection systems can be granted Card Verifiable Certificates (CVCs) enabling their terminals to read sensitive data. Servers are queried periodically to check for renewals before the current certificates in use expire. 

What's the story here?

Despite the strong authentication enabled by EAC, management and distribution of keys and certificates can quickly become untenable for a country working with the 28 other EU member states, the four European Free Trade Association (EFTA) states and other countries outside Europe.

To verify electronic and biometric passports from different countries, a Public Key Infrastructure (PKI) is needed and a directory for different countries (NPKD). In addition a Single Point of Contact (SPOC) for exchanging on-line information with other countries is requested.

ePassport Single Point Of Contact (SPOC) 

Single Point of Contact (SPOC) is a standardized interoperability mechanism developed under the direction of the EU. Serving as an interface for communications between member states, SPOC enables efficient online communication to carry out key certificate management tasks. SPOC is essentially a communications channel. The exchange of Document Verifier (DV) certificates with other nations is contingent upon each individual country’s SPOC, through which international DV certificate requests and DV certificates are channeled.​

Gemalto's SPOC/n-PKD 

The software simplifies inter-country certificate management for electronic passports.

It comprises two modules:

  1. nPKD (national Public Key Directory) is a software module gathering countries Public Key Infrastructure certificates and revocation lists. The PKI certificates validation would ultimately allow border control authorities (IS) to confirm that passports are genuine and unaltered.         
  2. SPOC (Single Point of Contact) is a gateway between countries agreeing to have their citizens’ sensitive biometrics data read at the border control.

​Drawing on our extensive knowledge of electronic travel documents for EU nationals, we have developed a SPOC solution that is easy to deploy and simple to operate. 

Gemalto’s SPOC solution 

The solution ​supports all EAC-enabled documents including:

  • ​ePassports, 
  • biometric residence permits
  • eID cards. 

​The Gemalto solution can register other SPOCs and receive, collate and relay DV certificate requests from registered SPOCs. 

It is also capable of relaying requests to and receiving responses from foreign SPOCs for foreign CVCAs on behalf of national DVs. Interoperability is a critical success factor for certificate exchange at international level. 

As an integral part of streamlined EAC deployment the EU, SPOC simplifies inter-country certificate management. 

Where do we fit?

With contributions to over 30 national ePassport programs​ to date, Gemalto is ensuring that full SPOC interoperability allows the greatest number of governments to maximize the benefits of EAC’s advanced security. 

Contact your Gemalto representative for more information on our SPOC solution.​

 

 Documents