Entrust ePassport Solutions — Master List Signing

Entrust ePassport Solutions

Master List Signing
To help reduce costs and streamline electronic machine-readable travel document (eMRTD) inspection procedures, the Entrust ePassport Solution provides unique capabilities that enable countries to efficiently manage the Master List Signing process.

What is Master List Signing?
In development by the International Civil Aviation Organization (ICAO), Master List Signing is a simple method to reduce expensive, time-consuming duplication that exists in the current ePassport verification process.

To date, countries wishing to establish trust for purposes of validating others’ first-generation (Basic Access Control) eMRTDs must manually exchange Country Signing CA (CSCA) certificates through diplomatic channels — a time-consuming process.

To encourage adoption of first-generation eMRTDs, as well as ease issues with boot-strapping cross-jurisdiction trust, ICAO defined the Master List Signer (MLS). While not replacing the need for countries to independently establish the veracity of country CSCA certificates, the MLS provides a mechanism to support trust decisions.

Development of a Master List

A Master List is created by a country that has established trust in a number of foreign CSCA certificates. This is achieved by placing CSCA certificates on a list and digitally signing that list with a Master List Signing credential issued by its own CSCA. The country then uploads the list to the ICAO public key directory (PKD) where it can be downloaded by any member nation.

A country that has placed a given CSCA certificate on its Master List does not, in itself, mean that another country can trust its veracity, but it does show that the Master List Issuer has established that trust. Retrieval of a CSCA certificate from a number of Master Lists raises the assurance that trust can be established.

Digital Keys to Establishing Trust
Once a certain number of countries have imported the signature verification keys from a number of issuing countries, a level of assurance develops in the veracity of the verification keys.

If they then publish those keys in Master Lists, a third country can import the Master Lists — along with the verification keys of those countries that signed them — and validate them with an understanding that there has already been some assurance established in the keys on the Master Lists.

With the judicious application of import rules, the third country can achieve the required level of assurance in the authenticity of some or all of those keys — without incurring the full expense, time-delay and inconvenience of independ ently importing them directly from the issuing countries.

Master List Signing Capabilities
Entrust ePassport solutions, as well as Entrust’s document validation technology, provide commercial capabilities that enable countries to efficiently manage the Master List Signing process.

Entrust also uses a domestically deployed Master List to provide a domestically rooted trust mechanism for secure, automated distribution of eMRTD validation material to inspection systems.

Entrust ePassport Solutions

Entrust is the pioneer of PKI technology, which serves as the backbone for securing sensitive information on today’s ePassports. Entrust is an industry-proven vendor capable of handling the scale, complexity and reliability demanded by today’s Extended Access Control (EAC) frameworks.

Interoperable — Entrust strives to expand technology integration and interoperability with many of the leading vendors that provide additional hardware and software components used in MRTD issuance and verification.

Reliable — Entrust’s PKI technology is dependable, and is currently used by more than 35 governments to secure the largest, most complex ‘trust’ environments across the world. Entrust has a 15-year track record helping customers achieve critical, scalable PKI in complex, cross-border environments.

Proven — Entrust is a trusted advisor to many countries as they pursue ePassport projects. Entrust technology is currently in production use in some of the largest and most complex ePassport environments in the world, including the United States, Canada, Ireland, Slovenia, Singapore, Taiwan and New Zealand.

Why Entrust?
• Governments worldwide rely on Entrust
    – Used by 35-plus governments to secure extensive trust environments
    – In use for the largest and most complex ePassport environments
• Unparalleled world leader in the PKI technology underpinning ePassports
    – 15-year track record helping customers achieve scalable, critical PKI in complex, cross-border environments
    – Only PKI solution that enables governments to upgrade security seamlessly
    – Extensive partnerships with the world’s leading ePassport and technology vendors
    – Active player in international standards development
• Only vendor capable of handling the scale, complexity and reliability demanded by EAC
    – Solution manages certificates throughout EAC architecture and provides security for their distribution 
    – Flexible four-tier (CVCA, DVCA, Concentrator and IS Workstations) EAC solution with advanced management features and GUI that simplify the display of complex EAC environmental relationships

Contact Us