Digital signatures and the Public Key Directory
Taking full advantage of new technologies
The ePassport chip is digitally signed to prevent unauthorized alteration. The technology used is called Public Key Infrastructure (PKI). This technology makes the ePassport very difficult to tamper with. The digital signature can be used by border authorities to ensure that an ePassport is authentic. For instance, Canada’s ePassports contain a signature that is unique to the Government of Canada. If something is wrong with this digital signature, it shows that the passport is not authentic. Conversely, this technology allows Canadian officials to verify the authenticity of ePassports being used by foreign visitors to Canada.
However, if other countries do not know what Canada’s digital signature looks like, they have no definitive way of checking the authenticity of the ePassport. That is why it is crucial for countries to share this information.
The International Civil Aviation Organization (ICAO) has created a system to facilitate this information exchange. Called the ICAO Public Key Directory (PKD), it is a repository where participating countries, like Canada, deposit the data other countries need to ensure ePassports are authentic. Canada participated actively in the creation of this system.Footnote 1
The ICAO PKD does not contain any personal information about any passport holder. It only contains information to confirm that the ePassport has been issued by a bona fide authority and that it has not been tampered with.
Without an organized system to share this information, each country must exchange information with other countries on a bilateral basis. The diagram below shows how much more efficient it is to use the ICAO PKD. Sharing information among eight states would require 56 bilateral exchanges, while the ICAO PKD reduces this number to two: the country depositing the information and the country retrieving it.
Via bilateral exchange
Opening doors for Canadian travellers
Thanks to Canada’s participation in the ICAO PKD, international travel will be easier for Canadians. When a Canadian travels to another country using an ePassport, border officials will use the information downloaded from the ICAO PKD to confirm that the ePassport is authentic and has not been tampered with.
All countries, not just PKD members, can access the PKD repository in order to validate ePassports issued by member countries. Citizens of countries that are not participating in PKD could potentially face a longer passport examination when they travel to other countries.
By participating in the ICAO PKD, Canada is ensuring that the ePassport’s potential to prevent fraud is being used to its fullest. At the same time, Canadian travellers will benefit from the efficiency of this international system.
- Footnote 1
As of March 2012, the ICAO PKD included Australia, Austria, Canada, China, Bulgaria, the Czech Republic, France, Germany, Hong Kong, Hungary, India, Japan, Kazakhstan, Latvia, Luxembourg, Macau, Morocco, Netherlands, New Zealand, Nigeria, Norway, the Republic of Korea, Singapore, Slovakia, Sweden, Switzerland, Ukraine, the United Arab Emirates, the United Kingdom and the United States.
- Date modified: