From a birds-eye perspective an electronic ID document system can be divided into the following components and services:[imagelinks slug=”tw-asia-eid-960″]
cryptovision develops and provides the following core components for state-of-the-art eID document solutions. With the experience of over 15 years and more than 25 successful international projects, cryptovision along with selected partners can deliver a full eID system to customers.
ePasslet Suite is a Java Card framework which provides a complete set of applications for electronic identity cards. This includes the most common applications such as electronic travel documents, electronic driving licenses, PKI, as well as several other related eID applications. This highly interoperable application suite supports all the relevant international standards.
This unique architecture combines the functionality of a dozen different applications into a single chip, which enables a true multi-application card. Further, it evens allows the flexibility for the activation of these applications after the card has been issued. Customization of these applications to meet national requirements and localization and regional content can easily be accomplished. New applications can be developed using an internal API that provides a comprehensive file system and all of the latest security mechanisms and protocols.
ePasslet Suite is available as a bundled product from industry-leading chip manufacturers and has been deployed by numerous security document producers and system integrators making it the first choice for issuing authorities who are looking for a flexible and proven solution for their eID projects.
In order to utilize the enhanced functionality of electronic ID documents like identification, authentication, or card holder demographic data read-out, all devices interfacing with these documents must support the access mechanisms and security conditions required by the document. With SCalibur cryptovision provides an easy to use middleware software development kit (SDK) for enabling your own applications to leverage the advanced features of electronic documents and make them accessible from PCs, special purpose terminals, and even off-the-shelf mobile phones or tablet devices.
This SDK is developed in Java and therefore runs on nearly any operating platform. It provides an efficient way to utilize all the relevant security protocols and functions used by electronic ID documents, without requiring the developers to have detailed knowledge of the low level functions. This insures that the can focus on the actual client or mobile application itself instead of complex document security protocols.
One fundamental aspect many current e-ID documents is the ability to restrict read (or even write) access to data stored on the document’s chip to authorized terminals only. To read these documents terminals need to authenticate themselves against the document and provide a trusted digital certificate and a corresponding private key. Storing this private key securely on a locally on mobile device can be challenging. To solve this challenge, SCalibur can be deployed in a distributed fashion where the access credentials are stored securely on server authentication is performed remotely. With this approach, no special security hardware for secure key storage is required on the terminal, which can reduce device costs and facilitate different client software development and deployment. Additionally, this distributed approach natively supports remote applications like secure document based user authentication for eGovernment or enterprise web applications.
Many applications used with electronic identity cards, like document validation at customs or automated border crossing at eGates, or online authentication and digital signatures all require digital certificates, issued by a Certification Authority (CA) which drive Public Key Infrastructures. Digital certificates need to be issued for both card holders and inspection systems (IS). With CAmelot cryptovision provides a powerful software package to implement a various different types of CA. CAmelot supports all certificate-related tasks that are specified in the ICAO standard for electronic identity documents. For example, CAmelot can digitally sign e-ID documents, acting as a Document Signer to validate the validity of the card holder demographic data. It can be operated as an ICAO-type Country Signing CA, Country Verifiying CA, and Document Validation CA. Additionally, It provides the necessary interfaces to provide access via a Single Point of Contact (SPOC). In addition, CAmelot supports terminal management according to TR-03129.
cryptovision’s ePasslet Sampler is an easy-to-use tool for sample personalization. It accepts data from XML files, databases or direct GUI-based input to provides data encoding and pre-configured profiles for the most common eID card/document applications. These profiles can easily be customized and extended with own data. ePasslet Sampler hence is the ideal tool for card profile validation, rapid prototyping, and personalization of sample cards. While not designed for actual mass-volume personalization, it creates APDU logs and personalization scripts that greatly facilitate the adaption of existing personalization solutions.