Ozone e-Passport PKI Authentication
Schedule a Demo Now
ICAO Compliant e-Passport Solutions
  • Issuance
  • Quality Control
  • Authentication
Award Winning Solutions 2018 Gold Winner ABA2018 Global Excellence Award

Fast, Easy & Secure e-Passport Solutions

Ozone® provides the robust cryptographic security processing needed to support e-passports. Delivered through use case-specific software bundles or via the Acuant Trust Framework SaaS, Ozone® supports e-passport issuance, forensic analysis, and border crossing/inspection processes, as well as every document authentication process from identity verification and employment onboarding to disconnected document/identity validation via a mobile device.
The AssureID Ozone® offerings provide the trust framework to meet the security and vetting processes required by government (European Commission, USA, Canada, & Global) regulations.

e-Passport Issuance: ICAO-compliant PKI & Security Object Encoding

Ozone® provides a robust issuance quality assurance solution which ensures that the electronic encoding of the e-passport Document Security Object (SOD), as well as the supporting PKI components, are compliant with ICAO specifications, international standards, and State-specific requirements.

Ozone® DocSigner

Implemented as a web service within an Issuance network, Ozone® DocSigner receives data from an e-Passport Personalization System to be formatted and digitally signed as the Document Security Object (SOD) for a specific MRTD. For each set of data received, Ozone® DocSigner will perform a cryptographic hash of the data to produce an LDSSecurityObject, which subsequently is stored in the eContent of a Cryptographic Message Syntax (CMS) object and digitally signed with the private key associated with a DSC. The DSC may also be added to the certificates of the CMS object, called the SOD.

Ozone® Analyzer

Implemented as a web service within the Issuance network, Ozone® Analyzer performs encoding analysis against ICAO and State-specific encoding profiles to evaluate the SOD – BEFORE it is written to the electronic chip of the e-passport. If any encoding deviation is identified, then the SOD will not be encoded within the chip.

Ozone® Viewer

Ozone® Viewer is a utility that provides a report of the encoding for the specific object presented, such as a PKI component or a SOD. It can be used to review the encoding of any certificate (including CSCA, DSC, Master List Signer, Deviation List Signer, Link or Cross certificates, as well as Certificate Signing Requests (CSRs), Certificate Revocation Lists (CRLs), Cryptographic Message Syntax (CMS) objects (including SODs), and Master Lists. Further, it can also perform Local Path Discovery and Validation processes to evaluate a specific PKI trust chain.

Ozone® Analyzer Module for Ozone® Viewer

An add-on module for Ozone® Viewer, the Ozone® Analyzer Module is implemented as a local Windows Service to provide an encoding analysis of an object against ICAO and/or State-specific encoding profiles for the object being reviewed. ICAO profiles specific to multiple versions of ICAO Document 9303 are provided so that an issuer can determine its compliance with a specific release. State-specific encoding profiles can be implemented to ensure that encoding selections are consistent within a document series (e.g., the Validity Period for a certificate does not change arbitrarily), and properly enforced for the current document series encoding selections – perhaps being done to enhance the security of the document (i.e., an algorithm modification), to address the correction of a prior deviation (i.e., BER-DER encoding), or to come into compliance with the latest edition of Doc 9303 (i.e., a CSCA Name Change).

e-Passport Analysis: Quality Assurance/Quality Control (QA/QC) & Forensic Analysis

Ozone® solutions rapidly and securely meet your fraud detection and quality assurance needs by analyzing the cryptographic and biometric features of e-passports – in support of issuance quality control measures, secondary review processes at a border, or forensic encoding analysis of a document. Acuant offers Ozone® Reader configurations to address both environmental constraints and specific use cases. These capabilities are complimented by the document security feature authentication provided by the AssureID document authentication technology.

Ozone® Reader for Local Passive Authentication

This configuration supports document authentication, in an environment with no external data connections, to assess whether a document is fraudulent or authentic. It combines document reader hardware, Ozone® Reader software, AssureID Sentinel software, and the ability to ingest CSCA Master List(s) or individual certificates into a local directory to support Passive Authentication. For each document presented, Passive Authentication is performed against the loaded CSCA certificate(s); analysis of the physical security features of the document is performs against the local Sentinel document reference database; and a report of the document authentication results is generated.

Ozone® Reader for QA (QA Workbench)

This configuration supports document authentication as well as encoding analysis, either leveraging network/hosted data sources or as a standalone capability. The configuration adds Ozone® Analyzer to the bundle of components identified above. In addition to the previously identified series of document authentication operations, the QA Workbench performs an encoding analysis of the Document Security Object (SOD) from the presented document against ICAO and/or State-specific encoding profiles. These encoding compliance results are then added to the report generated for a document.

e-Passport Authentication: Border Processing and Passive Authentication

Ozone® technology provides the ability to reliably verify the authenticity of electronic travel documents, including e-Passports and e-Identification Cards, by authenticating digitally signed documents and verifying the authenticity and authorization of the issuing authority. The solution set incorporates authentication data collection, management, and distribution processes as well as robust, de-centralized border control endpoint processing that can be deployed at fixed locations, within automated kiosks, or to mobile devices, and are available for locally installed deployments, through hosted SaaS deployments, or a hybrid combination.

Ozone® National Public Key Directory (NPKD) Support

The Ozone® NPKD software bundle instantiates a capability to retrieve, manage, and distribute the PKI objects required for the performance of Passive Authentication on an e-passport (i.e., CSCAs, CRLs). However, it does NOT include licensing for the validation of e-passports directly against the NPKD. It is simply a licensing of the mechanisms to collect, put under secure management, and distribute the CSCA certificates from each Issuing State (via the generation of an NPKD Master List).

Ozone® Passive Authentication (PA) Support

The Ozone® PA software bundle builds on the NPKD offering to provide a web services interface through which Passive Authentication would be performed. It provides authentication endpoint component(s) that can be distributed across the environment to provide processing support as close to the relying party application making the PA request as possible – without the need to reach back to the centralized components to perform an authentication transaction. This allows the authentication data to be securely updated as often as needed, via an automated schedule; and allows the relying party application to make a simple request for authentication to its closest Ozone® Server, which returns a Yes/No response to the application indicating that the document Passed/Failed PA.

AssureID Document Authentication Support

AssureID addresses the legacy passport population, cases where the electronic chip of an e-passport fails to read, and the automated evaluation of other identity documents for authenticity. AssureID employs an authentication engine which leverages a document reference library containing templates for identity documents from over 200 countries, all US states and territories, and all Canadian provinces. It compares the physical security features found on each document (inks, markings, seals, threads, holograms, overlays, etc.) against its reference template for the presented document type and returns an authenticity score to the relying party.

Meet Regulatory Requirements with award-winning Ozone® PKI Solutions

  • ICAO Compliant Document Security Object (SOD) Issuance
  • ICAO-Compliance Quality Assurance Control
  • 3rd AML
  • FATF
  • EU Right to Work
  • Bank Secrecy Act
  • Currency & Foreign Transactions
  • Red Flag Rules (FTC/NCUA)
  • Patriot Act
  • Anti-Terrorism Act
  • KYC
  • CIP
  • Gramm-Leach-Billey Act

Ozone® Use Cases

  • ICAO-compliant e-Passport Encoding
  • e-Passport Issuance Quality Assurance
  • Border Control & Inspection (Primary / Secondary)
  • Law Enforcement
  • Forensic Document Encoding Analysis
  • Identity Fraud Prevention
  • Aviation Security
  • Hotels & Resorts
  • Anti-Money Laundering

Questions?   Let’s Talk