Since the “911” incident happened in the United States, all countries in the world have stepped up to enhance security measures for passport and visa management. Security Management System is mainly to provide security guarantee for e-passport and its applications.
Security Management System is mainly to provide security guarantee for e-passport and its application, and solve the following problems:
Security of the blank passport booklet including the chip, to guarantee the chip of blank passport booklet cannot be read without authorization.
Security of e-passport manufacture, in the process of e-passport production by local foreign affairs offices, a large amount of data is transmitted and stored between the Ministry of Foreign Affairs and the local foreign affairs offices. It is necessary to ensure that the data of the credential is not leaked or tampered.
In the course of using the e-passport, it is necessary to prevent the chip from being cloned, and the data of the chip is tampered with and randomly accessed.
The overall architecture design of Security Management System is as follows:
The production of e-passports involves blank passport manufacturers, Ministry of Foreign Affairs, and local foreign affairs offices. The security management system needs to provide security protection from the production of blank passport booklet to the production and issuance of e-passport, and provide security for e-passport application.
This solution follows ICAO's relevant standards for e-passports and related requirements of the National Cryptography Administration, and complies with domestic laws and regulations concerning passports, password management, and information security, and provides security guarantees for the production and application of e-passports.
Adopt symmetric key technology to guarantee the security of blank passport and data transmission.
Adopt digital signature to guarantee the information stored in the chip cannot be tampered.
Adopt asymmetric key technology to prevent the passport chip from being cloned.
Based on Public Key Infrastructure, the authorization protection scheme could control the access to chip information.
This system is an electronic passport document signature system established in accordance with the ICAO standards for electronic passports. It interfaces with the ICAO- PKD system and enables electronic passports issued in China to be certified and cleared in all countries of the world， and to achieve global interconnection of electronic passports. It has been applied to the manufacture of e-passports by the Chinese Ministry of Foreign Affairs, local foreign offices and overseas embassies and consulates.