ICAO - 9303 PART 13
Machine Readable Travel Documents - Part 13: Visible Digital Seals
Organization: | ICAO |
Publication Date: | 1 January 2021 |
Status: | active |
Page Count: | 32 |
scope:
This Part 13 of Doc 9303 specifies a digital seal to ensure the authenticity and integrity of non-electronic documents in a comparatively inexpensive, but highly secure manner using asymmetric cryptography. The information on the non-electronic document is cryptographically signed, and the signature is encoded as a two-dimensional bar code and printed on the document itself. This approach - the visible digital seal - provides the following advantages:
• Asymmetry. Due to using asymmetric cryptography, the cost of attaching a digital seal is considerably higher than the cost of issuing a document protected with a digital seal. Thus, even though the cost of issuing a document is very low, it is extremely costly to fake or forge the personalization data of that document.
• Personalization. Each digital seal verifies the information printed on the physical document, and is therefore tied to the document holder. There is no direct equivalent of a blank document, therefore no blanks can be lost or stolen.
• Easy verification. Even untrained persons are able to verify a document protected with a digital seal by using low-cost equipment, such as an application on a smartphone. Moreover, due to the binary nature of a digital signature, distinguishing between authentic and forged documents is straightforward.
While the digital seal provides a considerable security improvement for (usually paper-based) documents having no microchip, it has considerable limitations when compared to chip-based documents. Storage capacity of digital seals is usually limited to a few kBytes at most and neither the data nor the cryptographic keys or schemes for the digital seal can be updated on existing documents. That is, cryptographic agility is not supported. The digital seal does not provide any protection against cloning, does not implement privacy protection functionality, and is more prone to read errors due to wear and tear than chip-based documents. Furthermore, the versatility of crypto chips allows implementation of additional features, such as signature schemes, terminal authentication, two-factor authentication methods based on shared secrets, i.e. a PIN, or secure cryptographic protocols based on symmetric schemes. As 2D bar codes cannot replace the functional or security features of microchips, travel documents shall employ microchips whenever feasible.