Doc 9303 is a set of UN-approved specifications for Machine Readable Travel Documents issued by the International Civil Aviation Organization (ICAO). Internationally standardised as ISO-7501, these specifications currently define the document security, sizes, features, contactless-smartchips, ICAO PKI, data organization and related subjects around travel documents. Included in the standard are Passports, ID Cards, Visas and crew member certificates. The standardisation allows all countries to use a common framework for travel and identity documents as well as cross-border document and ID verification.
The ICAO recommendations also offer guidelines on how to organise Document issuance and operate an issuing organisation. These include the facility at which and the manner in which the blank documents are handled and personalised as well as recommendations for its respective ISO-27001-compliant IT security and organizational security policies.
To effectively manage the certificates of countries and document signers, the ICAO has created the ICAO Public Key directory (PKD). Sponsored by the participating countries, PKD follows defined procedures for the distribution and upload for the travel document certificates. To secure the border and verify the ePassports of travellers, it is required to distribute the trusted certificates of the ICAO PKD to the border control of a country. The communication between the PKD, the national bodies and technical infrastructure is implemented through a national PKD (N-PKD) framework which holds and qualifies all ICAO certificates for the country. It allows a country to perform their own trust vetting and distribution, as well as updating new certificates generated at PKD.
In the latest PKD specifications a model Masterlist – a list of trusted Country Signing Certificates (CSCAs) – has been introduced. A country can generate its own trusted Masterlist and communicate it to the ICAO through PKD. This allows countries to have a trusted root while handling multiple CSCAs from other countries, avoiding the complex exchange of country certificates through diplomatic channels.
To ensure the full interoperability of Documents and related systems, it is mandated that the technical implementation follows the guidelines and recommendations set out by ICAO and ISO standards. It is here that TRUSTFELLOWS can be relied on to offer expert services to asses, design and guide client projects for the implementation of ICAO compliant travel documents.