Digital trust in aviation: The impact of ICAO’s Public Key Directory

2024 is the ICAO Year of Facilitation. We are publishing articles that raise awareness about the importance of air transport facilitation for a variety of aviation stakeholders and explain the roles that different activities, tools and capabilities play in enhancing air transport facilitation. In this article we will explain how ICAO's PKD helps to assure trust in the data that is verified during border and immigration checks around the world.

The efficient and secure completion of border, immigration, customs and boarding procedures in international aviation – a fundamental objective of air transport facilitation – relies heavily on rapid and effective evaluation of travel documents. Those involved in managing the movement of travellers and crew through facilities need to check documents, assure their authenticity, confirm the holder, and assure compliance with rules in a rapid and effective manner. Any delays in this process can hinder efficiency, have knock-on effects on timeliness and connectivity and reduce the economic benefits and sustainability of aviation.

Electronic and digital documents are an important foundation of modern-day facilitation. The data from documents, including electronic passports (ePassports) and electronic identity cards (eIDs), can be read accurately and quickly through contactless machine reading. With the quick and easy retrieval of the data, processes can advance in a more efficient way than in the case of manual data provision, which is known to be error-prone. The new ICAO Digital Travel Credential (DTC) seeks to enhance facilitation even further by allowing for the provision of electronic passport data to be securely and safely shared with verifiers in advance of travel.  With more checks being completed away from the border crossing point, facilitation can be greatly improved.

The data read from these documents is digitally signed at the time of issuance. Verification of the digital signature confirms the authenticity of the document and the integrity of the data read (i.e. that the data has not been altered to tampered with after document issuance). This verification – a process known as Passive Authentication (PA) – can be completed in seconds through machine-based processes. When properly implemented, any fraudulent modification of the document is guaranteed to be flagged. No specialized knowledge on the part of the operator is assumed. In fact, machine-based PA can be completed in self-service processes that confirm the document and (using facial recognition) the document holder.

Central to PA is the availability of public key certificates. Document issuing authorities have to share these certificates to facilitate authentication by others. As certificates are regularly renewed and must be shared in a trustworthy manner in order to assure the security of the ecosystem, this exchange is no small task.

The ICAO Public Key Directory (PKD) eases this challenge by aggregating the certificates from global document issuers and sharing them with verifiers through a convenient, reliable and easy-to-use global platform. This brokerage activity is made possible by ICAO’s position as a meeting point for the global aviation and travel document issuing communities which allow it to gather the certificates in a trustworthy way. In fact, trust is established through in-person diplomatic handover of the first anchor public key certificate to ICAO. This trust extends to all other data from the issuer in the PKD through cryptographic linkages to the anchor. Furthermore, the advanced cybersecurity and community-oriented approach of the PKD helps to assure trust in the data shared through the PKD platform.

The PKD has been supporting document issuers in their certificate sharing efforts since its establishment in 2007. Since then, it has grown into a large repository of the trusted data needed to verify the variety of electronic and digital travel documents specified by ICAO. In addition to the above-mentioned identity documents, the PKD also contains data needed for verification of digitally-signed barcodes that can be used to encode electronic visas, emergency travel documents, digital travel authorizations and health proofs. New certificates are added daily, helping the international community to authenticate these documents efficiently and securely.

Thanks to the data contained in the ICAO PKD, officers at borders and immigration checks can quickly scan electronic and digital documents using contactless readers and obtain the results of PA checks in real-time as they interact with the document holder, thereby receiving reliable insight on the document’s authenticity and integrity which they can consider in their decision-making. First-line officers in customs and law enforcement work can assess documents quickly and conveniently. Use of self-service systems such as e-gates and self-scanning kiosks is possible as machine-based PA executed during self-service document scanning can provide full assurance of the document without intervention by an official. Private sector entities can introduce novel and innovative processes for check-in and boarding using trusted data obtained from remote scanning of documents using smartphones.

As a result of the truly remarkable efforts undertaken in air transport facilitation over the past decades, travellers are able to provide and prove their identity data to verifiers, with high security and efficiency, by using electronic and digital documents and self-service Automated Border Controls. In the future, travelers can look forward to facilitated processes that likely involve the use of remote document scanning via smartphones and other devices, as well as the intelligent use of data to provide for seamless processing.

As you walk barrier-free through airports now and in the future, enjoying quick passage from curb-to-plane and plane-to-curb, know that the ICAO PKD is foundational in providing the trust and security that allows for this efficiency.

ICAO Facilitation – Enabling Air Travel with the ICAO PKD at its core.


 

digital travel credentialsDTCPKDpublic key directorYear of Facilitation