In recent years, industry and governments have been exploring ways to use digital traveller information more effectively to be able to facilitate people through the various airport checkpoints in a more seamless and customer-centric way. An increasing number of proprietary global passenger facilitation schemes have emerged that utilise digital identity credentials, carrying the inherent risk that solutions will not be globally interoperable – specifically in the traveller identification space.
In response to this fast-moving landscape, the ICAO’s New Technologies Working Group (NTWG) established a subgroup to standardise the issuance of travel credentials in a digital format. In developing these technical specifications and policies, the ePassport is used as the benchmark given that it offers a secure, portable and verifiable token.
A digital travel credential (DTC) is intended to temporarily or permanently substitute a conventional passport with a digital representation of the traveller’s identity, which can, in turn, be validated using the travel document issuing authority’s public key infrastructure
The current security of the ePassport results from the ability to verify: the authenticity of data; and the consistency of the physical and electronic information. The digitized data stored on the chip is identical to the printed information (the exception being the optional secondary biometrics and some special data groups) and ties the data on the chip to the holder of the document through a process of matching the primary biometric to the presenter of the Passport. Comparison of digitized data stored on the chip to the printed information on the data page provides the binding with the secure physical document.
To ensure integrity and authenticity can be validated to the same level of security as an ePassport, the DTC approach is based on a ‘hybrid’ concept, in which the DTC will consist of a Virtual Component (DTC-VC) containing the digital representation of the holder’s identity and one Physical Component (DTC-PC) that is securely linked to the Virtual Component. The DTC-VC does not have any copy protection or access control protection as it is a simple file structure.
The DTC can be implemented in three types:
- Type 1 – eMRTD bound DTC – consist of a DTC-VC only, with the eMRTD as a physical authenticator . Which means Data is extracted from the physical ePassport and stored in a digital container (Mobile, smart phone); holder must carry the physical travel document as back-up.
- Type 2 – eMRTD- PC bound – consists of DTC-VC and an DTC-PC in addition to the eMRTD : Data is extracted from the issuer database and digitally signed by the issuing authority; the DTC digital container (mobile) is the primary back-up, physical book is an alternate back-up.
- Type 3 – PC bound – consists of a DTC-VC and a DTC-PC but NO eMRTD : The issuing authority would only issue the traveler with a DTC and no physical book. The DTC can be stored.
We have the pleasure to announce that the specifications for Type 1 DTC have been endorsed by the ICAO Technical Advisory Group for the Traveller Identification Programme (TAG/TRIP) and will be published on the ICAO website along with the Guiding Core Principles for the Development of Digital Travel Credential (DTC).
The main objective of TAG/TRIP and its subsidiary working groups, the Implementation and Capacity Building Working Group (ICBWG) and the NTWG is to advise and support the ICAO Secretariat in the task of developing policy, recommendations and proposals for the implementation of the ICAO TRIP Strategy, including the development and maintenance of MRTD standards and specifications.
The Advisory Group is appointed by the ICAO Secretary General and consists of government and private sector experts working in the TRIP field assist the Secretariat in implementing the ICAO Traveller Identification Programme (TRIP) Strategy. The Advisory Group consists of government and private sector experts (through ISO) working in the TRIP field.