E-travel - Nexus Group

eTravel is on its way of becoming largely PKI-based

The story of international travel, built around air travel, passport documents, and visa processes, is a story of success. The journey to future growth and success will now take a very different turn, and this depends most of all on public key infrastructure (PKI) technology.

We all recognize the sophistication of modern passport documents. Holograms and other exciting security features keep evolving to stay ahead in the race against forgers and other impersonation threats. The lifecycle to improve such documents is around five years, but the future is now moving much faster. We are looking at new and multiple ways of representing identity, and gathering identities dynamically.

The story of international travel is being rewritten, as the industry accelerates into the future. It is no longer possible to just talk about trust in traveler identities. Travelers may have little say in what passport they can have. However, they do have a choice in other areas – how and where to travel in particular. This is not a competition between old and new technology. Far from it in fact. New technology is integrating well with the old, offering a safe and easy path forward for travelers.

Starting the journey to easier travel

Efforts to make travel easier and quicker – for some at least – began in the ‘90s with ‘fast track’ initiatives offering trusted short cuts to approved travelers. Most were focused on pre-approved immigration or visa processes. Underwriting the trust in these initiatives was a mixture of smart card and biometric data, including face, iris, and fingerprint recognition. This new traveler data and security hardware was secured with a layer of PKI technology.

Ten years later the big focus was on the passport document itself. By 2006 the forty or so countries wishing to retain their US Waiver Program privileges needed to have a PKI-enabled ePassport issuance solution in place. Mistakes were made. Many states focused on chip enhancements for their ePassport documents and neglected to implement a proper PKI solution. The end result was ePassport documents with added cost, but no added security.

Nexus Certificate Manager offers full support for eTravel PKI

The focus returned to PKI by 2009, when all EU states in the Schengen Area moved to include fingerprint biometric data to their ePassport and eResidence documents. Access to this very private biometric data was to be protected by a second layer of PKI technology, one capable of using the chip inside the document to authenticate inspection party certificates. This is based on a technical standard for Card Verifiable Certificates (CVC), known as BSI TR-03110. This same standard is reapplied in many eIDAS token definitions.

Since then, Nexus Certificate Manager has provided full support for International Civil Aviation Organisation (ICAO) and CVC eTravel PKI certificate profiles, most of them defined at the technical level by the leading standardization agency in this field – Germany’s Federal Office for Information Security (BSI). Today the German national government, as well as other EU and international governments, all use these PKI standards for trusted PKI security  in international travel and domestically issued immigration documents.


Read blog post: “How (and why) to migrate to Nexus’s certificate authority (CA) software”


New ideas for ePassports

With the majority of countries paying closer attention to ePassport documents, two new ideas have emerged. The first is to write new data to the chip in the passport document. This would speed up the visa process, save costs on visa printing, and extend the use of electronic data security. The second idea is to do away entirely with visas in books, and store these electronically where an immigration system can access them. This has been working well for several years in Australia and elsewhere. Central to both new ideas is a PKI concept, where data is signed by an internationally trusted and interoperable PKI, using trusted technology such as Nexus Certificate Manager.

The use of this PKI concept in the growing market of international travel takes PKI to new levels. It raises expectations on PKI product design and security assurance – a good example is the high level of EAL4+ Common Criteria certification held by Nexus Certificate Manager. It’s also clear that PKI’s usefulness in travel will not be limited to the initial transaction of issuing a document, but will also cover every future inspection of that document and the future data transactions associated with that traveler and document. Choosing a PKI platform designed to handle transaction volume becomes more important as part of any business growth plan.

Future eTravel PKI supports multiple formats

Finally, and very naturally, many people are asking why should eTravel stop with the passport book? Travel is a process and an experience, so it should be a comfortable one too. Airports and airlines now see the competitive value of using mobile phones and biometric data as alternatives to the passport. Trials for these concepts have already taken place in the Americas, Asia, and Europe. All of these new processes require new data and new devices, and this all feeds back directly to a dynamic world of PKI. The Internet of Things (IoT) has entered the airport and works for the traveler who can now keep their passport in their pocket most of the time, and maybe not need it at all.

The eTravel PKI of the future will be working for all of these ideas: supporting the infrastructure, meeting tough security requirements, delivering interoperability to international technical standards, and understanding the widening world of travel tokens and data processes. This makes it all the more important to have a single, manageable PKI platform that meets all needs.

So, whether it’s e-ticket, e-boarding card, e-passport, e-visa, or your biometric data; it all comes back to PKI. You can pack these into a single Nexus Certificate Manager bag, ready for an exciting journey.

Read more about Nexus Certificate Manager’s new feature, here

Published 20/4 2018

News, customer cases and blog posts