Implementing Extended Access Control (EAC) for machine readable travel documents demands an inspection PKI allowing countries to certify each other to read sensitive fingerprint data from EAC ePassports.

Cryptomathic CVCA/DVCA is a special purpose certificate authority designed specifically for EAC ePassport data formats and workflows. It provides functionality for both Country Verifying Certificate Authorities (CVCAs) and Document Verifier Certificate Authorities (DVCAs).

CVCA & DVCA Diagram

Supported Protocols and Standards

  • EU Extended Access Control
  • BIG Working Group CVCA interoperability protocols
  • Terminal Authentication
  • RSA
  • ECDSA and ECDH
  • SHA family
  • Card-Certifiable (CV) certificates

Security Architecture

  • Two factor authentication for operator logon
  • Secure environment using HSMs

Easy Integration

Verifying systems easily integrate with the Country Verifying CA through the automated certification interface. The CA can issue certificates in an autonomous mode suitable for high-volume scenarios or an entirely manual mode suitable for air-gapped environments.