Cryptography

In modern IT systems cryptography is an important technological means to provide security. Magna™ uses cryptography in three main areas:

1. To protect the computers and databases and data in the system
   a. Encrypt all data while it is vulnerable to theft
   b. Encrypt communication channels using Virtual Private Network (VPN)
   c. Encrypt web channels using SSL
   d. Sign data to ensure that it is not modified in transit
2. To protect the document being created against forgery
   a. Encrypt and/or sign data such as fingerprint minutia
   b. Implement encryption & signature of data as defined in standards for electronic passports and electronic ID cards
3. As part of the use of the document in day by day life.
   a. Use certificates and cryptography imbedded in the chip to enable electronic commerce, remote identification and other functions for eGovernment.

System & data protection

A typical registry system is composed of many computers that contain data and transfer it to another: Central Site servers & stations, Disaster Recovery Site servers & stations, stationary (fixed) and mobile enrollment/capture stations, etc.

The mobile and fixed enrollment stations outside the Center will be protected by encrypting the station’s hard disk (AES-256). Two or three factor authentication will be needed to access the disk. The data moving from these stations to the center will also be encrypted using encryption: AES-256 if the data is transferred on media or VPN if the data is transferred by network. Web server connections can be protected with SSL.
Document protection


2D barcodes are common means to carry biometric data on a document if a chip is not available. The typical use of cryptography is to encrypt and/or sign the contents of a 2D barcode, when this is the means to hold biometric data, such as fingerprint minutia.

For Electronic documents, such as electronic passport or eID, cryptography is a mandatory building block defined in the standards for these documents. Subject such a Passive Authentication, Active Authentication, Basic and Extended Access Control, Issuer and End-User certificates are all supported in our systems in compliance with the applicable ICAO, EU, or local standards.

Document use

Documents with Biometric information in 2D barcodes can be used to verify the identity of the holder at the time of use, for example at the voting booth, when presenting the ID to a police officer or to a bank clerk, or at a border control post.

The cryptography in electronic documents enables us to use them advantageously in various scenarios, which depend on identifying the person quickly and accurately:
1. For secure and quick transit of border control and security gates in airports
2. For identifying the person remotely for Internet-based transactions.
3. For signing of documents by the citizens, according to prevailing “electronic signature laws”.
4. For various transactions generically covered under the name “eGovernment (or eGOV)” – various governmental services which can only be given after identifying the citizen.

PKI

Public Key Infrastructure (PKI) is a common resource need in many of the projects having and electronic chip in the document. The PKI includes Certification Authorities (CAs), Registration Authorities, and interfaces enabling the system to use these tools.

The PKI uses Hardware Security Modules (HSMs) to keep all the private / secret key information and perform cryptographic operations as required by different cryptography clients. Certificate authorities produce certificates for issuing stations, workstation operators, passport verification points and even end-users.

Typical solutions in the electronic passport arena include implementations of CSCA, CVCA, DVCA, PKD interface.

Magna™ supports all the above mentioned uses of cryptography, customized as needed for each specific country and project. Additional tools and professional counseling are offered to OTI’s customers to round out OTI’s comprehensive offering in this area.