曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
Contrary to popular belief, the PKD is neither a database of e-passports nor a repository of passport information. It is also not a look-out list nor is it a list of persons. Above all, it is not a large database as it remains a database only of public keys. Public keys do not carry personal information but are decoders of information that have been encrypted. The encryption process entitles a reading State to decode the encrypteddigitalsignature on the mandatory passportdata which cannot readily be deciphered. Other mandatorydata in the machine readable zone of the passport, such as the facial image (photograph) of the passport holder, which is readily visible, do not fall within the process of decryption.
Public keys contain information that can and should be released into the public domain in order to provide for a globally interoperable system that authenticates the contents of integrated circuit chips in passports. There is thus no security issue involved in any potential user’s access to public keys, and distribution via the Internet is planned. However, access to the web site will effectively be limited to the users of the system, and specialized system protocols will be required in such transactions. The transmission of key certi.cates from e-passport issuing States to ICAO, however, will require protection to ensure that bogus keys are not inserted into the system. One of the requirements to be placed on the successful contractor is to demonstrate the capability and competence to build a system with the necessary security measures. The rules and regulations will require adherence to procedures necessary to implement these measures.
The operation of the PKD and the transactions between the PKD and the users will be relatively simple. The PKD will function as a sort of message board, containing “messages” (public key lists)posted by ICAO after ICAO has veri.ed them as genuine. Contributing administrations will be required to send their key lists to ICAO for posting well in advance of their effective date. Accessing the PKD to verify individual passports is not contemplated. Entities using the system will periodically download the whole directory to update the lists in their own systems and use these lists to verify individual passports. This arrangement, together with the redundancy built into the system, is expected to mitigate the risks associated with any system failure. However, the expected level of systemperformance will be stipulated in the contract with the PKD operator.
B. Innovative Security Tools
1. ICAO’s Role Regarding the Public Key Directory
In May 2003, the ICAO Council considered work291 conducted by its Air Transport Committee292 and the approval by the Committee of a “Blueprint” for incorporating biometric identi.cation in passports and other MRTDs for the purpose of ascertain-ing and verifying identity. The Committee had taken into consideration a rigorous and sustained six-year study of technology options for introducing the capability to link a document positivelyto the rightful holder and to verify the authenticity of the document. The study itself had resulted in a four-part recommendation of the TAG/ MRTD. The Blueprint speci.es that the primary biometric to be used worldwide will be the face and that the compressed image of the face will be stored, along with the data from the machine readable zone of the passport, in a contact-less Integrated circuit chip. The validity of the data in the chip has to be ensured and, in order to give the reader that assurance, the data in the chip, as well as the facial image, will be digitally “signed”. The Committee was apprised that a specially tailored public key infrastructure (PKI) scheme had been speci.ed in order to protect the signed data from counterfeiting or unauthorizedalteration by ensuring that any overwriting of data on the chip does not go undetected. The basic premise underlying the study and the recommendation of the TAG/MRTD was that, in the absence of any PKI, the trustworthiness of data in a chip, and hence the global interoperability of the e-passport, cannot be assured.
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
Aviation Security Law 航空安全法(88)
