What is National Public Key Directory (NPKD)? Many countries have implemented Biometric Passports (or e-Passports), allowing their citizens to travel more securely and efficiently. All efforts in standardization of travel documents are done under the umbrella of the International Civil Aviation Organization (ICAO). This makes travellers’ documents easy to recognize, read and validate by the foreign countries people visit. ICAO is in charge and operates a directory of certificates used to issue passports; each of the associated countries has its own certificate. The directory is called the Public Key Directory (PKD). A National Public Key Directory with security and efficiency Each sovereign nation handles the Public Key Directory (PKD) list on its own, as it finds appropriate and secure. The PrimeKey National Public Key Directory (NPKD) addresses the needs of a country to have an efficient, secure and robust system of importing other nations’ certificates from the PKD, as well as exporting its own certificates to the PKD. PrimeKey NPKD makes it easy to manage the imported top-level certificates from other countries – to decide if and how much they trust these certificates – to be able to swiftly revoke a certificate in case of need. PrimeKey NPKD works seamlessly with EJBCA Enterprise or SignServer Enterprise and is used by several nations to issue their citizen passports. In fact, we have built in some of the security features used by EJBCA to the NPKD. As we are committed to open standards, one of them being ICAOs specifications, our PrimeKey NPKD is designed and works well even for those nations who have not yet migrated to EJBCA Enterprise. PrimeKey NPKD The PrimeKey NPKD solution is designed to exchange digital certificates and other security data with ICAO Public Key Directory, and make them available for inspection systems. The ICAO PKD works as a hub for exchanging information required to authenticate ePassports. Our NPKD includes configurable schedulers. This makes the application server automatically run all the necessary tasks to keep valid PKD object published and available for inspection systems. NPKD can connect to ICAO PKD and upload, download, or store passive authentication security data such as certificates, master lists, and CRLs. National Public Key Directory setup “Country A” represents a country using PrimeKey National Public Key Directory (NPKD) and “Country X” represents all other countries either using PrimeKey NPKD or another solution. Included Use Cases in PrimeKey NPKD

• Downloading Master Lists from a specific country
• Extracting Master Lists and inspecting their certificates
• Running ICAO checks on Master List CSCA certificates
• Storing Master Lists in databases for later use
• Publishing CSCA certificates to an NPKD LDAP server
• Downloading all Master Lists from ICAO Public Key Directory (PKD)
• Downloading all DS certificates and CRLs from ICAO PKD
• Uploading Master Lists to ICAO PKD
• Finding the CSCA that has signed DS certificates
• Finding Master Lists that contain CSCA certificates
• Auditing all access control and integritychange logs