Accessibility Information and Accesskeys | Skip navigation
secunet Security Networks AG

Expertise for Innovative Military IT Security

secunet is one of Germany's leading providers of superior IT security. In close dialogue with its customers – armed forces, public authorities, enterprises and international organisations – secunet develops and implements high-performance products and state-of-the-art IT security solutions. Thus, secunet not only keeps IT infrastructures secure for its customers, but also achieves intelligent process optimisation and creates sustainable added value.

At secunet, more than 350 experts focus on issues such as cryptography (SINA), e-government, business security and automotive security aiming always to be one step ahead of competitors in terms of quality and technology. secunet emphasises on long-term relationships with its customers in an atmosphere based on partnership, as demonstrated by our successful security relationship with the Federal Republic of Germany which has been active since 2004.

Company Details Press Releases Contact Company

Expertise for Innovative Military IT Security - 26/07/2017

EU Commission uses secunet N-PKD module in Schengen Master List pilot project

The European Commission is currently operating a pilot project trialling the use of master lists for managing the exchange of certificates in electronic identity documents (eID). The Schengen Master List is a collection of trusted certificates (CSCA) which are required for checking eIDs. Approved authorities in the Member States can then check eIDs without the need to contact the issuing country directly. The secunet eID PKI Suite for generating and managing master list certificates is used in the test system.

In eIDs such as passports, the information stored on the integrated chip is secured using encryption procedures. A public key from the country issuing the document is therefore needed to check the integrity and authenticity of a document (passive authentication). If eIDs are checked at border control, the key required for access is distributed securely in the form of certificates - also known as "Country Signing Certificate Authority (CSCA) certificates".

The exchange of CSCA certificates has proved challenging in recent years, since to date there has been no standard process for the exchange of certificates between individual countries, and customised procedures have had to be used between partner countries. For this reason, the International Civil Aviation Organization, ICAO, has piloted the concept of master lists as a tool for distributing certificates. Master lists contain trusted CSCA certificates which are signed and distributed by the issuing country.

The Joint Research Centre (JRC) of the European Commission manages the pilot project for creating the Schengen Master List to facilitate exchange of certificates, and published the first Schengen Master List at the start of this year. It contains an initial set of trusted certificates.

One of the main goals of the pilot project is to involve additional Member States in the process of validating new CSCA certificates. Validation is a requirement for including only trusted CSCA certificates in the Schengen Master List. Norway and Portugal are currently providing information for the validation of new CSCA certificates, and are testing the feasibility of the Schengen Master List as a standard basis for secure electronic verification of international travel documents.

The pilot project provides valuable statistical information regarding the validation of certificates supplied by any country world-wide, through border control processes. Based on the validation of CSCA certificates by the participants, a new Schengen Test Master List can be generated using the JRC test public key directory.

secunet is providing a national public key directory (N-PKD) in addition to extensive expertise on drafting suitable guidelines for the new system. The N-PKD module of the secunet eID PKI Suite is used by the JRC test system for generating and managing master list certificates for the Schengen Test Master List.

"The secunet N-PKD system is not only a mirror image of the ICAO PKD, but allows the operator to generate and store the master, defect and deviation lists needed for the passive authentication process, alongside checking the quality of imported data and certificates", explained Andreas Hellrung, Product Manager for the eID PKI Suite at secunet.

The secunet eID PKI Suite is already in use in several European projects. The German Federal Police have been using the secunet eID PKI Suite to check electronic identity documents at their border inspection posts since 2011. The Smart Borders project operated by the European Commission uses the secunet eID PKI Suite for the exchange and validation of certificates, and for the management of the Schengen CSCA master list.

Press Releases

18/12/2017 Expertise for Innovative Military IT Security eGates from secunet for faster border control at Vienna International Airport More
13/12/2017 Expertise for Innovative Military IT Security A new milestone in standardisation for the document checking process More