The PrimeKey NPKD solution is designed to exchange certificates and other security data with International Civil Aviation Organization (ICAO) Public Key Directory (PKD) and make them available through LDAP services for inspection systems.
The ICAO PKD is a central repository for exchanging the information required to authenticate ePassports.
NPKD allows connecting to ICAO PKD and upload, download, or store all Passive Authentication security data (certificates, master lists, and CRLs). The security data can be inspected in detail and checked against the ICAO standards, and the data may be stored in a protected database and/or published to an NPKD LDAP server.
PKD data involved in the security exchange are separated into multiple (N)PKD objects:
- Master Lists (containing CSCA certificates): A Master List is a list of CSCA certificates that has itself been produced and signed by a Master List Signer of an issuing authority.
- Country Signing Certification Authority (CSCA) Certificates (not available for direct download from ICAO PKD)
- DS certificate
- Certificate Revocation Lists (CRLs)
- Deviation Lists
- Registry Contacts
The NPKD solution includes schedulers, configurable to make an application server automatically run all the necessary tasks to keep valid PKD object published and available for inspection systems. The operator is able to run schedulers and perform manual actions through the application server's web GUI.