This section describes managing deviation list content and signing the content in order to create a deviation list.
Managing Deviation List Content
In a deviation list, each deviation is specified by a deviation document and one or more deviation descriptions.
The following example display a deviation list content consising of two deviations:
- Deviation 1: For deviation document specified with the issuer and serial number and two deviation descriptions.
- Deviation 2: For deviation document specified with the subject key identifier and one deviation description.
NPKD offers the following deviation list management functionalities:
- New Deviation List
- Open Deviation List
- Delete Deviation Document
- Add New Deviation Description
- Delete Deviation Description
- Clear Deviation List panel
New Deviation List
To start a new deviation list, add a deviation by right-clicking an empty deviation list panel and select the New Deviation List context menu item. The "New Document" dialog for adding a new deviation document appears.
You can enter the deviation information standardized with the ICAO 9303 7th edition Part 3 document. The dialog is separated into one Document panel containing data for the deviation document, and another Deviation Description panel displaying the deviation description data.
The Document Signer field is used for specifying one of the imported home country DS certificates, and the Document Signer Identifier selects what will be used to identify deviated DS certificate. In the Deviation Type and Parameters fields, specify the Deviation Type fields defined by the ICAO 9303 document.
Open Deviation List
To open an existing deviation list, right-click an empty deviation list panel and select the Open Deviation List context menu item. The dialog for selecting deviation list to open appears.
When a deviation list is selected, it is loaded into the deviation list panel, where it can be modified. Then if signed, it is imported and replaces the existing one.
Add New Deviation to Deviation List
To add a new deviation to a list, right-click the panel over the deviation list and select Add Deviation. The "New Document" dialog for adding a new deviation document appears.
Delete Deviation Document
To delete a deviation document, right-click the deviation and select Delete.
Add New Deviation Description
To add a new deviation description to a deviation document, right-click the deviation document and select Add Description.
Delete Deviation Description
To delete a deviation description from a selected deviation document, right-click the deviation document description and select Delete. A deviation document requires to have at least one deviation description, and it is not possible to delete the description if it is the only one existing for the document.
Clear Deviation List panel
To clear the entire deviation list, right-click the panel over the deviation list and select "Clear".
Signing of Deviation List Content
To manually initiate signing of deviation list content:
- Click Sign Deviation List Content on the main menu
- (Optional) Check and update the deviation list content.
- Click Sign Deviation List to sign deviation list content.
Deviation Type Definition
A generic certificate or key related deviation not covered by the more detailed deviations below.
The signature of the Document Signer Certificate is incorrect.
The Document Signer Certificate contains a coding error.
The Country Signing CA Certificate contains a coding error.
The key for Active Authentication may be compromised and should not be relied upon.
Logical Data Structure Deviation (LDS Deviation)
A generic LDS related deviation not covered by the more detailed deviations below.
The TLV encoding of the given datagroup is corrupted.
The hash value of the given datagroup in the EF.SOD is incorrect
The signature contained in EF.SOD is incorrect.
EF.COM and EF.SOD are inconsistent.
Machine Readable Zone Deviation (MRZ Deviation)
A generic MRZ related deviation not covered by the more detailed deviation below.
The given field of the MRZ contains incorrect data (for example, inconsistent with VIZ), but the derived BAC key is usable to open the chip.
|If the derived BAC key is not usable, additional id-Deviation-Chip SHALL be included in the Deviation List.|
The Chip is not usable. For example, incorrect BAC key, broken antenna, or other physical defect.