Deviation List Creation

This section describes managing deviation list content and signing the content in order to create a deviation list.

Managing Deviation List Content

In a deviation list, each deviation is specified by a deviation document and one or more deviation descriptions.

The following example display a deviation list content consising of two deviations:

  • Deviation 1: For deviation document specified with the issuer and serial number and two deviation descriptions.
  • Deviation 2: For deviation document specified with the subject key identifier and one deviation description.


NPKD offers the following deviation list management functionalities:

New Deviation List

To start a new deviation list, add a deviation by right-clicking an empty deviation list panel and select the New Deviation List context menu item. The "New Document" dialog for adding a new deviation document appears. 

You can enter the deviation information standardized with the ICAO 9303 7th edition Part 3 document. The dialog is separated into one Document panel containing data for the deviation document, and another Deviation Description panel displaying the deviation description data.

The Document Signer field is used for specifying one of the imported home country DS certificates, and the Document Signer Identifier selects what will be used to identify deviated DS certificate. In the Deviation Type and Parameters fields, specify the Deviation Type fields defined by the ICAO 9303 document.

Open Deviation List 

To open an existing deviation list, right-click an empty deviation list panel and select the Open Deviation List context menu item. The dialog for selecting deviation list to open appears.

When a deviation list is selected, it is loaded into the deviation list panel, where it can be modified. Then if signed, it is imported and replaces the existing one.

Add New Deviation to Deviation List

To add a new deviation to a list, right-click the panel over the deviation list and select Add Deviation. The "New Document" dialog for adding a new deviation document appears.

Delete Deviation Document 

To delete a deviation document, right-click the deviation and select Delete.

Add New Deviation Description 

To add a new deviation description to a deviation document, right-click the deviation document and select Add Description.

Delete Deviation Description 

To delete a deviation description from a selected deviation document, right-click the deviation document description and select Delete. A deviation document requires to have at least one deviation description, and it is not possible to delete the description if it is the only one existing for the document.

Clear Deviation List panel 

To clear the entire deviation list, right-click the panel over the deviation list and select "Clear".

Signing of Deviation List Content

To manually initiate signing of deviation list content:

  1. Click Sign Deviation List Content on the main menu
  2. (Optional) Check and update the deviation list content.
  3. Click Sign Deviation List to sign deviation list content.

Deviation Type Definition

Deviation Type

Parameters

Description

Certificate/Key Deviation

Id-Deviaion-CertOrKey

None

A generic certificate or key related deviation not covered by the more detailed deviations below.

Id-Deviation-CertOrKey-DSSignature

None

The signature of the Document Signer Certificate is incorrect.

Id-Deviation-CertOrKey-DSEncodingCertField

CertField

The Document Signer Certificate contains a coding error.

Id-Deviation-CertOrKey-CSCAEncoding

CertField

The Country Signing CA Certificate contains a coding error.

Id-Deviation-CertOrKey-AAKeyCompromised

None

The key for Active Authentication may be compromised and should not be relied upon.

Logical Data Structure Deviation (LDS Deviation)

Id-Deviation-LDS

None

A generic LDS related deviation not covered by the more detailed deviations below.

Id-Deviation-LDS-DGMalformed

Datagroup

The TLV encoding of the given datagroup is corrupted.

Id-Deviation-LDS-DGHashWrong

Datagroup

The hash value of the given datagroup in the EF.SOD is incorrect

Id-Deviation-LDS-SODSignatureWrong

None

The signature contained in EF.SOD is incorrect.

Id-Deviation-LDS-COMinconsistent

None

EF.COM and EF.SOD are inconsistent.

Machine Readable Zone Deviation (MRZ Deviation)

Id-Deviation-MRZ

None

A generic MRZ related deviation not covered by the more detailed deviation below.

Id-Deviation-MRZ-WrongData

MRZField

The given field of the MRZ contains incorrect data (for example, inconsistent with VIZ), but the derived BAC key is usable to open the chip.

Id-Deviation-MRZ-WrongCheckDigit

MRZField

If the derived BAC key is not usable, additional id-Deviation-Chip SHALL be included in the Deviation List.

Chip Deviation

Id-Deviation-Chip

None

The Chip is not usable. For example, incorrect BAC key, broken antenna, or other physical defect.