
Information technology - Country Verifying Certification Authority Key Management Protocol for SPOC. (Norma přebírající anglický originál, vlastní text je součástí výtisku).
NORMA vydána dne 1.12.2018
    
        Označení normy: ČSN 369791-ed.A
                Třídící znak:  369791
                
                Katalogové číslo:  505875
                
                
               
                Datum vydání normy:  1.12.2018
        Počet stran: 20
Přibližná hmotnost: 60 g (0.13 liber)
        Země:          Česká technická norma
        Kategorie:  Technické normy ČSN
        
                
              
Machine readable travel documents (MRTD) support advanced security mechanisms for the protection of the data stored in the MRTD. One of these mechanisms is the extended access control (EAC). If data stored in a MRTD is protected by EAC a terminal must be authenticated by the MRTD and must prove its right to the MRTD before the terminal can access the data. EAC as well as other advanced security mechanisms are described in [BSI-EAC].
  The terminal authentication to be performed before reading protected data out of a MRTD is based on card verifiable (CV) certificates which can be verified by a MRTD. The access rights given to a terminal are coded within the CV certificate. After verifying the CV certificate the MRTD grants access to its data according to the access rights coded in the CV certificate. A public key infrastructure for the generation and distribution of the CV certificates is outlined in [BSI-EAC]. This EAC-PKI will be constructed by all member states of the EU. A common certificate policy for the entities of the EAC-PKI is given by [EUCP].
  Within the EAC-PKI each member state operates its own root CA called country verifying CA (CVCA). The second level of the EAC-PKI is formed by CAs called Document Verifier (DV). Each DV is associated to the national CVCA of its own country. The DV gets its own CV certificates from that national and foreign CVCAs and generates the CV certificates for inspection systems (IS) within its sphere of influence. From this point of view inspection systems are the holder of the end user certificates of the EAC-PKI