We are doing science for policy
The Joint Research Centre (JRC) is the European Commission's science and knowledge service which employs scientists to carry out research in order to provide independent scientific advice and support to EU policy.
For many years, travel documents have been subject to standards and security measures as defined in the ICAO Document 9303. Such security measures work on a double layer: traditional paper security features and electronic security features.
Travel documents contain an electronic chip embedded which contains data about the document holder (including biometrics) which are protected using cryptographic measures based on the so-called public key cryptography. This type of algorithm uses two cryptographic keys. One of them, called public key, must be distributed in a secure way to allow trusted verification of the information secured by the algorithm. In chipped travel documents, this algorithm is called Passive Authentication and it relies on the fact that document issuers, i.e. countries, distribute their public keys in a secure manner to any authority that may need to verify the authenticity of travel documents identifying their citizens. Such public keys are distributed in the form of a certificate and are known as Country Signing Certificate Authority (CSCA) certificates.
Despite the fact that chipped travel documents have been in circulation worldwide for a number of years, efficient exchang of the CSCA certificates has proved challenging. In order to facilitate and improve this worldwide trusted circulation of CSCA certificates, ICAO has defined the concept of a “Master List”, which is a collection of trusted CSCA certificates signed and distributed by a country. In simple terms, this means that a country which trusts a set of CSCA certificates can put them into a data structure and digitally sign it with its own CSCA public key.
Using a Master List signed and published by a country/document issuing entity that it trusts, a country can get access to a wide number of certificates without needing to contact the issuing authority directly.
In 2015, the European Commission started to explore the concept of a “Schengen Master List” with the idea to build a “trusted collection” of CSCA certificates and to distribute this list to EU and EAC countries. This list would be signed by the European Commission.
In the framework of the pilot project on the Schengen Master List, the JRC has carried out a number of activities: