Your shopping cart is empty!
The new visible digital seals (VDS), originally adopted by countries for travel document verification, are now gaining wider international acceptance as affordable and efficient solutions to the global challenge of providing travellers with an internationally verifiable proof of health. Furthermore, the use of VDS technology outside of the travel domain is also becoming more broadly recognised.
This article takes a look these developments, but also goes ‘back to basics’ by explaining what a VDS actually is and where it originates from.
A visible digital seal (also called VDS or digital seal) is defined as a standardised, structured data set containing a payload (the actual data itself) and its signature (or ‘seal’), which comes from the issuer of that data. The data and the signature are then encoded into a 2D barcode which can be either printed on a document or displayed electronically.
For a travel visa, for example, the data would include the name, nationality, date of birth, sex and passport number of the visa holder, as well as the name of the issuing state and the visa validity period. Using the same methods that secure the microchip data on a credit card, the electronic signature guarantees data integrity: the purpose is not to keep the data secret, but rather to detect if it has been modified, as well as confirm the authenticity of its source.
VDS was originally developed by the French National Agency for Secure Documents (Agence Nationale des Titres Securisés) and the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik).
Based on this initial work, the International Civil Aviation Organization (ICAO) developed specifications for the ePassport, which is characterised by an integrated-circuit microchip that digitally stores the information printed on the passport datapage.
The verifiability of an ePassport relies on the ‘digital signing’, by authoritative issuers, of the data on the microchip, as well as relying on the use of a public key infrastructure (PKI) for controllers to be able to verify that digital signature. Furthermore, in order to facilitate the verification process, ICAO members have established a centralised public key directory (PKD), complemented by national master lists.
Thus, the infrastructure for ICAO-compliant ePassport verification has become highly developed and, in terms of issuance, ePassports are now a global norm. Building on this existing infrastructure, in 2018, ICAO member states endorsed a technology involving a simpler implementation of the same trust/ verification model established for ePassports. The technology is called visible digital seal and it is based on the use of a 2D barcode.
The intention with VDS is to have a similar level of digital security for those documents produced in high volume and with a short validity period – such as visas – for which it is economically unfeasible to use microchips.
While 2D barcodes are already broadly used within and outside of the travel continuum, ICAO technical experts sought to advance a 2D barcode that is ‘verifiable,’ by applying the ePassport model.
If we take travel visas as an example of how ICAO VDS actually works for a non- electronic document, ICAO describes three steps in the general process:
As stated above, the validity of the visa signer certificate itself can be verified by the CSCA certificate. Since all certificates are publicly available, the validity of the visa can be verified by any third party, not just by the issuing state. This approach can thus handle use cases for unions of countries, where one country issues a visa for another country (as is done for example in the European Union).
As an example of an existing use case for VDS, in 2015, due to the refugee crisis in Europe, Germany issued a harmonised document, as proof of successful registration, to all asylum seekers arriving in the country. The document carries classic security features and a VDS containing all the printed personal data, as well as a link to a database containing biometric data.
As far as applications in the pipeline are concerned, all EU member states will start issuing Schengen visas carrying digital seals from May 2022.
And as mentioned at the beginning of this article, the ICAO VDS is gaining wider acceptance as part of an internationally verifiable proof of health. To this end, ICAO and the EU are working towards ensuring compatibility between VDS and European digital COVID certificates, with specific international implementation guidelines expected shortly. Meanwhile, other regions and countries are conducting their own assessments.
ICAO specifies a number of considerable security advantages with using VDS on (usually paper-based) documents that don’t carry a microchip, and this was the reason for deploying this technology.
These advantages include the fact that each VDS is able to verify the information printed on the physical document, and is therefore tied to the document holder. Also, as there is no direct VDS equivalent of a blank document, no blanks can be lost or stolen. In addition, even untrained persons are able to verify a document protected with a digital seal by using low-cost equipment, such as an app on a smartphone.
However, ICAO points out some limitations when compared to chip-based documents. These include the limited storage capacity of digital seals and the fact that they do not protect against cloning. Furthermore, as 2D barcodes cannot replace the functional or security features of microchips, travel documents should strive to employ microchips whenever feasible, advises ICAO.
In spite of this, one can argue that cloning has a rather limited meaning in this context, as the main function of VDS is to guarantee data integrity.
In addition, when VDS is related to authentication features or contains a signed biometric data template such as fingerprints or a face recognition pattern, the ‘drawbacks’ as seen by ICAO should be reconsidered.
In addition to travel documents, VDS has been applied in other real-world scenarios. For instance, in 2021, France adopted the technology for its new national ID card, while Canada is using it for school certificates, Tunisia for public service payrolls and Ivory Coast for taxi driver certificates.
Although VDS is currently mainly used on official documents and IDs, it has the potential to extend further afield, for example to tax stamps and product track and trace systems. In this regard, VDS provides a mechanism for interoperability, within a secure trusted environment, between national tax stamp and traceability programmes.
Indeed, interoperability in a trusted environment between tobacco track and trace systems is a requirement of the WHO FCTC Protocol to Eliminate Illicit Trade in Tobacco Products. Article 8 of the Protocol calls for all parties to have in place, by 2023, a global tracking and tracing regime, comprising national and/or regional track and trace systems and a global information- sharing focal point. To this end, each party must ensure that unique, secure and non-removal identification markings, such as codes or stamps, are affixed to all unit packs and any outside packaging of tobacco products.
With such a global system in place, an inspector from country X should be able to securely read the tax stamp/track and trace data used by country Y, country Z and potentially any other country, using a single mobile app as a trusted entry point. This is what a well-designed VDS is able to offer, including a mechanism supporting multilingual data presentation.
The VDS can also contain (or securely link to) information and guidance on the authenticating security features used by each country. In this way, each country is free to use different technologies and schemes, knowing that the VDS interoperability function is there to assist inspectors who are unfamiliar with some of the national schemes.
Although the most straightforward way of using VDS is to physically add it to the tax stamp as an ‘entire data set,’ the limited space available on a tax stamp means that other approaches may need to be used. One such approach could be to incorporate the electronic signature and VDS ‘header’ (containing information about the VDS)
into a tax stamp’s existing barcode, which means a second code would not be required.
The extension of VDS outside the travel domain is being spearheaded by the Visible Digital Seal International Council (VDSIC) and its Otentik Trust Network. VDSIC is a non-profit organisation, founded in 2016 in France by 20 public and private French, Canadian and Tunisian entities. It is responsible for the governance model and standardisation of a VDS that is adapted and optimised for performance beyond the ICAO travel document domain.
The aim of VDSIC and Otentik is to create an environment of cross-sectoral and international trust, covering a wide range of digital security issues, based on global standards. At the European level, VDSIC and Otentik are working to resolve issues related to the security of official documents and certificates, instant payments based on a QR code, the security of national identity cards, as well as the use of VDS as a secure element in the field of cybersecurity and IoT.
The VDS model proposed by Otentik is based on multiple independent certification authorities (CA) – unlike the ICAO model which is based on multinational hierarchical mother/daughter CAs only. The Otentik model thus allows both for the inclusion
of hierarchical CA models (like ICAO) and sectoral, national or international multisectoral CA-based models.
The Otentik VDS data structure is based on the 2020 French standard AFNOR XP Z42-105, entitled ‘Electronic Storage Specifications for use of an Otentik VDS for the authentication, verification and acquisition of data carried by a document or object’. The standard, which is specific to VDS, was proposed by AFNOR in June 2021 as a New Work Item Proposal at ISO level, for the same working group that developed the tax stamp standard (ISO 22382:2018).
On 30 September, this new proposal was adopted by ISO and the new project, ISO/NP 22376, on electronic storage specifications for using VDS for the authentication, verification and acquisition of data carried by a document or object was initiated.
In addition, in 2022, the new global standard, ISO/CD 22385, on guidelines for establishing a framework for trust and interoperability, will include reference to a tax stamp carrying VDS, as an example of how such a framework could be implemented.
And a few weeks ago, the VDSIC universal ‘Otentik Code Reader’ application (acting as a trusted entry point) was launched for Android and iOS.
With all these different developments taking place around VDS technology as a new global trusted environment – both inside and outside the travel domain – the technology looks set to become a world standard in secure interoperability.