The ICAO Digital Travel Authorization: Standardizing the electronic visa

Over the last decade, a number of States began issuing online visas, often referred to as “eVisas”. This was carried out without the benefit of standardization, commonality, or definitions of what constitutes a travel authorization not physically issued in a passport booklet. Without standardization, it is nearly impossible for anyone outside of an issuing authority to verify non-physical “eVisas”.

Despite this, online visa notifications are increasingly presented to aircraft operators as emails and/or printouts that contain a myriad of datasets without security features that can be verified through an interoperable framework. In these situations, aircraft operators are unable to verify the “eVisa” as they carry out their document checks at the point of embarkation.

To address this, ICAO developed and defined a Digital Travel Authorization (DTA), which is intended to assist States and airlines in this situation. The DTA specification provides a step-by-step framework for issuing an electronic notification containing a 2D barcode that can be easily read and verified, enabling both data capture and verification of integrity in one transaction. The DTA can be used in both digital and physical formats, meaning it can be presented on a smart device or on a printed piece of paper with the same security and results.

Additionally, ICAO’s specification and guidance for the DTA encourages States to take advantage of automation for the steps associated with the travel authorization processes, including the continuum from application through airline verification to border inspection or acceptance.

Automating these steps, particularly the application and materials submissions, expedites the pre-vetting and eligibility decisions to allow an applicant to travel. This reduces the burden on both the issuing authority as well as the applicant, using an online approach for submissions; while providing an efficient method for applicants, governments, and airlines to verify the acceptance for travel. Importantly, the DTA standardizes the data set that is collected for each traveller, regardless of the issuing State. This provides a critical advantage to the aircraft operator since it can harmonize its method of verifying DTA barcodes.

Traditionally, the visa sticker has been glued in a passport as a foil-type travel document, to provide a physical travel authorization. To support States and aircraft operators in checking visas, ICAO standardized the visa document in Part 7 of ICAO Doc 9303, Machine Readable Travel Documents (MRTDs) thereby creating specifications for Machine Readable Visas (MRVs).

Not all States around the world have invested in visa management systems that can issue an MRV. In the same vein, ICAO Annex 9 – Facilitation to the Chicago Convention has not adopted an obligation on Contracting States to mandatorily issue one. Annex 9, however, does contain two Recommended Practices, which can encourage States to issue MRVs as such, and alternatively, urges States when they are not issuing a MRV, to at least conform to the visual zone of the visa format as set forth in Doc 9303, Part 7. The issuance of a standardized visa assists aircraft operators in taking necessary precautions during the document check prior to boarding.

Instead of investing in MRVs, however, a number of States have begun issuing “eVisas” without first agreeing on a method of standardization. The last decade has seen a proliferation of such visas. States implement such solutions to save costs and achieve efficiencies, since almost all involved processes are online and do not require a consular appearance by the traveller. The problem remains that these “eVisas” are not based on an interoperable framework, which creates a burden on the middleman – the aircraft operator – who is obliged to conduct pre-departure checks to determine if a passenger is in possession of the document prescribed by the States of transit and destination.

The DTA 2D barcode provides for easy readability by the verifier since it contains both the data set of the travel authorization and a digital signature which can be verified for data quality and integrity purposes. The barcode deployed by the DTA is called the Visible Digital Seal (VDS), which is an ICAO standardized security feature already used for security documents. VDS technology provides a similar level of security to barcode-based documents as to chip-based documents, such as passports with an integrated circuit chip (the “ePassport”). VDS involves a simpler implementation of the same trust and verification model established for electronic MRTDs, extended to VDS-defined 2D barcodes. This technology has existed for some time and is contained in ICAO Doc 9303, Part 13.

The DTA deploys a specific type of VDS used for non-constrained environments or VDS-NC. Since the VDS-NC barcode can be larger, or non-constrained, there is room to store not only the dataset on the 2D barcode, but also the digital signature. This approach provides the following advantages:
• Security: Even though the cost of issuing a VDS-NC based document is very low, it is very difficult to fake or forge the DTA. Since the barcode signer is on the VDS-NC, only the root of the trust certificate is required to verify the DTA. Of particular importance, the DTA can be presented in both a physical form, as printed from the authorization document of the issuer as well as digital form on, for example, a smartphone.
• Personalization: Each digital seal verifies the information printed on the physical document, and is therefore tied to the document holder. There is no direct equivalent to a blank document, therefore no blanks can be lost or stolen.
• Easy verification: Even untrained persons are able to verify a document protected with a digital seal by using low-cost equipment, such as a basic barcode reader or an application on a smartphone. Moreover, due to the binary nature of a digital signature, distinguishing between authentic and forged documents is straightforward.

How does the DTA verification system work?
The DTA process defined by ICAO Doc 9303 covers all of the steps included in a sound visa/travel authorization programme, including the ability to submit supporting materials online. Using specified formats, the issuing authority has available globally interoperable, standardized terminology and the ability to assess the eligibility of the applicant.

The VDS contains the barcode signer certificate, a certificate containing information identifying the entity that signed the VDS on a DTA, as well as the public key corresponding to the private key with which the signature was created.

The barcode certificate can be created with a distinct profile for the DTA, meaning the VDS on DTAs are issued in a way that allows verification by the Country Signing Certificate Authority (CSCA) certificates. This enables a State to re-deploy its Public/Private Key Infrastructure to not only accommodate eMRTD issuance, but also of DTAs.

Public Key Distribution – the role of the ICAO Public Key Directory
The ICAO Public Key Directory (PKD) is a central repository for exchanging the information required to authenticate eMRTDs such as ePassports, electronic ID cards and 2D barcodes in VDS format.

To verify a DTA, including a VDS formatted 2D barcode, any verifying entity will need to have access to the root of trust certificate, referred to as the CSCA certificate in ICAO terminology. For the DTA this is a fairly simple process for a State, since the State is both the issuing and verifying entity in one, meaning it is already in possession of its CSCA. However, for an aircraft operator or a ground handling agent to conduct verification it will need to gain access to the issuing State’s root of trust – the CSCA – to prepare the DTA check.

The ICAO PKD provides access to the trust certificates to all ICAO Member States free-of-charge. This access has now been extended to private sector entities – such as aircraft operators – through a pilot project. Within this pilot project, authorized entities are permitted to use PKD data obtained from the public PKD data and Master List download website. Commercial use of the ICAO PKD will enable widespread verification of the DTA in the aviation environment.

The use of standardized DTAs will save aircraft operators human and financial resources currently being expended to validate non-standardized and non-harmonized “eVisas”. Implementation of the DTA will solve long-standing issues associated with online visa issuance. The DTA provides a globally interoperable model for issuing authorities to adopt and enables a framework for the aviation industry to verify electronically issued travel authorizations before departure.

“This article was originally published on UnitingAviation.com, the blog of the International Civil Aviation Organization”

By Barry Kefauver and Christopher Hornek, Aviation Security & Facilitation, ICAO