ICAO compliant PKI implementation, support, and technology transfer in Vietnam

During 27 years of development, FPT Information System Corporation (FPT IS) is proud to be the leading system integrator and solution provider in Vietnam and the region. Possessing technological capabilities recognized by global customers and partners, FPT IS has designed and deployed a large number of overall IT projects, IT services and solutions for key sectors of the countries where it operates, including public sector, telecommunications, banking – finance, healthcare, transportation, utilities and enterprise.

Solutions “Made by FPT IS” are researched, developed, applied the cutting-edge technology trends and platforms, which gradually affirms their outstanding advantages compared to other products in the market, meets the diverse needs of domestic and foreign customers.

Leading digital transformation in Vietnam.

Customer Requirements

The customer needed to set up a system for ePassport/eID to be operated in line with the ICAO standard. They have opted for EJBCA as the ICAO compliant PKI managing CV certificates. However, the implementation of the ePassport/eID in line with the ICAO standard having is difficult task, where experts with deep understanding of the whole ecosystem and the underlying technology are essential. The customer requested the installation and configuration of the CSCA, CVCA, DVCA, and SPOC CA in the highly available and failover setup. Further tasks included consulting and advisory on CryptoToken integration, preparation of certificate and end entity profiles, set up approvals and workflows with all the roles and access rights. Additional tasks included publisher’s configuration, integration with the inspection systems and with the monitoring and logging solution as well as the terminal control center. The whole set up needed to be designed, but it was also essential to hand over the essential knowhow to the local team to manage and maintain the solution on site.

Delivery

3Key team with deep knowledge of the EJBCA and SignServer technology provided a design of the overall ICAO PKI architecture documented the whole solution. Our experts also assisted with the deployment and configuration of the solution. Once the architecture had been finalized and CSCA, CVCA, DVCA, and SPOC CA documentation has been prepared, an extensive training has been provided to the local team with the usage of virtualized environment to provide the customer with the hands-on experience. Based on the discussions with the customer the original scope has been extended also to design a SPOC and NPKD system based on OpenLDAP together with the API to simulate the communication between CMS and the foreign SPOC. The whole package is complemented by a remote support package, which ensures the customer will always have a top-notch assistance, if they run onto troubles with their ePassport/eID solution.

Solution Benefits

Assurance that the ePassport/eID solution is implemented according to the ICAO standards
Leveraging the experience of several European countries with their ICAO set up
Close cooperation with the FPT team and extensive transfer of know-how
Custom development of specialized tool based on the requirements of the customer
Providing technology support to ensure the smooth rollover and operation of the system
Best practice in choosing the proper cryptographic algorithms in respect with the performance
Interoperability of the solution with other ICAO compliant countries
Clarification and setup of the workflow and lifecycle of each ICAO compliant CA

Get in touch with us!

We would be happy to help you succeed!