MEMORANDUM OF UNDERSTANDING (MOU) REGARDING PARTICIPATION AND COST SHARING IN THE ELECTRONIC MACHINE READABLE TRAVEL DOCUMENTS ICAO PUBLIC KEY DIRECTORY (ICAO PKD)

VERSION 7
20 NOVEMBER 2008

RECITALS

(a) ICAO has received a request for the establishment of an ICAO Public Key Directory, as defined in Section 1, to promote the global interoperability of the validation system for electronic travel documents.

(b) The ICAO Council, at the fifth meeting of its 175th Session on 31 May 2005, confirmed the development of a Public Key Directory on a cost recovery basis and under the aegis of ICAO.

(c) The objective of this MoU is to set out the arrangements for participation in the ICAO Public Key Directory.

(d) This MoU is a statement of commitment by the Participants, as defined in Section 1, for the establishment and operation of the ICAO PKD.

The Participants hereby decide as follows:

1. DEFINITIONS

The following definitions apply herein:

Certificate Issuing Location (CIL) - a location designated by a Participant from which it will send Document Signer Certificates (CDS), Country Signing CA Link Certificates (lCCSCA), CSCA Master List (MLCSCA) and Certificate Revocation Lists (CRLs) to the ICAO PKD.

Certificate Revocation Lists (CRLs) - the lists issued by a Participant to revoke any of its certificates or to signify that no such revocations exist for any of their certificates.

Council - the Council of the International Civil Aviation Organization.

Country Signing CA (CSCA) - the Certificate Authority for a Participant that is responsible for managing the Country Signing CA Certificate (CCSCA) used to sign all State Document Signer Certificates (CDS). The CSCA is the highest trust authority for the Participant in the context of the ICAO PKD.

Country Signing CA Certificate (CCSCA) - a Public Key Infrastructure (PKI) certificate containing a Country Signer CA Public Key Certificate (KPuCSCA) and other standard information about the Country Signing CA Public Key. A Country Signing CA Certificate is self- signed i.e. it is signed using the corresponding Country Signer CA Private Key.

Country Signing CA Link Certificate (lCCSCA) - a Public Key Infrastructure (PKI) certificate containing a Country Signer CA Public Key (KPuCSCA) and other standard information about the Country Signing CA Public Key. A Country Signing CA Link Certificate is signed by the same Country Signing CA using the previous Country Signer CA Private Key.

CSCA Master List (MLCSCA) - A signed list of CSCA Certificates.

Country Signing CA Public Key (KPuCSCA) - the public key that may be used to verify the digital signature on certificates (Document Signer Certificates, CSCA Master List, Country Signing CA Link Certificates) and Certificate Revocation Lists issued by the Country Signing CA under the corresponding private key.

Document Signer Certificates (CDS) - a public key infrastructure certificate that contains a Document Signer Public Key and other standard information about the Document Signer Public Key.

Document Signer Public Key (KPuDS) - the public key that is used to verify the digital signature on an eMRTD.

eMRTD - a Machine Readable Travel Document (MRTD) that contains a contactless Integrated Circuit (IC) chip within which is stored certain specified MRTD data, a biometric measure of the passport holder, and a security object to protect the data with Public Key Infrastructure cryptographic technology, and that conforms to the specifications set forth in the latest edition of ICAO Doc 9303.

Fee Schedule - the Schedule included in Attachment B to this MoU that contains charges for the services and facilities of the ICAO PKD, which is established by the PKD Board, in consultation with the Secretary General, and is published and disseminated by the Secretary General.

ICAO PKD Read Directory - the read-only version of the ICAO PKD Directory that will be accessible by all States, airlines and other entities that need to verify the authenticity of eMRTD data.

ICAO Public Key Directory (ICAO PKD) - the central database serving as the repository of Document Signer Certificates (CDS) (containing Document Signer Public Keys), CSCA Master List (MLCSCA), Country Signing CA Link Certificates(lCCSCA)and Certificate Revocation Lists issued by Participants, together with a system for their distribution worldwide, maintained by ICAO on behalf of Participants in order to facilitate the validation of data in eMRTDs.

Operator - the entity contracted by the Secretary General for the establishment and operation of the ICAO PKD in accordance with the System Design Documentation and the Public Key Infrastructure specifications set forth in the latest edition of ICAO Doc 9303.

Participants - an ICAO Contracting State or any other entity issuing or intending to issue eMRTDs who follow the arrangements for participation in the ICAO PKD.

PKD Board - the governing body responsible for the oversight and supervision of the ICAO PKD.

PKD Interface Specifications - the specifications developed by the Operator and approved by the PKD Board for interfacing with the Public Key Infrastructure developed and implemented by the Operator.

PKD Regulations - the regulations that establish mandate and general operational requirements of the PKD, and define the basic responsibilities of the PKD Operator, Participants and Users.

PKD Procedures - the procedures that address administrative issues required by the PKD Regulations as conditions to use the PKD or otherwise relating to the technical operation and administrative processes of the PKD.

Secretary General - the Secretary General of the International Civil Aviation Organization.

Users - those ICAO Contracting States, territories, organizations, commercial entities, or individuāls who are not Participants in the ICAO PKD but who may access and download information from the ICAO PKD Read Directory.

2. PARTICIPATION

2.1 An ICAO Contracting State or any other entity issuing or intending to issue eMRTDs may participate in the ICAO PKD.

2.2 In order to become a Participant in the ICAO PKD, an ICAO Contracting State will be required to submit a "Notice of Participation" (Attachment A) to the Secretary General and thereafter to sign up with the Operator according to the ICAO PKD Regulations and the procedures established by the Operator, which are approved by the PKD Board in consultation with the Secretary General.

2.3 Any other entity issuing or intending to issue eMRTDs that wishes to become a Participant will be required to seek the PKD Board's approval in consultation with ICAO. If such approval is granted, the entity will follow the process described in paragraph 2.2.

2.4 The date on which a Participant's participation in the ICAO PKD becomes effective will be the first day of the month following sign up with the Operator, pursuant to paragraph 2.2

2.5 The Council will appoint the PKD Board delegates nominated by Participants in accordance with the procedures established by the PKD Board.

2.6 The Secretary General will advise the PKD Board and all Participants of new registrations in the PKD.

3. ROLE OF ICAO

ICAO is invited to:

a) perform, in the interest of the Participants, the activities necessary to provide for the establishment and operation of the ICAO PKD;

b) publish and disseminate the ICAO PKD Regulations, ICAO PKD procedures and ICAO PKD Interface Specifications, and any amendment thereof, as approved by the PKD Board;

c) acting through the Secretary General, establish, in consultation with the Operator and with the consent of the PKD Board, the estimated costs, and publish and disseminate the Fee Schedule, as approved by the PKD Board;

d) publish and disseminate any amendments to this MoU;

e) provide administrative and operational support to the PKD Board;

f) carry out verification of the authenticity of the Document Signer Certificates (CDS), Country Signing CA Link Certificates (lCCSCA), CSCA Master List (MLCSCA) and Certificate Revocation Lists (CRLs), and upload the CDS, lCCSCA, MLCSCA and CRLs to the ICAO PKD Read Directory in accordance with the ICAO PKD Regulations; and

g) act as trust agent between the Participants and the Operator for receiving fee payments.

4. FEES AND PAYMENTS

4.1 The ICAO PKD will be financed by fees paid by the Participants and Users in accordance with Attachment B - Cost Sharing/Fee Schedule.

4.2 Participants will pay their Registration Fee in advance of submitting their public keys to the ICAO PKD.

5. TRANSMISSION OF CERTIFICATES

5.1 Participants will transmit to the ICAO PKD the Document Signer Certificates (CDS), Country Signing CA Link Certificates (lCCSCA), CSCA Master List (MLCSCA) and Certificate Revocation Lists (CRLs) in the manner specified by the PKD Interface Specifications.

5.2 Participants, through their respective eMRTD issuing authority, will send to the ICAO PKD public keys that function and operate according to the Public Key Infrastructure specifications set forth in the latest edition of ICAO Doc 9303.

6. LIABILITY

6.1 ICAO will bear no liability towards users of the PKD, including any third party, as regards to any claims, damages or financial losses of any kind. A disclaimer notice to this effect will be posted on the PKD website from which all Participants and Users download the Public Key Directory.

6.2 ICAO will obtain insurance in an amount acceptable to cover liability arising from ICAO's own negligent acts or omissions in performing the role and responsibilities established in paragraph 3(f) of this MoU. The cost incurred by ICAO for securing such insurance and related deductibles will be recovered through the Participants' fees. Such costs will be subject to the review and approval of the PKD Board and the Secretary General.

6.3 Participants will not be responsible for any suits, claims, demands and liability of any nature or kind, including their costs and expenses, arising out of the acts or omissions of the Operator or the Operator's employees, officers, agents or sub-contractors, in relation to the ICAO PKD.

6.4 Each Participant will be responsible for its errors or omissions in the issuance and uploading of its public keys. Participants will not be responsible or liable for the errors or omissions of other Participants or of ICAO in relation to the ICAO PKD.

7. PKD BOARD

7.1 The PKD Board will be composed of delegates nominated by Participants that are current with their fee payments as established in Attachment B, and who have been appointed by the Council.

7.2 The Terms of Reference for the PKD Board are set out in Attachment C.

7.3 The PKD Board will be composed of a minimum of five and a maximum of fifteen delegates. When the number of Participants exceeds fifteen, the Chairperson of the Board, in consultation with all Participants that are current with their fee payments as established in Attachment B, will recommend to the Council, for its approval, the fifteen Participants who will constitute the Board.

7.4 The PKD Board may decide, with the approval of the Council, to increase the number of delegates if required.

7.5 The PKD Board may allow non-Participants to be observers to its meetings.

8. AMENDMENTS TO THE MOU

8.1 Any amendments to this MoU, including the attachments, will require acceptance by two- thirds of the Participants that are current with their fee payments as established in Attachment B, and approval by the Council.

8.2 An amendment so adopted will come into effect for all Participants from the date of the Council's approval of the amendment or an alternative date where this is recommended by the ICAO PKD Board and agreed by the Council.

8.3 The Secretary General will publish and disseminate any amendments as adopted to all Participants.

9. TERMINATION OF PARTICIPATION

9.1 At least one full year's notice (i.e. not later than 1 January), transmitted in writing to the Secretary General, is required for termination of participation in the ICAO PKD. Termination takes effect on 31 December of the year following notice.

9.2 Upon receipt of a notice of termination of participation in accordance with paragraph 9.1, the Secretary General will notify the other Participants and the PKD Board.

10. SETTLEMENT OF DISPUTES

Any difference between Participants relating to the application or interpretation of this MoU that cannot be resolved by negotiation between them independently will, upon the request of any of the Participants concerned, be referred to the Council for recommended resolution.

11. COMING INTO EFFECT

For this MoU to come into effect, five Notices of Participation must be received by the Secretary General; the date of receipt of the fifth notice is the date of coming into effect of this MoU.

 

 

ATTACHMENT A

MEMORANDUM OF UNDERSTANDING (MOU) REGARDING PARTICIPATION AND COST SHARING IN THE ELECTRONIC MACHINE READABLE TRAVEL DOCUMENTS ICAO PUBLIC KEY DIRECTORY ( ICAO PKD)

MODEL

NOTICE OF PARTICIPATION

The

(name of the Authority designated by the Participant concerned as its authorized organ)

of

(name of Participant)

hereby gives the Secretary General of the International Civil Aviation Organization (ICAO)

notice of participation of _________________________________________________

(name and address of the Participant)

in the Memorandum of Understanding (MoU) Regarding Participation and Cost Sharing in the ICAO

Electronic Machine Readable Travel Documents Public Key Directory (ICAO PKD).

NOTE: Participation by a non-State entity in the ICAO PKD (the functions of which are technical and

operational) will not afford such non-State entities the rights or privileges accorded to ICAO Contracting States under the Chicago Convention.

Signed at		on
	(place)		(date)

On behalf of _________________________________________

Name of Authority ____________________________________

Name, title __________________________________________

Signature ___________________________________________

 

 

ATTACHMENT B
Cost Sharing/Fee Schedule

1. Procedures for establishing and updating the Fee Schedule

1.1 The development and operation of the ICAO Public Key Directory will be on a cost recovery basis. The investments, costs and expenses necessary for its development and operation will be reimbursed from fees paid by the Participants in accordance with the Fee Schedule. Investments, costs and expenses attributable to Users' access to the ICAO PKD will be reimbursed from fees paid by Users in accordance with the Fee Schedule.

1.1.1 Fees for Participants will consist of a Registration Fee and an Annual Fee. The Registration Fee will be a one-time fee, which will be due and payable immediately after notices of participation have been logged with ICAO. The Annual Fee will be a recurring fee, which will be due and payable by all Participants on 1 January each year. In the case of Participant participating in the ICAO PKD on a date after 1 January, a prorated Annual Fee will be due and payable in relation to the remainder of that year.

1.1.1.1 Registration Fee.

- to all Participants: US $56 000

1.1.1.2 Annual Fees. The PKD Board, in consultation with the Secretary General and the Operator, will establish and update, the Annual Fees, which will be published and disseminated by the Secretary General.

1.1.1.3 Fees for Users. The PKD Board, in consultation with the Secretary General and the Operator, may establish and update, annually, fees for Users, which will be published and disseminated by the Secretary General. Users fees may vary for different categories of users, as defined in the PKD Procedures, and "nil" fees may apply.

1.2 All costs incurred by ICAO in the performance of the functions set out in Section 3 of the ICAO PKD MoU will be covered by the Fees.

1.3 The Participants and Users will abide by the Fee Schedule and the payment provisions and understandings approved by the PKD Board.

2. Fee payments

2.1 Fee payments by Participants will be made to ICAO who will be acting as trust agent between the Participants and the Operator.

2.2 The administrative procedures required to pay Participants' fees and Users' fees will be established in the PKD Procedures, to be approved by the PKD Board, which will be based on the principle established in paragraph 3(g) of this MoU.

2.3 ICAO will forward fees to the Operator once the fee payments are received and are sufficient to cover the PKD operating costs and the administrative charges for ICAO services.

2.4 Payments to be made under the Fee Schedule must be received in full by ICAO at the due date indicated in paragraph 1.1.1

2.5 Failure by a Participant to pay the PKD fees will lead to that Participant's service being withdrawn at the end of the third month following the date on which payment is due. The service will not be reinstated until that Participant's debt has been fully settled.

2.6 ICAO will not be held responsible for Participants' payments or delays in making fee payments.

2.7 ICAO will not be held responsible for payment to the Operator for PKD operating costs and compensation of administrative charges for ICAO services, if the Annual Fees are not paid or are delayed.

3. Reporting and statistics

The Secretary General, will produce semi-annual financial statements showing revenues and expenses as well as accounting summaries listed by Participant. In addition, the Secretary General, in coordination with the Operator, will produce statistics that will measure net fees paid for services provided, as detailed by a number of factors such as certificates issued and other relevant criteria. These statistics will be used to analyze and support fee changes as appropriate.

4. Financial verification

The financial statements and the accounting reports of ICAO and the Operator associated with the operation of the ICAO PKD will be subject to annual verification by an independent auditor.

 

 

ATTACHMENT C
Terms of Reference of the ICAO PKD Board

1. Membership and functions

1.1 Only Participants in the ICAO PKD under the Memorandum of Understanding (MoU) Regarding Participation and Cost Sharing in the ICAO Electronic Machine Readable Travel Documents Public Key Directory (ICAO PKD) that are current with their fee payments as established in Attachment B, are eligible to serve on the PKD Board.

1.2 The PKD Board is the standing body responsible for the ICAO PKD. Its duties will include:

a) address issues related to the implementation of the ICAO PKD MoU and ICAO PKD Regulations;

b) in consultation with the Secretary General and the Operator, propose and approve the ICAO PKD Regulations, PKD procedures and PKD Interface Specifications, and any amendment thereof;

c) establish its Rules of Procedures;

d) exercise financial and operational oversight of the ICAO PKD;

e) provide to the Secretary General and the Council advice on policy, operational, and financial issues related to the PKD;

f) establish rules and procedures for setting and updating the amounts contained in the Fee Schedule;

g) in consultation with the Operator and the Secretary General, approve the ICAO PKD operations budget;

h) review procedures established by the Operator to sign up for the ICAO PKD, through the website, and its amendments;

i) review the verified financial statements regarding the ICAO PKD and any related financial activities incurred by the Operator and ICAO that are subject to cost sharing;

j) submit to the Participants an Annual Report on its activities and other relevant issues in the preceding year on or before 31 October;

k) approve, in consultation with the Secretary General, the ICAO PKD Terms and Conditions for the use of the ICAO PKD Read Directory as proposed by the Operator;

l) establish and approve the procedures for operational and other complaints; and;

m) establish procedures for proposing amendments to the ICAO PKD MoU for acceptance by the Participants and approval by the Council.

1.3 The Chairperson and members of the PKD Board will not be remunerated by the ICAO PKD for their services.

2. Participation and voting rights

2.1 The PKD Board will be composed of a minimum of five and a maximum of fifteen delegates, who will be known as Members. When the number of Participants exceeds fifteen, the Chairperson of the Board, in consultation with all Participants that are current with their fee payments as established in Attachment B, will recommend to the Council, for its approval, the composition of the Board.

2.2 The delegates will be appointed by the Council for a term up to three years.

2.3 Each Member will have one vote. When voting is required, a decision by the Board will be arrived at by simple majority; however, when the votes are equally divided, the Chairperson's vote will prevail. Participants may designate a delegate from another Participant as their delegate. This delegāte will carry and exercise voting rights on behalf of the party represented.

2.4 When a vote is required on any difference between Participants relating to the application or interpretation of the Memorandum of Understanding (MoU) Regarding Participation and Cost Sharing in the Electronic Machine Readable Travel Documents ICAO Public Key Directory (ICAO PKD) as indicated therein in paragraph 10, the Participants involved in the difference will not be able to exercise their voting rights.

3. Selection of the Chairperson

3.1 At their first meeting of the year, the members of the PKD Board will select a Chairperson from among the PKD Board Members for a one-year term.

3.2 The Chairperson position should rotate among the members.

4. Functions of the Chairperson

The Chairperson will:

a) call for Ordinary and Extraordinary meetings; and

b) propose and submit for approval to the PKD Board the Annual Report.

5. Meetings of the PKD Board

5.1 The PKD Board should meet as often as circumstances require, but not less frequently than once a year.

5.2 The President of the Council of ICAO and the Secretary General will be permitted to participate in meetings of the PKD Board but will not have the right to vote. Members of the Council may attend meetings of the PKD Board as observers.