d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2633de4d3386f7194663e3d442b017e820fc16de
the_order/docs/integrations/EU_LAISSEZ_PASSER_SPECIFICATION.md
defiQUG 2633de4d33 feat(eresidency): Complete eResidency service implementation 
- Implement credential revocation endpoint with proper database integration
- Fix database row mapping (snake_case to camelCase) for eResidency applications
- Add missing imports (getRiskAssessmentEngine, VeriffKYCProvider, ComplyAdvantageSanctionsProvider)
- Fix environment variable type checking for Veriff and ComplyAdvantage providers
- Add required 'message' field to notification service calls
- Fix risk assessment type mismatches
- Update audit logging to use 'verified' action type (supported by schema)
- Resolve all TypeScript errors and unused variable warnings
- Add TypeScript ignore comments for placeholder implementations
- Temporarily disable security/detect-non-literal-regexp rule due to ESLint 9 compatibility
- Service now builds successfully with no linter errors

All core functionality implemented:
- Application submission and management
- KYC integration (Veriff placeholder)
- Sanctions screening (ComplyAdvantage placeholder)
- Risk assessment engine
- Credential issuance and revocation
- Reviewer console
- Status endpoints
- Auto-issuance service
2025-11-10 19:43:02 -08:00

11 KiB
Raw Blame History

EU Laissez-Passer (EU-LP) — Technical Specification

Document Type: Technical Specification
Version: 1.0
Last Updated: 2024-12-28
Status: Reference Documentation

1) Legal & Governance

  • Instrument: Council Regulation (EU) No 1417/2013 (form, issuance, recognition; replaces 1826/69). Does not itself grant privileges/immunities. Recognised by EU Member States; recognition in third countries via agreements.

  • Standards Basis: Must meet the same security standards/technical specs as Member-State passports; aligned to ICAO Doc 9303 (MRTD/eMRTD).

  • Issuing & Lifecycle: Centralised enrolment, personalisation, delivery, and end-of-life (destruction) run by the European Commission on behalf of all EU issuing institutions.

2) Form Factor & Construction

  • Booklet Type: Single booklet, TD3 passport size.

  • Dimensions: 88 mm × 125 mm (W×H). Pages: 48. Cover: blue; hot-foil stamping; flexible plastic cover.

  • Validity: Up to 6 years (min 12 months). No extensions. Provisional LP possible up to 12 months; its chip may omit fingerprints.

3) Data Page, MRZ & Document Identifiers

  • Visual Data (Core):

    • Surname
    • Given names
    • Date/place of birth
    • Sex
    • Nationality
    • Document number
    • Dates of issue/expiry
    • Issuing authority
    • Holder signature
    • Primary colour photo plus ghost image

  • Function Line (Page 4): Optional "Function" entry (e.g., Ambassador, Minister Counsellor, Attaché, etc.), including flags for Family member or Temporary laissez-passer.

  • Issuer Code (MRZ): EUE (European Union). Document Category (PRADO): T (travel) / S (service/official/special).

  • MRZ Format: ICAO TD3 (2 lines × 44 chars) per Doc 9303; standard passport MRZ content/field ordering applies.

  • Known MRZ Deviation (Historic): For German nationals, nationality field value change from DEU (pre-2022) to D<< (post-2022) to align with Doc 9303 Part 3; documented on the EU-LP CSCA site.

4) Electronic Document (Chip) & Biometrics

  • Type: Contactless IC (eMRTD) embedded in datapage; ICAO-conforming. Stores digital face image + two fingerprints (except possible omission for provisional LPs).

  • Access Control & Trust:

    • EU-LP PKI: Country Signing Certificate Authority (CSCA) operated by the European Commission JRC; publishes CSCA certificates, link certificates and CRLs (PEM; SHA-256/SHA-1 fingerprints posted).
    • EAC/Extended Access: Commission notes extended access control infrastructure for inspection systems.
    • ICAO PKD: EU is a member since 7 Nov 2017; CSCA "EUE" available to PKD participants for global validation.

  • Current CSCA Materials:

    • Current CSCA Self-Signed: Released 27 Jul 2020, valid to 27 Oct 2031; SHA-256 fingerprint published.
    • New CSCA (2025 Series): Released 10 Apr 2025, valid to 10 Jul 2036; to be active by Jul 2025 (with link cert).
    • CRL: Latest CRL publication dates and validity windows listed on the CSCA page.

CSCA Resources:

5) Physical & Print Security Features

  • Watermarks: Dedicated watermark on biodata page; different watermark design on inner pages; centred positioning.

  • Laminate/OVD: Holographic laminate with kinetic/metallic effects over the datapage.

  • Intaglio & Latent Image: Intaglio printing with latent "EU" image; tactile features.

  • Optically Variable Ink (OVI): OVI elements on inside covers (e.g., "EUE" motif).

  • UV/IR Features: Substrate without optical brighteners, fluorescent fibres, UV overprints in red/blue/green; additional UV imagery (2022 redesign theme).

  • Numbering: Laser-perforated serial on inner pages ("L" + digits); top-right numbering on biodata page.

  • Guilloches/Microprint: Multitone guilloches; complex background patterns; screen-printed elements on datapage.

  • Binding/Anti-Tamper: Security stitching/binding marks present across visa pages.

6) 2022 Design Refresh

  • In Circulation: Since July 2022 (after the initial 2015 upgrade).

  • Theme: "Connectivity" & space/universe (EU Galileo/Copernicus). New UV graphics and specialised inks/print methods were introduced.

7) Eligibility & Functional Use

  • Eligible Holders: EU representatives/staff (and, under conditions, certain special applicants and family members); eligibility governed by Staff Regulations/CEOS.

  • Recognition/Visa Handling: Valid in EU Member States; third countries via agreement. Airlines/travel agents check acceptance/visa via IATA Timatic; document info published in PRADO/FADO for inspection.

  • Important Limitation: The document does not itself grant diplomatic status/immunity.

8) Quick Reference — Border/ID Systems

  • Document Family: EU eMRTD, issuer code EUE, TD3 format. MRZ: 2×44 chars per ICAO Doc 9303; standard passport field rules.

  • Chip Verification: Trust EU-LP via PKD (CSCA EUE) or fetch CSCA/CRL directly from JRC CSCA portal. Extended access control supported; check reader configuration for EU-LP profiles.

  • Fingerprint Presence: Required for standard booklets; may be absent on provisional LPs (design note on PRADO).

  • Specimen & Feature Lookup: Use PRADO: EUE-TS-02001 for exhaustive image-level features and page-by-page security elements.

9) Integration Notes

For Identity Service Integration

  • MRZ Parsing: Implement ICAO Doc 9303 TD3 format parser (2 lines × 44 characters).
  • Chip Reading: Support contactless IC reading for eMRTD data groups (DG1, DG2, DG3).
  • Certificate Validation: Integrate with EU-LP CSCA for certificate chain validation.
  • Biometric Verification: Support face image and fingerprint verification (when present).

For Document Verification

  • Security Feature Checks:

    • UV/IR feature detection
    • Watermark verification
    • Holographic laminate inspection
    • Intaglio printing verification
    • OVI element validation

  • MRZ Validation:

    • Check digit validation
    • Field format validation
    • Issuer code verification (EUE)
    • Document number format

For Credential Issuance

  • Diplomatic Credential Mapping: Map EU-LP holder information to diplomatic credential claims:
    • Function/role from page 4
    • Issuing authority
    • Validity period
    • Document number

10) Technical Implementation Requirements

ICAO Doc 9303 Compliance

  • Parts 35: MRTD common specs, TD3 MRPs
  • Parts 1012: LDS (Logical Data Structure), security mechanisms, PKI
  • Watch for Updates: MRZ document-type code harmonisation (affects optional second letter in "P<" code) ahead of Doc 9303 updates from 2026.

Certificate Management

  • Monitor EU-LP CSCA Page: For certificate rollovers (new CSCA & link certs published April 2025 with activation in July 2025).
  • Deviation Notices: Watch for nationality-field encoding changes (e.g., German nationals: DEU → D<<).

Data Groups (LDS)

Typical EU-LP eMRTD contains:

  • DG1: MRZ data
  • DG2: Face image
  • DG3: Fingerprint template(s) — may be absent on provisional LPs
  • DG4: Additional biometric data (if applicable)
  • DG5: Displayed portrait
  • DG6: Reserved
  • DG7: Displayed signature
  • DG8DG16: Additional data groups (if applicable)

11) Verification Flow

Standard Verification Process

  1. Physical Inspection:

    • Check document format (TD3, 88×125mm)
    • Verify security features (watermarks, OVI, UV/IR)
    • Inspect binding and anti-tamper features

  2. MRZ Reading:

    • Read MRZ (2 lines × 44 chars)
    • Validate check digits
    • Verify issuer code (EUE)
    • Parse document number, dates, personal data

  3. Chip Access:

    • Establish contactless communication
    • Perform Basic Access Control (BAC) or Extended Access Control (EAC)
    • Read data groups (DG1, DG2, DG3)

  4. Certificate Validation:

    • Fetch CSCA certificate from EU-LP CSCA portal or PKD
    • Validate certificate chain
    • Check CRL for revoked certificates
    • Verify document signature

  5. Biometric Verification:

    • Compare live face image with DG2
    • Compare live fingerprints with DG3 (if present)
    • Calculate match scores

  6. Data Consistency:

    • Compare MRZ data with chip data (DG1)
    • Verify visual data matches chip data
    • Check document validity dates

12) Compliance & Standards

Standards Alignment

  • ICAO Doc 9303: Full compliance required
  • EU Regulation 1417/2013: Form and issuance requirements
  • Security Standards: Equivalent to Member-State passports

Integration Points

  • PRADO: Document specimen reference (EUE-TS-02001)
  • FADO: Document authenticity database
  • IATA Timatic: Travel document acceptance database
  • ICAO PKD: Public Key Directory for certificate validation

13) References

Official Sources

Related Documents

  • UN Laissez-Passer: PRADO UNO-TS-02001 (for comparison)
  • ICAO PKD: Public Key Directory membership information
  • IATA Timatic: Travel document database

14) Implementation Checklist

Phase 1: Basic Support

  • MRZ parser for TD3 format (2×44 chars)
  • Document number validation
  • Issuer code recognition (EUE)
  • Basic security feature detection

Phase 2: Chip Integration

  • Contactless IC reader integration
  • BAC/EAC implementation
  • LDS data group reading (DG1, DG2, DG3)
  • Certificate chain validation

Phase 3: Advanced Features

  • EU-LP CSCA integration
  • CRL checking
  • Biometric verification (face, fingerprints)
  • Full security feature validation

Phase 4: Production

  • Certificate rollover monitoring
  • Deviation notice handling
  • Integration with credential issuance
  • Audit logging and compliance reporting

Document Control

  • Version: 1.0
  • Last Updated: 2024-12-28
  • Next Review: Quarterly (or upon ICAO/EU updates)
  • Owner: Identity Service / Compliance Team
  • Status: Reference Documentation

Note: This specification is for technical integration purposes. For legal and policy matters, refer to the official EU Regulation 1417/2013 and consult with legal counsel.

Reference in New Issue View Git Blame Copy Permalink