The integrity and authenticity of an electronic boarding pass is validated by checking the digital signature of the barcode they use. A digitally signed barcode protects against forgery and enables validation upon check-in. Carriers use private signing keys to sign barcodes and issue associated public certificates from a public key infrastructure (PKI) for their validation. The degree to which carriers can trust their PKI depends on the protection afforded to the root and issuing CA private signing keys. The private signing keys underpin the security of the entire system, and properly safeguarding and managing them is essential.
Thales hardware security modules provide root of trust for secure electronic boarding pass issuance and validation
- Protects integrity and authenticity
- Leverages public key infrastructure
- Enables reliable and trusted validation
- Prevents misuse, counterfeit and fraud
- Safeguards critical signing keys in a FIPS 140-2 Level 3 certified module