asmag logo
Crossing Borders with Biometrics and RFID
a&s International 2010/6/25

New airports boast the latest security technologies, yet most personal identity documents and issuance procedures are outdated. In many countries, passport and national ID issuance is still done manually. Governments are looking into electronic IDs to replace paper documents, while international standards mark this as a major application for biometrics and RFID technologies.

New airports boast the latest security technologies, yet most personal identity documents and issuance procedures are outdated. In many countries, passport and national ID issuance is still done manually. Governments are looking into electronic IDs to replace paper documents, while international standards mark this as a major application for biometrics and RFID technologies.

The management of national ID production is currently cumbersome and costly. It is not uncommon for employees of passport or license agencies to spend their days doing manual labor — scanning documents, sending forms to people who have submitted substandard photos and so on. "It is a difficult and time-consuming process for individuals to apply for IDs, and agencies to produce them," said Magnus Svenningson, MD of Speed Identity.

There is much room for error and identity fraud. "Approximately 10 percent of technologies and procedures are substandard applications, and though it's reasonable to assume use of current technology, budget restraints on behalf of government agencies involved in issuing national IDs is holding back widespread deployment," Svenningson said.

Demand for electronic IDs (e-ID) is just beginning. In Europe, a third of the countries have rolled out related projects, with more coming on board. "This means that a little over 50 percent of the European population is taking on e-ID schemes," said Yiru Zhong, Market Analyst at Frost & Sullivan.

International Regulations
The International Civil Aviation Organization (ICAO) is active in setting global standards for e-passports. Among these standards include the Basic Access Control (BAC) and the Extended Access Control (EAC) initiatives. These will help countries migrate from traditional paper-based travel documents to e-IDs.

BAC addresses first-generation electronic passports (e-passports), using contactless smart cards containing a simple biometric — typically a digitized photo of an individual — along with the digital identity information of an individual duplicated on the paper document, said experts from Temporal Secure Digital Identity in a prepared statement.

EAC addresses second-generation e-passports, allowing governments to leverage a stronger biometric identifier that makes impersonation of the legitimate document holder more difficult. The use of biometrics — typically a digital fingerprint or iris scan — establishes a stronger tie between the individual and the travel document. EAC is currently optional and not fully specified.

The ICAO has also issued standards for RFID use in passports, while the ISO issued standards for facial recognition biometrics used in ID documents. "As a biometric solution, facial recognition is not as reliable for personal identification, because it varies with lighting, color, temperature, aging, and so on," said Anderson Lin, Project Manager of Security for NEC.

Additionally, requirements are difficult to meet because operators must undergo at least two to three years of training from each solution vendor, Lin said. Countries tend to have very high false acceptance and false rejection rates if they do not follow these standards.

Higher accuracy alternatives, such as fingerprint or iris scans, have been mandated. However, issues with privacy still need to be overcome.

Efforts to ensure the quality of documents can be seen by manufacturers obtaining certification. The German Federal Office of Information Security, for example, issues security certifications for factories to ensure RFID production environments and manufacturing processes are up to par, said Martin Kuschewski, Head of e-ID Business Unit at Smartrac Technology Group. "We were among the first to obtain the highest evaluation assurance level for manufacturing RFID-based identity documents."

Decision Makers
A range of government departments and agencies are involved in the rollout of a national identity scheme. This typically includes the national registry, the department of home affairs, the electoral judiciary and the national statistics office, said John Kendall, National Security Program Director for APAC, Unisys. For e-passports, the authority for immigration and citizenship is involved.

The ministry of the interior is also responsible for issuing e-IDs. It usually establishes the requirements and specifications of such projects. However, due to the sensitive nature of these documents, there is also significant collaboration with national IT infrastructure networks, Zhong said. "Tenders are streamlined through public announcements found on national government websites."

Other stakeholders involved include the foreign affairs ministry. Communication between the ministry of the interior — which handles immigration — and foreign affairs has historically been a market barrier. "Foreign affairs lean towards traditional paper methods of issuing passports, whereas immigration is pushing for the uptake of biometrics for better protection," Lin said.[NextPage]
Technologies in National IDs
Despite public complaints, biometrics and RFID are making headway in national ID projects. Deployment requires many things, of which convenience, efficiency, accuracy and reliability are paramount.

For biometrics, enrollment needs to be convenient and easy. National ID projects involve hundreds of thousands of individuals, so fixed and mobile enrollment stations help agencies cover more people, Kendall said. The system must also be highly accurate in identifying both legitimate citizens and imposters.

With facial recognition, it is fairly standard to obtain multiple samples of the same face in different positions, from different sources and at different times, said Algimantas Malickas, CEO of Neurotechnology. This improves matching quality. For example, a person can be enrolled with or without glasses, a mustache, smiling, and so on. Enrolling each sample takes only a few seconds, but the full process may take more time, depending on the number of samples taken.

Speed of enrollment and matching is also a top concern. If these processes are time-consuming, governments will refrain from using them.

"Our fingerprint technologies can match up to 40,000,000 fingerprints per second," Malickas said. "Faces can be detected and processed in milliseconds, depending on the defined template size."

The introduction of RFID-based identity documents enhances the overall security standard for national IDs. E-passports are among the first identity documents equipped with RFID technology. "Today, more and more identity documents, such as ID cards, pass cards for border crossing, drivers' licenses, health cards, public services cards and so on, are based on RFID," Kuschewski said.

These chips are being used to store biometric data and provide information electronically during credential verification processes, said Uwe Richter, Senior VP of Product Management at Cross Match Technologies.

RFID tags satisfy the demand for convenience because of their touch-and-go capabilities. RFID chips tend to be more durable than contact technologies, said Stephen Price-Francis, VP of Marketing at LaserCard. They facilitate long-range wireless communication of a serial or file number to a reader, and can notify border inspection systems of the smart card's impending arrival. This is useful for reducing delay at busy border crossings, such as checkpoints between the U.S. and Mexico.

In terms of durability, RFID hardware typically has an expected lifespan of up to 10 years, said Dimas Ulacio, Program Manager of Identity Solutions at Smartmatic. However, though the tag itself can operate for a long time, environmental factors can cause it to fail much sooner.

The weakest part of the system is where the antenna connects to the chip. "In flexible documents such as a passport, I have seen chips fail in a matter of months, when the document is heavily used or carried in the back pocket of pants. If the chip gets wet, or is subjected to high humidity, it can fail," said Richard Search, Directorof Program Management at Animetrics.

This produces a twofold dilemma: the individual holds a valid but electronically disabled document, Search said. The inspector must then make a decision based on incomplete information. Additionally, the individual needs to repair the faulty ID, causing inconvenience and extra cost.

"This problem will become more pervasive as RFID chips are used longer and fail on a larger scale," Search said. Facial recognition provides an additional level of security if the RFID chip fails.

While the introduction of biometrics and RFID technologies have advanced document security, they do not necessarily provide a comprehensive solution preventing document and identity fraud, especially where readers are not available, Price-Francis said. Government and national organizations are turning to multilayered approaches that combine a set of technologies onto a single credential. The next-generation U.S. Permanent Resident Card, launched in May of this year, is a recent example.

Pilot Schemes
Experts agree that pilot runs are necessary to highlight real-life operational problems. "This part of the program enables the customer and supplier to identify specific local issues — from staff training needs to distribution, logistical or technology problems, including equipment performance in diverse climates," Price-Francis said.

Local conditions could cause problems that need to be taken care of before a large-scale rollout, such as insufficient storage; production and operations; limited bandwidth; power shortages and voltage fluctuations; and dispersion of the population in remote and inaccessible places, Ulacio said.

Optimizing these conditions can involve simple and specific adjustments, such as modifying holders for fingerprint readers to be mounted in a slanted position on a counter, Richter said.

Culture and religious considerations also play a role. "In some countries, fingerprints are associated with crime and are unpopular. For this reason, Australians, for example, prefer facial biometrics for civil applications, whereas Indians, who have been using fingerprints for several years to authenticate legal documents, are rolling out large-scale fingerprint biometrics for national IDs,"Kendall said.[NextPage]
Centralized Systems
At an early stage, planners must determine whether issuance will be centralized or distributed in multiple locations. Key factors to consider include: security of the process; overall control of program data; integration of databases; cost and security of issuing infrastructure, including printers, readers and staff; quality and consistency of finished credentials; and the convenience and service levels required for clients, Price-Francis said.

Major governments are increasingly shifting to centralized issuance systems for reasons of cost, control and security.

Privacy Protection
The largest barrier to adopting RFID and biometrics is privacy. Countries are concerned about information being used inappropriately or falling into the wrong hands. However, suppliers are confident that data protection through encryption methods, such as public key infrastructure (PKI), prevents tampering of communication between devices and locations, Kendall said.

Exchanging PKIs from country to country is an issue for customs and immigration procedures, if the country is not an ICAO member. "This is why one country cannot read passports from another," Lin said. "Countries that are ICAO members can share passport PKIs via ICAO's public key directory system."

New passports are protected by requiring the passport reader to authenticate itself as an authorized one, before the RFID chip releases its contents. "This ensures that the biometric data will not be read by an unauthorized terminal," said Eric Skinner, CTO at Entrust.

Governments can also minimize danger with administrative efforts. "This can be done by centralizing the system, and minimizing the amount of personal information maintained in the central identity register," Kendall said.

Way Forward
There are many issues to overcome before widespread adoption of digital national IDs. Several countries have launched e-passports in the Americas, Europe and Asia, but few countries have e-passport checking systems that can read the chip information from another country's passport during immigration. "You have no way of checking the electronic and digitized information on a passport if you cannot read it, causing inspectors to resort to traditional methods of manual face matching," Lin said.

More time and effort need to be spent on intercountry interoperability before national ID schemes can take off on a global scale. "Efforts can be seen in ICAO's work on the second generation e-passports, and as more countries adopt these passports, interoperability can be achieved," Skinner added.

Apart from technological challenges, past experience in conservative European countries suggests that without legal requirements to carry a national ID, the reception is usually lukewarm, if not downright hostile, Zhong said.

Cost is another issue that cannot be ignored. The expense difference between a paper-based ID card and a smart card is significant, making the latter less popular.

"Relying on a proven technology for identity documents is not only a question of practicality; it is also a question of efficiency and financial resources," Kuschewski said. "National ID projects are a long process, and complexities in infrastructure and technical interoperability must be addressed for successful deployment."

Messe Frankfurt New Era Business Media Ltd. All rights reserved. 2019/1/17 print out