Large scale Identity Management and credentialing projects require significant planning, due to the myriad of moving parts and components. The global interoperability of identification, authentication and digital signature functions supporting Identity Management for Large Populations add to the significant challenges of implementation. Due to the many moving parts involved in Identity and Credential Management projects, systems must be carefully designed, implemented, and managed. At the core of these projects is a standardized, uniform credential that is becoming increasingly capable of providing a strong identity assertion, as well as issuing authority verification. Further, additional consideration must be given for strong identity proofing and vetting coupled with background check capabilities to have a complete, end-to-end system.
Large scale Identity Management and credentialing projects require significant planning, due to the myriad of moving parts and components. The global interoperability of identification, authentication and digital signature functions supporting Identity Management for Large Populations add to the significant challenges of implementation. Due to the many moving parts involved in Identity and Credential Management projects, systems must be carefully designed, implemented, and managed. At the core of these projects is a standardized, uniform credential that is becoming increasingly capable of providing a strong identity assertion, as well as issuing authority verification. Further, additional consideration must be given for strong identity proofing and vetting coupled with background check capabilities to have a complete, end-to-end system.
Large scale Identity Management and credentialing projects require significant planning, due to the myriad of moving parts and components. The global interoperability of identification, authentication and digital signature functions supporting Identity Management for Large Populations add to the significant challenges of implementation. Due to the many moving parts involved in Identity and Credential Management projects, systems must be carefully designed, implemented, and managed. At the core of these projects is a standardized, uniform credential that is becoming increasingly capable of providing a strong identity assertion, as well as issuing authority verification. Further, additional consideration must be given for strong identity proofing and vetting coupled with background check capabilities to have a complete, end-to-end system.
Identity Management for Large e-Government Populations
J.R. Reagan
Gordon Hannah
BearingPoint, Inc., 1676 International Drive, McLean, VA USA jr.reagan@bearingpoint.com gordon.hannah@bearingpoint.com
Abstract: Large scale Identity Management and credentialing projects require significant planning, due to the myriad of moving parts and components. The global interoperability of identification, authentication and digital signature functions supporting Identity Management for Large Populations add to the significant challenges of implementation. Due to the many moving parts involved in Identity and Credential Management projects, systems must be carefully designed, implemented, and managed. At the core of these projects is a standardized, uniform credential that is becoming increasingly capable of providing a strong identity assertion, as well as issuing authority verification. Further, additional consideration must be given for strong identity proofing and vetting coupled with background check capabilities to have a complete, end- to-end system.
- 2 - Table of Contents 1. Overview ..................................................................................................................................................... 3 2. Challenges in Implementing Large-Scale Identity Management for eGovernment ................................... 3 2.1 eIDs Legal & Societal Impact ............................................................................................................. 3 2.1.1 Societal Implications in Europe & the US. ................................................................................. 3 2.1.2 Legal Implications in Europe & the US ...................................................................................... 3 2.2 eID Regulatory Implications in Europe & the US ................................................................................ 4 2.2.1 The effect of eID in Europe & the US ........................................................................................ 4 2.2.2 Verification of eID ...................................................................................................................... 5 2.2.3 eID & Data Protection ................................................................................................................ 5 2.2.4 eID Content & Legal Liability .................................................................................................... 5 2.2.5 eID Cancellation/Revocation ...................................................................................................... 5 2.2.6 Global Interoperability ................................................................................................................ 5 2.3 Standardization ..................................................................................................................................... 5 2.3.1 Smart cards ................................................................................................................................. 6 2.3.2 Biometrics ................................................................................................................................... 6 2.3.3 Digital signature .......................................................................................................................... 7 2.3.4 ePassport/Visas ........................................................................................................................... 8 3. Implementation Best Practices .................................................................................................................... 9 4. Characteristics of Successful Identity Management Projects ................................................................... 10 5. Summation ................................................................................................................................................ 12
- 3 -
1. Overview The global interoperability of identification, authentication and digital signature functions supporting Identity Management for Large Populations add to the significant challenges of implementation. Due to the many moving parts involved in Identity and Credential Management projects, systems must be carefully designed, implemented, and managed. At the core of these projects is a standardized, uniform credential that is becoming increasingly capable of providing a strong identity assertion, as well as issuing authority verification.
A uniform credential incorporates biometric and cryptographic technologies; the biometrics serve as the strong linkage between credential and the credential holder as well as to the applications; the cryptographic keys operate as the method of validating the credential to applications that invoke higher levels of authentication. Physical and logical application demand necessitates that robust identity assertion and verification succeed in both on and off line environments.
Various programs inside e-governments are now evolving to add biometric authentication, as well as integrating physical and logical access. These requirements involve unifying identity data from disconnected systems and creating a system of distributed enrollment for smart cards. People are an inherent part of a credentialing system and take on a number of roles, including enrolment, performance of background checks, adjudication, and the personalization & issuance of credentials. Implementing an end-to-end identity proofing and credentialing system must maximize the use of its human factor to effectively provide the checks and balances to prevent credentialing errors (providing credentials to the incorrect individual, or fraudulent identity).
Documented, and well-defined, processes should support identity management and verification systems. Additionally, potential scenarios must be considered and addressed e.g., inability to capture good quality biometrics, providing a notification and appeal process for denial of a credential, and presentation of fraudulent identity documents. Without strong, well-defined, and consistent business processes, bad actors will quickly find and successfully target the systems weakest link. 2. Challenges in Implementing Large-Scale Identity Management for eGovernment 2.1 eIDs Legal & Societal Impact 2.1.1 Societal Implications in Europe & the US The EUs approach focuses on creating a framework for developing societal and technological standards prior to introducing biometric based systems. Member States will adopt the approved standards that are consistent with each states individual legal and legislative requirements as well as their citizens civil liberty expectations. (Most 2004)
The US eID approach has focused on developing the technologies necessary to deploy large-scale eID programs, with regulatory requirements to follow. This approach has resulted in controversy from privacy groups that are concerned the necessary security to protect information is insufficient, as well as would allow for real-time tracking of individuals. In response to these concerns, the US government has stated, the government is working on solutions to protect the integrity of the information, but rapidly enabling encryption technologies could result in global interoperability issues. (eGovernment News, 2004) 2.1.2 Legal Implications in Europe & the US EU and its Member States have defined legal and societal frameworks, for eID and incorporating biometrics, which conform to data protection laws, address citizen acceptability, as well as societal impacts rather than setting out a broad vision then asking commercial enterprises to provide the methods and details.
There has been emphasis on ensuring that the use of biometrics is appropriate and proportional as well as adequately, and cost effectively, meeting the core identification-related security requirements. While this approach tends to initially slow the process, it addresses fundamental issues and avoids leaving crucial - 4 - decisions in the hands of the commercial sector-- decisions that could become the subject of public scrutiny and potential legal battles. 2.2 eID Regulatory Implications in Europe & the US 2.2.1 The effect of eID in Europe & the US European Union (EU) eID initiatives have national level legal and regulatory impact; because the government often issues identification documents necessary for in-person proofing. In addition, privacy concerns need to be addressed. The integrity of the secure linkage between the eID holder and the information on the e-ID is a crucial element so a 3 rd party can accept the credential as valid. In response, standardization initiatives are in process regarding the:
! Requirements necessary to issue eID credentials ! Documents necessary for issuance ! Process stages requiring the applicants personal appearance ! Supplemental evidence for proving and individuals identity
Europe has introduced detailed legislation based on national law that compliments the European Economic Areas (EEA) national law. The new eID legislative requirements incorporate the regulatory mandates that apply to obtaining a visual paper ID. The justification being that acquiring an eID should not be easier than the application process for a paper based ID. Existing regulations offer an initial framework for the creation of new legal requirements for eID initiatives. A solution, which has been discussed, is incorporating the new eID/AIS functional requirements into the existing Directive on Electronic Signature. However, there is a possibility that new eID specific regulations will be necessary. (CEN/ISSS Workshop eAuthentication, 2004)
Fingerprint and facial images are anticipated to be mandatory features in EU passports. Following the EU councils adoption of a new regulation relating to biometric data, member states will have 18 months, from December 2004, to incorporate facial images and three years to implement fingerprint images in ePassports. The UK and Ireland have the option to decline, with Denmark reserving the right to consider the proposal for six months, before incorporating facial image or fingerprint biometrics.
EU deadlines could mean that Member States may not meet the U.S. deadline of October 26, 2005 for biometric passport issuance. Therefore, the EU will look to the U.S. to extend the deadline to allow its citizens to retain visa-free travel status. Furthermore, incorporation of digital fingerprint images within the passport is likely to be controversial. However, inclusion of biometric data is directly related to the ICAO standard requirements, which specify that fingerprint or iris images are optional, whereas facial images are mandatory. (Elsevier 2005)
United States (US) The US has not been as proactive as the EU with respect to the introduction of eID legislation. However, Homeland Security Presidential Directive 12 (HSPD12), released in August 2004, and the corresponding FIPS 201 mandate, provides a framework for eID compliance across Federal agencies and requires:
! All Federal agencies to standardize the quality and security of forms of identification used to gain access to secure government facilities where there is potential for terrorist attacks. ! Mandates a Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees).
HSPD12 is designed to address post 9/11 concerns, as well as enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy. The FIPS 201 mandate accompanies HSPD12 and provides standards for the Smart Card interface & technical (SP800-73), and biometric (SP800-76) specifications. Additionally, FIPS 201 will incorporate cryptographic specifications (SP800-78) when released later this year. - 5 - 2.2.2 Verification of eID Regulations are in place or underway the EU and the US to address eID content. However, many questions remain. At the forefront -- can current regulations be applied to eID initiatives that ensure the link between the holder and the credential? Further, how can the eID verification problem be solved at the international level?
Currently, there are no formal requirements relating to signature verification, only recommendations that are specified in the EUs Electronic Signature Directive, as well as ICAO guidelines. Furthermore, the debate continues over concerns surrounding content, the information to be provided to 3 rd parties, and for what purpose(s). There is a consensus regarding ePassport initiatives; information contained in ePassports will remain constant with information held in paper based Passports but will add fingerprint and facial recognition biometrics. (CEN/ISSS Workshop eAuthentication, 2004) 2.2.3 eID & Data Protection Protection of data is directly related to privacy concerns surrounding eID initiatives. However, there are several directives that address eID data protection. The mandate most frequently referenced regarding eID data protection is the Electronic Signature Directive. This directive gives the credential holder the right to determine if the information contained in the eID will or will not be made public. However, the holders decision has significant impact on the intended use of the credential. (CEN/ISSS Workshop eAuthentication, 2004) 2.2.4 eID Content & Legal Liability The use of eIDs for verification of identity opens the question of liability what party should be held accountable for false information in the credential? The Electronic Signature Directive addresses this issue, for the certificate provider, by providing a revised burden of proof. However, uncertainty remains regarding the applicability of the ESD directive to eID issuers. (CEN/ISSS Workshop eAuthentication, 2004) 2.2.5 eID Cancellation/Revocation eID protection and revocation procedures are necessary to address cancellation of the credential if it is lost or In contrast to a paper ID that requires personal appearance, thus limiting the use of the ID, an eID can be used in absentiaover the internet, and for an extended period of time. Therefore, an effective eID revocation procedure would allow the real holder to immediately cancel the credential. There has been discussion, in the EU, regarding how to address revocation concerns; a proposed solution is offering a single revocation point for a holder to contact for emergency cancellation. (CEN/ISSS Workshop eAuthentication, 2004) 2.2.6 Global Interoperability The previous sections offer a framework to address the legal issues relating to the implementation and use of eID. However, the subject of international interoperability to address cross-border trust issues must be addressed as well. It has been stated that the quickest remedy to interoperability concerns would be in the form of legal regulation, or contractual market party agreements, with respective Governments providing guidance. Until the issue of interoperability can be internationally addressed, the interim use of pan European Interoperability agreements has been suggested as offering a solution. (CEN/ISSS Workshop eAuthentication, 2004) 2.3 eID & Global Standardization Until recently, an individuals identity was established through official papers, or because one person knows the other. World events, as well as the increasing incidence of identity theft have supported the need for accurate identity verification. Consistent advancements identity management technologies are responding to world concerns. The result is a transition away from the traditional methods of authenticating an individuals identity to a method promoting the use of the recent advancements in biometric and identity management technologies. Additionally, the need for cross-border standardization is becoming a critical component of eID strategy.
To facilitate faster and secure control of an individual, the ICAO has adopted recommendations as guidelines for a Machine Readable Transport Document, which incorporates the use of biometrics. Additionally, NIST - 6 - and NSAUS Agencies responsible for standards and securityapprove the inclusion of existing digital signature security standards with the use of biometrics for eID control. To improve the efficiency of the EU wide visa system the European Commission advocates the use of biometrics for travel documents. Both the EU and the US are investigating the use of a unified solution that will support non-EU and EU eIDs. (Eurosmart Whitepaper on Technologies for Identity, 2003) 2.3.1 Smart cards The U.S has begun to standardize its smart credentials in the Government space. Identity credential interoperability standards have existed in the U.S. for over four years and are being updated to address specific HSPD12 requirements, which for the most part, will expand and extend previous specifications. Additionally, aspects of the U.S. standards have been incorporated into the international (ISO) process. The challenge for the U.S. will be forming new standards while Government organizations with existing implementations will require grace periods with backward compatibility allowances to migrate to the new standards. It is uncertain whether the U.S. standards will conform to those provided by ICAO, as the U.S. objective is to have stronger identification and authentication standards. Interoperability, on an inter- Government and International basis, will be crucial to the success of identification and authentication technologies.
The implementation a new ID system requires the set-up of difficult processes of choice between various technologies, establishing standards, and the adoption of legal requirements. Policy issues relating to implementation could from the establishment of agreed upon standards among participating countries to the degree of authentication required for individuals. Further, card management policies and processes must be designed and implemented to support secure personal ID applications. A card issuance process must accurately verify the identity of the recipient at the beginning of the process, and an individuals identity information must be acquired and securely stored. Subsequent to eID issuance, identity information must be securely maintained and synchronized among applications and with new, updated information. Furthermore, the governance and management of the secure personal ID card system must acknowledge privacy issues and the infrastructure cost associated with system deployment. (CEN/ISSS Workshop eAuthentication, 2004)
Smart card based identification solutions can meet the requirements of a wide range of policies and legal mandates. Smart cards are a powerful tool for improving the security of any personal identification system, as well as protecting an individuals privacy rights. A smart card based ID system can support a machine assisted identification process, limiting the potential bias or judgment errors associated with identification. Coupled with a secure, privacy-sensitive IT architecture, a smart card based personal ID system can provide accurate personal identification, protect an individuals personal information, and address the policy and legal requirements currently being debated. 2.3.2 Biometrics Biometric standardization is less advanced in comparison to Smart Cards or PKI domain. However, anti- terrorism programs have caused biometric standardization initiatives to gain strength. Further, the CWA eAuthentication biometrics offers a means to eliminate the need for to remember different PINS for multiple applications. ISO/IEC SC 37,a group dedicated to biometric standardization, is very active and has been producing draft standards at a rapid pace. The most relevant biometric standards are: ! ISO/IEC 19784-1 specification for BioAPI ! ISO/IEC 19785-1 specification for Common Biometric Exchange formats (CBEFF) Part 1: Data Element Specification ! ISO/IEC 19794-2 specification for Biometric Data Interchange Format Part 2: Finger Minutiae Data Currently, the majority of the standards relating to biometrics are under development at the final committee draft. However, voting is in progress for a number of the completed drafts; it expected that a robust package of international biometric standards would be released in 2005. (CEN/ISSS Workshop eAuthentication, 2004) The ICAO is the de-facto leader regarding global standardization of eID processes, and is at the forefront regarding the issue of biometric standardization. The majority of the worlds countries participate in the - 7 - ICAO. Therefore, the organization specifies the standards (multi-part ICAO Doc 9303) for international travel documents-- including passports, visa and ID cards for travel purposes. Furthermore, ICAO document 9303 will be accepted for full ISO standards (ICAO Doc 9303 is ISO/IEC 7501). (CEN/ISSS Workshop eAuthentication, 2004)
The ICAO has developed a new technology-working group to decide and define preferred biometric solutions in the aviation and border control areas. Following are the four ICAO decisions regarding biometric standardization:
! Contact less chip technology is preferred for Machine Readable Travel Documents (13.56 MHz) ! Facial recognition is the preferred biometric technology for world-wide interoperability in the border control ! The full picture of the biometric characteristic should be held in the chip (ICAO recommends 32Kbytes of memory for storing biometric images) ! Personal data in the card IC is freely accessible but member states can decide to utilize PIN protection
The use of standards-based biometric templates in conjunction with credentialing technologies should be emphasized vice the lowest common denominator of images. Templates provide several advantages over images including:
! Less storage space needed ! Faster reading and processing times; i.e., performance ! Better security and protection of identity ! Less need for further protection, such as encryption technologies ! More privacy
The EC and US have accepted ICAO biometric recommendations for border control. The US-VISIT program has influenced countries to rapidly implement e-Passport programs. The US has postponed the original compliance date of October 2004, for the 27 visa waiver program countries until October 26, 2005. Additionally, in September 2004 the EU Commission requested a postponement of biometric passport compliance until late 2006.
Biometric enrollment of all persons visiting the US began on September 30 2004, and fingerprint and facial biometrics are checked against known terrorist & criminal watch-lists. At this time, it is not confirmed if database verification processes have been activated. The program was initiated in January 2004 at 115 airports and 14 seaports, since its inception more than 8.5 million non-US nationals have been processed without long waits, as the checks take an average of 15 seconds per person. (Eurosmart Whitepaper on Technologies for Identity, 2003) 2.3.3 Digital Signature The legal framework for digital signature is specified in December 1999s, EU Directive 1999/93/EC. This directive is technology neutral, and has been used as the foundation for many joint CEN and ETSI collaborations, for example the CEN/ISSS Workshop eSign. The most applicable digital signature advancement has been in Area K of the eSign Workshop, which has led to CWA 14890; a part of a series of standards for secure signature creation devices (SSCDs). (CEN/ISSS Workshop eAuthentication, 2004)
CWA 14890 facilitates interoperability between smart cards from different manufacturers. The CWA specification allows interaction between different signature applications. The interaction permits application interface to the smart card during the usage phase, where the smartcard is used as an SSCD; the system allows national and/or European smart card interoperability and usage. The EU directive for electronic signatures accounts for additional E-SIGN documents and standards is the basis for the CWA. CWA 14890 is applicable to file system (ISO/IEC 7816 native cards) and object oriented applications (e.g. Java applets), which are supported by smart cards. (CEN/ISSS Workshop eAuthentication, 2004)
- 8 - CWA 14890 incorporates the following requirements:
Requirement 1 ! Electronic signatures and certificates will be interoperable ! Different applications & environments will verify unknown to the signer, signatures. Therefore, signatures and certificates must be standardized to ensure interoperability Requirement 2 ! The physical, logical and application interface will be interoperable, at a minimum, for the same device type ! The signing device can be used in multiple applications & environments, without the addition of additional software drivers
Further, CWA 14890 has two parts:
Part 1 Describes mandatory services for the use of Smart Cards as SSCDs. Mandatory services addresses the signing function, storage of certificates, the related user verification, establishment and use of trusted path and channel, key generation, as well as the allocation and format of resources required for the execution of those functions and related cryptographic token information.
Part 2 Specifies the optional services based on the same technology available in signature devices. Optional services speaks to deciphering and client (card holder) server authentication, signature verification and related cryptographic token information 2.3.4 ePassport/Visas Time pressures in the passport space have had a positive impact on interoperability with contact less interfaced integrated circuit chips. In response, a standardized data model and the ability to strongly verify the issuer have resulted. A uniform method of protecting portions of the information on the chip, such as fingerprint images is the missing piece; this is an area that must be further investigated, as it would require the addition of significant infrastructure on an international basis.
The US is driving the global ePassport effort due to the governments deadline set for the 27 visa-waiver countries to issue biometrically enabled passports for those visiting the United States. The unilateral U.S. mandate has ruffled feathers among U.S. allies because 20 of the 27 countries in the Visa Waiver Program are in Europe. In response, the European Commission is expected by year's end to develop new specifications for European passports that will, like those issued by the United States, adhere to standards set by the International Civil Aviation Organization (ICAO). Recently, the U.S. voted to grant visa-waiver countries which include most of Europe, Japan, Singapore, Australia and New Zealand until Oct. 26, 2005, to deploy biometric enabled passports. However, the Bush administration prefers a November 2006 deadline due to the difficulties compiling the necessary technology. (Eurosmart Whitepaper on Technologies for Identity, 2003)
In 2004, the ICAO created a basic structure regarding the biometric technology to be incorporated in next- generation travel documents. The specified framework cites provisions for the inclusion of face images, plus another mandatory biometric (fingerprints and iris recognition are optional). The issues related to biometric data integration are just beginning to be addressed by industry and government agencies. Further, because private industry has not started to optimize biometric and related products, there is uncertainty in regard to how accurately ICAO specifications will be applied to chips, readers and passports. The private sector has not developed benchmarks to assess the speed, performance and acceptance ratio of biometric technology. Furthermore, the decision has not been made regarding the level of security necessary to ensure the communication between the chip and a reader. ICAO specifications provide a range of options, but individual countries are responsible the decision regarding ePassport chip-reader communication, as well as the chips operating system. (Eurosmart Whitepaper on Technologies for Identity, 2003)
The most controversial topic surrounding ePassports and the use of biometric data is the actual handling of the data. At present, each government is responsible for defining rules and regulations related to biometric data once it's collected and stored on a chip, as well as whether to allow unlimited access, or to specify restrictions to the biometric data stored on a passport chip. The EU has be exploring an option that - 9 - ensures the biometric data is permanently locked, and cannot be read, unless an passport optical-character number is read by an optical-machine reader. This extra layer of data protection prevents the biometric information from being read without the knowledge of the ePassport holder. Furthermore, European countries are investigating the use of a crypto coprocessor, which would encrypt the chips raw data. In comparison, the US is considering a lower level of ePassport biometric data security. In contrast, the US is considering a lower level of security for ePassport biometric data security. (Eurosmart Whitepaper on Technologies for Identity, 2003) 3. Implementation Best Practices Creation of a uniform, nationwide, standard for secure identification is necessary to facilitate a uniform appearance and graphical security features across multiple technologies to include proximity, contact chip, contact less chip, and magnetic and optical stripes. Further, standardization would assist the utilization of a common credential that would span multiple technologies, as well as be universally recognized.
Decrease the requirement for redundant credentials and background checks. Through verifying during the application & enrollment processes that previous checks have not been made, and tying the checks to the applicants identity can reduce redundancy. Furthermore, ensuring that honoring previously conducted checks, when conditions and policy warrant, will assist the recognition of a credential as single and uniform.
Design a solution to positively and securely link an individual to his/her credential via a reference biometric and to the background information on the claimed identity of that individual. Capturing digital photo, 10 fingerprint images, iris image, and breeder documents at time of enrollment and securely storing this information tied to the individuals claimed identity, and enable the future one-to-many biometric searches against this captured information.
Ensure the solution is compatible with existing facility access control and related systems to leverage current security investments. Providing both back-end and front-end integration to existing legacy access control systems, as well as capable, programmable readers that will support multiple access control technologies and biometrics.
Ensure the ability to quickly revoke access privileges to credential holders identified as a threat after issuance, and immediately remove lost, stolen, or compromised credentials. Automatically and immediately pushing Hotlist notifications out to relevant parties, and provide additional alert capability for local administrators to revoke access of Hot-listed cards, whether lost, stolen, or compromised.
Retrieval of pre-enrollment employer sponsorship, biographic, and payment information - Is a methodology for retrieving pre-enrollment data that encourages applicants to follow recommended procedures when applying for a credential, and minimizes face-to-face enrollment time. Additionally, pre- enrollment offers the applicant the ability to print out a bar-coded form containing the scheduled appointment time, as well as other information. The bar-coded enrollment form guarantees the applicant has preferred access in support of the scheduled appointment. Additionally, the form automatically generates a request message referencing the user index synchronized to the database record. Therefore, the pertinent data is quickly retrieved, thus reducing both time and effort, resulting in reduced face-to-face transaction time.
Support the claimed identity verification process-- The system should support claimed identity during enrollment through strong authentication breeder documents. The reader-authenticator is an imaging unit that captures full color, infrared, ultraviolet (UV), and coaxial images from all ISO-7501/ICAO-9303 compliant documents (such as passports, visas, and national travel cards: ID-1, ID-2, and ID-3) as well as non-ICAO compliant documents including drivers licenses, IATA standard ATB1, ATB2, and TAT document types.
Whereas traditional document readers allow inspectors to capture only text data from a travel document, the reader-authenticator captures text, images, Optically Variable Devices (DVDs) and other encoded data from anywhere on the face of the document. The platform should also include functional capabilities of classification, reading/extraction, and authentication. Used in conjunction, these constitute the most advanced identification document authentication system available.
- 10 - Capture biographic and biometric data for initiation of a background check and registration processes. The enrollment station should use a certified high-quality 10-finger scanner to capture fingerprints and a digital camera capable of capturing a facial image that is sufficient for identification, as well as meets the ICAO specification. Enrollment data includes all information required for searches, and is stored in an IAFIS-compliant Electronic Fingerprint Transmission Specification (EFTS) record format that conforms to international standards. The importance of the quality of biometric image capture during this transaction cannot be understated; these images are often used later for identification and verification, and must be re- usable. Furthermore, at this stage in the transaction, the success of the credential as a biometric carrier is dependent upon the ability to accurately store and verify quality.
Image-capture, verification and retention of claimed ID documentsThe enrollment station captures, verifies, and retains images of drivers license, passport, issued IDs, and other full-sized documents. The enrollment workstation uses reader-authenticator for passport-sized or smaller documents, and a flatbed scanner for larger documents. The images captured during enrollment are stored as a permanent part of the applicant record.
Minimize manual data entry of initial biographic and demographic information Development of convenient and easy-to-use pre-enrollment stations, either web or kiosk based, will decrease employee data entry time, as well as prevent errors while processing information. Additionally, live waiting time can be reduced through the used of incentives to promote pre-enrollment participation. For example, with pre- enrollment produces a printed, bar coded receipt that facilitates rapid retrieval of data entered during enrollment, as well as reduces processing and wait time.
Refer to Appendix A for illustration of an effective ePassport/Identity Management system. 4. Characteristics of Successful Identity Management Projects Minimizing the disruption to passport holders when introducing Integrated Chip (IC) enabled passports is a primary area of concern. The, May 2003, ICAO decision to adopt contact less chips will simplify the process to extract data held on the chip for immigration officials by using an RF-enabled reader. Based upon our experience with biometrics, integrated circuit chip technology, and passport production, several additional focus areas for consideration include: ! Establishment of a simple and secure nationwide biometric enrollment infrastructure; ! Access to a central biometric data repository for U.S. passport holder data; ! Incorporation of a standards-compliant chip that supports a wide variety of contact less chip readers; ! International context of U.S. passport usages; and ! Minimization of disruption to existing passport production processes.
Biometric Enrollment Infrastructure The systematic capture of biometric data will require the organization and creation of a significant infrastructure. Establishing a robust enrollment infrastructure should be considered at the start of, as well as throughout, the implementation process. The infrastructure must capture and process at least facial, and one or more additional biometric features (e.g., fingerprint or iris). Furthermore, it must be consistent with policies for validating an applicants entitlement to hold a passport and be designed in a manner where there is minimum impact to the existing passport application process. To facilitate accurate facial and other biometric recognition matching processes at international entry/exit points, data must be captured and manipulated, due to the variance in matching rates caused by poor quality images, particularly in the case of facial recognition.
Biometric Data Repository Secure, high speed access to a national database of passport holders biometric data is a prerequisite for validation at entry/exit points and is consistent with ICAO guidelines regarding multifactor recognition at entry/exit points through referencing a database.
Historically, a one-to-one validation of data on a passports embedded chip is compared to information on the documents physical data page, in addition to visual identification to verify the identity of the holder. However, cross-referencing data extracted from a chip and from live image capture against a national - 11 - biometric data repository would provide g greater level of authentication. The cross-reference method would validate that the biometric profile of the person at the border matches the data held on the passport chip, as well as the data in the national repository for that citizen. However, use of cross-referencing programs must be weighed against bandwidth/connectivity demands, as well as protection of the data at motion and at rest, to include the interfaces and accessibility of the national database.
Cross-referencing is similar to models that have been adopted in several limited scope programs for automated immigration gates, most notably in the Netherlands and Australia. In Australias SmartGate initiative, for example, air travel industry employees that have enrolled in the program can report to an unmanned immigration booth in Sydney airport; a facial recognition system validates the live image of the employee captured in the booth matches that of the employee enrolled in the SmartGate database. The Sydney airport program is similar to a frequent flyer program in operation in the Netherlandss Schipol airport, although in this case the iris is the biometric feature used. However, in both cases, the only check against the passport document is to verify that details in the passports Machine Readable Zone (MRZ) match those contained in the database; there is no check against biometric data held on the passport.
Standards-based Chip Solution The wide variety of available MRZ and full-page passport readers ensures that a range of contact less chip readers will be deployed by national immigration agencies around the world. Therefore, the chip selected should be readable, in a per formant manner, by readers of all quality levels, and consistent with the international standards defined by ICAO. Furthermore, an added benefit of a standardized solution is that infrastructure developed to read from national passports would also be capable of reading any national passport. An example of this technology is BCIS (formerly INS) that is currently piloting a system to read Malaysian biographic passport data.
International Context Because many countries may not have the necessary infrastructure in place to process chip-resident data of international passports, chip insertion must not have an effect on the traditional measures of reading and verifying the authenticity of passport, as well as the holders identity. Supporting the traditional verification processes requires support of MRZ and full-page readers.
Minimize Disruption to Passport Production The primary area of consideration is the impact on the personalization process to ensure that chip encoding forms a seamless element in the personalization process. Secondly, the impact on the passport booklet manufacturing process must be minimized as well as ensure that, during insertion, the chip is protected from temperature variations, pressure, flexing, bending and other potential damage. Both of these concerns are strongly linked and should be addressed in conjunction.
The first option, to avoid potential damage during the manufacturing process, is consistent with the requirements for chip insertion into the inside back cover of the booklet, by embedding the chip in a protective plastic material (i.e., polycarbonate or polymeric) that is then inserted into the back cover. The protective material would, ideally, be the same size as the booklets page, protect the chip from heat, compression and other factors, as well as be designed in a manner that any attempt to split the material would result in significant damage to the chip.
A second option considers replacing current paper data pages with polymeric material that would host the chip. This process requires no change to the back cover, and printers would personalize the polymeric data page with the holder data, with zero to little modification required. The greatest benefit of this option is that the chip is stored in the same location as the standard holder data. Initial tests of this scenario have been positive.
Both proposed options are compatible with either an inline or external approach, whether the chip is inserted into a polymeric material in the back page, or the into the same substance that forms the data page, countries can either adopt a chip encoding module that directly integrates with the existing printers, or implement an encoding process external to the equipment. An additional area of consideration is close accounting and inventory management of the chips and their data pages or embedded covers; this component often needs to be added to existing inventory management systems to associate chip serial numbers with passport booklet numbers. - 12 - 5. Summation There are a number of existing global eID initiatives, with Europe and the US at the forefront with respect to new eID deployments. Governments are leveraging the use of IT and the Internet to deploy, on a large scale, eID programs to enterprises, as well as citizens. Electronic services are being utilized to facilitate the use of eID. Following is a list of services employing the use of eID to reduce administrative costs, as well as effectively verify an individuals identity (Eurosmart Whitepaper on Technologies for Identity, 2003):
! In the US for filing Federal, State & Local Income taxes, in Europe to declare & notify Income and other taxes ! In Europe - labor office job searches ! Social Security & other Public Services - unemployment benefits, child allowances & student grants ! Paper Identification Applications - drivers licence, passport, & immigration visa ! Motor vehicle registration ! Building & Renovation Permits ! Police statements with respect to theft or accident ! Request & Delivery certificates birth & marriage ! Address Change & Update of Personal Information ! Electronic voting
Electronic services offer an effective medium to indoctrinate citizens to the use of eID, by offering a quick, convenient, method of obtaining services. Electronic based government services for citizens (e-Government) offer a beneficial tool for citizens. For government, such on-line services offer multiple advantages:
! Reduction in administrative & overhead costs ! Single point of contact for individual government entities ! Reduction in the incidence of fraud due to encryption technologies ! Quick and reliable services ! Improved citizen satisfaction and government perception ! Greater control and privacy of personal information
Continued advancements in identity management technologies and standards will streamline the processes necessary to deploy efficient, and interoperable, identity verification and authentication initiatives. Standardization of technologies, causing the streamlining of planning processes, will aid the creation of a strong, unified credential capable of vetting large populations, providing strong identity assertion, as well as issuing authority verification.