Towards e-passport Duplicate Enrolment Check in the European Union
|
|
- Eugene Lawson
- 6 years ago
- Views:
Transcription
1 2013 European Intelligence and Security Informatics Conference Towards e-passport Duplicate Enrolment Check in the European Union Moazzam Butt, Sandra Marti, Alexander Nouak,Jörg Köplin, R. Raghavendra and Guoqiang Li Fraunhofer Institute for Computer Graphics Research IGD, Germany Thales Communications and Security, France Bundespolizei, Germany Gjøvic Univeristy College, Norway Abstract Automated border control gates are now being more and more deployed at airports to smooth border crossings with reduced man power and more convenience to the passenger. In order to use these new gates the traveler is required to present an electronic passport (e-passport or biometric passport). Lots of efforts have been undertaken to improve the security of the infrastructure at borders or by adding various security features to the passport. However, the weakest point in the passport issuance process is the enrolment step for passport applicant including the breeder documents authenticity and the duplicate enrolment check. The goal of duplicate enrolment check is to prevent the issuance of duplicate illegal passports containing possibly fake identities. A solution to this problem needs to be flexible and precise if the solution is meant for large-scale deployments and eventually standardization. This paper describes how a duplicate enrolment check can be realized securely between European Union member states using distributed databases of alphanumeric data and multiple biometric modalities. Keywords: automated border control, e-passport, cryptography, identity, biometrics, duplicate enrolment check. In the following, section-ii outlines the proposed cross MS- DEC system architecture. In section-iii, proposed DEC web services along with their data types and formats are explained. Section-IV contains the security aspects of the DEC communication. Finally, the paper highlights the open challenges, followed by conclusions. II. CROSS MS-DEC SYSTEM The proposed architecture model of cross MS-DEC system is shown in Fig. 1. I. INTRODUCTION Passports have been designed secure enough to obfuscate falsification or counterfeits. The issuance process of passports itself, however, is not reliable due to open challenges in the breeder document authenticity and duplicate enrolment check (DEC). Duplicate enrolment check is the process of checking the applicants identity in an attempt to find another illegal passport application or already existing passport issued with the misuse of identity (ID theft) at a different time or country. DEC relies on identification (1 to many comparisons), meaning comparison of applicant alphanumeric and biometric data to references alphanumeric and biometric data stored in member state citizens passports databases. DEC has to be seen as a futuristic functionality because as of this writing not all member states (MS s) have centralized or distributed citizen databases. This paper has been written based on the following hypothesis for the future: Each member state has a citizen passport database, containing alphanumeric and biometric data Member states agree to communicate data of their applicants to process DEC DEC is done on civil databases, meaning, not on databases of wanted people (black lists, watch lists), or criminal databases. Fig. 1. Architecture model of cross-ms DEC system The DEC system is composed of multiple entities located in different member states. For clarity reasons, we divide all member states involved in our system into two kinds of member states: native MS and foreign MS. While the citizen files his e-passport application in a native MS, a foreign MS is any MS except the native MS. It has to be noted that a citizen who applies for an e-passport should be checked for duplicate enrolment in all foreign MS s as well as in the native MS. All entities in the system can be desbribed as follows: Enrolment Station (ES): Interface to the end users (passport issuance authority and passport applicant) to collect the application request, to perform breeder /13 $ IEEE DOI /EISIC
2 document authentication and to forward the applicant case to the native member state back office. The enrolment station is not involved in the DEC process. Native MS Back Office (Native MSBO): Passport issuance authority office at the native MS that runs a search system via web-server to perform a DEC on the alphanumeric and the biometric databases located internally in the MS. If no duplicate can be found, the native MSBO sends a DEC request to foreign MSBO s. Foreign MS Back Office (Foreign MSBO): Passport issuance authority office located at any foreign MS that performs a DEC via web-server on foreign alphanumeric and biometric databases. Once the DEC is finished, it sends a found or not found message to the native MSBO. The native MSBO then takes a final decision after defined checks, whether a passport is to be issued or not. Note that the DEC is asynchronous, meaning that alphanumeric and biometric comparisons are not done in real time, mainly due to the huge size of MS citizens databases (several dozen of millions). Once enrolment process is complete, the applicant has to collect his personalized e-passport from Enrolment Station. III. DEC WEB SERVICES For DEC deployment, we propose two kinds of web services [1] as shown in Fig. 2. DEC request web service: sends alphanumeric and biometric data of the applicant as a DEC request to the foreign MSBO, The foreign MS provides an interface for the native MS to request a DEC. One DEC request is made for each applicant and for each chosen foreign MS. A DEC request contains the applicants biometrics data (face, fingerprints, iris (optional)) in a format compliant to ISO/IEC [2] and alphanumeric data (name, surname, date of birth, gender, nationality) in an interoperable format. DEC response web service: provides the result back to the native MSBO, The native MS provides an interface for the foreign MS to send a DEC response. Each foreign MS sends one DEC response for each applicant. A DEC response contains the duplicate search results: only a hit or no-hit information no profile of duplicate candidates will be sent to preserve privacy in case of a hit A. Data types and formats Two types of data are proposed to be used in the DEC process: Alphanumeric data and Biometric data. Fig. 2. DEC web services Alphanumeric data is composed of attributes like name, surname, date of birth, gender, nationality. Language of these alphanumeric attributes is considered to be English. As citizens from multiple member states may have names in different characters, it becomes challenging to find a duplicate enrolment when a person having originally his name in English alphabets applies for a second passport with another name but in a different language. On other hand, two persons in different countries may have same names but with slightly different spellings. In such cases, alphanumeric data is not enough to perform a duplicate enrolment check, hence biometric data of persons is also used to detect duplicate persons. Biometric data is considered to be from multiple biometric modalities like face, fingerprints are mandatory samples for an applicant to enroll while applying for an e-passport currently and iris may be included in future e-passport too. Standards regarding biometric data interchange format [2], biometric liveness detection (or spoofness) [3] and quality of acquired biometric samples [4] are nevertheless important and must be considered for improved performance of the large-scale interoperable DEC system. Biometric recognition never is perfectly accurate due to intra-class variance and inter-class similarities in biometric data. Errors in biometric recognition are quantified in terms of false accept rate and false reject rate (a.k.a false match rate and false non-match rate respectively in [5]). To overcome these bottlenecks in biometric performance one can use alphanumeric data to check if the person detected biometrically duplicate from the system is also an alphanumerically duplicate. This would affirm the duplicate enrolment check result. Similarly the fusion of multiple biometric modalities will also overcome the errors that otherwise may arise due to use of a single biometric modality like face or fingerprint. It is proposed that multi-biometric search is done first and followed by the alphanumeric search. This sequence order will reduce the processing time due to the fact that multi-biometric fusion [6] would decrease the No. of false matches and later on the No. of false matches may further be reduced on basis of alphanumeric check based on indexing. The No. of false matches may further be reduced manually by visual inspection. After this manual check (visual inspection) the foreign MS should then provide a reliable decision for each candidate: hit (true positive) or no-hit (false positive). Once every candidate has been analyzed using manual check, the foreign MS can provide a reliable binary answer to native MS for each DEC request. Each member state is assumed to have multiple databases owned by different entities. An example of such databases can be databases containing face templates, fingerprint templates, alphanumeric data of citizens towards which duplicate check needs to be performed. These databases may also have different access rules, as the databases may be operated by different
3 entities following different security and privacy restrictions. Due to the presence of distributed biometric databases, results of duplicate checks performed on these databases are fused to retrieve final DEC response. In the following, we mention the details of data types and formats of the two proposed web services, For DEC request from native MS to foreign MS: Duplicate enrolment check process implies data transmission from native MS to foreign MS. Data mean here applicants data: alphanumeric data to run alphanumeric search and biometric data to run biometric search. Biometric data send from native MS to foreign MS could be different types: images or templates (features). Templates could be two types: features extracted by native MS using native MS extractor module and features extracted by native MS using foreign MS extractor module. Whatever images or templates, biometric data should comply to ISO/IEC [2] standards to ensure interoperability. Both have advantages and drawbacks: Images: Advantages: each modality has ISO/IEC format for images contrary to templates. Drawbacks: images means compressed images (for instance WSQ for fingerprints), compressed images make slightly decrease recognition performances. Templates generated by native MS features extractor: Advantages: features are extracted from raw images. Drawbacks: this solution makes decrease recognition performances because the produced template will not contain proprietary field that foreign MS could use to enhance recognition performances. Templates generated by foreign MS features extractor: Advantages: this solution provides interoperable biometric data optimizing recognition performances because produced templates will contain proprietary fields that foreign MS could use to enhance recognition performances. Drawbacks: this solution implies that each foreign MS provides its own features extractor module to native MS. The native MS shall then extract features with each foreign MS extractor and send each produced template to the appropriate foreign MS. For the first version of duplicate enrolment check, we propose to use biometric images because it is the simplest solution. For DEC response, from foreign MS to native MS: Outputs of alphanumeric and biometric searches are list of candidates, mainly due to false positives because recognition algorithms are never perfectly TABLE I. BIOMETRIC DATA INTERCHANGE FORMATS Biometric modality Number Interchange format Compression Fingerprints Up to 10 ISO/IEC WSQ recommended Face 1 ISO/IEC JPEG2000 recommended Iris (optional) Up to 2 ISO/IEC JPEG2000 recommended IV. accurate. In order to ensure privacy, the list of candidates with associated data should not be sent back to foreign MS. To handle this problem, the foreign MS should analyze the list of candidates using a manual check module at their respective backoffice. After this manual check (visual inspection) the foreign MS should then provide a decision for each candidate: hit or no-hit. The DEC response will be composed of only this binary hit or no-hit decision. SECURITY FOR CROSS-MS DEC COMMUNICATION The above described architecture to function implies transmission of the applicant s data from the native MS to foreign MS for the purpose of DEC. Applicant data is considered to be personal data as defined in the Directive 95/46/EC [7]. Personal data also holds the right to privacy preservation under article 8 ECHR [8]. To exchange data securely, we propose that member states should communicate with each other by using a virtual private network (VPN) [9]. Cross-MS communications are run through web services. To ensure the security in the communication, web service transactions must be secured. Applicants data security is implemented based on the following mechanisms: Secured data separation principle: Data is separated in different parts (alphanumeric, fingerprints, face and iris(optional)), stored separately in different databases, and only the appropriate MS can reconstruct the full record. It also prevents an attacker from establishing the identity of a person only from his biometrics data. The mechanism of secured data separation is implemented in two steps. Step1 - Data serialization to create identifier: Alphanumeric data contains an identifier that links to biometric data of the applicant as shown in Fig. 3. These identifiers are hashed to ensure integrity and are encrypted before storage. The technique used for encryption is based on asymmetric cryptography [10]. A pair of keys is used to encrypt and decrypt links between data. Only the owner of the private key is able to decrypt encrypted data, and to reconstruct the full record. The key pair is stored in a hardware security module (HSM) [11] hosted by the native and the foreign MSBO. A hardware security module provides physical and logical protection for digital key management. Key-pair used for encryption are sensitive data and therefore should be protected (especially private keys). The HSM is used to protect these cryptographic keys. The private keys are stored on the device and cannot be exported. Therefore, operation requiring the usage of a private key cannot be done without the HSM
4 Each member state should host a least one HSM to store their cryptographic keys. Fig. 4. Network infrastructure for cross-ms DEC communication Fig. 3. Identifier between alphanumeric and biometric data Step2 - Data encryption (secure links are created by encrypting the identifier): Encryption is made with different public keys in order to encrypt the link between alphanumeric data and face data, the link between alphanumeric data and fingerprints data and the link between alphanumeric data and iris data. Then the data is encrypted to ensure confidentiality. Those keys, which are contained in a certificate, are issued and should be managed by a trusted public-key infrastructure. An additional fixed initialization vector is used to encrypt the keys used for secured data separation mechanism. Data separation for data transmission: Each type of data is transmitted separately, so four authentication phases are done and four different secure channels encryption keys are generated. At least four TLS/SSL [10] channels as shown in Fig. 4 are created to transfer one complete DEC request: One channel is dedicated for alphanumeric data transfer. One channel is dedicated for face data transfer. One channel is dedicated for fingerprints data transfer. One channel is dedicated for iris data transfer. (optional) Once the data is sent and acknowledgement is received, the communication is closed. Digital signature: data is digitally signed to ensure integrity and source identity as shown in Fig. IV. V. CONCLUSION AND FUTURE WORK This paper presents how a DEC can be realized securely among member states by having distributed databases. In future work, specifications of proposed web services and the Fig. 5. Data security mechanism design of privacy preserved biometric and alphanumeric search algorithms will be explained. Common guidelines for all MS s regarding biometric sample quality, biometric comparison and key managment infrastructure that ensures wide deployment of proposed system will be outlined. Biometric recognition never is perfectly accurate, so a use-case minimizing the required No. of manual checks and minimizing network flows will be part of future work. ACKNOWLEDGMENT This work is carried out under the funding of the EU-FP7 FIDELITY large-scale integrating project (Grant No. SEC ). The authors would like to thank their colleagues who gave their valuable time in reviewing the paper. REFERENCES [1] ISO/IEC TC, ISO/IEC Biometric Identity Assurance Services (BIAS), International Organization for Standardization and International Electrotechnical Committee. [Online]. Available: home.php?wg abbrev=bias [2] ISO/IEC TC JTC1 SC37 Biometrics, ISO/IEC 19794: Information technology Biometric data interchange formats, International Organization for Standardization and International Electrotechnical Committee. [3], ISO/IEC WD : Information technology Biometrics Presentation attack detection, International Organization for Standardization and International Electrotechnical Committee. [4], ISO/IEC :2009. Information technology Biometric sample quality Part 1: Framework, International Organization for Standardization and International Electrotechnical Committee, [5], ISO/IEC :2012: Information technology Vocabulary Part 37: Biometrics, International Organization for Standardization and International Electrotechnical Committee, Dec [6] S. G.-S. Lorene Allano, Bernadette Dorizzi, Tuning cost and performance in multi-biometric systems: A novel and consistent view of fusion strategies based on the Sequential Probability Ratio Test (SPRT), Pattern Recognition Letters, Volume 31, Issue 9, July
5 [7] European Parliament, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Oct [Online]. Available: LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML [8] European Convention on Human Rights, Dec [Online]. Available: Texts/The+Convention+and+additional+protocols/The+European+ Convention+on+Human+Rights/ [9] Virtual Private Networking: An Overview. [Online]. Available: [10] V. Gupta, D. Stebila, S. Fung, S. Chang, N. Gura, and H. Eberlei, Speeding up secure web transactions using elliptic curve cryptography, [11] (2013) Hardware security module. Thales e-security Inc. [Online]. Available: products-and-services/hardware-security-modules
EU Passport Specification
Biometrics Deployment of EU-Passports EU Passport Specification (EN) 28/06/2006 (As the United Kingdom and Ireland have not taken part in the adoption of this measure, an authentic English version of the
More informationThe European Union approach to Biometrics
The European Union approach to Biometrics gerald.santucci@cec.eu.int Head of Unit Trust & Security European Commission Directorate General Information Society The Biometric Consortium Conference 2003 1
More informationSecurity of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada
Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada CONTENTS Introduction to epassports Infrastructure required for epassports Generations
More information3D Face Project. Overview. Paul Welti. Sagem Défense Sécurité Technical coordinator. ! Background. ! Objectives. ! Workpackages
3D Face Project Paul Welti Sagem Défense Sécurité Technical coordinator Overview! Background! Objectives! Workpackages 2 1 ! Biometric epassport Biometrics and Border Control! EU-Council Regulation No
More informationAdvanced Security Mechanisms for Machine Readable Travel Documents and eidas Token
Technical Guideline TR-03110-1 Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token Part 1 emrtds with BAC/PACEv2 and EACv1 Version 2.20 26. February 2015 History Version
More informationThe Cryptographic Sensor
The Cryptographic Sensor Libor Dostálek and Václav Novák {libor.dostalek, vaclav.novak}@prf.jcu.cz Faculty of Science University of South Bohemia České Budějovice Abstract The aim is to find an effective
More informationJTC 1 SC 37 Biometrics International Standards
JTC 1 SC 37 Biometrics International Standards Dr. Stephen Elliott Biometrics Standards, Performance, and Assurance Laboratory Purdue University www.bspalabs.org Overview Market Opportunities for Biometric
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationElectronic Commerce Working Group report
RESTRICTED CEFACT/ECAWG/97N012 4 December 1997 Electronic Commerce Ad hoc Working Group (ECAWG) Electronic Commerce Working Group report SOURCE: 10 th ICT Standards Board, Sophia Antipolis, 4 th November
More informationAuthentication Technologies
Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys), something
More informationBiometric Use Case Models for Personal Identity Verification
Biometric Use Case Models for Personal Identity Verification Walter Hamilton International Biometric Industry Association & Saflink Corporation Smart Cards in Government Conference Arlington, VA April
More informationSAT for eid [EIRA extension]
SAT for eid [EIRA extension] eid Solution Architecture Template (SAT) v1.0.0 ISA² Action 2.1 - European Interoperability Architecture Page 1 of 1 Change control Modification Details Version 1.0.0 Migration
More informationeidas Interoperability Architecture Version November 2015
eidas Interoperability Architecture Version 1.00 6. November 2015 1 Introduction This document specifies the interoperability components of the eidas-network, i.e. the components necessary to achieve interoperability
More informationThis paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems.
White Paper 1 INTRODUCTION As ICAO 1 -compliant epassports come into widespread use in Q4 of 2006, it is an appropriate moment to review some of the initiatives required for the next stage of development.
More informationBiometrics Evaluation and Testing. Dr Alain MERLE CEA-LETI
Biometrics Evaluation and Testing Dr Alain MERLE CEA-LETI The BEAT project CC & Biometrics Towards a technical committee on Biometrics A. Merle 2 The BEAT project EU Funded project (FP7 SEC) grant agreement
More informationeidas Regulation eid and assurance levels Outcome of eias study
eidas Regulation eid and assurance levels Outcome of eias study Dr. Marijke De Soete Security4Biz (Belgium) ETSI eidas Workshop 24 June 2015 Sophia Antipolis eidas Regulation Regulation on electronic identification
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Biometric data interchange formats Part 4: Finger image data
INTERNATIONAL STANDARD ISO/IEC 19794-4 Second edition 2011-12-15 Information technology Biometric data interchange formats Part 4: Finger image data Technologies de l'information Formats d'échange de données
More informationInformation technology Security techniques Telebiometric authentication framework using biometric hardware security module
INTERNATIONAL STANDARD ISO/IEC 17922 First edition 2017-09 Information technology Security techniques Telebiometric authentication framework using biometric hardware security module Technologies de l information
More informationBiometric quality for error suppression
Biometric quality for error suppression Elham Tabassi NIST 22 July 2010 1 outline - Why measure quality? - What is meant by quality? - What are they good for? - What are the challenges in quality computation?
More informationBiometrics. Overview of Authentication
May 2001 Biometrics The process of verifying that the person with whom a system is communicating or conducting a transaction is, in fact, that specific individual is called authentication. Authentication
More informationSAFE-BioPharma RAS Privacy Policy
SAFE-BioPharma RAS Privacy Policy This statement discloses the privacy practices for the SAFE-BioPharma Association ( SAFE- BioPharma ) Registration Authority System ( RAS ) web site and describes: what
More informationISO/IEC JTC 1/SC 27 N7769
ISO/IEC JTC 1/SC 27 N7769 REPLACES: N ISO/IEC JTC 1/SC 27 Information technology - Security techniques Secretariat: DIN, Germany DOC TYPE: officer's contribution TITLE: SC 27 Presentation to ITU-T Workshop
More informationPrivacy Preserving Biometrics and Duplicate Enrolment Check
Privacy Preserving Biometrics and Duplicate Enrolment Check Increased use of biometrics in the epassport lifecycle also comes with increased privacy concerns over the storage and exchange of biometric
More information2 Electronic Passports and Identity Cards
2 Picture source: www.bundesdruckerei.de Paper based Passport Radio Frequency (RF) Chip Electronic Passport (E Pass) Biographic data Human readable Partially machine readable (optically) Conventional
More informationPart 9: Deployment of Biometric Identification and Electronic Storage of Data in MRTDs
Doc 9303 Machine Readable Travel Documents Seventh Edition, 2015 Part 9: Deployment of Biometric Identification and Electronic Storage of Data in MRTDs Approved by and published under the authority of
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO 17090-1 Second edition 2013-05-01 Health informatics Public key infrastructure Part 1: Overview of digital certificate services Informatique de santé Infrastructure de clé publique
More informationInterview with Fernando Podio Chair of ISO/IEC JTC 1 SC 37 Subcommittee on Biometrics
Interview with Fernando Podio Chair of ISO/IEC JTC 1 SC 37 Subcommittee on Biometrics In addition to his chairmanship of SC37, Mr. Podio is a member of the Computer Security Division of the Information
More informationA Practical Look into GDPR for IT
Andrea Pasquinucci, March 2017 pag. 1 / 7 A Practical Look into GDPR for IT Part 1 Abstract This is the first article in a short series about the new EU General Data Protection Regulation (GDPR) looking,
More informationWhitepaper: GlobalTester Prove IS
Whitepaper: GlobalTester Prove IS Testing of EAC inspection systems By HJP Consulting GmbH Introduction There have been a lot of activities in standardization to define conformity tests for e-passports.
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 7816-15 Second edition 2016-05-15 Identification cards Integrated circuit cards Part 15: Cryptographic information application Cartes d identification Cartes à circuit intégré
More informationSecurity Standardization
ISO-ITU ITU Cooperation on Security Standardization Dr. Walter Fumy Chairman ISO/IEC JTC 1/SC 27 Chief Scientist, Bundesdruckerei GmbH, Germany 7th ETSI Security Workshop - Sophia Antipolis, January 2012
More informationThe epassport: What s Next?
The epassport: What s Next? Justin Ikura LDS2 Policy Sub-Group Co-chair Tom Kinneging Convenor of ISO/IEC JTC1 SC17 WG3 International Organization for Standardization (ISO) Strengthening Aviation Security
More informationRole of Biometrics in Cybersecurity. Sam Youness
Role of Biometrics in Cybersecurity Sam Youness Agenda Biometrics basics How it works Biometrics applications and architecture Biometric devices Biometrics Considerations The road ahead The Basics Everyday
More informationDisclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates
Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...
More informationInformation technology Security techniques Cryptographic algorithms and security mechanisms conformance testing
INTERNATIONAL STANDARD ISO/IEC 18367 First edition 2016-12-15 Information technology Security techniques Cryptographic algorithms and security mechanisms conformance testing Technologie de l information
More informationTECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites
TR 119 300 V1.2.1 (2016-03) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for cryptographic suites 2 TR 119 300 V1.2.1 (2016-03) Reference RTR/ESI-0019300v121
More information6 facts about GenKey s ABIS
6 facts about GenKey s ABIS Lightning fast deduplication 6 facts about ABIS 2 3 What is ABIS? 3 Core Functions For any biometric identity to be reliable, it s essential there s only one unique ID for every
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 18013-2 First edition 2008-05-15 Information technology Personal identification ISO-compliant driving licence Part 2: Machine-readable technologies Technologies de l'information
More informationLDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance
LDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance Overview Current generation of epassports Benefits and Limits of an epassport Overview of the next generation epassport Applications
More informationSeptember OID: Public Document
THE UNITED KINGDOM S NATIONAL CERTIFICATE POLICY for Extended Access Control Infrastructure for machine readable travel documents and biometric residence permits issued and read within the UK September
More informationConformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek
Conformity and Interoperability Key Prerequisites for Security of eid documents Holger Funke, 27 th April 2017, ID4Africa Windhoek Agenda 1. About secunet Security Networks AG 2. Timeline of interoperability
More informationIdentity & security CLOUDCARD+ When security meets convenience
Identity & security CLOUDCARD+ When security meets convenience CLOUDCARD+ When security meets convenience We live in an ever connected world. Digital technology is leading the way to greater mobility and
More informationVerifying emrtd Security Controls
Blackhat Europe 2010 Verifying emrtd Security Controls Raoul D Costa 1 3M 2010. All Rights Reserved. Agenda Overview of ICAO / EU Specifications emrtds decomposed emrtd Infrastructure (PKI) Inspecting
More informationMultimodal Biometric System by Feature Level Fusion of Palmprint and Fingerprint
Multimodal Biometric System by Feature Level Fusion of Palmprint and Fingerprint Navdeep Bajwa M.Tech (Student) Computer Science GIMET, PTU Regional Center Amritsar, India Er. Gaurav Kumar M.Tech (Supervisor)
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Biometric data interchange formats Part 9: Vascular image data
INTERNATIONAL STANDARD ISO/IEC 19794-9 First edition 2007-03-01 Information technology Biometric data interchange formats Part 9: Vascular image data Technologies de l'information Formats d'échange de
More informationThirteenth Symposium and Exhibition on the ICAO Traveller Identification Programme (TRIP)
Thirteenth Symposium and Exhibition on the ICAO Traveller Identification Programme (TRIP) Advance Passenger Information (API) Workshop Fabrizio Di Carlo INTERPOL 26 October 2017 OBJECTIVES Matching passenger
More informationCEN TC 224 WG15. European Citizen Card. Brussels May 10th CEN/TC 224 WG15 European Citizen Card
CEN TC 224 WG15 European Citizen Card Brussels May 10th 2007 1CEN/TC 224 WG15 European Citizen Card European Citizen Card Scope Smart-Card based model for e-id management User-centric: Card under control
More informationAn Open Source Java Framework for Biometric Web Authentication based on BioAPI
An Open Source Java Framework for Biometric Web Authentication based on BioAPI Elisardo González Agulla, Enrique Otero Muras, José Luis Alba Castro, and Carmen García Mateo Department of Signal Theory
More informationTechnical report. Signature creation and administration for eidas token Part 1: Functional Specification
Technical report Signature creation and administration for eidas token Part 1: Functional Specification Version 1.0 Date: 2015/07/21 Page 1 Foreword This technical report specifies an autonomous signature
More informationPostSignum CA Certification Policy applicable to qualified certificates for electronic signature
PostSignum CA Certification Policy applicable to qualified certificates for electronic signature Version 1.1 7565 Page 1/61 TABLE OF CONTENTS 1 Introduction... 5 1.1 Overview... 5 1.2 Document Name and
More informationProtection profiles for TSP Cryptographic modules - Part 5
CEN/TC 224 Date: 2016-11-29 (v0.15) Proposed draft for Evaluation of pren 419 221-5 CEN/TC 224 Secretariat: AFNOR Protection profiles for TSP Cryptographic modules - Part 5 Cryptographic Module for Trust
More informationAn Overview of Secure and Authenticated Remote Access to Central Sites
Workshop on Data Access to Micro-Data (WDA) Nuernberg, August 20-21 An Overview of Secure and Authenticated Remote Access to Central Sites Dr Milan Marković Banca Intesa ad Beograd, Serbia milan.markovic@bancaintesabeograd.com
More informationAn Overview of Electronic Passport Security Features
An Overview of Electronic Passport Security Features Zdeněk Říha Faculty of Informatics, Masaryk University, Botanická 68A, 602 00 Brno, Czech Republic zriha@fi.muni.cz Abstract. Electronic passports include
More informationThe nominative data coming from the population registry and used to generate the voting cards are never stored in the evoting system database.
System overview Legal compliance CHVote complies to the swiss federal chancellery ordinance on Electronic Voting (VEleS) for an evoting system offered up to 30% of the resident voters. The election process
More informationKeywords Wavelet decomposition, SIFT, Unibiometrics, Multibiometrics, Histogram Equalization.
Volume 3, Issue 7, July 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Secure and Reliable
More informationLarge-scale AFIS and multi-biometric identification. MegaMatcher SDK
Large-scale AFIS and multi-biometric identification MegaMatcher SDK MegaMatcher SDK Large-scale AFIS and multi-biometric identification Document updated on September 21, 2017 Contents MegaMatcher algorithm
More informationFace recognition for enhanced security.
Face recognition for enhanced security. Cognitec Systems - the face recognition company FaceVACS : Face Recognition Technology FaceVACS Face Recognition Technology Cognitec s patented FaceVACS technology
More informationGurmeet Kaur 1, Parikshit 2, Dr. Chander Kant 3 1 M.tech Scholar, Assistant Professor 2, 3
Volume 8 Issue 2 March 2017 - Sept 2017 pp. 72-80 available online at www.csjournals.com A Novel Approach to Improve the Biometric Security using Liveness Detection Gurmeet Kaur 1, Parikshit 2, Dr. Chander
More informationPOLYBIO Multibiometrics Database: Contents, description and interfacing platform
POLYBIO Multibiometrics Database: Contents, description and interfacing platform Anixi Antonakoudi 1, Anastasis Kounoudes 2 and Zenonas Theodosiou 3 1 Philips College, 4-6 Lamias str. 2001, P.O. Box 28008,
More informationOn-line Signature Verification on a Mobile Platform
On-line Signature Verification on a Mobile Platform Nesma Houmani, Sonia Garcia-Salicetti, Bernadette Dorizzi, and Mounim El-Yacoubi Institut Telecom; Telecom SudParis; Intermedia Team, 9 rue Charles Fourier,
More informationHash-based Encryption Algorithm to Protect Biometric Data in e-passport
Hash-based Encryption Algorithm to Protect Biometric Data in e-passport 1 SungsooKim, 2 Hanna You, 3 Jungho Kang, 4 Moonseog Jun 1, First Author Soongsil University, Republic of Korea, indielazy@ssu.ac.kr
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Biometric information protection
INTERNATIONAL STANDARD ISO/IEC 24745 First edition 2011-06-15 Information technology Security techniques Biometric information protection Technologies de l'information Techniques de sécurité Protection
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Biometric data interchange formats Part 2: Finger minutiae data
INTERNATIONAL STANDARD ISO/IEC 19794-2 First edition 2005-09-15 Information technology Biometric data interchange formats Part 2: Finger minutiae data Technologies de l'information Formats d'échange de
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More information1) Revision history Revision 0 (Oct 29, 2008) First revision (r0)
To: INCITS Technical Committee T10 From: David L. Black, EMC Email: black_david@emc.com Date: October 29, 2008 Subject: SPC-4: Digital Signature Authentication (08-423r0) 1) Revision history Revision 0
More informationECE646 Fall Lab 1: Pretty Good Privacy. Instruction
ECE646 Fall 2015 Lab 1: Pretty Good Privacy Instruction PLEASE READ THE FOLLOWING INSTRUCTIONS CAREFULLY: 1. You are expected to address all questions listed in this document in your final report. 2. All
More informationSecure Access Control over Wide Area Network - IKTPLUSS Project SWAN
Secure Access Control over Wide Area Network - IKTPLUSS Project SWAN Raghu Ramachandra, Martin Stokkenes, Pankaj Wasnik, Norwegian University of Science and Technology - Gjøvik http://www.christoph-busch.de
More informationBIOMETRIC BASED VOTING MACHINE
Impact Factor (SJIF): 5.301 International Journal of Advance Research in Engineering, Science & Technology e-issn: 2393-9877, p-issn: 2394-2444 Volume 5, Issue 4, April-2018 BIOMETRIC BASED VOTING MACHINE
More informationSWAMID Person-Proofed Multi-Factor Profile
Document SWAMID Person-Proofed Multi-Factor Profile Identifier http://www.swamid.se/policy/assurance/al2mfa Version V1.0 Last modified 2018-09-12 Pages 10 Status FINAL License Creative Commons BY-SA 3.0
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationTopSec Product Family Voice encryption at the highest security level
Secure Communications Product Brochure 01.01 TopSec Product Family Voice encryption at the highest security level TopSec Product Family At a glance The TopSec product family provides end-to-end voice encryption
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 18013-3 Second edition 2017-04 Information technology Personal identification ISO-compliant driving licence Part 3: Access control, authentication and integrity validation
More informationGetting to Grips with Public Key Infrastructure (PKI)
Getting to Grips with Public Key Infrastructure (PKI) What is a PKI? A Public Key Infrastructure (PKI) is a combination of policies, procedures and technology that forms a trust infrastructure to issue
More informationeidas compliant Trust Services with Utimaco HSMs
eidas compliant Trust Services with Utimaco HSMs March 15, 2018 Dieter Bong Product Manager Utimaco HSM Business Unit Aachen, Germany 2018 eidas-compliant Trust Services with Utimaco HSMs Page 1 eidas
More informationThe Match On Card Technology
Precise Biometrics White Paper The Match On Card Technology Magnus Pettersson Precise Biometrics AB, Dag Hammarskjölds väg 2, SE 224 67 Lund, Sweden 22nd August 2001 Abstract To make biometric verification
More informationSafeNet Authentication Client
SafeNet Authentication Client Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV and/or its subsidiaries who shall have and keep
More informationDraft ETSI EN V ( )
Draft EN 319 412-2 V2.0.15 (2015-06) EUROPEAN STANDARD Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 2: Certificate profile for certificates issued to natural persons 2 Draft
More informationInternet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement
EasyGo security policy Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement This copy of the document was published on and is for information purposes only. It may change without further
More informationImplementation of Aadhaar Based EVM
Implementation of Aadhaar Based EVM Kiran Chavan 1, Kashinath Raut 2, Ashish Bhingardive 3, Yogesh Kolape 4, D. M. Ujalambkar 5 1, 2, 3, 4, 5 Computer Department, Savitribai Phule Pune University Abstract:
More informationGLOBAL PKI TRENDS STUDY
2018 GLOBAL PKI TRENDS STUDY Sponsored by Thales esecurity Independently conducted by Ponemon Institute LLC SEPTEMBER 2018 EXECUTIVE SUMMARY #2018GlobalPKI Mi Ponemon Institute is pleased to present the
More informatione-authentication guidelines for esign- Online Electronic Signature Service
e-authentication guidelines for esign- Online Electronic Signature Service (Issued under Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015) Version 1.3 April 2017 Controller
More informationElectronic Signature Policy
Electronic Signature Policy Definitions The following terms are used in this policy. Term Definition Electronic Signature An electronic signature is a paperless method used to authorize or approve documents
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationBIOMET: A Multimodal Biometric Authentication System for Person Identification and Verification using Fingerprint and Face Recognition
BIOMET: A Multimodal Biometric Authentication System for Person Identification and Verification using Fingerprint and Face Recognition Hiren D. Joshi Phd, Dept. of Computer Science Rollwala Computer Centre
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Biometric data interchange formats Part 4: Finger image data
INTERNATIONAL STANDARD ISO/IEC 19794-4 First edition 2005-06-01 Information technology Biometric data interchange formats Part 4: Finger image data Technologies de l'information Formats d'échange de données
More informationWill Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?
Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions? Jack Radzikowski,, Northrop Grumman & FiXs Smart Card Alliance Annual Meeting La Jolla, California
More informationTechnical Guideline TR eid-server Part 3: eidas-middleware-service for eidas-token
Technical Guideline TR-03130-3 eid-server Part 3: eidas-middleware-service for eidas-token Version 1.0 5. May 2017 Federal Office for Information Security Post Box 20 03 63 D-53133 Bonn Phone: +49 22899
More informationNational Biometric Security Project
National Biometric Security Project Activity Update: 2003-2005 Biometric Consortium Conference 2005 National Biometric Security Project Mission Assist government and private sector organizations deter
More informationSecuring V2X communications with Infineon HSM
Infineon Security Partner Network Securing V2X communications with Infineon HSM Savari and Infineon The Sign of Trust for V2X Products SLI 97 www.infineon.com/ispn Use case Application context and security
More informationMORPHOSMART CBM SERIES
MORPHOSMART CBM SERIES COMPACT BIOMETRIC MODULES FOR OEM INTEGRATION The best, most compact optical modules on the market Easy integration of biometric functions into multiple applications High quality
More informationState of play of the European GNSS
State of play of the European GNSS Tachograph forum Flavio SBARDELLATI, GSA Market Development 3 December 2018, Brussels GSA in a nutshell What? Gateway to Services Galileo & EGNOS Operations and Service
More informationSpanish Information Technology Security Evaluation and Certification Scheme
Spanish Information Technology Security Evaluation and Certification Scheme IT-009 Remote Qualified Electronic Signature Creation Device Evaluation Methodology Version 1.0 January 2017 Documento del Esquema
More informationChapter 3: User Authentication
Chapter 3: User Authentication Comp Sci 3600 Security Outline 1 2 3 4 Outline 1 2 3 4 User Authentication NIST SP 800-63-3 (Digital Authentication Guideline, October 2016) defines user as: The process
More informationElectronic signature framework
R E P U B L I C O F S E R B I A Negotation Team for the Accession of Republic of Serbia to the European Union Working Group for Chapter 10 Information society and media Electronic signature framework Contents
More informationVALIDATING E-PASSPORTS AT THE BORDER: THE ROLE OF THE PKD R RAJESHKUMAR CHIEF EXECUTIVE AUCTORIZIUM PTE LTD
VALIDATING E-PASSPORTS AT THE BORDER: THE ROLE OF THE PKD R RAJESHKUMAR CHIEF EXECUTIVE AUCTORIZIUM PTE LTD THE TRUST IMPERATIVE E-Passports are issued by entities that assert trust Trust depends on the
More informationChapter 9 Section 3. Digital Imaging (Scanned) And Electronic (Born-Digital) Records Process And Formats
Records Management (RM) Chapter 9 Section 3 Digital Imaging (Scanned) And Electronic (Born-Digital) Records Process And Formats Revision: 1.0 GENERAL 1.1 The success of a digitized document conversion
More informationH2020 & THE FRENCH SECURITY RESEARCH
H2020 & THE FRENCH SECURITY RESEARCH JANUARY 22, 2013 WISG 2013 / TROYES LUIGI REBUFFI CEO EUROPEAN ORGANISATION FOR SECURITY WWW.EOS EU.COM PRESIDENT CSOSG STEERING COMMITTEE European Organisation for
More information