IDENTITY DOCUMENTS TRUST AND SECURITY IN A DIGITAL WORLD

Transcription

1 GOVERNMENT IDENTITY DOCUMENTS TRUST AND SECURITY IN A DIGITAL WORLD

2 Identity solutions by Trüb In today s mobile and networked society the need for secure and versatile travel and identification documents is continuously increasing. And with the availability of new standards and technology the concept of identity protection is permanently evolving and advancing. Trüb is responding to these ever increasing public and political expectations for trustworthy identity products with smartcards that match the latest public and private sector requirements. Premium quality Polycarbonate is the state of the art material for durable and fraud-resistant identity documents with high quality personalization features and security elements. Excellence in production Trüb develops and builds polycarbonate cards with adherence to the most stringent standards for over 20 years. As a leading supplier with reference projects worldwide and long-time broad experience, Trüb is excellently PREMIUM QUALITY IN POLYCARBONATE positioned to fulfill even most demanding requirements of ambitious customers. Electronic identity Trüb s scope of supply addresses a wide spectrum of customer needs. Be it a traditional national ID card without chip, an e-id with chip and biometric data for cross-border travel, or a PKI smartcard aligned to the demands of a digital society for online and e-government services. More than just cards In addition to manufacturing premium quality products, Trüb also supports customers in defining the identity document best suited to the needs of their administration, citizens and economy. Therefore Trüb can offer identity document solutions covering consultancy, card design services, client-specific Java Card software development, turnkey solutions for personalization centers and project management. Product portfolio National ID cards with or without chip Biometric Residence Permits Crew Member Certificates Civil servant ID cards PKI cards for Identification, Authentication and digital Signature Complete ID card technology portfolio: chip-less, contactbased, contactless, dual interface and hybrid (with both a contactless and contact-based chip) Wired antenna for superior performance Service portfolio Security concept design Secure logistics concepts Project consulting Artwork services Application development services Prototyping Personalization setup and services 2 IDENTITY DOCUMENTS

3 Biometric security Identity cards are not only personalized and hard to manipulate identity proving documents. Equipped with a secure microcontroller the functionality and security is further enhanced. Biometric and other Multi-functionality An increasing number of identification documents - like Identity Cards (e-id), Biometric Residence Permits or Crew Member Certificates - incorporate a chip for additional security. MULTI-PURPOSE IDENTITY CARDS card holder data stored in the chip is inseparably tied to the personalized data on the card body. At the same time unauthorized usage is prevented by implementing secure communication protocols. With the customized chip, operating system and applications such an electronically enabled identity document can be used for many additional purposes. Applications by Trüb Trüb offers an adaptable PKI application and partners also with leading independent software companies specialized in smartcard applications. ID card in polycarbonate PKI for e-government solutions Digital signature Citizen data management Biometric authentification Match on card ICAO travel document and European Citizen Card functionality e-travel documents E-ID APPLICATION PORTFOLIO Public Key Infrastructure Trüb application services ICAO applications Data structure and applications for machine-readable travel documents with Passive and Active Authentication (PA/AA), Basic (BAC), Enhanced (EAC) and Supplemental (SAC) Access Control EU specific e-passport & e-id applications Biometric data with advanced access control Biometric applications Match on card (MINEX II-compliant, ISO/IEC ) Trüb tru/sign TM PKI applet Customizable application for strong authentication & qualified digital signature (based on PKCS#15) Other IAS applets Off-the shelf application for Identification, Authentication ans Signature Trüb CDA Citizen Data Management Application Secure, role-based access to customer specific data stored on chip (based on ISO/IEC file structure and ISO/ IEC commands) Support for native and JavaCard operating systems Choice of various approved and certified hardware and software platforms Solutions and applications tailored to customer needs Project specific certification Development of customer specific middleware Delivery of secure smartcard readers Secure logistics concepts Personalization setup and services IDENTITY DOCUMENTS 3

4 embedded transparent DOVID (Kinegram, DID ) security background with guilloche and rainbow printing tru/window LOCK laser ablation feature Tactile surface elements tactile laser engraving Dynaprint MLI / CLI OVI Optically Variable Ink tru / vision serial number microlettering positive and negative in rainbow printing IR and UV printing LFI Latent Filter Image COMMITTED TO STRONG FRAUD-RESISTANCE Optical security features Security printing features such as micro lettering, guilloche and rainbow printing OVI Optically Variable Ink Diffractive Optically Variable Image Devices (DOVID) - embedded metallized or transparent hologram or Kinegram LFI Latent Filter Image optically variable image with integrated filter Dynaprint - optically variable images in combination with MLI /CLI tru/window ANIMATION - transparent window with optically moving element tru/vision - color image visible under 365 nm UV IR and UV printing Tactile micro lettering and other surface elements Personalization features Tamper-resistant, high quality true grayscale laser engraving Tactile laser engraving MLI / CLI based on lenticular structures PhotoLock - integrated photo security element ImagePerf - laser perforated secondary image IPI TM Invisible Personalized Information tru/window LOCK transparent window with inversely personalized ghost image on metal foil Electronic security features Choice of certified high security chips Chip modules embedded tightly into the card body Support of ICAO and EU security protocols and regulations Mechanical features Long lifespan due to high integrity of fused polycarbonate card layers Superb resistance to mechanical, chemical and thermal stress Encapsulated electronics for contactless cards Certified card body with test reports from international accredited testing institutions Company certification Produced in Switzerland by Gemalto AG, a certified high security printing company 4 IDENTITY DOCUMENTS

5 INNOVATION IN SECURITY tru/window TM unrivaled document protection Trüb s window technology tru/window both enhances document strength against illegal alterations and provides visually attractive security elements. tru/window is a transparent area within the multilayer polycarbonate card body. Such a window element is a strong counter measure against grinding attacks on the card body itself, therefore safeguarding the integrity of the card and protecting against forgery. Furthermore, polycarbonate documents which include tru/window security elements benefit from an enhanced defense against counterfeit attacks such as copying or reproduction. tru/window LOCK a new dimension in photo protection This patented security feature effectively prevents manipulation of the card holder portrait after issuance. This is accomplished by a secondary portrait image personalized into a metallic foil integrated into the transparent tru/window area inside the polycarbonate card body. In fact, tru/window LOCK implements a negative personalization process where lightcolored image information is selectively removed from the metallic foil by laser ablation, leaving transparent areas. The result is a positive halftone ghost image visible in high resolution under transmitted light. Due to the negative personalization process it is not possible to add any additional dark image information to the secondary image. Hence, the tru/window LOCK security feature prevents a concurrent manipulation of both the primary and secondary card holder portrait. tru/window ANIMATION striking visual effects This first line security element both is visually appealing and allows for a distinct individual design. The optically variable security feature is based on Moiré technology and requires sophisticated algorithms and printing technology. Dynamic image transitions, linear and circular movements, objects shifting in different directions or flashing and pulsating effects all can be realized. To observe these stunning effects it s enough to tilt the card. It s therefore easy to judge whether the card is genuine without needing special equipment or dedicated knowledge. tru/vision TM brilliant true-color UV images This security and design feature implements images invisible under normal daylight that turn into brilliant true-color images with excellent color reproduction under ultraviolet light. Customer specific true-color UV images can be integrated into the document design, offering a distinct visual appearance with high recognition value and enhanced document security. The high resolution images comprise UV fluorescent inks with advanced color separation and halftone printing. Compared to standard UV security printing, tru/vision technology provides enhanced protection against duplication and reproduction. Resistance towards document counterfeits is significantly increased due to the complexity of the underlying image processing algorithms. The true-color images can be observed by naked eye under 365nm UV exposure. Thus tru/vision is an attractive and distinct security feature allowing easy verification of document authenticity. IDENTITY DOCUMENTS 5

6 tru/sign TM PKI security highlights Based on its extensive experience gained as card manufacturer of Switzerland s PKI card SuisseID and especially as supplier of the highly advanced e-id scheme in Estonia, Trüb offers its own Public Key Infrastructure solution. The centerpiece constitutes Trüb s tru/sign TM PKI application - a proven and reliable tool to gain fast but secure access to web based e-government and e-commerce services. Developed for the certified Java Card Open Platform, tru/sign connects the user in the most efficient but easy way to e-services in tightly secured IT-environments. tru/sign implements a future proof design since the applications and their settings can be configured according to specific customer requirements and allow for postissuance application download. PROVEN PKI SOLUTION 2-factor dentification e-voting digital company founding strong uthentification digital tax declaration municipal e-services qualified digital ignature IAS Functionality e-procurement others Web Applications Functionality SSL client/server authentication Digital signature VPN client support Secure client Authentication profile: two PIN one PUK Optional passphrase authentication PIN/PUK replacement procedure Post-issuance certification renewal Support for all current customary PC platforms and browsers: Microsoft, Mac, Linux Extendable with CDA (Citizen Data Management Application) Security Certified Java Card v chip-platform with Common Criteria EAL5+ security level Global Platform Specification v On-chip and external key generation Distinguished PKI use cases for authentication and digital signature Cryptographic performance: RSA and ECC, AES, SHA-2, Diffie-Hellman ECC key agreement Support of PIN pad reader for secure PIN entry Turnkey solution Including secure chip operating system and application on chip with integrated client software Ready to execute trusted web services Proof of concept for new e-id projects Consultancy for customer specific PKI-solution based on tru/sign TM Hands-on training by Estonian e-governance Academy System integration support for e-id program implementation Software development kit for application development by customer 6 IDENTITY DOCUMENTS

7 DIGITAL SIGNATURES IN ESTONIA At the forefront of leading edge PKI-solutions since 2001, Trüb provides one of the most advanced e-government schemes worldwide the e-id card of Estonia with Trüb PKI application tru/sign. Identity in a digital world The card - next to being used as «normal» identification card by more than 1.2 million citizens - comprises a chip with the PKI application tru/sign to provide electronic identification, authentication and digital signature. Cryptographic keys can be generated directly on chip and currently two pairs, each consisting of a private and public key bound to qualified digital certificates, are used on the Estonian e-id card: one for strong authentication and one for electronic signature. A multitude of services Today all citizen of Estonia can enjoy the benefits of this e-id platform that supports, just to mention a few, innovative e- services like e-voting - popular since 2007, or digital company register - which allows a card holder to establish a company online within 15 minutes. Other examples are digital tax declaration, e-procurement, e-banking and many other national and municipal e-government and private services. A complete system The Estonian e-id card with tru/sign TM PKI-application is part of the comprehensive Estonian public key infrastructure (PKI) allowing many e-services to be accessed securely by means of digital certificates, which are released and managed by one Certification Authority. This increases efficiency and reduces costs for administration. Today, citizens have access to more than 700 e-services in the public and private sector, all connected by the Estonian IT-system X- Road. This availability of manifold online services at any time makes the e-id card a very popular token for daily use for the better part of the population. Now available as Mobile ID, too, the Estonian e-id allows for an ever increasing number of options with more and more e-services many usable even internationally. High usage Evidence of the active use and the popularity of the Estonian e-id with tru/sign TM PKI solution is that more than 207 million digital signatures and 335 million electronic authentications have been processed since launch (Status 3/2015). Public sector - e-government Private sector - B2B / e-commerce database I database II database III database IV database V Security server Security server Security server Security server Security server Secure data transfer platform - Internet based on Estonian X-Road architecture Security server Security server Security server Security server State portal: Administrative center of the state information system tru/sign TM card & client software National register database Certification Authority Citizen view Enterpriser view Central monitoring Central servers Authority view Help desk IDENTITY DOCUMENTS 7

8 SPECIFICATIONS Dimensions ID-1: 54.0 mm x 85.6 mm Thickness: 0.8 mm typical Standards ISO/IEC 7810 (Physical characteristics of ID cards) ISO/IEC (ID cards test methods) ISO/IEC 7816 (ID cards chip with contacts) ISO/IEC (ID cards - contactless chip for proximity cards) ICAO 9303 (Machine Readable Travel Documents): Part 3 TR (Technical Guidelines on Advanced Security Mechanisms for Machine Readable Travel Documents): Parts 1 (BAC, EACv1), Part 2 (EACv2, PACE) and Part 3 Cryptography PKCS Public Key Cryptography Standards (#1:RSA; #5: Password-based Encryption; #11: Cryptoki; #13: Elliptic Curve; #15: cryptographic format) RFC 2631 (Diffie-Hellman) X.509v3 (Digital certificates) AES Advanced Encryption Standard Material Genuine polycarbonate Option: PCC Polycarbonate Color for color personalization Fused under heat and pressure, free of adhesives Real lifetime proven for 10 years Surface: matt or glossy All information provided in this document is subject to change without any prior notice. The information is provided in good faith and the publisher cannot be held liable for any discrepancies. No part of this document can be published without the authorization by Gemalto AG. Processing Layout: customer-specific artwork provided by Trüb Personalization: laser engraving modules from leading personalization suppliers supported Gemalto AG Hintere Bahnhofstrasse Aarau Switzerland Tel Fax [email protected] Gemalto AG