white paper E-passport overview Dan Butnaru - Trusted Identity Product Line Manager
|
|
- Rodney Norton
- 7 years ago
- Views:
Transcription
1 white paper E-passport overview Dan Butnaru - Trusted Identity Product Line Manager
2 contents 1 Objective 4 2 Introduction 4 3 The Challenge Secure Travel Document s Objectives The electronic Passport Proven Technology An International Standard A World Wide Success Story One document Several projects Security Solutions Introduction Production Inspection Verification of Document Authenticity Verification of Traveller Identity Interoperability for International Information Exchange ICAO Public Key Directory (PKD) Single Point of Contact (SPOC) FutureTrends LDS Automated Border Control Evidence of Identification Deployment ScenariOS Phase 1 - Production System Phase 2 - EAC-Ready Approach Phase 3 - Fully Operational Inspection Infrastructure Phase 4 - Platforms for International Information Exchange Conclusion 19 8 Acronyms 21 9 References 22 About the Author 23 2
3 figures Figure 1 The MRTD...7 Figure 2 Scheme of an e-passport...8 Figure 3 ICAO Statistics...9 Figure 4 e-passport Projects Phases...10 Figure 5 e-passport Production System...11 Figure 6 e-passport Passive Authentication...12 Figure 7 EAC PKI for Terminal Authentication...13 Figure 8 ICAO PKD Use Case...14 Figure 9 SPOC Use Case...15 Figure 10 PKI for Production...17 Figure 11 PKI for Production (incl. EAC)...18 Figure 12 EAC PKI for Inspection...18 Figure 13 PKD System
4 1 OBJECTIVE This whitepaper s objective is to describe step by step all phases of e-passport projects, from secure production to secure verification of document s and traveler s identity. A particular focus is given to interoperability schemes as we are evolving in a context which is driven by international standards As summary, recommendations are given, in terms of technogly, deployment best practices and future evolutions, based on return of experience from projects in-the-field. 2 INTRODUCTION Travel Documents have undergone a significant transformation since more than a decade, particularily pushed by September 11th events. The paper based document which aims to prove that the holder is the person he claims to be, has been constantly improved and more and more security features have been added along with the exposure to new counterfeiting attacks. The International Civil Aviation Organization (ICAO), a sub group of the International Air Transport Association (IATA), has specified a smart card chip based electronic, machine readable travel document, which aims to guarantee the authenticity of such an electronic document, aka the electronic passport. Besides the pure proof that the issued passport in genuine, meaning issued by the official authority, border control has also to verify the identity of the passport holder. This has been typically performed by comparing the photo with the face of the traveler. As fraud is extensively based on wrong pictures, look-alike people, and good quality photos are often not the case, the only reliable verification of identity is to compare securely chip memory stored biometrics with captured ones. The European Union has therefore introduced, the so-called electronic biometric passport (aka biometric passport), which includes fingerprint and/or iris information in the smart card chip. Due to long lasting and coordinated efforts from international experts, ICAO issued the first epassport standards in 2005 (Document 9303). The US Visa Waiver initiative motivated several countries to implement rapidly electronic passports. Within merely a decade, more than 50% of the world issues now secure electronic passports and another half of them biometric ones (source ICAO 2013). As issuance is moving forward, the current challenge for a country is to shift from production to inspection. Indeed the passports objective is by definition to be inspected, or verified. As security mechanisms are electronic (smart card based), the methods of inspection are too. The term Automated Border Control is generally used to describe here electronic gates (aka e-gates), which are in charge of verifiying all security features of the passport and biometrics of its holder. From a sheer security point of view, ABC will become of utmost importance in the next years, due to the dramatic increase of air traffic. 4
5 According to IATA s latest figures, air traffic volume will increase by 113% in 2030! Managing huge traffic flows of people, goods, but also associated information records are the challenges of today and tomorrow. Key to these challenges is international information exchange and interoperability. 3 THE CHALLENGE 3.1 Secure Travel Document s Objectives When travelling from one country to another, two questions arise: Is the passport genuine? Is the passport holder the right person? Therefore, a travel document s purpose is quite straight forward: To prove traveler s identity by presenting an official document issued by a trustworthy organization. The primary objective is hence to guarantee the authenticity of a travel document Counterfeiting official documents has always existed. More and more features were implemented to enhance security of documents, from reinforcement of physical anti-counterfeiting mechanisms like Optically Variable Devices (OVD), invisible ink, micro printing, etc. to the Machine Readable Travel Document (MRTD), enabling automated verification through Optical Character Recognition (OCR). Figure 1 The MRTD The latest evolution has been the electronic passport, which makes use of smart card technology to increase security. The second objective is to verify traveller s identity. Besides the fact whether a document is authentic or not, the other important information is to make sure that the passport holder is the one indicated in the (official) document. 5
6 To achieve this, real-time comparison between captured traveler biometrics and stored personal data can prove unambiguously the identity of the individual. These two objectives represent the daily business for Border Control Systems, implying important human and technological investments to maintain security. Thus the issuance and inspection of unforgeable, unambiguously verifiable travel documents is a key driver for all Nations to enable free movement of their citizens abroad and to control migration. 4 THE ELECTRONIC PASSPORT 4.1 Proven Technology The electronic passport or electronic Machine Readable Travel Document (e-mrtd) is a paper document embedding a contactless smart card and antenna in order to be read by a terminal, also known as the Inspection System. Using a smart card chip allows to store data in a tamper proof device and thus make it de-facto impossible to copy and counterfeit personal data. Figure 2 Scheme of an e-passport Personal Data (Photo and machine Readable Zone, MRZ) is digitally signed and at personalization phase stored on the Passport s smart card chip. By combining chip technology with cryptography and Public Key Infrastructure (PKI) one can achieve two principle goals of information security: Authentication: Data is digitally signed by a state authority s (secret) key and can be thus verified by cryptographic means. Confidentiality: Based on Mutual Authentication mechanisms only authorized systems are able to read out personal data. Depending on the criticity of information, different levels of access control can be used. 6
7 4.2 An International Standard The International Civil Aviation Organization (ICAO) has published in 2005 international standards for electronic Machine Readable Travel Documents and electronic Visas. It specifies through a set of documents all technical details of an electronic passport, enabling thus countries to verify that a foreign electronically secured travel document is authentic. This specification is known as ICAO Document For proving traveler identity, fingerprints and iris have been chosen as most viable and economically reasonable biometric verification data (optional datagroups DG3 and DG4 defined by ICAO specifications). The European Union has elaborated a scheme where these biometric data are protected and subject to a particular access control mechanism. In order to be able to read out fingerprints or iris information, a dedicated infrastructure has been specified in EU-TR We therefore speak of an electronic biometric passport, aka biometric passport. It has to be underlined, as fingerprint and iris are optional datagroups. Therefore, not all electronic passports are biometric, but all biometric are by definition electronic passports. In 2010, a European Decrete was published asking member countries to issue electronic passports with additional optional biometrics stored and protected by Extended Access Control. Several other countries outside Europe did also deploy biometric passports, for instance in Africa and Middle East. 4.3 A World Wide Success Story The electronic passport has definitely demonstrated to be by far the most successful international e-id endeavor at present. Since the very first deployments in 2005, projects were implemented all over the world with nowadays 101 out of 193 member countries issuing more than 500 Million electronic travel documents (cf. ICAO MRTD Report Q2/2013). The other are issuing Machine Readable Travel Documents (MRTD) or even still paper based ones (approx. 20 countries). ICAO has issued a deadline for paper based documents that will have to be at least MRTD by November 24th of This evolution is based on extensive efforts in standardization and security, allowing to use an e-passport all over the world. Driven by governmental regulations, all regions are concerned. Especially in countries where control of migration constitutes a real challenge, the electronic travel document allows to manage more efficiently the free movement of individuals. 7
8 Figure 3 ICAO Statistics Given ICAO s projection of air traffic, which will increase by 113% in 2030, we can expect new challenges for all countries, making Automated Border Control necessary in order to reduce check-in time. Verification of traveler s biometrics will become a neccesisity to increase processing throughput and security. 4.4 One document Several projects When analyzing the electronic passport in detail, one has to underline that it is a phased project approach. Indeed, producing the electronic document is only one part of the global picture. Managing the issuing request beforehand and implementing inspection for usage in-the-field are as important as issuance. They present real benefits for government and citizens and are large opportunites for a whole e-id ecosystem. Figure 4 depicts these phases: Figure 4 e-passport Projects Phases 8
9 1 Enrolment In this phase all personal data are gathered to issue the passport. Typically, capturing biometrics and proof of identity are main topics. 2 Production The physical document including smart card is manufactured. Datapage personalization with Machine Readable Zone and smart card chip electrical personalization are performed. 3- Inspection An e-passport has no value, if its e -security features are not exploited. Therefore a terminal infrastructure is deployed typically at border control to read out information for verification of document and traveler. 4 Exchange of Information Travel documents are by definition of international concern. Hence, setting up interoperable information systems is a necessity and natural evolution of all issuing countries. The ability to unambiguously verify foregin passports is as important as issuing ones. 5 SECURITY SOLUTIONS 5.1 Introduction As illustrated in previuos chapters the electronic passport has a variety of benefits, like increased protection against counterfeiting and accelerating traveler check-in procedures through automated procedures. Nonetheless, this only can be achieved if adapted security technology is implemented. Public Key Infrastructure (PKI) based on science (cryptography) and technology (Hardware and Software) has proven to be the best adapted choice. ICAO has clearly underlined this importance by making PKI usage mandatory for production and inspection of electronic travel documents. 5.2 Production As outlined in chapter 3.1, an electronic passport is used, amongst others, to store in digital form the same visible information (Photo, MRZ) which can be found in the datapage. To prevent fraud, this information is cryptographically signed by a dedicated server, accredited by a national authority. In ICAO terms these entities are called Document Signer (DS) and Country Signing Certification Authority (CSCA), as depicted in Figure 5. 9
10 Figure 5 e-passport Production System Technically the Document Signer is a Signature Server, which interfaces a personalization chain producing the passport. Passport data is signed by the DS in form of hashed data groups (DGs), so citizen related information is never exposed in clear text to the DS. In ICAO terms we talk about Logical Data Structure (LDS) which after signature becomes the Signature Object Data (SOD). The underlying PKI has therefore following objectives: - Producing signature services, performed by a DS. - Managing lifecycle of Document Signers digital identity, performed by the CSCA. All identities are implemented through X.509 v3 digital certificates. 5.3 Inspection Verification of Document Authenticity In order to prove the authenticity of an electronic passport, a two steps mechanism is used: 1) The Machine Readable Zone is read out by automatic means (OCR). 2) Based on this MRZ information, a session key is calculated and access granted to the chip containing the MRZ in digitally signed format 3) Digitally signed data is converted to plain text and compared to optically read out information in 1). This is achieved by using the Document Signer s public key included in its digital certificate and stored in the chip. 10
11 The access mechanism described in 2) is known as Basic Access Control (BAC). BAC has been showing some weaknesses against cryptographic attacks. Therefore a new protocol, the Supplemental Access Control has emerged and will be mandatory in Europe by end of 2014: SAC includes a chip specific Card Access Number (CAN) in the calculation of the access key and makes it therefore impossible to copy data from one chip to another. Through SAC, it is now possible to verify not only authenticity but also unicity of the electronic travel document. Basic Access Control and Supplemental Access Control are also defined as Passive Authentication. Figure 6 e-passport Passive Authentication Verification of Traveller Identity As stated in chapter 3.2, additional biometric data (fingerprint, iris) requires protection and can be accessed only after an Extended Access Control mechanism. According to specifications published by the European Union, these access rights are managed by a dedicated Public Key Infrastructure, as shown in Figure 7. Figure 7 EAC PKI for Terminal Authentication 11
12 The core element in this mechanism is the Mutual Authentication between epassport and Terminal (Inspection System). It ensures that only well identified entites talk to each other. In detail, the terminal verifies authenticity of the document through BAC or SAC (see chapter 4.3.1). Once the document is authentified, it verifies the identity of the terminal as follows: At production stage, the National Root Authority certificate is stored into the chip as a trusted reference, the trustpoint. All terminal digital identities are issued by a PKI, based on this Root CA as issuer. The passport compares the issuing root authority found in the terminal certificate chain with the trust point stored in his chip memory. If they are the same, so the terminal is authorized to read out biometric data. Thus, for managing Terminal Authentication, each country implements a PKI consisting of one National Root Authority (Country Verifying Certification Authority - CVCA) and an Intermediate Authority (Document Verifier Certification Authority - DVCA) which issues digital certificates to Inspection Systems (IS). Reflecting the smart card s technical capabilities, a particular certificate format based on ISO 7816-X standards has been choses, the Card Verifiable Certificate (CVC). Verifying the identity of a traveler means capturing his biometrics and comprare them to the one stored in the e-passport chip. By default, each country issues Inspection System digital identities to read out biometrics of their citizens, since they have stored the National Root CA. If foreign travel documents need to be read, the issuing foreign country must authorize other countrie s Inspection Systems and therefore issue certificates for foreign Inspection Systems. This can be defined as a cross certification, which means a forgeign authority generated a trustchain (i.e. a nested structure of Root CA + DV CA+ IS certificate). 5.4 Interoperability for International Information Exchange ICAO Public Key Directory (PKD) When verifying document authenticity, the validity of the Document Signer certificate must be checked to make sure that the passport has been produced by a valid environment (see chapter 4.2). This verification is of utmost importance when foreign epassports have to be checked. Border Control infrastructure must be able to analyze most recent data provided by every country for its issued documents. The ICAO defined PKI system foresees to publish Certificate Revocation Lists. It is thus possible to check whether a given Document Signer is valid or not. In order to establish an international repository where verification data is managed centrally, ICAO has set up the Public Key Directory (PKD) where all countries are encouraged to publish their reference data, as outlined in Figure 8. 12
13 Figure 8 ICAO PKD Use Case The PKD Board regroups all ICAO member countries which publish their national data into the system. Today (2013) almost 40 countries adhere to this system for information exchange and future schemes for air traffic check-in procedures rely heavily on Automated Border Control based on PKD connectivity. Other countries exchange their information by bilateral means (e.g. dimplomatic suitcase, etc.) or are not yet deploying border control systems for electronically verify e-passports Single Point of Contact (SPOC) Interoperability schemes are even more important when biometrics are concerned. Indeed, the inspection of foreign citizen personal data can only be performed with prior authorization by the issuing country. The European Union has therefore specified an international standard, known as CSN , to harmonize the (automated) exchange of IS certificates. This scheme is called Single Point of Contact (SPOC) and defines a secured communication protocol on international level, see Figure 9. Moreover, the Europen Common Policy settles workflows in order to define the interaction between a national EAC PKI and the national SPOC level. It has to be underlined that though SPOC is an European initiative, other countries have also implemented this approach. 13
14 Figure 9 SPOC Use Case 5.5 Future Trends LDS 2.0 Since several years, significant work has been done on ICAO level to encourage countries to implement electronic Machine Readable Travel Documents, known as the MRTD initiative. Latest standardization initatives are working on Logical Data Structure 2.0 (LDS 2.0) which in brief will enable post issuance of epassport data. The typical application field targets the electronic visa. From a PKI point-of-view, LDS 2.0 is an interesting use case, since the existing EAC infrastructure can be reused 100%. Today, EAC (Extended Access Control) is used to manage read rights. One can therefore imagine easily having a similar mechanism for write rights. The only thing which needs modification is a dedicated CV certificate type. Thus existing CVCA/DVCA infrastructure can be reused, with only minimal updates. This clearly encourages countries to move onto the biometric passport as standard deployment scheme of the nearest future Automated border control Deploying e-gates is already a reality in countries in Europe, Middle East and Asia and will become wide spread with the forseen increase of air traffic. 14
15 In order to tackle with the ever growing number of passenger at border control and check-in, two major evolutions are crucial: Possiblity of instant optical verification by human beings Fast, automatic verification of authenticity and identity of document and travelers. The airport is and extremely representative usecase: Border Control is required to make sure frontiers are respected and undesired individuals identified before entering a country. Airlines wish to accelerate check-in procedures for increase customer satisfaction and decreasing costs. Current and future PKI technology accompagnies these requirements by providing the most recent information at the point of verification, meaning when and where it is needed Evidence of Identification As shown in previous chapter, the electronic passport has become extremely difficult to counterfeit given ways to protect production and allow detection of false and lost or stolen documents. Naturally, fraudsters focus nowadays on the weakest elements of the issuance scheme, which are the so-called breeder documents, which means all paper based identification proofs, such as birth certificates, driving licence, ID cards. In has been estimated that in one European country up to 1 Million e-passports could have been obtained by frauded breeder documents. ICAO has identified the breeder document phenomenon as a core subject for future programs. As the last years were dedicated to the promotion of e-mrtd production with support for standards comprehension and best practices for issuance, the next years will see a focus for usage and inspection. Thus, the Traveler Identification Program (TRIP) has been set up by ICAO to reflect the concerns. A special group for Evidence of Identification has been created where best practices and technology aspects are analyzed. Hence this wide spread issue is source for different possible technical solutions ranging from dematerialization of the production request to chip based breeder documents such as the e-driving Licence. A clear trend towards PKI based solution is visible. With already toady existing technology highly reliable systems can be set up to prevent weaking the issuance scheme through lower security in enrollment. Biometry, PKI based authentication and digital signature of sealable and therefore unmodifiable application forms are quick wins and easy to be set up. Fast evolving mobile solutions can contribute to better user experiences. The challenge today for Evidence of Identification is to get hold of the right technology for the most appropriate usage. 6 DEPLOYMENT SCENARIOS As shown in chapter 3.4, an e-passport project runs through different stages, depending on the primary objective of a Nation at a given timeframe. Experience shows that the hereunder listed phases may be combined, but none of them is omitted during a project life cycle. 15
16 6.1 Phase 1 - Production System The most straight forward approach and today widely implemented, is sheer production of electronic passports. The datapage information is transformed, digitally signed and stored into the contactless smart card chip, as described in chapter 4.2. A typical PKI System can be set up with only few investments, consisting of a Country Signing CA (CSCA) and a Document Signer, as depicted herunder: Figure 10 PKI for Production 6.2 Phase 2 - EAC-Ready Approach If a country wishes to include also biometrics into the passport, the EAC scheme has to be deployed. In case of issuance only (inspection of these biometrics will be done in the future), one can limit investments to an EAC-ready approach. This means that only production relevant items are to be implemented, namely the Country Verifying Root Certification Authority (CVCA), known as the Trustpoint and stored into the epassport chip. Figure 11 shows this approach: 16
17 Figure 11 PKI for Production (incl. EAC) 6.3 Phase 3 - Fully Operational Inspection Infrastructure In a nationwide initiative of in-the-field verification, a country needs to deploy a complete Border Control Infrastructure with fix and mobile Inspection Systems and terminals. This will imply, besides an information system and database projects, also a full fledge EAC PKI with CVCA and online DVCA to interface Inspection System terminals of the Border Control Infrastructure.. Since Production and Verification are managed by independent PKI Systems, one can simply deploy one PKI after the other without any problems. Figure 12 EAC PKI for Inspection 17
18 6.4 Phase 4 - Platforms for International Information Exchange Once a country has managed to issue and verify passport from a domestic point of view, it neccessairly wants to be able to verify foreign documents and facilitate citizens to travel abroad. At this stage interoperability comes up. The evident advantage of a country to stick to ICAO compliance is key in this scenario, since Document 9303 compliance will assure that citizen can travel securely and with peace in mind. The ICAO PKD enables propagation of most recent verification data to make sure that the travel document is authentic. A country interfaces with the ICAO PKD through its National PKD, which synchronizes data between the domestic and international level. Here again, the deployment of a National PKD infrastructure can be done in a second step and is not mandatory at production stage. Figure 13 PKD System The same need for interoperability applies to electronic biometric passports where countries exchange their autorizations in order to read out biometrics. Thus, two countries are able to verify the identity of the other country s citizens and vice-versa. Based on the Europen Common Policy, all EU countries are guided towards the usage of SPOC as the sole automatic means to exchange data. Therefore SPOC can be considered as a natural upgrade of EAC PKI and is deployed separately. 18
19 7 CONCLUSION E-Passport projects are well defined, clearly guided programs and highly visible initiatives, for which citizens massively buy in. Given the relatively short timeframe, one can clearly consider this as extraordinary success story. Within only ten years, more than half of the globe is now issuing electronic travel documents and has reduced fraud significantly. ICAO, as the federating organization does a lot of promotion and helps through different working groups to better understand and deploy elelctronic travel document programs. A Nation wishing to set up electronic passport projects can rely on public and private actors for providing consultancy, hardware and software equipment. Besides security, the other advantage brought by e-passports is the ability to automate check-in procedures.* With a 113% increase of air traffic volumes by year 2030, all implied actors look for ways to tackle with this increase. Automated Boarder Control systems have been designed for this scope and will contribute to avoid travelers from long check-in procedures. As travelling by definition means cross border information exchange, no e-passport project can neglect this aspect. Interoperability is required not only for being sure that national documents are recognized abroad, but also to be able to detect false foreign passports. To sum this withepaper up, our recommendations are as follows: 1 Get informed ICAO publishes a lot of information about standards, best practices and background information. Experts and Working groups are set up to make sure that standards are reviewed and that countries get help to set up programs. ICAO s TAG (Technical Advidsory Group), NTWG (New Technology Working Group) and ICBWG (Implementation Capacity Building Working Group) are organizing regular meetings. The PKD Board does a lot of promotion to help countries joining the directory. A lot of valuable information can be found. 2 Learn from existing deployments No need to reinvent the wheel. Countries all over the world have implemented e-passports and generally follow proven methodologies. Industrial solutions exist and are proven. Be part of ICAO s working groups. Especially institutions like the PKD are ideal to share experience and follow latest technological evolutions. 3 Think long term strategy Shifting from paper to electronic is a major step. Setting up enrollment infrastructure needs planning. Think about the country s long term position and evaluate whether electronic passport is sufficient or if it could be better to go for additional biometrics. At least production wise, to be preparded for future traveler identification programs. 19
20 4 Consider e-passport not as one single project As stated in this paper, e-passport projects run trough different phases and don t neccessarilly have to be coupled immediately. On the other hand, they are often the first step of a governmental e-id strategy and set milestones. 5 Pay attention to breeder documents As outlined in chapter 5.5.3, fraud attempts shift from e-passport counterfeiting to all paper based proofs at the enrollment process. Analyze your workflows and infrastructure and strengthen it. There are a lot of ways to do so, and the most successful approach is to combine technology with process. Secure Printing, PKI, Databases, etc. 6 Choose carefully your Public Key Infrastructure Last, but not least, it shall be underlined that PKI is the backbone of epassport system security. Hence governments seeking for a reliable, yet evolutive and secure solution shall consider following subjects: e-passport means several PKIs Secure the production process, issue terminal certificates, create National Root Certification Authorities are different domains. Choose systems and providers which have a complete offer and not just some bricks e-passport means Processes There are several type of PKI documents to create and even standard ones need careful attention. Choose professional companies that either do the work for you or assist you in setting them up. PKI is not only software, but even more a question of expertise. e-passport means Interoperability As stated in chapter 5.4, electronic travel documents only develop their full potential by sharing verification data on international cross border level. It is therefore of utmost importance that your PKI provider cover also these aspects in his offer. e-passport means References It is always a good indication to analyse the number and type of references of a PKI solution. Compared to single customer/single market enterprises, a company with proven record of project deployments in different countries and regions has certainly more experience and the capacity to cope with changing environments. 20
21 8 acronyms Acronym Definition AA Active Authentication. Challenge-Response protocol to authentify the unique epassport. BAC EAC e-mrtd CSCA DS PKD CVCA DVCA DV HSM IS LDS MRTD MRZ OCSP PKI PA TA TSA RA Basic Access Control. Procedure to grant read access to epassport (MRZ) in a well-defined protocol using symmetric algorithms. Extended Access Control. Procedure to grant access to epassport (biometric data) in a specified protocol using asymmetric algorithms Electronical Machine Readable Travel Document, the e-passport. Country Signer Certification Authority The ICAO designation of the state root authority who signs the certificates of the Document Signer machines Document Signer The ICAO designation of the machines that sign electronic passports Public Key Directory Country Verifying Certification Authority Document Verifier Certificate Authority Document Verifier (DV = DVCA) Hardware Security Module A cryptographic resource which creates, hosts and operates signature keys Inspection System. Entity that is in charge of reading out relevant data from the emrtd. Logical Data Structure The ICAO designation for the format of the signed data groups that make up an electronic passport, as defined by ICAO Machine Readable Travel Document. Machine Readable Zone Online Certificate Status Protocol. Communication Protocol indication the validity status of a certificate in realtime. Public Key Infrastructure «Passive Authentication». Protocol to verify the authenticity of an e-passport Terminal Authentication. Protocol to authentify the Terminal (IS) by means of its certificate. TimeStamping Application. Service producing a signed token, certifying the exact time. Registration Authority. Entity in charge of validation of certificate requests and the identity of the requester. 21
22 9 REFERENCES [ICAO1] ICAO Document 9303 Part 1 Vol 1 [ICAO2] ICAO Document 9303 Part 1 Vol 2 [ICAO3] ICAO Document 9303 Part 2 [ICAO4] ICAO Document 9303 Part 3 Vol 1 [ICAO5] ICAO Document 9303 Part 3 Vol 2 [ICAO6] Supplement to Document 9303 Release 11, 28/11/2011 [BSI1] BSI TR_03110 v1.11 [SPOC1] ČESKÁ TECHNICKÁ NORMA, Information technology Country Verifying Certification Authority Key Management Protocol for SPOC, ČSN , ed. A, Prosinec 2009 [FRONTEX1] Operational and Technical Security of Electronic Passports, FRONTEX, Warzaw July
23 ABOUT THE AUTHOR Dan Butnaru is an expert in e-id and e-government subjects. At OpenTrust Marketing department, he is is in charge of the Trusted Identity Product Line and responsible for the market segments e-passport, e-id, and e-government. Dan has been working since 20 years for R&D, Marketing, and Business Development, in the field of cryptographic smart cards, IT solutions, e-banking and Public Key Infrastructures in different companies. He is a regular speaker in world renowned eid conferences and has published several articles. Dan holds a degree in Electrical Engineering and Control Theory from the Darmstadt University of Technology, Germany. In case of comments or further questions, please contact Dan at dan.butnaru@opentrust.com 23
Implementation of biometrics, issues to be solved
ICAO 9th Symposium and Exhibition on MRTDs, Biometrics and Border Security, 22-24 October 2013 Implementation of biometrics, issues to be solved Eugenijus Liubenka, Chairman of the Frontiers / False Documents
More informationPreventing fraud in epassports and eids
Preventing fraud in epassports and eids Security protocols for today and tomorrow by Markus Mösenbacher, NXP Machine-readable passports have been a reality since the 1980s, but it wasn't until after 2001,
More informationElectronic machine-readable travel documents (emrtds) The importance of digital certificates
Electronic machine-readable travel documents (emrtds) The importance of digital certificates Superior security Electronic machine-readable travel documents (emrtds) are well-known for their good security.
More informationOperational and Technical security of Electronic Passports
European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union Operational and Technical security of Electronic Passports Warsaw, Legal
More informationSecurity by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA
Security by Politics - Why it will never work Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Agenda Motivation Some basics Brief overview epassport (MRTD) Why cloning? How to attack the
More informationTHE LEADING EDGE OF BORDER SECURITY
THE LEADING EDGE OF BORDER SECURITY RECORD-BREAKING TRAVEL CREATING NEW CHALLENGES TIM KLABUNDE Entrust Datacard; Director, Government Vertical Marketing THE ERA OF THE MOBILE IDENTITY In an increasingly
More informationBest Solutions for Biometrics and eid
Best Solutions for Biometrics and eid In times of virtual communication even a person s identity is converted into an electronic form with the help of biometrics and then organised through intricate technical
More informationMoving to the third generation of electronic passports
Moving to the third generation of electronic passports A new dimension in electronic passport security with Supplemental Access Control (SAC) > WHITE PAPER 2 Gemalto in brief Gemalto is the world leader
More informationEstablishing and Managing the Schengen Masterlist of CSCAs
Establishing and Managing the Schengen Masterlist of CSCAs Big City 21/04/2015 European Commission Directorate-General HOME Unit B3 Information Systems for Borders and Security Richard.Rinkens@ec.europa.eu
More informationEvidence of Identity: Breeder Documents and Beyond Barry J. Kefauver International national Standards ds Organization ation Why Care? A false passport in the hands of a terrorist is as dangerous as a bomb
More informationeidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke
eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke Agenda eidas Regulation TR-03110 V2.20 German ID card POSeIDAS Summary cryptovision mindshare 2015: eidas
More informationCOMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES
COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document
More informationPKD Board ICAO PKD unclassified B-Tec/37. Procedures for the ICAO Public Key Directory
Procedures for the ICAO Public Key Directory last modification final 1/13 SECTION 1 INTRODUCTION 1.1 As part of the MRTD initiative by ICAO, the Participants will upload to and download from the PKD, their
More informationFull page passport/document reader Regula model 70X4M
Full page passport/document reader Regula model 70X4M Full page passport reader with no moving parts inside. Automatic reading and authenticity verification of passports, IDs, visas, driver s licenses
More informationSub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013
Sub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013 Carlos Gómez Head of R&D and Innova.on, FNMT- RCM, Spain ICAO TRIP: Building Trust in Travel Document
More informationaddressed. Specifically, a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which a crypto-biometric key is derived from
Preface In the last decade biometrics has emerged as a valuable means to automatically recognize people, on the base is of their either physiological or behavioral characteristics, due to several inherent
More informationInformation about the European Union is available on the Internet. It can be accessed through the Europa server ( www.europa.eu).
European Agency for the Management of Operational Cooperation at the External Bo of the Member States of the European Union Best Practice Guidelines on the Design, Deployment and Operation of Automated
More informationBest Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council
Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity
More informationE-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption
Journal of Computer Science 6 (7): 723-727, 2010 ISSN 1549-3636 2010 Science Publications E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption Najlaa A. Abuadhmah,
More informationPKD Board ICAO PKD unclassified B-Tec/36. Regulations for the ICAO Public Key Directory
Regulations for the ICAO Public Key Directory last modification final 1/8 SECTION 1 AUTHORITY These Regulations are issued by ICAO on the basis of Paragraph 3 b) of the Memorandum of Understanding (MoU)
More informationMobile Driver s License Solution
Mobile Driver s License Solution Secure, convenient and more efficient Improved identity protection through secure mobile driver s licenses The introduction of a mobile driver s license is a huge opportunity
More informationPosition Paper European Citizen Card: One Pillar of Interoperable eid Success
Position Paper European Citizen Card: One Pillar of Interoperable eid Success October 2008 Disclaimer Eurosmart takes reasonable measures to ensure the quality of the information contained in this document.
More informationCommon Criteria Protection Profile
Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP) Version 1.01, 22th July 2014 Foreword This Protection Profile Electronic Passport using Standard Inspection procedure
More informationKeep Out of My Passport: Access Control Mechanisms in E-passports
Keep Out of My Passport: Access Control Mechanisms in E-passports Ivo Pooters June 15, 2008 Abstract Nowadays, over 40 different countries issue biometric passports to increase security on there borders.
More informationCase Studies. National Identity Management Commission (NIMC), Nigeria eid Consulting for national ID system
Case Studies National Identity Management Commission (NIMC), Nigeria eid Consulting for national ID system Royal Oman Police (ROP) of the Sultanate of Oman eid Consulting for e-passport system Federal
More informationEnd-to-end security with advanced biometrics technology
www.thalesgroup.com Identity Management End-to-end security with advanced biometrics technology Challenges and opportunities New environment With the explosion in personal mobility and growing migratory
More informationEnd-to-end security with advanced biometrics technology
www.thalesgroup.com Identity Management End-to-end security with advanced biometrics technology Challenges and opportunities With the explosion in personal mobility and growing migratory flows, governments
More informationesign Online Digital Signature Service
esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities
More informationPublic Key Directory: What is the PKD and How to Make Best Use of It
Public Key Directory: What is the PKD and How to Make Best Use of It Christiane DerMarkar ICAO Programme Officer Public Key Directory ICAO TRIP: Building Trust in Travel Document Security 19/10/2015 Footer
More informationCombatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs
Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs 1 GOVERNMENTS ADOPTING DIGITAL STRATEGIES Governments designing/operating digital ecosystems to create, transform and optimize
More informationLandscape of eid in Europe in 2013
Landscape of eid in Europe in 2013 July 2013 Eurosmart White Paper Contents Executive Summary 3 1. Purpose of the document 3 2. EU regulation 3 3. EU Member States identification policies 4 3.1. National
More informationInternational Civil Aviation Organization ASSEMBLY 38TH SESSION EXECUTIVE COMMITTEE
A38-WP/11 17/05/13 International Civil Aviation Organization WORKING PAPER ASSEMBLY 38TH SESSION EXECUTIVE COMMITTEE Agenda Item 16: Facilitation and Machine Readable Travel Documents PROPOSAL FOR AN ICAO
More informationTransaction Security. Advisory Services
Transaction Security Advisory Services Your independent, trusted partner for transaction security technology Welcome to UL UL is a world leader in advancing safety with over a hundred years of history.
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationA Note on the Relay Attacks on e-passports
A Note on the Relay Attacks on e-passports The Case of Czech e-passports Martin Hlaváč 1 and Tomáš Rosa 1,2 hlavm1am@artax.karlin.mff.cuni.cz and trosa@ebanka.cz 1 Department of Algebra, Charles University
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Version 1.0 Date - April 7, 2011 Published by authority of the Secretary General ICAO/NTWG SUB-WORKING GROUP FOR NEW SPECIFICATIONS td1 CARD File Author
More informationDefending the Internet of Things
Defending the Internet of Things Identity at the Core of Security +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Challenge: protecting & managing identity Page 4 Founders of identity
More informationGOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.
PERSONAL IDENTITY VERIFICATION (PIV) OVERVIEW INTRODUCTION (1) Welcome to the Homeland Security Presidential Directive 12 (HSPD-12) Personal Identity Verification (PIV) Overview module, designed to familiarize
More informationMeet The Family. Payment Security Standards
Meet The Family Payment Security Standards Meet The Family Payment Security Standards Payment Processing Electronic payments are increasingly becoming part of our everyday lives. For most people, it can
More informationDeputy Chief Executive Netrust Pte Ltd
ICAO Public Key Directory R Rajeshkumar R Rajeshkumar Deputy Chief Executive Netrust Pte Ltd The trust imperative E-Passports are issued by entities that assert trust Trust depends on the requirements
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS (Logo) TECHNICAL REPORT PKI for Machine Readable Travel Documents offering ICC Read-Only Access Version - 1.1 Date - October 01, 2004 Published by authority of the Secretary
More informationSmart Tiger STARCHIP SMART TIGER PAYMENT PRODUCT LINE. Payment. STiger SDA. STiger DDA. STiger DUAL
PAYMENT CATALOG Smart Tiger Payment STiger SDA Static or Java Card Modules offer for Contact SDA markets STARCHIP SMART TIGER PAYMENT PRODUCT LINE is a versatile compound of a Highly Secure Microcontroller,
More informationWhite Paper PalmSecure truedentity
White Paper PalmSecure truedentity Fujitsu PalmSecure truedentity is used for mutual service and user authentication. The user's identity always remains in the possession of the user. A truedentity server
More informationUnderstanding Digital Signature And Public Key Infrastructure
Understanding Digital Signature And Public Key Infrastructure Overview The use of networked personnel computers (PC s) in enterprise environments and on the Internet is rapidly approaching the point where
More informationSECURE IDENTITY MANAGEMENT. Globally recognised identity management expertise
w w w. t h a l e s g r o u p. c o m SECURE IDENTITY MANAGEMENT Globally recognised identity management expertise Integrated identity management solutions As a global technology leader for the Aerospace
More informationNIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics
NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics Jan Krhovják Outline Introduction and basics of PIV Minimum
More informationesign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?
esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents
More informationEnd-To-End Security, Broad Usage and Return on Investment. Three Pillars of Success for eid
ID WORLD Abu Dhabi 18-19 March 2012 Secure ID in the Digital World Dan Butnaru Product Manager Keynectis End-To-End Security, Broad Usage and Return on Investment. Three Pillars of Success for eid Organized
More informationIDENTITY SOLUTIONS END-TO-END SYSTEMS SOLUTIONS TO PROTECT IDENTITIES AND SECURE ACCESS FOR A MOBILITY WORLD
IDENTITY SOLUTIONS END-TO-END SYSTEMS SOLUTIONS TO PROTECT IDENTITIES AND SECURE ACCESS FOR A MOBILITY WORLD 8 BILLION IDENTITY DOCUMENTS IN CIRCULATION IN 2014 END-USER BENEFITS OT invents products and
More informationModular biometric architecture with secunet biomiddle
Version 2.1 Modular biometric architecture with secunet biomiddle White Paper Version 2.0, 25/03/10 secunet Security Networks AG Copyright 2010 by secunet Security Networks AG This document is for information
More informationCommon Criteria Protection Profile. Electronic Identity Card (ID_Card PP) BSI-CC-PP-0061. Approved by the Federal Ministry of Interior. Version 1.
Common Criteria Protection Profile Approved by the Federal Ministry of Interior Version 1.03, 1 Common Criteria Protection Profile Version 1.03, Foreword This Protection Profile is issued by Bundesamt
More informationINTRODUCTION AND HISTORY
INTRODUCTION AND HISTORY EMV is actually younger than we all may think as it only became available, as a specification that could be implemented, in 1996. The evolution of EMV can be seen in the development
More informationBanking. Extending Value to Customers. KONA Banking product matrix. KONA@I is leading the next generation of payment solutions.
Smart IC Banking Banking Extending Value to Customers KONA Banking product matrix Contact - SDA Product EEPROM Java Card Type KONA Products KONA@I is leading the next generation of payment solutions Banks,
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationCommon Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP-0064. Version 1.01 (15 th April 2010)
Common Criteria Protection Profile for BSI-CC-PP-0064 Version 1.01 (15 th April 2010) Federal Office for Information Security Postfach 20 03 63 53133 Bonn Phone: +49 228 99 9582-0 e-mail: zertifizierung@bsi.bund.de
More informationStatewatch Briefing ID Cards in the EU: Current state of play
Statewatch Briefing ID Cards in the EU: Current state of play Introduction In March 2010, the Council Presidency sent out a questionnaire to EU Member States and countries that are members of the socalled
More informationOpinion and recommendations on challenges raised by biometric developments
Opinion and recommendations on challenges raised by biometric developments Position paper for the Science and Technology Committee (House of Commons) Participation to the inquiry on Current and future
More informationAdvanced Security Mechanisms for Machine Readable Travel Documents and eidas Token
Technical Guideline TR-03110-4 Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token Part 4 Applications and Document Profiles Version 2.20 3. February 2015 History Version
More informationState of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008
State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008 Background In the last ten years Arkansas has enacted several laws to facilitate electronic transactions
More informationEfficient Implementation of Electronic Passport Scheme Using Cryptographic Security Along With Multiple Biometrics
I.J. Information Engineering and Electronic Business, 2012, 1, 18-24 Published Online February 2012 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijieeb.2012.01.03 Efficient Implementation of Electronic
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationIDENTIFICATION Morpho Driver s license Solution for governments and road traffic authorities
IDENTIFICATION Morpho Driver s license Solution for governments and road traffic authorities Morpho Driver s license Solution for governments and road traffic authorities Governments are looking for an
More informationEPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION
COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...
More informationAudio: This overview module contains an introduction, five lessons, and a conclusion.
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
More informationSecure Web Access Solution
Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...
More informationRF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:
More information1.1.1 Introduction to Cloud Computing
1 CHAPTER 1 INTRODUCTION 1.1 CLOUD COMPUTING 1.1.1 Introduction to Cloud Computing Computing as a service has seen a phenomenal growth in recent years. The primary motivation for this growth has been the
More informationEuropean Electronic Identity Practices
European Electronic Identity Practices Country Update of Austria Speaker: Herbert Leitold Date: 9 Nov 2004 PART I: Overview Table of contents Overview of Citizen Card initiatives and its status (Summary
More informationDiscover Germany s Electronic Passport
Discover Germany s Electronic Passport Starting 1 Nov. 2007 E-Passport 2nd Generation www.epass.de 1 Introducing Germany s e-passport If you want to know why there are electronic passports and how to recognize
More informationPublic Key Cryptography in Practice. c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13)
Public Key Cryptography in Practice c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent
More informationNew Attacks against RFID-Systems. Lukas Grunwald DN-Systems GmbH Germany
New Attacks against RFID-Systems Lukas Grunwald DN-Systems GmbH Germany Agenda What is RFID? How to exploit and attack RFID systems Attacks against the middleware Reader-emulation, soft-tags Unexpected
More informationFighting product clones through digital signatures
Paul Curtis, Katrin Berkenkopf Embedded Experts Team, SEGGER Microcontroller Fighting product clones through digital signatures Product piracy and forgery are growing problems that not only decrease turnover
More informationExecutive Summary P 1. ActivIdentity
WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they
More informationComplete. security. begins with 3M
Complete security begins with : Global Helping to protect people, documents and goods Leadership in the Security Industry For more than 30 years, Security has been a trusted partner, helping governments
More informationEMV-TT. Now available on Android. White Paper by
EMV-TT A virtualised payment system with the following benefits: MNO and TSM independence Full EMV terminal and backend compliance Scheme agnostic (MasterCard and VISA supported) Supports transactions
More informationACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD
DELIVERS PEACE OF MIND PRODUCT FLYER ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD ENABLE FULL SUPPORT OF THE MOBILE PAYMENTS PROCESS FOR EMBEDDED
More informationMobile Financial Services Business Ecosystem Scenarios & Consequences. Summary Document. Edited By. Juha Risikko & Bishwajit Choudhary
Mobile Financial Services Business Ecosystem Scenarios & Consequences Summary Document Edited By Juha Risikko & Bishwajit Choudhary Mobey Forum Mobile Financial Services Ltd. Disclaimer: This document
More informationBiometrics for Public Sector Applications
Technical Guideline TR-03121-2 Biometrics for Public Sector Applications Part 2: Software Architecture and Application Profiles Version 2.3 Bundesamt für Sicherheit in der Informationstechnik Postfach
More informationDoc. Machine. authority
Doc 93033 Machine Readable Travel Documents Seventh Edition, 2015 Part 9: Deployment of Biometric Identification and Electronic Storage of Data in emrtds Approved by the Secretary General and published
More informationSecure Shell User Keys and Access Control in PCI-DSS Compliance Environments
A Secure Shell Key Management White Paper Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments Emerging trends impacting PCI-DSS compliance requirements in secure shell deployments
More informationIDaaS: Managed Credentials for Local & State Emergency Responders
IDaaS: Managed Credentials for Local & State Emergency Responders NextgenID ID*TRUST Platform NextgenID - Headquarters USA 10226 San Pedro, Suite 100 San Antonio, TX 78216 +1 (210) 530-9991 www.nextgenid.com
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationCertificates. Noah Zani, Tim Strasser, Andrés Baumeler
Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate
More informationTHE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP
THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit
More informationID Document Scanning and Biometric Solutions
ID Document Scanning and Biometric Solutions PRODUCT CATALOGUE Contents ID DOCUMENT SCANNING & BIOMETRIC SOLUTIONS Advanced ID document reading solutions Typical applications ID document scanning process
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More informationView from a European Trust Service Provider Server Signing: Return of experience and certification strategy
View from a European Trust Service Provider Server Signing: Return of experience and certification strategy January 16, 2014 - Berlin Thibault de Valroger VP Strategy & Development OPENTRUST Thibault.devalroger@opentrust.com
More informationCompany Overview. Iraq: Activities & Experience
Company Overview Iraq: Activities & Experience SAFE ID Solutions AG 2009 SAFE ID Management Board Omar El Gohary Executive Vice President Operations Long year leadership and operational experience with
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationPostSignum CA Certification Policy applicable to qualified personal certificates
PostSignum CA Certification Policy applicable to qualified personal certificates Version 3.0 7565 Page 1/60 TABLE OF CONTENTS 1 Introduction... 5 1.1 Review... 5 1.2 Name and clear specification of a document...
More informationFOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM
FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM Four Pillars that HSPD-12 Programs must consider for a secure, efficient, interoperable PIV enterprise deployment. Continued HSPD-12 Implementation under OMB
More informationPOSITION PAPER. The Application of Biometrics at Airports PUBLISHED BY ACI WORLD HEADQUARTERS GENEVA SWITZERLAND
POSITION PAPER The Application of Biometrics at Airports PUBLISHED BY ACI WORLD HEADQUARTERS GENEVA SWITZERLAND Dear ACI Members and World Business Partners, With the increasing need for secure personal
More informationBreeder documents closing the gap in the identity management chain. Christian Wagner VP SDM Government Washington, March 23, 2015
Breeder documents closing the gap in the identity management chain Christian Wagner VP SDM Government Washington, March 23, 2015 INTERNET OF THINGS IS RISING Five-Year (2014-2019) CAGR 57% 2014, Business
More informationWhite Paper. Cloud Signing vs. Smartcard Signing
White Paper Cloud Signing vs. Smartcard Signing 1. Introduction 2. What is the Goal? What is driving successful Electronic Commerce and e-government solutions? The answer is simple: useful applications
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationPUF Physical Unclonable Functions
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
More informationSOLUTIONS FOR HEALTHCARE PROFESSIONALS AND GOVERNMENTS
SOLUTIONS FOR HEALTHCARE PROFESSIONALS AND GOVERNMENTS The number of people in need of medical care in the world is continuously increasing, as evidenced by the evolving demographic outlook in both developed
More informationEuropean Electronic Identity Practices Country Update of Portugal
European Electronic Identity Practices Country Update of Portugal Speaker: Anabela Pedroso anabela.pedroso@umic.pt Date: 3 November 2006 1. Status of National legislation on eid Are eid specific regulations
More information