PERSONALIZATION AS A KEY PROCESS IN ELECTRONIC ID DOCUMENT ISSUING PROGRAMS Alexander Popov, X INFOTECH Presentation Title cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1
Content Personalization process evolution Personalization process steps Extensive possibilities of personalization process Centralized and de-centralized personalization Risks and challenges. Potential shortcomings Challenges & Recommendation for eid/epp projects 2
Personalization process 3
Personalization process evolution BAC STANDARD CSCA, Document Signer and PKI functionality was introduced with BAC SAC STANDARD Protection and usage scenario were further improved with SAC PAPER DOCUMENTS Former paper documents didn't have any cryptography elements EAC STANDARD CVCA, Document Verifier, Terminal Authentication and Fingeprint verification was introduced with EAC 4
Personalization process`s steps Generation of ICAO data groups (Data Preparation) Writing of prepared data to the chip (Chip Encoding) Quality Control (Quality of personalized documents) Data Verification (Mandatory/option al components, data types, formats, etc.) Generation of ICAO security objects (Document Signer) Graphic Personalization (visual elements) 5
Extensive possibilities of personalization process Issuing of document in different periods Depending on document type and customer wish Centralized / Decentralized issuing You can issue documents on site or in distributed scheme Issuing of different document types Different delivery methods and destinations Citizen Passports, child, diplomatic passports, temporary documents etc.) Passport office, embassy, by post 6
Extensive possibilities of personalization process Quality check The result of personalization must be checked Adjustable workflow Workflow can be adjusted to personalize different documents in different ways Interfacing with Population register Evidence of document initial conditions Receiving and processing of document personalization requests Picture of ready document as personalization evidence 7
Centralized and de-centralized personalization ENCHANCED SECURITY AND ADDITIONAL FUNCTIONALITY Every document has to be digitally signed, regardless of personalization mode (centralized/de-centralized) Remote personalization offices have to renew their DocSigner certificates on a periodic basis White/black lists for personalization of passports in centralized/de-centralized environments (only passports with recognized Chip Serial Numbers can be personalized) De-centralized personalization can be used for example for issuing of temporary documents, with limited validity period and with or w/o fingerprints 8
Risks and challenges. Potential shortcomings 9
Risks and challenges. Potential shortcomings Human interaction mistakes can lead to system failures in document personalization and issuing process Ineffective document production system Impossible to track errors for large scale of information flows caused by external system (data input) and data preparation Graphical and chip data can be mixed 10
Risks and challenges. Potential shortcomings Issuing of incorrectly personalized documents or production of duplicates Document types and booklets are mixed (e.g. regular passport is personalized on Diplomatic booklet) Lack of stock control over booklets at warehouses and during the process Lack of flexibility for adapting to changes in international standards and requirements 11
Challenges & Recommendation for eid/epp projects 12
Challenges & Recommendation for eid/epp projects FULL CONTROL AUTOMATIC PROCESS Ability to control complete project and operating system Automatically supports different document types and personalization process without re-programming CHIP AND OS INDEPENDENT HW AGNOSTIC SYSTEM Supply multiple chips simultaneously with chip recognition function on perso machine Unrestrained to particular perso machine or document reader 13
Challenges & Recommendation for eid/epp projects ACCESS TO MASTER KEYS & PKI Access to master key & PKI to manage digital certificates CONTROL OF COMPONENT PROCUREMENT Operating system agnostic to hardware INTEROPERABILITY Option to interface external system via API interface INTRODUCTION OF NEW edocuments Fast & efficient introduction of new documents using the same system 14
Challenges & Recommendation for eid/epp projects FUTURE PROOF SOLUTION ADJUSTABLE SYSTEM e-visa, e-signature on epassports and multifunctional eid Configuration between central personalization and instant /distributed eid document issuing POST ISSUING SYSTEM Post issuing update of eid card chips Document verification SUPPORT FOR FUTURE CHANGES Support for future changes of international standards for eid documents 15
Challenges & Recommendation for eid/epp projects ROBUST SYSTEM Capability to handle large volume of data SECURE SYSTEM ACCESS Different authentication methods PROCESS MANAGEMENT Manageable workflow process by configuration COMPLIANCE WITH ICAO INTERNATIONAL STANDARDS Compliance with specifications aligned by international standards 16
Challenges & Recommendation for eid/epp projects INTEGRATED QUALITY ASSURANCE Automated or manual process STOCK MANAGEMENT Option to use internal or to integrate with any external inventory management system PRODUCTION MANAGEMENT SYSTEM MODULAR APPROACH OF SYSTEM Transparency and tracing of document production steps (incl. distribution and activation) Capability to combine solution componens 17
About the company 18
About the company Company age: 8 Global Footprint: 100+ customers in 40+ countries Sectors: Government, Banking and Mobile Experience: 200 completed projects Complete solutions for all kind of electronic ID documents, smart cards including contact and contactless cards, public transport, social projects, healthcare and access control 19
Solution and services Issuing Turnkey solutions for biometric enrollment, issuing, managing and verification of electronic ID documents Our software solution: SECURE FLEXIBLE MODULAR Services: integration, custom SW development, GAP analysis, maintenance MultiPerso for ID document life cycle management Enrolment 20
Global footprint Latvia Sweden Netherlands Italy Bangladesh Ethiopia Libya Estonia Finland Bulgaria Kazakhstan Kenya UAE Macedonia Lithuania Norway Austria Saudi Arabia Jordan Guatemala Egypt Poland Germany Switzerland Azerbaijan Ukraine Armenia Ireland 21
Our projects 22
Our projects epassport in Ireland (y.2013) About: Introduction of BAC electronic passport and document issuing system replacement Solution: Production management, Personalization solution eid card (y.2014) in Moldova About: Implementation of internal eid card to be used for e-government services Solution: Data Preparation, Personalization solution, Cards Production Management, PIN Generation solution 23
Our projects eid card in Latvia (y.2012) About: Introduction of electronic ID cards in Latvia Solution: Personalization solution, PIN generation and printing solution Post-issuance management for eid cards in Latvia (y.2013) About: Provisioning and chip encoding services Solution: Authentication and e-signature certificate re-key or renewal 24
Our projects BAC epassport in Liechtenstein (y.2013) About: Introduction of BAC electronic passport Solution: Production management, Personalization solution Upgrade to SAC epassport in Liechtenstein (y.2014) About: Upgrade from BAC epassport to SAC epassport, new personalization system Solution: Production management, Personalization solution, Instant Issuing 25
BAC/EAC epassport in Southeast Asia (y.2013) About: BAC / EAC epp implementation Solution: Data preparation, Personalization software, Key Management System, PKI solution: CVCA, CSCA, Document Signer, Document Verifier, Quality assurance Our projects eid card in Southeast Asia (y.2012-2013) About: eid card implementation Solution: Data Prepration, Personalization solution - De-centralized system based on 60 desktop colour printers, Key Management System, HSMs (Host Security Modules) 26
Our projects Implementation of PKI solution for Uruguay eid card Solution: Development of PKI infrastructure for creation, storage, and distribution of digital certificates for eid card IOM (y.2011-2012) About: Biometric scanners, passport readers and software delivery for International Office of Migration (IOM) organisation in Kenya, Somalia and Southern Sudan Solution: Data Prepration, Personalization solution 27
Our projects Orphans and vulnerable children project in Kenya (y. 2012) About: Cash transfer support of very poor households with orphans and vulnerable children (OVC). Solution: Biometric Enrolment, Perso solution, Integration with Point of Sales (POS), Software of fingerprint scanning The Hunger Safety Net Programme (y. 2012) About: Social card for regular, predictable cash transfers to vulnerable households Solution: Personalization solution, Biometric enrolment 28
Our projects Swiss healthcare card project (y.2011) About: Middleware & additional application development for Swiss healthcare card Solution: Development of middleware (minidriver) for Windows, Linux, MacOS; additional applications for cardholders Egypt social card(y.2009) About: Social benefits and rehabilitation for low-income families Solution: Data preparation, Personalization software solution, Delivery of high volume laser engraving & chip encoding personalization machine 29
END Presentation Title cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 30