LESSONS LEARNT CARLOS GÓMEZ HEAD OF R&D AND INNOVATION FNMT-RCM, SPAIN

Similar documents
MRTD Report. The implementation of epassports. The ICAO Secretariat outlines the official definition of epassports and the implementation principles

Bonding solutions in e-passports

ICAO MRTD & emrtd Specifications: High Level Overview

International Civil Aviation Organization HIGH-LEVEL CONFERENCE ON AVIATION SECURITY (HLCAS) Montréal, 12 to 14 September 2012

Polycarbonate datapage from Trüb Switzerland

EVIDENCE OF IDENTIFICATION

Polycarbonate datapage from Trüb Switzerland

ICAO Recommended Security Features in Travel Documents

Mauritania integrated epassport Project. JW ter Hennepe Sales Manager Morpho. October 10, 2012 Montreal

The Spanish eid document.... Both a national identification and a compliant travel one

STRATEGIES AND USEFULNESS OF ID-e (DNI-e) Benito Fernández Fernández, Head secretary at CNP Identification Department.

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a COUNCIL REGULATION. on standards for security features and biometrics in EU citizens' passports

2 nd Symposium on ICAO-Standard MRTDs, Biometrics and Security

ANNEX. to the Proposal. for a Regulation of the European Parliament and the Council

Kosovo Passport Europe s first Passport with certified SAC. Labinot Carreti, Head of Sales Europe / CIS / North Africa Montreal, 07th of October 2014

APPLICATION REVIEW A SILICON TRUST PUBLICATION. May Utilising the synergies between passports and eid cards

The Angola National ID Card

Moving to the Second Generation of Electronic Passports

MINISTRY OF INTERIOR AND COORDINATION OF NATIONAL GOVERNMENT Department of Immigration Services. East African Community e-passport: Kenyan Journey

THE ICAO MRTD PROGRAMME MAURICIO SICILIANO ICAO

Table of Contents. General Information on Alien Status...1. U.S. Passports...2. Certificates of Naturalization...7. Residence Cards...

Biometrics in Border Management Grand Challenges for Security, Identity and Privacy

fraud prevention done right

Government Programs. ICAO REGIONAL SEMINAR ON MRTDs, BIOMETRICS AND BORDER SECURITY RIO DE JANEIRO, BRAZIL, APRIL 2012

BEST PRACTICES WORKSHOP ON TRAVEL DOCUMENT SECURITY ORGANIZED BY THE OAS/CICTE AND ICAO SAN SALVADOR, EL SALVADOR JUNE 9-11, 2008

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG-MRTD)

epassport Based Identity Check

COUNCIL OF THE EUROPEAN UNION. Brussels, 11 November /04 LIMITE VISA 203 COMIX 684 NOTE

Second wave of biometric ID-documents in Europe: The Residence Permit for non-eu/eea nationals

Tips to make your ID project successful. Claudia Schwendimann

COMMISSION OF THE EUROPEAN COMMUNITIES

MRTD & Biometric Seminar. 7-8July 2010 Montevideo, Uruguay

Pursuant to Article 59 paragraph 10 of the Law on Foreigners ( Official Gazette of MNE no. 12/18), the Ministry of Interior adopted

THE FUTURE OF epassports AND BORDER CROSSINGS. A look at where technology might take us By Peter Schmallegger, NXP Semiconductors

E-gate case study: The German EasyPASS Project

SUB-REGIONAL WORKSHOP ON BEST PRACTICES IN TRAVEL DOCUMENT SECURITY. Welcoming Remarks and Objectives

Machine Readable Travel Documents: Biometrics Deployment. Barry J. Kefauver

STANDARDS & SPECIFICATIONS. General Manager, New Zealand Passports Chair, ICAO ICBWG

Employing Migrant Workers

ICAO: THE TECHNICAL ADVISORY GROUP FOR MACHINE READABLE TRAVEL DOCUMENTS

COMMISSION DECISION. of

ICAO Regional FAL Seminar Lima, Peru 9 12 September 2014

Driving licence handbook

Smarter European borders through an increased use of biometric recognition

Driving licence handbook

ICAO s Role in Setting Global MRTD Specifications and Overview of. ICAO MRTD Programme

AGENDA. Focal Ideas A systemic approach. The enrolment The deliverance The control. Needs & Challenges Conclusion Look ahead

The Canadian epassport Project

The Honorable Michael Chertoff Office of the Secretary Department of Homeland Security Attn: NAC Washington, DC 20528

TWELFTH SESSION OF THE FACILITATION DIVISION THE MALAYSIAN ELECTRONIC PASSPORT

ICAO s Role in Setting Global MRTD Specifications and Overview of. ICAO MRTD Programme

IOM International Organization for Migration OIM Organizaţia Internaţională pentru Migraţie

***I POSITION OF THE EUROPEAN PARLIAMENT

Fraudulent Documents/Recruitment Fraud

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG-MRTD)

and Travel Documents with Biometrical Parameters

ABC and Integrated Border management

Florian G. Forster Head, Immigration and Border Management, International Organization for Migration (IOM)

News Release May 11, 2010

PE-CONS 20/2/17 REV 2 EN

Ad-Hoc Query on identity documents issued by EU Member States. Requested by EE EMN NCP on 2 nd June Compilation produced on 9 th August 2010

Canada s FASTER-PrivBio Project Biometrics at the Virtual Border to enhance security and facilitation

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)

CASE STUDY 2 Portuguese Immigration & Border Service

INF 10 eborders Security and Faciliation. Gemalto Government Programs Ion Otazua Gemalto

Council of the European Union Brussels, 28 April 2017 (OR. en)

NEW PASSPORT PHOTO REQUIREMENTS FOR THE MACHINE READABLE PASSPORT

EMN Ad-Hoc Query on SI NCP AHQ on form of format of residence permits for beneficiaries of Directive 2004/38/EC Residence

Spanish passport Decentralized system

David Clark Caicos Management Associates Ottawa, Canada

IOM, Migration, ID Management and the Responsible Use of Biometrics: Tools for Migration and Border Management

International Civil Aviation Organization TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTY-SECOND MEETING

Using PKD for Validation at the Border Canada s Experience

Evaluation of the Administrative Services on Issuing of Bulgarian Identity Documents

PROGRAMME DAY 1 TUESDAY, 7 OCTOBER

Doc Machine Readable Travel Documents. Seventh Edition, Part 8: Emergency Travel Documents INTERNATIONAL CIVIL AVIATION ORGANIZATION

E-Passport for Ukraine

REPORT VOLUME 6 MAY/JUNE 2017

Technical Advisory Group on the Traveller Identification Programme

Using Traveller ID for Streamlined Border Controls PROGRAMME

Border Management and Visa Management

MACHINE READABLE TRAVEL DOCUMENTS (MRTDs)

emrtd: Trends, Toward Smart Borders and mobile verification DL: Mobile online verification September Bern

Semlex, one print ahead

German Federal Ministry of the Interior 20 August / 6

NASS Resolution Reaffirming Support for the National Electronic Notarization Standards

EDPS Opinion 7/2018. on the Proposal for a Regulation strengthening the security of identity cards of Union citizens and other documents

The Hologram Still Going Strong! An ITW Security Division White Paper August 2017

United States Government Accountability Office GAO. Report to Congressional Requesters. June 2010 BORDER SECURITY

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Global Identity Verification & Migration Mobility Control

WHAT ARE THE REQUIREMENTS TO APPLY FOR A PHILIPPINE EPASSPORT?

Ad-Hoc Query on Implementation of Council Regulation 380/2008. Requested by FI EMN NCP on 10 th September 2009

The Philippine Department of Foreign Affairs began the issuance of the Philippine epassport (electronic passport) on 11 Aug 2009.

The Canadian epassport Project. Jean-Pierre Lamarche Senior Director, Strategic Initiatives Passport Canada

BIOMETRIC RESIDENCE PERMITS General Information for Applicants, Employers and Sponsors

Immigration Compliance Fraud in education applications

Identity Documents Act

27 Sept Director of KISA K-NBTCK Dr. Jason Kim

Council of the European Union Brussels, 30 January 2017 (OR. en)

Transcription:

IMPLEMENTING THE epassport IN SPAIN: LESSONS LEARNT CARLOS GÓMEZ HEAD OF R&D AND INNOVATION FNMT-RCM, SPAIN

2

LESSON LEARNT No. 1 Start guarantying the security and authenticity of breeder documents Define an epassport according to the ICAO standards Establish a robust and secure Difficulty issuance system Set up a PKI for epassport issuance Distribute your keys. Subscribe to the PKD Develop an electronic border control programme 3

4 INDEX 1. Breeder documents 1.1. Civil registry 1.2. DNIe Spanish National ID Document 2. Definition of epassport according to the ICAO standards 2.1. Phisical characteristics - construction 2.2. Security features 2.3. Chip, antenna, operating system and LDS 2.4. Personalization 3. epassport issuance system 3.1. Decentraliced vs centraliced system 3.2. Security of the issuance process 4. PKI and PKD 4.1. Certificates and CRLs distribution

5 BREEDER DOCUMENTS Civil Registry Eclesiastic origin (baptisms, weddings, deceases) starting from the Trent Consilium (1545-1563) Created from the Civil Registry Law of 1870 Depending on the Ministry of Justice Free and public.

6 BREEDER DOCUMENTS Civil Registry (services) Enrollment Birth, filiation Name, surname and changes on them Decease or absence declarations Nationality and neighbourhood Parental guardianship, custody Weddings Deceases Certification Literal birth certificate for the issuance of the National Identity Card

7 BREEDER DOCUMENTS DNI National Identity Document Issued from the information of the civil registry Mandatory by a national regulation from 1944 Issuance started in 1951 Electronic ID card introduced in February 2006 2006 1937 1996 1951

8 LESSON LEARNT No. 2 For epassport issuance: Establish an electronic passport issuance system based on secure breeder documents, issued by trusted national authorities

9 epassport DEFINITION Physical characteristics - construction Format

10 epassport DEFINITION Physical characteristics - construction Dimensions

epassport DEFINITION Physical characteristics - construction Data page 11

12 LESSON LEARNT No. 3 ICAO/OACI Doc 9303 on Machine Readable Passports

13 epassport DEFINITION Security features Cover

14 epassport DEFINITION Security features Inside cover: Intaglio printing in two colours

15 epassport DEFINITION Security features Inside cover: Latent image

16 epassport DEFINITION Security features Inside cover: Microtexts

17 epassport DEFINITION Security features Inside cover: Optically variable inks

18 epassport DEFINITION Security features Paper: Multitone watermark

19 epassport DEFINITION Paper: Security features Invisible fibres

20 epassport DEFINITION Security features Inner pages: Guilloches in several colours

21 epassport DEFINITION Security features Inner pages: Offset security printing

22 epassport DEFINITION Security features Inner pages: Special security patterns

23 epassport DEFINITION Security features Inner pages: Invisible inks

24 epassport DEFINITION Security features Inner pages: Laser booklet numbering

25 epassport DEFINITION Security features Data page: Holographic film

26 LESSON LEARNT No. 4 Select the security features according to the ICAO 9303 recommendations Use proven technology already in use in similar documents Avoid the use of a single supplier s proprietary technology Source out more than one supplier Carry out lab tests before approval of any material or security feature

27 epassport DEFINITION Chip - antenna Integration options

28 epassport DEFINITION Chip - antenna Data page in paper or polycarbonate

epassport DEFINITION Chip - antenna Polycarbonate data page Impossible delamination Lamination protects background printings and personalization data Data personalization takes place in inner layers Holograms integrated in inner layers High durability Possibility of engraving data in relief Water resistant Data page and chip in a single component Weakness in data page substitution Background printings differs from inner pages background printing Portrait personalization in black and white Very expensive personalization systems Difficult integration of security features in the substrate Need for extra security features Re-engravable data page Forgery threats by adhesion of personalized thin foils Micro-cracks around chip location 29

30 epassport DEFINITION Chip - antenna Paper data page Data page and chip in different locations Harder data page substitution Background printing identical to inner pages Portrait printed in colour Inkjet personalization inks penetrate into the substrate Data page protection required Expensive security films for data protection Good integration of the inlay is a must Insulating, stiff covers Low cost Availability of several security features for integration in the substrate Availability of personalization systems based on UV inks

31 epassport DEFINITION Chip - antenna Chip integration in the cover

32 LESSON LEARNT No. 5 Carry out production and lab tests to determine the optimal location for chip and antenna Conduct research to determine whether polycarbonate or security paper data pages are adequate for the epassport Use proven technology already in use in similar documents Source out more than one supplier for the chip, inlays and ecover

33 epassport DEFINITION Operating system LDS structure OS characteristics Native vs JavaCard OS Minimum characteristics: Passive Authentication and BAC Operating under two different HW platforms LDS structure Secure messaging Personalization by secure channel CC EAL 4+ Certification Absolute control of chip s life cycle

34 LESSON LEARNT No. 6 Use proven technology already in use in similar documents Search for an operating system that can operate on at least two different hardware platforms Carry out electrical and functional lab tests for the chip, antenna and operating system before product approval Demand a security certification of the products Control the life cycle of the operating system

35 epassport DEFINITION Data page personalization ICAO layout

36 epassport DEFINITION Data page personalization Keep it simple

37 epassport DEFINITION Data page personalization Machine readable zone

38 epassport DEFINITION Interoperability

epassport DEFINITION 39

40 LESSON LEARNT No. 7 Apply the layout for data personalization as defined in ICAO Doc 9303 Keep the data page layout as simple as possible Use the page adjacent to the data page for optional data Make sure the format of OCR lines and the chip contents are codified correctly Verify the interoperability of the epassport

41 ISSUANCE SYSTEM epassport issuance system in Spain Under responsibility of the Spanish Police Centralized criminal and civil data bases De-centralized epassport issuance in 256 offices distributed in 52 provinces National eid Card is the only breeder document valid for the epassport issuance Immediate epassport issuance: the citizen obtains his epassport or eid card in a single act in around 20 minutes

42 ISSUANCE SYSTEM Centralized vs de-centralized systems Issues found during the development of the Spanish epassport programme Blank passports distribution epassport personalization devices and systems Chip personalization Security of the issuance process Personnel High cost

43 ISSUANCE SYSTEM Security of the issuance process The citizen requests an scheduled appointment by telephone or internet The citizen turns up at the Police office with his eid card The Police officer authenticates in the system and captures the citizen s data and biometrics Verification takes place against several data bases ( ID cards, criminal records, blacklists, Europol, Interpol, etc) epassport data page and chip are personalized The citizen gets his epassport in 20 minutes

LESSON LEARNT No. 8 Evaluate the feasibility of a centralized issuance system versus a decentralized system Establish a scheme for protection of blank passports Verify the security and trustworthiness of breeder documents at issuing time Control the security of the whole issuing process Set up security measures for personnel responsible for issuance Assess the costs of the process 44

45 PKI and PKD 2006. PKI for BAC epassport issuance in Spain

46 PKI and PKD 2009. PKI for EAC epassport verification in the EU

47 PKI and PKD Further steps Certificates and CRL distribution by bilateral exchange July 2012: Spain becomes the 32 nd PKD participant End 2012: Start-up of the SPOC protocol for the exchange of verification certificates 2014: Integration of Supplemental Access Control and PACE protocol

48 LESSON LEARNT No. 9 Establish a PKI of epassport issuance based on proven and trusted technologies Start with the issuance of BAC epassports Evaluate the necessity of implementing EAC and its associated costs Distribute your keys Subscribe to the ICAO PKD

49 LESSON LEARNT No. 10 Conduct a study on the present situation of your country s passport issuance system and draw up a thorough transition plan for migrating to epassports Follow the recommendations of ICAO Doc 9303 Use proven technologies already in use in similar documents from other countries Evaluate all the products and processes before approval Search for specialized support

THANK YOU Contact Information: CARLOS GÓMEZ FNMT-RCM E-mail: cgomez@fnmt.es Tlf.: +34 915 666 651 50

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback