Throughout 2007, the global ID and security markets were heavily focused on developing the technology and systems to issue second generation ePassports with Extended Access Control (EAC). This has included new infrastructure for biometric acquisition and enrollment and new technology for security, cryptography and biometric data quality assurance. Since Germany became the first country to commence live issuance of EAC ePassports on 1 November 2007, the industry is preparing itself for a brand new challenge in 2008. Thoughts are now turning rapidly to the need to develop and deploy associated inspection infrastructures. This is a key industry priority for 2008.
Inspection systems will allow border control authorities across EU nations to view the electronic information available on EAC ePassports (for example a photo of the passport holder), acquire biometric data that is unique to the passport holder (such as a fingerprint), and cross reference the captured biometric data with a reference copy. Ultimately, the role of the inspection system is to facilitate the recognition of illegitimate documents by border control inspectors and to match travelers to travel documents, thus preventing passport fraud and deterring travel on counterfeit papers.
Introducing a flexible, scalable and interoperable infrastructure for inspecting second generation ePassports with EAC will not be without its challenges. Key issues to consider will include the following:
- Interoperability – Countries with reciprocal agreements have to be able to authorise each other to securely access the biometric information of native citizens. All EAC inspection systems must participate in an interoperable Public Key Infrastructure (PKI) for inspection, which must be refreshed on a daily basis to retain access to biometric data held in the EAC ePassport.
- Flexibility – The infrastructure has to operate efficiently in dynamic environments, e.g. busy airports or sea ports. This may impact the form of ePassport reader devices chosen and the supporting technology.
- No best practice or benchmark – There has been no other PKI initiative globally of a comparable size which can rival the EAC ePassport scheme for the sheer scale of cryptographic processing and infrastructure requirements. Decisions made will not have been ‘tried and tested’ before.
- ‘Privilege to inspect’ as opposed to ‘right to inspect’ – Access to biometric data on the new EAC ePassports must be limited to only approved authorities or countries. A nation’s infrastructure therefore has to be able to guarantee secure data exchange without interception from unauthorised parties, and has to be validated and audited by other countries, in order that it can be trusted with secret cryptographic keys that allow the extraction of biometrics from ePassports.
- Document Verifier Certificate Authority – An EAC ePassport chip authenticates an inspection system before allowing access to sensitive data. During this process, the inspection system sends certificates to the chip which validates the information. These certificates must be updated on a regular basis to ensure that an inspection system can continually access the biometric data held on EAC ePassports. Cryptographic keys must therefore be stored securely in tamper-resistant Hardware Security Modules (HSM) or Secure Access Modules (SAM) for portable, handheld inspection systems. Checks also need to be put in place to mitigate the risk of system theft.
- High volume management – The extensive volume of certificates being issued externally will result in a need for a higher level of management – both human and automated – than ever before. Inefficient software implementation could result in delays in certificate issuance, invalid certificates, and expensive resource requirements.
- Centralised or decentralised operation – Cryptography can be performed either in a central system or in a decentralised manner. In a centralised system, one inspection system server maintains keys securely. While this offers a cost-effective solution and has security advantages – it is easier to monitor and protect a central server – it raises concerns over the bulk storage of biometric data. In a decentralised system, each ePassport border lane or mobile reader device is able to separately maintain its own keys and certificates. While this is a more expensive option, it does offer flexibility and mobility of reader devices, which is essential in certain environments such as sea ports.
These key issues barely scratch the surface of the complexity and scale of the task ahead. What is easier to see, however, is the wealth of opportunities for eSecurity solution and hardware vendors who have the knowledge, ability and desire to help shape the EAC inspection infrastructure that has to be in place to help EU nations use EAC ePassports by 28 June 2009. Many nations have their procurement processes well underway, but comparatively few vendors have started to make announcements about specific technologies and solution components for EAC ePassport border control. The big movement towards the development of a second generation ePassport inspection infrastructure is likely to start in earnest as the industry heads into 2008.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of December, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews.com, ContactlessNews.com, CR80News.com, RFIDNews.org, FIPS201.com, NFCNews.com, ThirdFactor.com, and DigitalIDNews.com.