security conference november 4th 2010 - multi-post sec. meeting/website... · of lješanska nahija...
TRANSCRIPT
SECURING IDENTITIES
NOVEMBER 4TH 2010
Agenda
� The Datacard Group & Global Experience in ID
� Document Security
� Focus on Passports
BREAK (Approximately 15.00)
� Biometrics and Identity Management
� Personalisation Hardware
� Case Studies
� Q & A
THE DATACARD GROUPTHE DATACARD GROUP
• Expertise
– Secure ID and Card personalisation Solutions
• History
– Founded in 1969
– USA Corporation
OVERVIEW
APJ– USA Corporation
– Headquarters Minneapolis
– Privately owned by Quandt family
• Revenue
– Approximately $450M pa
Americas42%
APJ24%
EMEIA34%
MARKET FOCUS
CorporateFinancial
GovernmentHealthcare
EducationTelecommunications
Retail/Loyalty
DATACARD EXPERIENCE
• Over 40 years of experience in financial and government card programs
• Total solutions provider - complete portfolio of professional services, not just software, systems and supplies
• Proven history of reliability, low total cost of ownership and investment protection
• Security at every level - software, systems, data, documents
WORLD LEADERSHIP
Datacard
• Is a World-leader in secure ID and financial card personalisation solutions
• Has Government identity programs in more than 90 countries
• Is an industry innovator in smart card personalisation and other advanced
technologies
Every day Datacard solutions are used toEvery day Datacard solutions are used to
• Personalize and deliver more than 10 million cards
• including more than 4.7 million smart cards
• Personalize more than 35,000 passports
• Passport programs in 14 countries
• National ID programs in more than 25 countries
• Driver’s Licenses in more than 30 countries
Card Colour Card Laser Engraving Passport Laser Engraving
PERSONALISATION SYSTEMS
Milling and embedding Card Colour/Laser Passport Colour/Laser
STRONG GLOBAL PRESENCE
• ••
•• •
•••
Sales and Services in 120+ countries
•• •
••
•
••
• •••
• •
•
•••
1,400+ employees
= Major Regional Office= Major Development Center
Planning Services - Migration planning, implementation planning, operations analysis, establish strategies for optimal results
Migration Services - Image, template, database and smart card migration. Migrate critical assets to new technology.
Start -up Services - Installation, training, custom
Global Services
Start -up Services - Installation, training, custom integration and project management help ensure successful implementations.
Warranty - Comprehensive warranty for all products
Support Services - Various standard and customizable support options available; maximizing investments
DATACARD INTERNATIONAL REFERENCE SITES
• National ID
• Passports
• Driver’s License
• Social Services
• Immigration
• Other Programs
• Law Enforcement
• Gov't Employee ID
• Transit
SECURING OUR IDENTIFICATIONSECURING OUR IDENTIFICATION
THE HISTORY OF IDENTITY
& S
yste
m C
ompl
exity
Citizen InformationInfrastructure
Systems are becomingincreasingly complex & integrated!
In the 19th century, it was sufficient to ask who you were
In the 20th century, it was sufficient to show who you were
In the 21st century, we will have to prove who we are
Integrated
1980
Badging Production(instant film)
Identity System(digital image + database)
Tech
nica
l &
Sys
tem
Com
plex
ity
19902000
Citizen Registration(multi-function documents)
Infrastructure (multi-modalbiometrics)
2010Components
Systems
IntegratedSystems &Services
Fraud Trends
• As document security is increased to protect against counterfeit & alteration…
• … the focus of attack shifts to impersonation.
A systematic and comprehensive analysis of two or more faces can be performed by first comparing the overall shape of each face. Most faces fall into these (3) primary shapes:
Impostor Detection
OVALROUND SQUARE
SAMEINDIVIDUAL
IMPOSTER DETECTION
INDIVIDUAL
IMPOSTOR
IMPOSTER DETECTION
IMPOSTOR
IMPOSTER DETECTION
IMPOSTOR
IMPOSTER DETECTION
IMPOSTOR
DOCUMENT SECURITY
Secure Solution
Easy to Verify Difficult to Reproduce
Secure Document Secure System
Document Security
Simplicity
Consistency
Training
Technology
Durability
Technology
Consistency
Materials Control
Equipment Control
Information Control
THE THREATS
There are two methods of criminal attack on ID documents:
• Counterfeiting – manufacture of a new illegal document
Summary of Threat
The Threats
• Forgery/Tamper – alteration of an existing genuine document
Various different ways of creating or obtaining an ID document, to which they are not entitled, are available to the criminal, and can be categorised as 7 Threats:
1. Counterfeit/Simulation – copies/simulations of entire documents
2. Theft of components – copies made from stolen genuine materials
3. Counterfeit from cannibalized documents – copies made from genuine pieces
The ThreatsThe 7 Threats
4. Alteration of document – changes to the personalized data on a genuine document
5. Photo/Signature substitution – replacement of photo and/or signature with another.
6. “Lookalikes” – who look like the genuine document photo
7. Impostors – people who fake entitlement to a genuine document before it is issued
The ThreatsThe 7 Threats – Simplified!
MAKE IT!
TAKE IT!
FAKE IT!
The ThreatsThe Threat is Real!
The ThreatsCeaseless Attacks
The development of improved security features must never pause, as the attacks by criminals are ceaseless
When part of a document is made stronger then the attack shifts somewhere else:
e.g. from alteration to counterfeiting
• e.g. from counterfeiting to impostors or lookalikes• e.g. from counterfeiting to impostors or lookalikes
With the introduction of each new generation of ID documents, the security of the next generation must already be under consideration, to ensure the bar is raised again
THE DEFENCES
Datacard Confidential
• How valuable are the contents?
• What is the neighbourhood like?
• Is there a known defensive weakness?
For cost-effective security, defences must reflect the level of risk
As an analogy, consider how we might identify appropriate cost-effective protection for a house or other building:
The Defences“How much Security do I need?”
• Is there a known defensive weakness?
• Has there been a history of break-ins in the area?
• Are there any trends to the typical attacks?
• If someone gets in, could there be consequential loss (e.g. access elsewhere)?
•As for a house, no single security measure will defend against all the threats to ID
Used throughout the industry, the Security Feature Level refers to how secret the feature is, as well as who uses it and how:
The Defences
LEVEL 1 (OVERT) a visible feature which may be used by anyone with little or no training and without any additional device
e.g. Hologram, OVI, MLI/CLI, paper watermark
Multiple Levels of Security
LEVEL 3 (FORENSIC) a deeply hidden feature which requires specialist knowledge and equipment to use e.g.
various proprietary taggants
LEVEL 2 (COVERT) a hidden feature which requires some knowledge and a simple device to use e.g. UV-fluorescence,
microtext
Security may be incorporated into the document in different places:
The Defences
• Security printing
• Base substrate – particularly paper
Multiple Layers of Security
• Personalisation
• Laminate (if present)
• Biometric (if present)
Introduction to Printing
Printing
Commercial Printing uses dots and just 4 colours to create full-colorimages. It is either Traditional or Digital:
Traditional Printing applies ink from a physical image such as movable metal type, printing plate, rollers or screen
Digital Printing is from a digital (computer) file, rather than a physical image
X10 magnification
X10 magnification
Printing
• Uses lines, not just dots
• Uses actual colours, not the 4 colour process
Security Printing is different from commercial printing:
Introduction to Printing
colour process
• Uses special processes not in commercial printing, e.g. intaglio
• Uses restricted materials not in commercial printing, e.g. optically variable and fluorescent pigmentsSecurity
X10 magnification
SECURITY PRINTPRINT
Security Print
Security Print refers to the range of printing technologies used by printers to secure documents of value.
When used to print the background design for ID cards and passports the fundamental process is offset lithography, employing line structures and real color rather than dot structures using four color printing processes (CMYK)
It should be highly consistent, reproducing identical documents
It should include anti-copy patterns, rainbows, micro-printing & UV fluorescence
A Definition
It should include anti-copy patterns, rainbows, micro-printing & UV fluorescence
Security print is secure because the structures and materials it uses, and the registration accuracy it achieves, are difficult to copy with commercial systems
Microtext
Security PrintPrinted Features
HOLOGRAMS
• “Hologram” is a generic term, part of the family of Optically Variable Devices (OVDs)
• More correctly called a DOVID (Diffractive Optically Variable Image Device)
• Made by embossing a very fine corrugated structure, which “splits” light:
HologramsPrinciples
DOVID microstructure (< 1 micron deep)
Printable OVDs include OVI (Optically Variable Ink)
LAMINATE
The purpose of the laminate is to protect the data beneath it from:
• deliberate attempts to alter it
• accidental damage in normal use
OVD laminates must be both transparent (to see the data) and reflective (to see the OVD). High Refractive Index (HRI) material within the laminate
LaminateLaminate Properties
Passport laminates have evolved over the last 40 years:
Self-adhesive and heat-seal “thick” polyester films
Invisible inks and taggants
Novel hologram features
1960 1970 1980 1990 2000 2010
Textured printed adhesive to
defend against photo-substitution Transparent HRI
holographic film
Refractive Index (HRI) material within the laminate makes this possible
A laminate needs to be durable enough to withstand the hazards of normal use, yet delicate enough to distort or break if attempts are made to lift it from the document
If a laminate can be lifted whole, the OVD does not protect the document, indeed it might validate the document even though
LaminateLaminate Properties
document, indeed it might validate the document even though it has been tampered with
One solution to this potential conflict of laminate properties is to not have one!
TRAINING
Training
It is essential that any person who inspects a passport, and who
“A document that is not examined serves no purpose, no matter how many security features it has”
Training and Awareness
It is essential that any person who inspects a passport, and who makes a decision of whether or not it is genuine and unaltered, looks at it efficiently and effectively and knows what they are looking for
It may be appropriate to run a campaign to raise awareness of security features before a new passport is launched.
BIOMETRICS AND IDENTITY MANAGEMENT
BIOMETRIC – FINGERPRINT HISTORY
Early-mid 1800’s
– The first studies and papers on fingerprinting were created1892
– Argentine police officer solved the first case thanks to fingerprint identification1897
– World’s first fingerprint bureau opens in India– Approval of fingerprint usage for criminal identification
1901
– Fingerprint bureau founded in Scotland Yard– Henry Classification System is devised for storage and search of tenprint cards – Henry Classification System is devised for storage and search of tenprint cards
1902
– Fingerprinting is used in the New York Civil Service
Last 20+ Years
– Shift from ink to digital fingerprint image capture
• Additional Biometrics
– Hand geometry, DNA, Iris, Facial Recognition, Voice, Hand Writing, Vein
Secure Identification and Credentialing
Integrated Chain of Trust
SECURE IDENTIFICATION PROCESS WORKFLOW
PASSPORTSPASSPORTS
Questions at the Border
Specified in ICAO 9303
A standard passport booklet with an embedded contactless chip containing passport data
Chip can be in front or back cover or in
What is an e-Passport?
Chip can be in front or back cover or in the data-page
The international e-Passport symbol indicates that a booklet contains a chip
Passport StandardsICAO The International Civil Aviation Organisation is a UN agency, with 190 members, set up 40 years ago to improve efficiency and security for air travellers
• Efficiency is addressed using machine readability and interoperable standards, whilst security is tackled using recommended minimum security standards. Both are formalised in Doc 9303, the ICAO “Rule Book”
• In 2005, ICAO States agreed to issue Machine Readable Passports by April 2010, and ALL non-MRP passports will expire in April 2015
USA
• The U.S. has several passport requirements for their 27 Visa-waiver countries e.g. passports must be chipped if issued after 26/10/06
Europe
• The European Union requires minimum security standards of its 27 members passports, including the addition of a fingerprint biometric by the end of June 2009
Does the datapagematch the citizen?
Is the passport genuine?
Citizen Border Control Official
Passport Booklet
At the Border – no chip
Does the datapagematch the citizen?
Does the datapage
Is the passport genuine?
CitizenBorder Control Official
Passport Booklet
At the Border – with chip
Does the datapage match the chip
data?
Does chip data match the citizen?
Is the chip genuine?
Passport ChipLive capture citizen biometric
Cryptographic authentication system
Confidence at the Border
Passport History
Number 159WE, NIKOLA I
BY THE GRACE OF GOD PRINCE OF MONTENEGRO
Personal description:Faith orthodYears 27Stature tallFace roundHair blackEyes black
Mouth{ ordinary
Announce to all and everyone, who about itis entitled to know, that wearer of this NikolaJakov Kovačevićof Lješanska Nahija
travels to Greece
Asked is, so, of all Foreign Governments that
1887 - Montenegro
{ ordinaryNose
Moustache brownState marriedPersonal marks =
[stamp]
Lasts for:Three years
Governments thatto said Nikola
not only free to stated place passage and return to his Fatherland, but in caseof necessity, protection as well to give.
Cetinje 16 January 1887
By command of His Highness.Minister of foreign affairs:M. Plamenac
Passport History2008 - Montenegro
This is only the personalisation security. There is more security in the print & paper
Netherlands
NETHERLANDS - SECURITY DOCUMENTS
4 x MX60006 x PB6500 4 x MX6000
Netherlands have used Datacard equipment for 10 years
Approximately 35 million books produced to date! Approx 3
million books per year. Producing up to 20,000 books per day.
All commitments to the government met.
ePassports eNID’s eDL’s
USA Passport Card – Not just a book!
Passport ManufactureAssembly Line Manufacture
• The majority of the passports in the World are manufactured on assembly lines from either Kugler-Womako (Germany) or Uno Seisakusho (Japan)
Chips (Optional)
Security printed paper
Blank PassportAssembly
Covers, thread etc
Chips (Optional) Blank Passport
Personalisation of the blank passport uses one of four available technologies
Assembly
Passport PersonalisationPassport Personalisation
• Digital passport
personalisation began in the
early 1990’s
• Today, there are essentially
Electro-photographic
“laser toner” or “laser printing”
Dye /Pigment Retransfer
Personalisation
• Today, there are essentially
four common digital
personalisation
technologies
Inkjet
Laser Engraving
These four different technologies have been adopted to personalise the passports of over 170 countries with digital images and text:
• Inkjet
• Laser engraving
• Electro -photographic 120
14
Number of Countries (208)
inkjet
laser engraving
Personalisation
• Electro -photographic
• Retransfer95
34
31
13
laser engraving
toner
retransfer
special (Germany)
non-digital
no data available
Presenting the annual issuance volume gives a clearer picture of the global coverage of each technology:
4%3%
0%
Volume of Passports p.a. (120m)
inkjet
laser engraving
Personalisation
51%
18%
3%
21%toner
retransfer
special (Germany)
non-digital
no data
Digital Printing
Personalisation uses dots and 3 or 4 colours:
Ink jet *Electro-photographic
Dots and 4 Colors
Ink jet
Laser Engraving Photograph (for comparison)
D2T2**
**Dye Diffusion Thermal Transfer
*Electro-photographic
*Laser Toner
Passport Issuance SystemsPassport Issuance Systems
PB6500™ PASSPORT ISSUANCE SYSTEM
Key Features:
• Designed with extensive customer/market input & research
• High volume - Up to 200 Passports per hour
• Centralised and inline• Truly modular and upgradeable
platform to meet the needs of passport issuers
• Multiple personalisation technologies• Commonality with MX6000 card
production system
PB6500 SYSTEM SUMMARY
• Fast and Efficient - Designed to maximize throughput, minimize downtime
• Technology - Broad range of innovative technologies: color, laser, lamination, electronic,
others
• Quality
– Highest production quality
– Monitors and prevents operator errors
• Cost Effective • Cost Effective
– Efficiency delivers higher throughput per system
– Lower total cost of ownership
• Secure - Strong system level security and user authentication
• Modular
• Allows new technology to be integrated as needed
– Maximizes your return on investment costs
Desktop colour passport personalisation
Close match output with PB6500 colour
personalisation
ICAO e-passport compliant
Desktop Colour System
FEATURES
RFID Reader and Writer
The desktop passport printer allows read and write of data to chip (to ICAO)
Camera System
The Camera System enables registration of personalisation to pre-print
Camera can retrieve information (e.g. passport number) from the document
Desktop Laser System
Desktop laser passport personalisation
ICAO e-passport compliant
No external laser cooling systems
MLI and CLI capable
FEATURES
RFID Reader and Writer
The laser passport printer allows read and write of data to chip (to ICAO)
Camera System
The Camera System enables registration of personalisation to pre-print
Camera can retrieve information (e.g. passport number) from the document
THANK YOU FOR YOUR ATTENTIONTHANK YOU FOR YOUR ATTENTION