Biometrics – updates on ISO and ICAO Asbjørn Hovstø Porvoo7 Reykjavik, Iceland 27th May 2005

Chicago Convention Mandate Contracting States prevent unnecessary delays by facilitating border clearance formalities and that they adopt internationally standard customs and immigration procedures Contracting States prevent unnecessary delays by facilitating border clearance formalities and that they adopt internationally standard customs and immigration procedures (Articles 22 and 23). (Articles 22 and 23). Contracting States prevent unnecessary delays by facilitating border clearance formalities and that they adopt internationally standard customs and immigration procedures Contracting States prevent unnecessary delays by facilitating border clearance formalities and that they adopt internationally standard customs and immigration procedures (Articles 22 and 23). (Articles 22 and 23).

MachineReadablePassport Standardization. Standardization. Document security. Document security. Global interoperability. Global interoperability. Benefits to the document holder Benefits to the document holder (2003 ICAO biometric “ blueprint ” ) (2003 ICAO biometric “ blueprint ” ) Standardization. Standardization. Document security. Document security. Global interoperability. Global interoperability. Benefits to the document holder Benefits to the document holder (2003 ICAO biometric “ blueprint ” ) (2003 ICAO biometric “ blueprint ” )

MRPs Progress - MRTD from VisaWaiver

Cooperation ISO ISO SC17/WG3SC17/WG3 SC37SC37 Airport Council International (ACI) Airport Council International (ACI) IATA IATA Simplifying Passenger Travel (SPT)Simplifying Passenger Travel (SPT) INTERPOL INTERPOL

ICAO – NTWG Incorporation of new technologies into travel documents and visa Incorporation of new technologies into travel documents and visa Meet approximately 3-4 times per year Meet approximately 3-4 times per year Chaired by Gary McDonald (Canada) Chaired by Gary McDonald (Canada)

Vision Goals Goals Improve document securityImprove document security Machine authentication Machine authentication Positive ID of individuals Positive ID of individuals Secure document issuing processes Secure document issuing processes Improve facilitation Minimize time spent on inspection of legitimate travelers Minimize time spent on inspection of legitimate travelers Segmentation of low-high risk travelersSegmentation of low-high risk travelers Minimize waiting times for traveler Minimize waiting times for traveler

ICAO Doc 9303 Part 2 - Visa Migrate to 6.edition ISO/SC17 WG3 ISO/IEC 7501 Part 1 - Passport Part 3 - Official Travel Document

Biometric Blueprint  Choice of biometric and storage technology most compatible with the requirements for machine-assisted identity confirmation with MRTDs  Facial recognition  Fingerprint  Iris-scan  Contactless IC  Logical data structure  PKI Digital Signatures  Choice of biometric and storage technology most compatible with the requirements for machine-assisted identity confirmation with MRTDs  Facial recognition  Fingerprint  Iris-scan  Contactless IC  Logical data structure  PKI Digital Signatures

Deliverables Technical reports Technical reports Logical data structureLogical data structure Machine-assisted identity confirmation – biometricsMachine-assisted identity confirmation – biometrics Encryption and PKIEncryption and PKI Electronic visasElectronic visas

Logical Data Structure

Global Interoperability Biometrics cannot stand alone Biometrics cannot stand alone Common data storage deviceCommon data storage device Common data structureCommon data structure Common method of securing the dataCommon method of securing the data

PKI Digital Signatures

Authentication protocols Passive authentication (M) Passive authentication (M) Access Control Access Control Less-sensitive data (MRZ, facial image) – Basic Access ControlLess-sensitive data (MRZ, facial image) – Basic Access Control Sensitive data (fingerprint, ext) – Extended Access ControlSensitive data (fingerprint, ext) – Extended Access Control Active Authentication Active Authentication Prevents cloning by using chip-individ. keypairPrevents cloning by using chip-individ. keypair

MRTD Web Site

Data Storage Review of data storage technologies started in 1997 Review of data storage technologies started in 1997 Limitation of paper Limitation of paper Detailed review of IC cardsDetailed review of IC cards ICAO Doc 9303, Part 3ICAO Doc 9303, Part 3 Contactless RF chip embedded in traditional paper books Contactless RF chip embedded in traditional paper books ISO standards applyISO standards apply

Conclusions Doc 9303 forwarded to ICAO TAG 15 Doc 9303 forwarded to ICAO TAG 15 Annexes A-E of PKI-report normative Annexes A-E of PKI-report normative Country signing CA certificate securelyCountry signing CA certificate securely Actual keypairs generated securelyActual keypairs generated securely CRL distribution CRL distribution Protocol for bilateral exchange protocolProtocol for bilateral exchange protocol

Issues LDS & PKI harmonized development LDS & PKI harmonized development Authenticity of individual biometrics Authenticity of individual biometrics Extended access control – EU develop Extended access control – EU develop On-card access control On-card access control Resolve difference with SC37/CBEFF Resolve difference with SC37/CBEFF Address e-Visas Address e-Visas

Thank you Asbjørn Hovstø Asbjørn Hovstø Delegate to Delegate to ISO/IEC JTC1/SC17 WG3ISO/IEC JTC1/SC17 WG3 ISO/IEC JTC1/SC37ISO/IEC JTC1/SC37 ICAO/NTWGICAO/NTWG