Document Verification through C - One E - Id Prepared by: Rima HAJOU Supervised by: Dr. Lina OUEIDAT Date: 13 July 2016 Hosting Company: Inkript R&D Department (March – June 2016)
Document Verification through
C-One E-Id
Prepared by: Rima HAJOU
Supervised by: Dr. Lina OUEIDAT
Date: 13 July 2016
Hosting Company: Inkript R&D Department
(March – June 2016)
Content Objective and Project Definition
Device Used: C-One E-ID
Biometrics ◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
2
Objective and Project Definition
Current users are able to do many different tasks on the go using just a small pocket device.
Implement eGovernment mechanisms for documents.
How?
Using handheld device, we will be able to identify a person based on their personal ID or E-Passport.
3
A mobile android application that read an ID document, extract the fingerprint data and compare it to the scanned fingerprint using
the readers integrated in C-One E-ID device.
Content Objective and Project Definition
Device Used: C-One E-ID
Biometrics ◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
4
C-One E-ID
Why a handheld
device?
Why C-One E-ID ?
Fingerprint sensor
Contact and Contact less card-readers (RFID Technology)
Barcode Reader
Latest technologies (4G, Wi-Fi, GPS..)
Android 4.2.2
5
Content Objective and Project Definition
Device Used: C-One E-ID
Biometrics ◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
6
Biometrics
Distinctive, measurable characteristics
used to label and describe individuals
Face recognition, iris,
fingerprint, DNA,
palm print..
7
Fingerprint
Why fingerprint?
Uniqueness, consistency over time.
Used for identification by automated
systems
Minutias
8
Content Objective and Project Definition
Device Used: C-One E-ID
Biometrics ◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
9
Machine Readable Passport (MRP)
Travel document specified by International Civil Aviation Organization
E-passport and Smart cards developed by Inkript are types of MRP.
Lebanon was forced to apply ICAO standards on civil documents to facilitate citizen travelling
10
Machine Readable Zone
Mandatory zone located on the MRP’s
data page
Used to store information used for the
BAC mechanism to read
files of the MRP :
◦ Passport Number
◦ Date of Birth
◦ Expiry date
11
Logical Data Structure
For both IC integrated in E-passport and
in Residency permits
Structured data as files called Data
Groups.
◦ DG1 : Personal Info
◦ DG2 : Owner Photo
◦ DG3 : Fingerprint (optional)
Elementary files required to validate
integrity ( EFcom ; EFSoD )
12
Logical Data Structure (2)
13
Communication with the IC/Chip
IC or Chip will be connected to a Card
Acceptance Device (CAD)
Chip speaks to the outside world using its
own data packages: APDU
APDU contains Command or a
Response message
Master- Slave model.
The Chip always waits for a command
APDU from the terminal
14
E-passport Security Features
while reading the chip
Gain Access to the contactless
Authentication of the data
Authentication of the IC
Additional access control mechanism
15
E-passport Security Features (2) Gain Access to the contactless
To prevent eavesdropping
Chip Access Control mechanism :
◦ Only authorized access.
◦ Using cryptographic protocol
Info are needed from the MRZ to derive the keys.
Two Chip Access Control mechanism:
◦ BAC: Basic Access control
◦ PACE: Password authenticated connection
establishment
16
Read the MRZ_Information visually from MRZ
SHA-1 Hash of MRZ_Information
Take the most significant 16 bytes of SHA-1 Hash as
Key Seed
Derive KEnc and KMAc
Setup a secure connection with
the IC
Granted access to non sensitive data (Personal info and
Photo)
17
E-passport Security Features (3)Gain Access to the contactless (2) – BAC Mechanism
Content of Data security object (SOD)
and LDS are authentic.
Execute the hash of the LDS and compare
it to the existing hash in SOD file.
It’s a passive authentication.
18
E-passport Security Features (4) Authentication of Data
Against Chip substitution
Active Authentication mechanism
Based on challenge-response protocol
19
E-passport Security Features (5)Authentication of the IC/Chip
Access fingerprint (and IRIS) file should be
more restricted.
Extended Access Control mechanism is
used.◦ EAC = Chip Authentication + Terminal Authentication
Terminal authentication: two move
challenge response protocol
20
E-passport Security Features (6)Additional control access mechanism
Used Smart Card Security Featuresspecifically in this project
Same structure of internal chip.
◦ LDS
◦ Apdu commands
Smart Card: another confidential info instead of the
MRZ_Information to perform BAC mechanism
21
E-passport Smart Card
Standard ICAO ICAOExtract BAC key- and thus
accessing DG1 and DG2 -
using
MRZ Another Confidential
info
Security Features to access
DG1,DG2 ICAO Standard ICAO Standard
Security Feature to access
DG3 (Fingerprints)EAC – Mentioned and
explained by ICAO
No security
Content Objective and Project Definition
Device Used: C-One E-ID
Biometrics ◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
22
Project Development
Read the MRZ
• OCR Tesseract
• Regula Document Reader
Read E-Passport or Smart Card
Scan fingerprint
Compare the two fingerprints
23
Project Development (2)MRZ Project
OCR Tesseract Project:
◦ Open source project /Use online trained data.
Regula Document Reader:
◦ Proprietary project for Regula Forensic.
24
Unsuccessful trials which leads to:
Enter manually the MRZ_informationneeded for BAC mechanism
Project Development (3)
Read the MRZ
• OCR Tesseract
• Regula Document Reader
• Enter It Manually
Read E-Passport or Smart Card
• JMRTD Solution
• Coppernic Solution
• The integration of two solutions
25
Project Development (4)Smart Card and E-passport projects
Java Machine Readable Travel Document
Most popular to read
E-passport.
◦ Android supported : AJMRTD
◦ Uses NFC to read E-passport.
◦ Read DG1 and DG2.
26
Incompatibility between NFC and RFID technology
Project Development (5)Smart Card and E-passport projects
Coppernic solution:
◦ Able to read DG1 and DG2 file from the E-
passport.
◦ Complexity of integrating the EAC
mechanism to read DG3. (Fingerprint DG)
◦ Unsuccessful trial to read Fingerprint from E-
passport
27
We managed to develop a similar application that reads only Smart Card
Coppernic Sample E-Passport Smart Card
Power Management Power up the RFId Power Up the Smart Card Reader
Keys for BAC mechanism MRZ_Information Another Confidential Info
Reading DG1 (Personal
Information
Extracting these info using
Coppernic methodology
Implementing JMRTD to extract the response
Reading DG2(Display
Picture)
Implementing JMRTD to parse the response
Reading DG3 Not supported yet due
the need of additional
security mechanisms
I managed to read DG3 since it does not
require any additional security and I
extracted the fingerprint template using
JMRTD
28
Project Development (6)Smart Card and E-passport projects
Project Development (7)
Read the MRZ
• OCR Tesseract
• Regula Document Reader
• Enter It Manually
Read E-Passport or Smart Card
• JMRTD Solution
• Coppernic Solution
• The integration of 2
Scan fingerprint
• Neurotechnology
Compare the two
fingerprints
• Neurotechnology
29
Fingerprint Sample
Neurotech Solution
Features:
◦ Reading fingerprint
◦ Extracting its minutias
◦ One to One verification One finger to another finger (Ex: Thumb to Thumb)
One finger to the 2 hands (Ex: Index to a person’s finger)
◦ One to Many verification One finger to a database of fingers (Ex: Thumb to many
Thumbs)
30
Content
Objective and Project Definition
Device Used: C-One E-ID
Biometrics ◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
31
Document verification application
32
Real Situation
33
Real Situation (2)
34
Real Situation (3)
35
Real Situation (4)
36
Successful implementation of the project
Content Objective and Project Definition
Device Used: C-One E-ID
Biometrics ◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
37
Conclusion
Importance of such a device with these
advanced capabilities lies in the increased
need to control borders and critical areas
in such a country.
Enhance catching terrorists and forgers
over borders controls.
38
Recommendations
More research to read E-passports using C-One E-ID
Reading MRZ visually and using the camera by a well trained data.
Compare the fingerprint of any person remotely with the database available on the server
One level of security can be added to prevent non authorized agents to use the device.
39
THANK YOU
40