TRUE IDENTITY IBORDERS BIOTHENTICATE: SECURING BORDERS WITH BIOMETRICS POSITIONING PAPER
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
TRUEIDENTITY
IBORDERS BIOTHENTICATE:SECURING BORDERS WITH BIOMETRICS
POSITIONING PAPER
CONTENTSExecutive summary 4
Sophisticated security threats stretch national borders 5
Widespread adoption of biometrics 5
End-to-end processes: from enrollment to verification 6
Enrollment: capturing biometric data and assessing risk 6
Identification: matching against databases 6
Verification: matching a person to their previously enrolled biometric 6
Picking the right technology for the job 7
Standardization guarantees interoperability 7
Harmonization across multiple countries 7
Secure your borders with iBorders BioThenticate 8
Biometrics at the Airport 8
Broad range of functionality for any platform 9
Why iBorders BioThenticate? 9
Why SITA 10
iBorders BioThenticate in action: Indonesia Imigrasi 10
Footnotes 11
3333POSITIONING PAPER | © SITA 2013
Biometrics play an increasingly important role in border management. By associating biometric data, such as fingerprint, iris or face with the travel document, border control authorities can be certain of the bearer’s identity. This allows low risk travelers to use self-service border crossing facilities, which frees up valuable border control resources to focus on potential high-risk passengers.
This paper examines the challenges facing border management agencies and shows how they can use biometric solutions to cope with new threats. It looks at the key processes that biometric systems should address, in particular enrollment, identification and verification. Biometric technology covers a wide range of areas and we look at the main components involved in building a large scale solution. Standardization is becoming of critical importance to ensure the interoperability of systems deployed in different parts of the world.
We also take an in-depth look at iBorders BioThenticate, which is SITA’s biometric identity and credential management platform. It allows governments to implement successful biometric systems within an end-to-end border management strategy. With iBorders BioThenticate, governments are offered a unique opportunity to combine effective identity management with accurate risk assessment using airline provided passenger data.
EXECUTIVE SUMMARY
4 4
Border control authorities are faced with increasingly sophisticated security threats, while also juggling with budget constraints and rising passenger numbers. For example, in the UK, total border crossings have increased by 75% over the last 20 years. In 2010, 21.6 million visitors arrived in Britain by air1.
Checking passports or identity cards visually is time-consuming and identification of sophisticated forgeries challenging. According to statistics from the French border service, 16% of the people refused entry in 2007 were carrying a fake passport. An additional 6% of visitors were turned away because they presented a fake visa2.
To combat the problem of counterfeit travel documents and identity theft, many countries have turned to using biometrics. By associating biometric data, such as fingerprint, iris or face with the biographic data held in travel documents, border control authorities can ensure the bearer’s identity. In addition, biometrics also help passport and visa issuers confirm that an applicant has not previously applied under a different identity.
WIDESPREAD ADOPTION OF BIOMETRICS The use of biometrics is widespread in border management initiatives around the world. In the US, all visitors to the country who are not citizens or permanent residents need to register their biometrics before they are granted entry. Countries in the Middle East use biometrics extensively for processing expatriate workers and regional citizens. In the EU, countries including Portugal and the UK use facial recognition to allow their citizens through passport control more quickly using self-service gates.
The EU required all Schengen countries to harmonize biometrics in their national passport, beginning with a facial image in 2005 and two additional fingerprint biometrics from 2009. This data is stored securely on a contactless chip embedded in the passport. The EU also has launched its Visa Information System (VIS), which shares information on short stay visas. Biometrics (fingerprints and facial images) of applicants for visas to Schengen states will be used to validate the identity of individual visa applicants and will eventually be cross-checked at borders.
SOPHISTICATED SECURITY THREATS STRETCH NATIONAL BORDERS
5POSITIONING PAPER | © SITA 2013
Automated border crossings are popular in Asia, in countries including China, Japan and Singapore. In fact the borders between China, Macau and Hong Kong have the largest deployment of automated gates in the world. Acuity Market Intelligence predicts that Asia will be the biggest growth market for automated gates through to 20143. It says that annual volume will grow from 300 units in 2009 to nearly 1,000 by 2014.
ICAO approves three biometrics
The International Civil Aviation Organization (ICAO) has defined three biometric modalities for use with e-passports. They are facial recognition, which is mandatory, and optionally fingerprint and iris recognition. This choice was inspired by the following criteria:
• Mature and accurate technology
• Compatible with passport issuance
• Easily machine-read
• Generally well accepted by the public
• Compatible with existing law enforcement standards
According to research from Acuity Market Intelligence, ICAO compliant e-passports accounted for 53% of all passports issued and 25% of all passports in circulation in 20094. It further predicts that e-passports will make up 88% of all passports issued by 2014 and nearly 80% of all passports by 2015. According to Passport Canada5, 95 countries have issued 350 million biometric passports worldwide to date.
With biometrics integrated into the border control process governments and border agencies can easily automate controls for low-risk travelers. Their identity can be reliably verified using their biometric data. This frees up resources to focus efforts on confirming the identity and risk status of other passengers through a combination of checks. These include detailed examination of travel documents and checking passenger data, such as that provided by airlines, against government databases.
6
END-TO-END PROCESSES: FROM ENROLLMENT TO VERIFICATION
Any agency interested in using biometrics must address three key processes: enrollment, identification and verification.
ENROLLMENT: CAPTURING BIOMETRIC DATA AND ASSESSING RISKThe enrollment process is where an agency first captures the user’s biometric and biographic data. This could be when they apply for a passport, a visa, enter a country, or join a trusted traveler program. One or more biometrics (typically face, fingerprint or iris) are recorded using specialized capture equipment. An algorithm then converts the captured biometric images into an encoded digital template for storage and comparison purposes.
Enrollment is normally an assisted process. An officer supervises the enrollment, checks the credentials of the enrollee and is the guarantor of the authenticity of the process. The enrollment system must also include an appropriate security architecture to prevent fraudulent enrollment or tampering with the enrolled data. Government agencies vet the enrolled data to confirm the identity of the enrollee and to assess for risk, by checking against current watch-lists, for example.
Security, quality and appropriate vetting of enrollments are all critical elements in this whole process. Future use of the biometric only confirms that an individual is the same person that was enrolled. It is the security, quality and vetting of the prior enrollment that assures the individual’s low-risk status.
IDENTIFICATION: MATCHING AGAINST DATABASESIdentification is the process of matching an individual’s biometrics to a single record in a database without using any biographic identifier. This means that the biometric details are compared to every existing entry in the database to ultimately identify the one record that matches with the individual. This large-scale matching requires specialized technology and algorithms, and is mainly used to detect the use of false or multiple biographic identities by an individual.
Typically this one-to-many match is done at the time of enrollment to check for duplicate biometric data. For example, if a person attempts to apply for a second passport under a different identity. Using biometric data, border management agencies can easily prevent this type of identity fraud. Biometrics is the facilitator for maintaining a single consolidated view of citizen identities across the entire border management operation. At the primary line, identification is often used to match against criminal databases and watch-lists, aiming to identifying persons of interest.
VERIFICATION: MATCHING A PERSON TO THEIR PREVIOUSLY ENROLLED BIOMETRICVerification is the process of making a one-to-one comparison of a person’s live biometric checked against their previously enrolled biometric data. This is either stored in a database or on a secure biometric credential, which relies upon layered security to prevent tampering or unauthorized reading of the contents.
Biometric verification prevents the fraudulent use of identity documents, such as e-passports and e-visas, by confirming that the person presenting the document is the legitimate holder. It is a quick and user-friendly process, ideal for automating identity checks in the airport environment. This includes check-in, bag-drop, security, immigration and boarding. In order to cover the end-to-end needs for biometrics in different circumstances, verification can be performed on a variety of platforms such as workstations, kiosks, mobile devices and electronic gates.
PICKING THE RIGHT TECHNOLOGY FOR THE JOB
Although largely proven to be mature, biometric technology is still constantly improving, in the areas of accuracy, liveness detection and ergonomic capture. A plethora of capture equipment is available from a wide variety of vendors. Technologies supporting new biometric modalities, such as palm vein and even gait, are challenging the ICAO approved iris, fingerprint and face technologies. Vendors are competing intensively to improve the accuracy and performance of the underlying matching algorithms and systems.
The key in deploying any biometric system is choosing appropriate technologies for the job and overcoming the systems integration challenges. New biometrics-based processes need to co-exist with established border processes running on existing systems.
Systems integration is the key to designing a coherent overall solution that works across the complete border management operation. It links the infrastructure on the immigration primary line with risk assessment, passport and visa systems, biometric identity management and other back office legacy applications.
STANDARDIZATION GUARANTEES INTEROPERABILITYStandardization is a key issue in biometrics. Standards developed by international and national organizations are nowadays becoming widely accepted, including:
• ISO (International Organization for Standards)
• International Electro-Technical Committee (IEC)
• US NIST (National Institute for Standards and Technology)
Standards ensure interoperability between biometric systems and consistency in the quality and security of both biometric data and applications. In order to provide an objective basis for evaluating and comparing alternative solutions, additional standards govern testing and performance measurement of biometric systems.
Within the border management context, the ICAO governs the standards for Machine Readable Travel Documents (MRTD),
including e-passports and e-visas, building upon ISO/IEC recommendations. Other border management initiatives make extensive use of other standards. For example, the US Department of Homeland Security uses standards developed by the International Committee on Information Technology Standards (INCITS). These govern programs such as US-VISIT and the Transportation Workers Identity Card (TWIC).
HARMONIZATION ACROSS MULTIPLE COUNTRIESFirst generation e-passports include a face biometric, while the second generation includes both face and fingerprint. However access to fingerprint data in passports is currently limited through encryption technology to the issuing government and trusted third parties.
There are a number of initiatives to harmonize the use of biometrics for fast-tracking trusted travelers between countries. For example the US Global Entry Trusted Traveler program allows passengers to use kiosks to bypass immigration queues on entry to the US. The US is now expanding this program internationally to allow people to cross the border in another country’s fast track lane. Each government receives a copy of the enrolled data and undertakes its own screening process. This allows them to be the judge of what constitutes “low risk”. Similarly, the Schengen community in the European Union is facilitating self service border crossing based on the biometric comparison of the face image stored in any passport issued by a Schengen nation.
In the future all air transport stakeholders – airlines, border management agencies, security authorities and airport operators – could use common biometric credentials for identification of travelers. Ideally these will be government issued and vetted to ensure security and quality. Harmonization of eligibility criteria and standardization of all biometric processes will be a condition for the widespread use of biometrics at multinational scale.
7POSITIONING PAPER | © SITA 2013
8
SECURE YOUR BORDERS WITH IBORDERS BIOTHENTICATE
SITA’s response to governments’ needs for a biometric system is SITA iBorders BioThenticate –a biometric identity and credential management framework providing sophisticated identity management and verification services. It delivers irrefutable proof of identity in high security environments such as border control at airports.
iBorders BioThenticate integrates multiple biometric matching sub-systems and identity management components into a single, uniform environment. It combines enrollment, verification, identification and credential issuance and is built around a single person-centric database of identities. Full integration with existing government processes and legacy systems is provided by external service interfaces. iBorders BioThenticate also incorporates an extensive administration and management interface, and is fully compliant with industry standards for the storage and transmission of biometric data.
iBorders BioThenticate allows governments to successfully implement biometrics within an end-to-end border management strategy. With iBorders BioThenticate, the combination of risk assessment using airline provided passenger data with effective identity management becomes straightforward.
BIOMETRICS AT THE AIRPORT End-to-end self service for passengers, as described in the industry’s vision of the airport of the future – Fast Travel – is based on biometrics replacing manual document checks at check-in, bag-drop, security and boarding. Biometrics can also be used for airport staff to gain secure access to sensitive areas.
Passengers prefer the feeling of being in control provided by self-service, while airlines benefit from reduced costs and airports from the opportunity to generate increased revenues. This is because passengers spend less time waiting in lines and enjoy more time spending money at retail concessions. Everyone benefits from improved security, particularly when the airlines, airports and border authorities use a common government-vetted biometric credential at each step.
IATA’s Checkpoint of the Future concept specifically addresses how biometrics can help improve security screening at the airport. It segments the security checkpoint into three lanes: light, normal and enhanced screening. Passengers are directed to a particular lane, based on risk-assessment and the level of confidence in the identity of the passenger. Light screening is for those who registered their biometrics in advance and were vetted as part of a voluntary ’Known Traveler’ program. Normal passengers would continue to have screening similar to what we have now. Finally high risk passengers would have to go through an enhanced security checkpoint with extended screening possibilities, balanced to the increased risk.The key here is that the use of biometrics makes it possible to accurately identify those passengers who have been assessed as low risk at the time of applying for ‘Known Traveler’ status. These passengers can benefit from lighter screening and self-service, freeing up screening staff to focus their efforts on high-risk passengers.
9POSITIONING PAPER | © SITA 2013
BROAD RANGE OF FUNCTIONALITY FOR ANY PLATFORMiBorders BioThenticate is designed to be deployed on a wide range of platforms, ranging from workstations, kiosks, mobile devices to automated gates for automated border control, security checkpoint and airline self-service applications.
The product includes the following core modules:
• BioThenticate Enrol provides services to capture, vet and perform quality assessment of both biometric and biographic data.
• BioThenticate Credentialing helps create and manage secure personalized biometric credentials such as smartcards.
• BioThenticate Verify provides services for identity verification by comparing live biometric data against data stored either on a biometric credential or on the BioThenticate database.
• BioThenticate Workbench allows government specialists to resolve identity conflicts that arise as new identities are enrolled in the BioThenticate system.
• BioThenticate Server is the core of the system. It provides a number of biometric identity management related services, which are linked and choreographed by a flexible internal workflow engine. This provides BioThenticate with the ability to be configured for many different customer requirements.
• BioThenticate Engine provides scalable secure biometric storage, template generation, identification and verification, capable of handling millions of identities.
Additional modules and services facilitate system administration, the management of enrolled users and system operators, as well as detailed audit and reporting on system performance.
WHY IBORDERS BIOTHENTICATE? iBorders BioThenticate provides a best of breed end-to-end solution for large scale deployments in an international context. It offers rigorous respect for industry standards, and includes the following benefits.
Flexibility: meeting your requirements
All biometric identity management systems share common processes such as enrollment, verification and identification. However, the implementation of these processes from one system to another can vary widely.
Take enrollment as an example. The workflow may involve the capture of multiple biometrics, using capture devices provided by a number of vendors. Similarly, biographic data may be required from different sources such as passports, driving licenses or birth certificates or even manual data input from a keyboard. The enrollment environment can range from workstations to handheld devices or self-service kiosks.
iBorders BioThenticate is designed with flexibility in mind to meet these wide ranges of customer requirements:
• iBorders BioThenticate supports biometric readers, algorithms and matching systems through ‘pluggable’ modules. Our technology neutrality allows us to recommend and provide the best suited technologies based upon objective performance assessment.
• iBorders BioThenticate is implemented using a modern, three-tiered services oriented architecture (SOA) that separates user presentation, workflow and data access. As a result, client presentation, application workflows and data access can be tailored to project-specific requirements.
• BioThenticate can be deployed on a wide range of platforms, from workstations to kiosks, hand-held devices and electronic gates.
10
Security: maintaining trust through respect for privacy
iBorders BioThenticate is designed from the ground up to be highly secure and includes the following specific measures:
• Role Based Access Control (RBAC) allows only authorized users to use the system
• Support for device and client level authentication using cryptographic keys to prevent spoofing
• Hardware security modules
• Encryption of all sensitive data during transit and storage
• Non-repudiatable audit logs
We use a ‘Defense in Depth’ security strategy to assess threats on a project basis. It allows us to identify additional administrative, logical and technical security mitigations, as appropriate. This ensures the security of all biometric information handled by the system.
Maintaining trust in the overall process by all stakeholders is a condition for successful deployment of any biometric system. Trust can only be established when a system respects the privacy of each individual passenger whose biometric data is being processed. Full compliance with local and international privacy regulations, combined with the highest level of IT system security will achieve this objective.
WHY SITA Fraudulent identity poses a significant challenge to governments, the air transport industry (ATI) and air travel in general. In a clear response to this threat, we have taken a leading role in the provision of end-to-end border management solutions. We address systems from the immigration counters, through the risk assessment of passenger data to biometric identity management and integration with government systems on the back-end.
As an independent systems integrator we are able to provide best-of-breed technology to suit specific border management requirements, using our in-house BioThenticate platform to integrate diverse systems.
Our background in the air transport industry has allowed us to integrate key border control data for many border agencies for many years. We are the world leading provider of biographic data screening using airline provided Passenger Name Record, Advance Passenger Information and Advance Passenger Processing. This is complementary to biometric border control applications and gives us unique skills in the market.
Our technical expertise and intimate understanding of the security and policy challenges for governments around the world has earned us a major global award. In December 2011, Frost and Sullivan awarded SITA the Global Customer Value Enhancement Award in Border Control. The award looked at the key challenges faced by the border control industry
and recognized our Border Management Solution suite6. The solution enhances security through improved detection and risk analysis7 while facilitating rapid processing of low-risk travelers. Another major factor was our track record of driving innovation and product development with our customers.
IBORDERS BIOTHENTICATE IN ACTION: INDONESIA IMIGRASIAs a systems integrator SITA has extensive experience deploying biometric systems for border agencies. iBorders BioThenticate is proven to be an ideal platform for integrating best of breed biometrics technology at the primary line.
For example, we are helping Indonesian Immigration (Imigrasi) tighten security at its international borders. Using iBorders BioThenticate, Imigrasi has deployed a system designed to match and manage up to 20 million unique biometric identities. It is being rolled out at the major air- and seaports across Indonesia and will provide centralized management of biometric identity data captured from visitors for visa and permit applications as well as Indonesian citizens for passport issuance. Real-time matching against a biometric watch-list provides an effective layer of security, right on the desk of the immigration officer at the primary line.
The solution allows the Indonesian government to co-ordinate border control activities across multiple departments. iBorders BioThenticate captures face and fingerprint data of arriving visitors, passport, visa and permit applicants and manages it in a person-centric database of identities. Identity data is consolidated into a single person-centric record allowing people who are claiming multiple identities to be easily detected. This single system reduces identity fraud, controls the issuance of stay permits, supports the primary line operations and helps prevent illegal migrant activity.
Imigrasi has used SITA solutions throughout its border management operations since 2007. This includes the primary immigration inspection line system at 30 ports of entry, and supporting systems to manage the Indonesian (biographic) watch list. In 2010, SITA added ten-print fingerprint and face biometric capture for visitors to the primary line system. Nowadays, with the full deployment of iBorders BioThenticate, Imigrasi has added a comprehensive capability for large scale matching and management of biometric identities.
Other major border management programs delivered by SITA include systems for Canada, Australia, Bahrain, Italy, Kuwait, New Zealand, Italy and Spain.
11POSITIONING PAPER | © SITA 2013
FOOTNOTESNote 1 Travel Trends 2010, Office for National Statistics, Page 5 UK, 2011.
Note 2 Figures provided by the French Government to Page 5 the EU.
Note 3 Automated Border Control “eGates” Drive Annual Page 5 Global EPassport and EVisa Market Revenue to
US$10.7 Billion by 2014. Acuity Market Intelligence, 2010
Note 4 ePassport Market Adoption to Reach 88% by 2014 Page 5 Acuity Market Intelligence, 2010
Note 5 Canada to launch biometric passports by 2012, Page 5 September 2011, http://www.canada.com/news/Ca
nada+launch+biometric+passports+2012/5404109/story.html
Note 6 See more details online: Page 10 http://www.sita aero/products-solutions/solutions/
border-management
Note 7 Watch this video online for more details: Page 10 http: www.sita.aero/content/iborders-app-video
SITA AT A GLANCE
The air transport industry is the most dynamic and exciting community on earth – and SITA is its heart.
Our vision is to be the chosen technology partner of the industry, a position we will attain through flawless customer service and a unique portfolio of IT and communications solutions that covers the industry’s every need 24/7.
We are the innovators of the industry. Our experts and developers keep it fuelled with a constant stream of ground-breaking products and solutions. We are the ones who see the potential in the latest technology and put it to work.
Our customers include airlines, airports, GDSs and governments. We work with around 500 air transport industry members and 2,800 customers in over 200 countries and territories.
We are open, energetic and committed. We work in collaboration with our partners and customers to ensure we are always delivering the most effective, most efficient solutions.
We own and operate the world’s most extensive communications network. It’s the vital asset that keeps the global air transport industry connected.
We are 100% owned by the air transport industry – a unique status that enables us to understand and respond to its needs better than anyone.
Our annual IT surveys for airlines, airports and passenger self-service are industry-renowned and the only ones of their kind.
We sponsor .aero, the top-level internet domain reserved exclusively for aviation.
In 2011, we had consolidated revenues of US$1.517 billion (€1.09 billion).
For further information, please visit www.sita.aero
© SITA 13-THW-075-2 All trademarks acknowledged. Specifications subject to change without prior notice. This literature provides outline information only and (unless specifically agreed to the contrary by SITA in writing) is not part of any order or contract.
For further information, please contact SITA by telephone or e-mail:
Americas+1 770 850 4500 [email protected]
Asia Pacific+65 6545 3711 [email protected]
Europe+41 22 747 6111 [email protected]
Middle East, India & Africa+961 1 637300 [email protected]
Related Documents
