‫المديرية العامة لألمن العام ‪ -‬مكتب شؤون المكننة‬

‫‪The Lebanese E-Passport‬‬

‫جواز السفر اللبناني البيومتري‬
‫‪Page 0‬‬
Page 1
 Overview
The project involves the deployment of a
complete biometric enrollment and electronic
passport personalization solution for Lebanon.

The project covers 6 types of E-passports:

 The Lebanese normal passports
 The Diplomatic Passports
 The Special Passports
 The Service Passports
 The Palestinian Refugees Travel Documents
 The Laissez-Passer

Page 2
 Overview
The solution already deployed in:
 GDGS Headquarter and Production Center
 All Regional GDGS centers.
 The Public Relations Department.

The solution will soon be deployed in:

 The Ministry of Foreign Affairs and Emigrants.
 88 diplomatic missions abroad

Page 3
 Project scope
• E-Passport booklets and laminates
• Application forms.
• E-Passport Application Software:
 Enrollment, workflow and delivery solution.
 Personalization solution
 PKI
 User management
 Interfaces with border control system.
• E-Passport Hardware Infrastructure:
 Data center
 Production center
 Enrollment Sites infrastructure preparation and
equipment.

Page 4
 Project Goals
• Compliance: The new passport is an electronic machine-
readable ICAO, ISO, and EU standards-compliant E-passport.
• Security:
 The new passport will include the latest security features.
 Tailored enrollment solution.
 Personalization and issuance solution to prevent skimming,
eavesdropping, counterfeiting, and other fraudulent
activities.
• Service enhancement: The migration to the new E-passport
system was considered as an opportunity to increase the
service level:
 Better service and faster issuance times.
 Increased flexibility and fully automated work environment.
 Better control and visibility on the applications and
documents life cycle.
Page 5
 Project Goals
• Identity Management: By using the cutting edge biometric
technology to complement current authentication methods to:
 Eliminate duplications in registrations.
 Prevent identity fraud or theft.
 Better identify and verify individuals (Unique Personal
Number UPN for each registered individual).

• Crossover use of Electronic Security Credentials

(beyond passport booklets):
 Border control faster processing and greater convenience .
 Issued credentials could be used as the accredited basic
building block to facilitate derivation into a “virtual” ID for
online use.
 Issued credential could be used with other public-sector or
private-sector services
Page 6
Request Life-Cycle

Page 7
Booklets Life-Cycle (Before Delivery)

Page 8
 Booklet Life-Cycle (After Delivery)
stm Issued documents state

Initial

[Moving from the

production DB]

DELIVERED
[Marrking as
[Marking
lost] [Marking as as
[Marking as
[Marking cancelled] revoked]
damaged]
as stolen]

LOST STOLEN DAMAGED CANCELLED REVOKED

Final Final Final Final Final

Page 9
 New Application forms

• A4 paper
• 100 gsm paper density
• Multicolor printing
• Anti-scan/copy pattern
• Barcoded uniquely serialized (each form
will have unique barcode/serial number)

Page 10
New Application forms

Page 11
 The biometric
Enrollment solution

• Facial Image Capture

• Ten Fingerprint Capture
• Biographic Data Capture
• Business Rules
Enforcement
• Summary Display and
application form printing

Page 12
Ten Fingerprints Capture

Page 13
The Enrollment Workstation

Page 14
 The Enrollment Workstation

• Suitable for mass enrollment

• Rapid on-site process.
• Top quality biometric capture.
• Automatic height and lighting adjustment
• Fully automated data processing (enrollment,
data transfer, authentication)

Page 15
 The Portable
Enrollment Workstation

Page 16
 The Portable
Enrollment Workstation

• Light Weight.
• Rapid on-site process.
• Biographic and high quality biometric capture.
• Fully automated data processing (enrollment,
data transfer, authentication)
• Robust components
• Easy to carry, no loose components and long-
lasting battery

Page 17
 The New Electronic Passport

• Compliant to ICAO Doc 9303.

• Components:
 Cover: including the inlay with its Integrated
Contactless Chip and antenna.
 Data page – Additional Info Page – Visa Pages.
• New design concept: Modern – Abstract.
• Security Features.

Page 18
The Cover

E-Passport
Logo

Page 19
The Cover

Page 20
 Security Features
• More than 50 security Features.
• Consistent set of overt (obvious, visible) and
covert (hidden) security features.
• Security features inserted during booklets
manufacturing and during the personalization
processes.
• Security features of four levels:
 Level 1: No equipment needed to check the
security feature - usually overt.
 Level 2: requires a simple, easily available
equipment e.g. UV light source (border control
officer)
 Level 3: requires special inspection equipment
in laboratory (forensic)
Page 21
The Cover (UV)

Page 22
The Datapage

Page 23
The Datapage (UV)

Page 24
The Visa Pages

Page 25
The Visa Pages (UV)

Page 26
The Visa Pages

Page 27
The Visa Pages (UV)

Page 28
 The Personalization Machines

• Two industrial e-passports printers.

• Each machine is designed to accommodate the
personalization of up to 600 epassports / hour
(up to 3600 epassport / day).
• Flexible so that it can be easily extended in the
future for higher volumes of personalization,
and even different personalization technology.

Page 29
The Personalization Machines

• Allow for fully automated personalization

operations:
 Automatically read the blank booklet serial
number
 Personalize the electronic passports optically
 Personalize the chip of the e-Passports
 Laminate the ePassport.
 Perform automatic quality control
 Update the stock management system
automatically

Page 30
Industrial e-passports Printers

Page 31
Lebanon PKI overall solution

Page 32
 Country Signing CA = Root CA

• The Certification Authority for e-passports

compliant with ICAO is CSCA (Country Signing CA).
 CSCA issues signing certificates to Document
Signer Server.
 Document Signer digitally signs the information
contained in the chip.

GDGS is responsible for

the operation of the CSCA

Page 33
 PKI Trust Hierarchy:
based on X.509 standard

Root CSCA
CSCA

Document Signer CRL

certificate CRL
1234234749
DS 7623469324
5612129234
7656465234
5623465283
47652

Page 34
 Passive Authentication

• Secure the production of passports

• Ensure the authenticity of the passport
• Ensure the data integrity (no data alteration)

Page 35
 Root Country Verifying CA

• The National Certification Authority for Terminal

Authentication is called CVCA.
• CVCA issues certificates to DVCA (delegated CA)
• DVCA is delegated CA and issues authentication
certificates to Inspection Systems.

GDGS is responsible for

the operation of the CVCA and DV

Page 36
 PKI Trust Hierarchy
based on ISO 7816 standard

CVCA
CVCA

DVCA
DVCA

IS certificate
IS

Page 37
 Extended Access Control
(Chip Authentication
& Terminal Authentication)

• Protect access to traveler’s fingerprints

(sensitive Data)
• Verify the travel document holder

Page 38
Certificates Validity Periods

Page 39
 Interoperability :
Foreign Documents verification

Page 40
 Interoperability :
Verify Foreign Travelers Identity

Page 41
 The SPOC
(Single Point of Contact)
• An European Framework
 EU Common Policy guides information exchange (TR-03139)
 Internationally standardized protocol SPOC (CSN 369791)
 Read Access to biometrics protected by EAC (TR-03110)
 All Member countries must deploy SPOC (EU Commission)
• Global Interest
 Initiatives to create regions, where cross border travel is
facilitated
• New application fields
 LDS 2.0 (ability to write Visa data into the epassport)
requires EAC protection
 Management of write rights on international level.

Use of Standardized Solutions

is the key to Success
Page 42
 ICAO PKD
(Public Key Directory)

• ICAO has set up the ICAO Public Key Directory

to facilitate the exchange of:
Document Signer Certificates
Certificate Revocation Lists (CRLs)
CSCA Master Lists
CSCA Defect Lists
• General information about PKD :
58 registered countries

Page 43
THANK YOU

Page 44