Scribd Logo
Upload

Welcome to Scribd!

  • 8 views

    Trusted Identities - Secure Transactions™: Passport & Borders Market Drivers and Evolution

    Uploaded by

    joeblack black

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Trusted Identities - Secure Transactions™: Passport & Borders Market Drivers and Evolution

    Uploaded by

    joeblack black
    8 views29 pages

    Original Title

    Passport_and_Borders_Market_Drivers_and_Evolution_English

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    8 views29 pages

    Trusted Identities - Secure Transactions™: Passport & Borders Market Drivers and Evolution

    Uploaded by

    joeblack black

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 29

    TRUSTED IDENTITIES | SECURE TRANSACTIONS™

    PASSPORT & BORDERS MARKET DRIVERS AND EVOLUTION


    Market Drivers

    © Entrust Datacard Corporation. All rights reserved.


    Evidence of Rapid Change

    PLANE
    CAPACITIES
    INTERNATIONAL Airbus A380

    TOURIST ARRIVALS AIRPORT VOLUMES 550+ travelers


    Boeing 747
    DUBAI
    70.5M 416+ travelers
    Passengers in 2014
    Boeing 777
    68.1M 386+ travelers
    HEATHROW
    Passengers in 2014

    HONG KONG 61.8M


    Passengers in 2014

    120
    countries issuing
    45 in ICAO
    PKD
    eMRTD
    ? validating
    ? e-validating at borders against SLTD

    3 © Entrust Datacard Corporation. All rights reserved.


    THREAT INSIGHTS

    $320B
    43% DRUG TRAFFICKING

    Growth in
    Terrorism
    in 2013
    $32B
    HUMAN TRAFFICKING
    Foreign Fighters
    by Jan 2014 -
    16,000 $320M
    FIREARMS

    OVERWHELMING
    40,000,000
    Lost or stolen travel documents as of
    SITUATION
    for current border control
    infrastructure
    March 2014
    ? validating
    against SLTD

    4 © Entrust Datacard Corporation. All rights reserved.


    EVOLUTION OF ePASSPORTS
    IMPACT ON BORDER CONTROL

    © Entrust Datacard Corporation. All rights reserved.


    LDS2
    CERT-BASED ACCESS CONTROL
    EAC
    STRONGER SESSION SECURITY
    PACE
    CHIP AUTHENTICITY AA
    BAC
    PA
    LDS1
    Machine DATA INTEGRITY
    Readable AUTHENTICITY

    ACCESS CONTROL
    SESSION SECURITY

    © Entrust Datacard Corporation. All rights reserved.


    THREE GENERATIONS OF ePASSPORT DEPLOYMENT

    Two ePassport standards commonly deployed today

    1st Generation

    Electronic “data page” and associated security

    2nd Generation

    Digital Biographics
    Enhanced Security

    Future profile based on ongoing standards for LDS2

    3rd Generation

    Chip can be written to post-issuance


    Electronic entry/exit travel stamps, visas, additional biometrics
    Additional security

    7 © Entrust Datacard Corporation. All rights reserved.


    PKI IN BAC “1ST GEN” EMRTD APPLICATIONS

    SUPPORTING PASSIVE AUTHENTICATION


    – Based on X.509
    TRUST PKI technology
    – One Country Signing CA (CSCA) per country
    – ~120 Countries deployed
    – Ensures integrity and authenticity of
    personal data on chip to counter threat of
    forgery
    – CSCA Issues one or more Document
    Signers
    PASSIVEthatAUTHENTICATION
    sign a hash of the personal data
    – Data & Digital signature verified by
    Inspection System (IS) at border control

    © Entrust Datacard Corporation. All rights reserved.


    1ST GENERATION ePASSPORT

    Data Authenticity & Integrity


    (Passive Authentication)

    SOD

    Data Privacy & Access Control Chip Authenticity


    (Basic Access Control) (Active Authentication)

    CHALLENGE

    RESPONSE

    9 © Entrust Datacard Corporation. All rights reserved.


    BORDERS PKI FOR EAC “2ND GEN” eMRTD

    TWO DISTINCT BUSINESS CASES


    Domestic TRUST
    – High assurance validation of own citizens based
    on live match of biometrics with that on the chip
    – Possibly in concert with ABC (eGates) – high
    assurance with speedy access
    – Relatively straight forward deployment model
    Interoperable International
    – High assurance validation of foreigners covered
    under agreement as they enter your border
    – Again possibly in concert with ABC
    – High assurance validation of your citizens at
    foreign borders, with controlled access to
    biometrics
    – Significantly more complex
    – Single Point of Contact (SPOC)

    © Entrust Datacard Corporation. All rights reserved.


    BORDERS PKI FOR EAC “2ND GEN” eMRTD

    TRUST

    EAC Mutual Authentication


    • Chip Authentication
    • Terminal Authentication

    © Entrust Datacard Corporation. All rights reserved.


    2ND GENERATION ePASSPORT

    Data Authenticity & Integrity Extended Access Control — Read


    (Passive Authentication) (Terminal Authentication)

    SOD

    Data Privacy & Access Control Chip Authenticity


    (PACE & BAC) (Chip Authentication)

    CHALLENGE
    KEY EXCHANGE
    RESPONSE

    12 © Entrust Datacard Corporation. All rights reserved.


    2ND GENERATION IMPACT ON BORDER CONTROL

    Number of ePassports in circulation increasing


    2nd Generation ePassports become more common
    — mandatory in EU; adopted by states interested in
    biometrics
    Increased confidence
    Authenticity, integrity and reliability of data/document
    Binding documents and passengers

    Easier identification of fraud and forgery


    Faster processing of passengers

    13 © Entrust Datacard Corporation. All rights reserved.


    3RD GENERATION ePASSPORT

    Data Authenticity & Integrity Extended Access Control


    (Passive Authentication) Read & Write (Terminal Authentication)

    Travel Stamps

    Visas

    Biometrics

    Data Privacy & Access Control Chip Authenticity


    (PACE) (Chip Authentication)

    KEY EXCHANGE

    14 © Entrust Datacard Corporation. All rights reserved.


    3RD GENERATION IMPACT ON BORDER CONTROL

    Automation of additional services possible


    Examination of travel history
    Electronic processing of Visas
    Verification of additional biometrics

    Ability to write to ePassports


    Authorization required from passport issuing state
    Travel entry/exit stamps can be written electronically at
    border
    Additional biometrics

    Additional security focused on authorization

    15 © Entrust Datacard Corporation. All rights reserved.


    EPASSPORT OVERVIEW – WHAT’S ON THE CHIP?

    • Chip contains Logical Data Structure (LDS) with 16 Data Groups


    (DGs)
    – DG1 contains the contents of the MRZ - mandatory
    – DG2 contains photograph of the holder - mandatory
    – DG3 contains fingerprint biometric – Optional
    – Etc.
    • Chip contains Security Data Object (SOD)
    – Contains hash of the Data Group present in LDS
    – Contains a signature that encapsulates the stored hashes

    HashLDS
    SOD

    © Entrust Datacard Corporation. All rights reserved.


    17 © Entrust Datacard Corporation. All rights reserved.
    IMPORTANT OUTCOMES AT THE BORDER

    18

    © Entrust Datacard Corporation. All rights reserved.


    REQUIRED ACTIONS & NECESSARY OUTCOMES

    • Greater veracity in verifying identities, travel documents


    • Efficiency in processing through borders
    • Greater utilization of existing data sources
    • Agreement and adherence to standards
    • Affordability for government agencies
    • Simplicity for field officers

    COORDINATED RESPONSE
    Public-Private Sector Collaboration

    © Entrust Datacard Corporation. All rights reserved.


    BORDER CONTROL PERSPECTIVE

    Critical Decision
    In less than 60 seconds for each
    Inbound or outbound passenger

    Travelers are who they say they are

    Know their point of origin and destination

    Identify threat to travelers, transit

    Identify national security threats

    Authenticate credentials

    Verify entry privileges

    20

    © Entrust Datacard Corporation. All rights reserved.


    FIELD OFFICER PERSPECTIVE

    ELEMENTS OF
    A DECISION
    Who is this person?
    WHO Is the credential authentic?
    Do the biometrics agree?

    What does the credential say?


    WHAT Does it belong to this person?
    Is it authentic or has it been altered?

    WHERE
    Where is he from?
    Where has he travelled?
    Where is he going?

    21

    © Entrust Datacard Corporation. All rights reserved.


    FIELD OFFICER PERSPECTIVE

    22

    © Entrust Datacard Corporation. All rights reserved.


    CONCEPT — ATTRIBUTES OF A DECISION

    Where

    IDENTITY
    ASSURANCE
    What

    Who

    23

    © Entrust Datacard Corporation. All rights reserved.


    ESTABLISHING THE WHO

    What Who is this


    person according
    to the document?
    Primary
    Local
    Secondary
    Databases
    Biometric
    IDENTITY Biometric
    ASSURANCE
    Who Do biometrics
    confirm identity?

    Where

    24

    © Entrust Datacard Corporation. All rights reserved.


    CONFIRMING THE WHAT

    Where Does the


    credential belong
    eFeatures to the bearer &
    Multi-Lateral
    International
    & Physical
    IDENTITY Interoperability
    & SLTD
    Security
    Security
    ASSURANCE Is it authentic
    What and valid?

    Who

    25

    © Entrust Datacard Corporation. All rights reserved.


    ESTABLISHING THE WHERE

    Who What confidence can


    be drawn from the
    Advanced person’s nationality
    National
    PNR Trust
    Itinerary
    Passenger
    IDENTITY Policy and itinerary?
    &Information
    Ticket Data
    ASSURANCE - (API
    Alerts& iAPI)
    Where
    - Standing

    What

    26

    © Entrust Datacard Corporation. All rights reserved.


    FUTURE LDS2
    EXTENSIONS eVisa

    Where

    IDENTITY
    LDS2 ASSURANCE
    Travel
    Stamps
    What

    Who

    LDS2
    Biometrics

    © Entrust Datacard Corporation. All rights reserved.


    27
    PORTABLE EGATES BORDER CONTROL

    DATABASES

    INTERPOL
    & LOCAL/REGIONAL
    ADVANCED PASSENGER
    INFORMATION
    (API)

    MULTI-LATERAL
    TRUST NETWORKS ICAO
    nPKD

    © Entrust Datacard Corporation. All rights reserved.


    28
    CLOSING THOUGHTS

    Threat level increasing Standards-based


    technology widely ePassport issuance
    available pervasive

    Time to Reap the Value


    Validate the Identity

    © Entrust Datacard Corporation. All rights reserved.


    29

    You might also like