Unprecedented growth in the demand for optimum national security throughout the world has resulted in an expanding electronic identity document industry with smart technology leading the field. The rapid development of e-passports and ID card programs is, perhaps, mirrored only by the 1990s smart card boom in the financial sector, which spawned the plastic ID card. National and international security is driving change with processes and technologies that enhance the security of documents. Many technologies are converging in the use and application of identification ID cards.
Developments in Passport Security
Machine-readable passports (MRPs) have been in circulation since the 1980s as hand-written passports became less secure in terms of data matching and were completely susceptible to the counterfeit production of fake ID cards. Most are standardized by the International Civil Aviation Organisation (ICAO) document 9303, with a special machine readable zone providing the passport holder’s personal information including name, passport number, check digits, nationality, date of birth, and sex. The passport expiration date and personal ID number, where applicable, can also be read. Between 2003 and 2006 the United States progressively introduced regulations making MRPs mandatory for anyone entering the US under the Visa Waiver Scheme for faster processing at immigration and secure matching of data. Since their introduction, MRPs are evolving to accommodate chip technology and biometric information, particularly since the ICAO recommendations are for biometrics using facial recognition technology and high-capacity contactless integrated circuit chips.
The biometric passport combines paper and electronic identity (smart card technology) into a document using biometrics to authenticate the passport holder. Embedded chips hold all the critical information about the holder including all personal details and other digitized data such as signature capture and photographs. Other biometrics such as fingerprint and retinal scanning is also being considered. The former is planned for adoption by many European countries, although the new UK version currently only employs digital imaging. The latter, retinal scanning, although a much-feted technology is not being taken up by ICAO regulations. The US version is not as complex as the European biometric passport, using only digital imaging on the contactless chip. However, at 64 Kbytes, the chip is large enough to incorporate additional identifiers if and when the need arises. Production started in 2004 and it is expected all new or renewed passports will be issued to US citizens throughout 2006/2007. Similarly, the UK has already started its issuance of all new and renewed passports.
Biometric passports are becoming widespread in many EU countries, including Finland, Holland, Germany, France, Spain, Poland, Greece, and Macedonia. Elsewhere, in Australia, the biometric passport was introduced in 2005, again with only a digital photograph of the bearer’s face on the chip. As in several European airports, control gates at Australian airports are being upgraded for fast clearance of e-passport holders using chip reader technology, and in some cases face recognition ID card systems. Several Eastern European countries have e-passport schemes underway or are planning rollouts. Russia has plans to introduce a biometric passport in 2007, while countries in the Middle East, Asia, and Africa are extending national ID programs into the passport arena. Other established schemes include Canada with photographs on the chip and Singapore, which met the US Visa Waiver deadline of October 2006, by introducing biometric passports in August 2006.
Growth in National ID
Similarly, there is global growth in national identity card programs. In the EU counties, 10 countries have compulsory ID cards in circulation and a further 10 operate voluntary schemes based on delivering proven benefits to citizens. Of the remainder, Denmark, Latvia, Ireland, and the UK currently have no ID cards and debate continues around the cultural and cost implications surrounding their introduction. While privacy activists in several countries question the level and vulnerability of information contained in the chips on both ID cards and e-passports, technologists in the smart card industry are constantly improving data shields and reader protection devices. In some instances new electronic ID schemes are being introduced in parallel with e-passport programs in countries without these programs, that are looking for secure ‘state-of-the-art’ systems.
Requirements for ID cards and e-passports vary. What is being termed as international obligations to introduce programs, do not necessarily apply everywhere. ICAO and US requirements (apart from standard personal data) demand a digital photograph only, while the EU passport also needs to include two fingerprints by 2008. The French ID card will carry a face template in addition to a digital image while in Spain, the ID card carries no biometric data other than two fingerprints for foreign nationals. In addition, the ICAO contracting states have recently publicized a 2010 deadline for which all nations shall be issuing machine-readable passports (MRP). Similar objectives focused on the deployment of electronic documents are currently limited to European member states and those countries within the United States Visa Waiver Program. While these countries may constitute the majority of passport volumes worldwide, it must be noted that it has taken some 22 years for the machine-readable technologies to reach today’s acceptance level. Smart card industry government scheme integrators hope that the new generation of electronic documents, ID cards, and ID card readers will be more readily adopted.
The holding of data in a central register is also an issue for many and policies vary. Currently, there is no central registration requirement under ICAO, EU, or US passports guidelines. Indeed in Germany, it is illegal to do so, but the French ID card is governed by a centralized system of limited data. In the UK, the jury is still out on this issue for both e-passports and the country’s proposed and politically controversial ID card scheme. All this rapid development is mirrored in other sectors such as finance. In the past, the financial card industry’s credit and debit cards had relatively light security needs with magnetic stripes and signatures sufficing. Today, financial cards are highly secure with the introduction of chip and PIN technology, following rapid growth in fraud and criminal activity.
Public and Private Access Control ID is Maturing and Converging
Access control and ID management are maturing similarly, albeit with different levels of security need and sophistication. For example, entry to a theme park is relatively low risk compared to allowing access to a secure government institution or bank. As a result, the needs of customers need to be assessed in terms of risk levels. The key question is whether there is ‘value to defraud’ the program. In other words, is it worth breaching a commercial enterprise’s security? Protection against such risks can range from ensuring the safety of assets and staff to that intellectual property and trade secrets.
The need for modularity holds truer today than it did when the concept was first introduced in the early 1990s. A key consideration is the ability of companies and governments to upgrade security levels and technologies without throwing away their investment. This has led to the development of solutions allowing an enterprise to start low, with the purchase of only the modules that are wholly relevant to their business at the time, and if their levels of security change, their systems can be upgraded to meet the demand as it arises. This applies to both centralized issuances of large quantities of ID cards to desktop ID card printers for remote and batch ID card printing.
Trends affect all industry sectors, from government applications to commercial, education, finance, and healthcare, and the need for protection within these sectors is growing across the board. In these industries, growth in the government identity card and secure access market has been the most rapid following the events of 9/11 and other acts of global terrorism. Today, highly sophisticated personalization techniques are a standard requirement for passport personalization. Modern laser technology engraves high-resolution text and images inside the polycarbonate holder page, making the document extremely difficult to alter or forge, resulting in a highly durable passport with information that stays securely protected. In addition, photographs, text, bar codes, micro-printing, signatures, and other graphic elements can be added to a passport’s high resolution.
Major Trends Affect Security Management Needs
Similarly, the commercial and business markets have identified the need for higher access security as well. Solutions providers see three major trends affecting customer assessment of ID badging and security management needs. Generic offerings need to become more segment-specific, allowing resellers to move away from price competition by adding value through integrated solutions. Segmentation can apply to a customer’s specific need for access control, visitor ID badging, enterprise-wide ID cards, or multi-applications in sectors such as higher education with university and college student ID cards.
Convergence of physical and logical security, ensuring an ID badging solution is compatible with an organization’s IT infrastructure is critical for maintaining security at the highest level. As a result of this convergence, there is a definite interest from ID card issuers and end users to implement one ID management structure that bridges both physical and logical security. There is a need to agree on a common practice to achieve uniformity across systems, and the ability to install a secure ID card system that works in terms of quality, reliability, and integration, from the enrolment stage through to data management. The second trend is one of integration of enterprise-wide ID management for organizations that have several premises with employees in different locations, both nationally and globally. Often this arrangement leads to incompatibility of systems in each location, requiring employees and regular visitors to be re-identified every time they visit each premise with a new employee ID card.
An organization that has multiple systems from multiple vendors may find it difficult and expensive to incorporate new security technology, such as biometrics or digital video into their enterprise. Even minor integration to new internal systems can be a major development project when one must customize each system separately, so often organizations follow a rip and replace strategy rather than integrate an ID management solution that can bridge legacy systems throughout their enterprise. Innovative security management solutions for enterprise-wide ID cards now provide a flexible open platform that makes it possible to integrate all existing security systems with new technologies so that a single interface shares and manages data for access control, identity management, CCTV, biometrics, and logical security, with an open interface to external systems such as human resources.
The third major trend in secure ID card issuance is the development of the ID badge or ID document from a common commodity into a secure entry pass, crucial to the protection of an organization’s property, facility, and staff or in governmental terms, its borders, public assets, and citizens. Today, ID cards require a higher level of sophistication with the integration and encoding of smart chips, tamper evident technologies, and in some cases, biometrics. With ID card systems the issue is no longer merely how fast an ID card printer works or costs, but what technologies exist to protect an organization against security risks.
Today, secure identity has become a crucial factor in maintaining an organization’s security, whether it be government or private sector, not only in terms of physical access but in ensuring intellectual capital, information, networks, and other assets are protected without hindering an enterprise’s productivity. Wi-Fi networks, malicious codes, GPS tracking, industrial enterprise, and terrorist threats are factors re-shaping the way business is conducted. And the question is: How does a business confirm the identity of every individual who interacts with it? The same threats to security affect all areas of public and working life, and all rely on some level of security, including government agency ID cards, college and university ID cards, hospital and healthcare ID cards, leisure establishment membership ID cards, and casinos and sports stadium loyalty ID cards. Although there are now a host of systems that allow authorized personnel to gain electronic access to premises, unwanted visitors can often beat the system by using any number of public or private channels to enter buildings and systems. There remains a need to keep one step ahead of fraudsters, criminals, and terrorists.
Identifying the Critical Issues to Secure Safety
To achieve business security, several critical issues should be explored to identify the most suitable and safe technology and system for any individual business. It is important to realize that secure technology as an industry has grown rapidly. There are numerous solutions available and although this rapid innovation increases security, the time and costs involved in choosing the most effective solution can make planning decisions much tougher, resulting in an implementation time lag that leaves organizations and governments insecure and unprotected. Today’s environment requires more than just a visual ID card. An effective point-of-verification requires a failsafe digital solution driven by a central image database. An integrated solution is crucial for security staff to operate effectively. As ID card applications addressing several security issues converge there are measurable gains in efficiency, time, and cost, no matter the application. There is also the concept of ‘smart card stovepipes’ such as EMV payments, GSM mobile, and ICAO travel documents, all of which have relevant standards and centrally-held databases, but for staff government ID smart cards, particularly in government departments outside the US, there is still a lack of standards.
The US homeland security directive for standards in ID cards, which followed the 9/11 attacks, demonstrated the speed at which governments can move when provoked. Within the directive are potential benefits for applying personal identity verification (PIV) standards to other areas and applications that require high security, such as public servant ID cards for access to a variety of government services: social and family affairs, collection of benefits, travel and staff access not compromised by privacy issues.
Exploring the Citizen-Centric Option
ID cards can also be used for citizen-centric purposes. Developments in drivers’ license security have resulted in enhanced ID cards with more robust features including smart chips. This development is widely anticipated for the EU once agreements have been reached on standards for smart drivers’ licenses, planned for issuance by 2009. There are also public/private initiatives underway around the world, which bring together private and public sectors, including police forces, to establish quality control for law enforcement ID card identity management.
Discussions, particularly in the UK are surrounding public and private sector convergence, consumer protection, identity theft, international best practice, and legislative barriers. The main themes include consumer benefits and public-private partnerships. Meanwhile, in local government, there is a drive to collaborate on citizen ID card connections, including the role of smart cards and the joining up of applications for school ID cards, public transport, healthcare, libraries, leisure, and local authority payment schemes.
Conclusion
Developing an integrated, secure ID card solution is an absolute necessity. Photo ID cards with smart chips, biometrics, radio frequency, and other technologies, combined with a centralized database provide a range of benefits in security and productivity that no ID card or secure document issuer can afford to ignore. The ID card industry expects to see an increase in the number of technologies that work together on a single ID card or document to produce a highly secure product. These would include features such as secure digital ID camera photographs and ghost images, microprint and UV as well as overt and covert technologies, including biometrics. As the technology becomes more complex to ensure issuers’ authenticity, making it more difficult to falsify documents and ID cards, issuers will implement multiple technologies to ensure ID cardholder authenticity. This is already being played out in government circles and will extend to the corporate sector as well as other markets, such as transport and healthcare.
As ID cards become more sophisticated, people will need a higher level of training to learn how to guarantee their legitimacy. This will ensure that the ID credentials in question are sound, and items such as birth certificates, secure documents, passports, and benefit cards have been verified as legitimate. The strategic approach is to stay close to customers and governments around the world and align their security interests while keeping in line with international identification security standards.
Email Advantidge today at [email protected] or call 800-965-5932 to improve security at your facility with a personalized ID card system that can make secure ID cards that meet international standards. We provide excellent customer service!
