Written by By Detlef Houdeau, Infineon Technologies and member of the Silicon Trust
The EU Commission runs a number of large-scale identity management programs surrounding the traveler, including: Schengen Visa, uniform person and biometric data settings, Visa-Information-System (VIS), Schengen-Information- System (SIS) and the uniform asylum validation process (EURODAC), however the focus of these schemes is on travelers who spend up to a maximum of 90 days in Europe. Therefore, the Commission plans to implement a new initiative, which concentrates on more long-term travelers, who stay in a European country between three months to five years. With this approach, the EU Commission is able to unify travel identity management with non-EU nations.
EU policy and biometric documents
On 20th June 2003, the European Council met in Thessaloniki to discuss issues concerning European integration. During this meeting they declared a coherent approach across all EU members, relating to biometric identifiers and biometric data for all EU citizen passports, non- EU/European Economic Area (EEA) nationals and for a back office information system [1].
Just over a year later, in the Council Regulation (EC) No 2252/2004 (13th December 2004) a roadmap outlining the security features and biometrics for passports and travel documents, was issued by the EU Member States (EU-MS). Since June 2006, all 27 EU-MS have switched to this new technology and have only issued passports with an embedded security microcontroller, contactless RF interface (ISO/IEC 14443) and at least one biometric feature – the facial image of the holder. Currently, both Latvia and Germany also store two fingerprint images in the chip. The deadline for the implementation of two fingerprint images in passports, by all EU-MS was 28th June 2009. The data is protected by the BAC/EAC security protocols, which were defined by ICAO and BIG.
Technology and Residence Permit for non-EU/EEA Nationals
On 7th March 2008, the Council of the European Union published regulations concerning Residence Permits for third country nationals (EU 13502/2/07) [2]. The following key objectives were addressed in the regulation:
• Harmonized immigration policy;
• Uniform format within the EU;
• Meet high technical standards, to safeguard against counterfeiting and falsification.
With the decision to select the technical standard for travel documents according to ICAO document 9303, part 3 on size 1 and 2 (ID1 and ID2 format), a binding link between the holder and the Residence Permit is achievable. This approach supports the authenticity of the document and the identity of the holder.
Two biometric sets of data from the holder are collected, the face image and two fingerprint images (according to ISO/IEC 19794) and then stored on the Residence Permit card, which is protected by EAC security protocol. The Residence Permit has the ICAO ‘chip inside’ symbol printed on the card and for machine-readable travel documents with a contactless security microcontroller chip (e-MRTP, RF-chip) – The front and back layout of the card is also defined by the EU [2].
Additional functions on the card, such as eGovernment and digital signature that enable access to eServices, should also be facilitated and governed by the EU Member States. For this type of application, the Residence Permit card may also require a contact-based interface (ISO/IEC 7816) in addition to the contactless interface (ISO/IEC 14443).
Implementation
The first European rollout was started by the UK on 25th November 2008. Each year, around 300,000 people apply to study in the UK (The London School of Economics alone takes 66% of its students from overseas [3]).
The UK Border Agency (UKBA) issues smart card-based Residence Permits in an ID1- format. The ‘Identity Card for Foreign Nationals’ includes two sets of biometric data (face and two finger images) and is the UK’s first mandatory electronic ID document. UK immigration and police officers now have the possibility to quickly identify people easily and securely. On street checking is also possible in the future, with the new generation of mobile contactless card readers with integrated MRZ (Machine-Readable Zone) scanners now available.
Outlook
The second European eResidence implementation will start shortly. The focus for the new scheme will be on people who visit Europefor over three months from countries outsideof Europe: non-EU Visa-Waiver-Program members – for example an Indian student studying in France for two years or a Chinese citizen working in the UK.
This second wave increases the demand in the security industry for certified security microcontroller chips, secure smart cards, readers and supporting infrastructure on top of the biometric ePassport business. It also highlights the continuing advancement of contactless identification technology within the public sector. More details on this new program, the technology, roadmap of the European Council and on the challenge for the security industry in Europe, will be reviewed in one of the upcoming issues of The VAULT magazine.
Source
[1] http://ue.eu.int/ueDocs/cms_Data/docs/pressdata/en/ec/76279.pdf
[2] http://register.consilium.europa.eu/pdf/en/07/st13/st13502-re02.en07.pdf
[3] http://news.bbc.co.uk/2/hi/uk_news/education/7747784.stm