By Detlef Houdeau, Infineon Technologies.
Back in 1979 the International Civil Aviation Organisation, called ICAO, published the standard on Machine-Readable Passport (MRP). Passport booklets with this function need a Machine Readable Zone (MRZ) based on the typeface Optical Character Recognition (OCR-B). The phase out of all non-MRP was set for CY 2015. By springtime2006 ICAO has collected the first standard on electronic MRP, also named eMRP. Both “world standards” of travel documents have significant impacts on border control securityand processes. This article give an overview on both aspects, the border process and the travel documents round the globe, starting with the application view.
Border control security without any electronic equipment
With the movement of persons into other territories since the late 19th century, passport and visas are used to allow foreignersto enter, remain within, or to leave another territory. The first travel document captured handwritten text, a seal and stamps of government authorities. The border control process along such travel documents was a completely manual workflow. Border police or other public or private authorities inspected the travel documents at the sea, air or land border and verify the face photo in the travel document with the face of the traveler.
Over many years, some of the weak aspects of this manual workflow were published. For example, the travel document isoriginal and valid, but the traveler is not the same as the data inthe travel document (it is reported that Malaysia airline flight370 had two illegal travelers in the aircraft). Border police haveoverseen some minor differences between photo and the travelerface, where the travel documents showed some manipulation.
The only binding aspect between the travel document and the traveler is the face photo. This means many document frauds are based upon a manipulated face photo. To avoid such fraud, travel documents capture, as well as the face photo, a second hologram image of the photo, typically in smaller size. However, human behavior also plays a role; Border police can store typically upto 10 face photos of “wanted persons” in their mind. Computerscan verify the traveler face photo with many thousand photos in central databases in a very short time. Two examples of such databases are Schengen Information Systeme (SIS) in Europe and Visitor and Immigration Status Indication Technology (VISIT) in the US, with hundreds of millions of traveler data sets. To avoid this weaker aspect of border control security, ICAO has collectedand published the MRP-standard, as reflected in the next section.
Border control security with electronic document verification
With the roll out of MRPs, border police can use MRZ-inspection systems at the three borderlines – land (green), sea (blue) and air – in a 2-way inspection approach:
- The inspection system will read and verify the MRZ-line in the holder page with an optical scanner.
- The MRZ information represents all the data printed in thedata page of the booklet. The first symbol of the MRZ-line define the country that issued the travel document. The inspection system uses this information to verify all optical security elements of the data page against a reference data set, stored in the inspection system in a library, which are based on optical security level 1 (visible) and level 2 (visible with simple technology, like UV-lamp).
With this approach, the inspection system can verify existing travel documents from all 189 member-states of ICAO in different document generations. The document library in the inspection terminal requires, from time to time, an update of the data because some states change the optical feature set of travel documents – typically every 10 years or more.
This new technology has increased border control securitysignificantly. However, some fraudulent travel documents look very similar to the original. The verification of the face photo inthe travel document with the holder must be done manually by the border police. To avoid such weakness, ICAO has collected the international standard on biometric verification of the traveler against the travel document, as addressed in the next chapter. Today, more than 50% of the ICAO member states use MRZ-Inspection systems and many airlines use swipe readers in keyboards computer for the check-in process. In addition, many banks needs the MRZ inspection system to register a new bank customer with 3rd country nationality.
Border control security with electronic document and biometric holder verification, offline
With the standard ICAO 9303 part 3 and the related electronic travel documents (eMRP), border police have the possibility to usethe 3-way verification approach:
- Verify MRZ and the validity of the travel document
- Verify the face photo in the booklet against the face of the traveler, manually
- Verify the electronic stored face photo against a camera photo of the traveler with a computer
- Verify the face photo on the data page with the electronic stored data, manually
The face photo as an image data set is stored in Data Group 2 (DG2) of the chip. Typically, JPEG or JPEG2000 compressed photos of the faces are stored. This could reduce the data set of 12 kbytes and with this, the reading time of the inspection system.The ICAO standard refers to the quality of the digital photo in ISO/IEC 19794-5.
If the procedure with the verification of the electronic stored photo and the camera photo of the traveler fails, some states have stored two fingerprint images (DG3), a second biometric dataset, for a second line verification process. In Europe, this policy is defined with the directive EC/2252/2004 and since 2009,travel documents must be issued in all EU member states with both biometric data sets. In addition, some states in Asia, such asSingapore and Thailand, store two fingerprint data in the eMRP.
The data set in the ICAO-standard for fingerprint biometrics defines the ISO/IEC 19794-2. On the point of data transmission quality, some government authorities have published their own requirements, like the FBI in the US with EFTS/F and theBSI in Germany with TR 03104. One fingerprint image needs approximately 16kbyte of data.
As well as the face photo image and two fingerprint images, ICAO has also defined an iris image, but this is not in use today along border control systems. The first tender on border control system based on iris have been publish in March 2019, for example, in Colombia. With the increase of passenger numbers(in air-traffic), some countries and the related airport ground handlers have fostered the development of Automatic Border Control (ABC) systems to speed up the security border control process. The next section describes the principle of ABC-systems also called ‘e-gates’.
Automated border control systems (e-gates), offline
After the first wave of eMRP’s roll out in 2006, it took two years for the first installation of e-gates to be implemented at airports, which use the electronic travel documents along with the ICAO standard.Some years earlier, some states spent effort on e-gates based on the Registered Traveler Programs (RTP). Such examples of these gates are CLEAR in the US, ABG in Germany, PEGASE in France, SAPHIRE in The Netherlands and iPass in Japan. Today more than 50 member states of ICAO have e-gates in use, mainly at airports, using the ICAO standard and the related travel documents. More than 90% of such e-gates are using face recognition technology. Between 2014 and 2018 the EU Commission spent some effort on pilot tests of ABC-systems along seaports and land border control systems, with two public funding projects FASTPASS andABC4EU. Overall, ABC-systems can speed up the secure border process and can deliver the same high quality for the inspection process over many hours and perhaps more importantly, the human factor, as fatigue appearance can be avoided.
Automated border control systems online
The ICAO-standard has specified not only electronic travel documents collected with biometric data, but also many infrastructure aspects and so called ‘background checks’ are described. Some examples of this are;
- PKI/CSCA: member states of ICAO, which issue eMRP, must create an individual document identifier, created in a PKI trust center from a Country Signer Certification Authority(CSCA).
- CSCA-master list: this can be used to verify if travel documents from another country are valid or not.
- PKD: a worldwide central database can be used to identify lost or stolen eMRPs.
- “No-Fly-list”: PNR- and CSCA-data can be used to identify no-fly passengers.
- “Wanted-list”: different databases can be used to find “wanted persons”, for example SIS and API in Europe or VISIT andPNR in the US.
In any case, additional background checks need an online connection to a central database and consume more time at the e-gates than offline systems.
Travel document, trends on optical and electronic security
Back in the summer of 2003, ICAO NTWG started the standardization of electronic MRPs. Some 16 years later, a broad range of ID documents use this standard beside passport booklets (ID-3), such as;
- National ID-card with travel function; ID-1
- Residence Permit with travel function; ID-1
- Seafarer ID-Card with travel function; ID-1
- Frequent traveler card with travel function; ID-1
This section mirrors all relevant ID-documents, new standards, possible synergies and technical trends.
eMRP, 1st Generation
Based on the US Patriot Act from Oct. 2001 and the EU Thessaloniki declaration from Jun. 2003, ICAO NTWG started the work on the standardization of eMRP; on data groups, on access security, on mutual authentication and on biometric data. The world-standard for the 1st generation was publishes springtime 2005 and addresses four biometric data sets, with face (mandatory), fingerprints, iris and handwritten signature, and three security settings, with Passive Authentication (PA),Basic Access Control (BAC) and BAC/AA. AA stands Active Authentication. The deadline for issuing for 26 US Visa WaiverCountries was defined by Oct. 2006. The EU regulation 2242/2005 fixed the deadline for 27 Member States 2 months earlier in August2006. The worldwide frontrunner was Belgium, with the issuing started by Nov. 2004.
eMRP, 2nd Generation
To reduce document fraud a 2nd generation of eMRPs were created from the Brussels Interoperability Group (BIG) by 2007, which captured an additional key, called EAC-key, to get access to the two-fingerprint data in the chip. The Brussels Interoperability Group (BIG) was an ad-hoc expert group under the article-6- committee of the EU Commission. The deadline roll out of all 27 Member States was set for Jun. 2009. Today, few states outside of Europe use this security architecture in their travel documents.
eMRP, 3rd Generation
To reduce the risk of eavesdropping travel documents, ICAO NTWG created and published an additional standard in 2012. SAC replaced the access security protocol BAC, now named PACE. The deadline for the EU Member States was fixed in Dec. 2014. TodayPACE is mainly used in Europe.
eMRP, 4th Generation
During the first wave of issuing passports in 2006, ID-3 Polycarbonate (PC) holder-pages were only used in a few countries, like Finland, Sweden and The Netherlands. Since 2018 more than 55 countries around the globe are now issuing passports with a PC-holder-page. This evolution can be define as 4th generation eMRP to avoid document manipulation and fraud.
Today worldwide, more than 130 states issue eMRPs; the mainstream today is the 1st generation of eMRP. The annualcumulated volume is close to 150 million pieces. ICAO has definedthe phase out for non-eMRP by the end of 2022.
LDS2.0, a new standard
With that view in mind, (the ICAO 9303 standard digitally addresses mainly the printed data of the holder-page (or cover- page) and biometric data),in 2014 ICAO NTWG started a new work item on digitalizing the “rest” of the booklet, meaning visas and stamps. As well as the previous Logical Data Structure LDS1.7, a second container is standardized, named LDS2.0. The standard has been published at the end of CY 2018. The integration into Doc 9303 is pending.
National ID-card with travel function
More and more countries put the ICAO-data set, including electronic security, biometric information and contactless interface into National eID-Cards. The first country to do so wasSweden in 2005. One of the largest programs running today is in Turkey with more than 10 million issued documents per year. Last year the EU Commission published a new directive COM(2018)212 on the minimum security of Member states ID-cards and refers to the ICAO-standard. The implementation deadline is defined forMay 2021.
Residence Permit Cards with travel function
More than 50 states issue Residence Permit cards in ID-1 format for 3rd country nationals. These documents typically also use the ICAO-standard for data, security and biometrics.
Seafarer Card with travel function
ILO publish in 2012 at a technical recommendation for a secure seafarer card, and refer in this recommendation to the ICAO 9303 standard. One of the frontrunners is Myanmar.
It is expected, that in a few years, the cumulated annually issued quantity of ID-1 documents, which need the ICAO standard, would be higher than the traditional ID-3 booklets.
Frequent traveler card based on the ICAO standard
Back in 2009, China tested, and later implemented, along the border control process to Hong Kong and Macao, a frequent traveler card, as a replacement for a booklet with a short time valid visa. The administration effort for the application can be reduced and the speed at the borderline can be increased significantly. Along both borders approximately 700.000 travelers cross the borderline every 24 hours.
Synergy amongst various ID-documents
Using the ICAO standard in different ID-documents can create some synergies in;
- Document production, such as personalizing
- Infrastructure, such as PKI/Trust Center
- Forensic lab, e.g. for verification of level 3 optical security elements
For the police on the street, a family concept on the optical design between the holder-page in booklets and ID-cards could be helpful.
Similar to banknotes, the transparent window technology has moved to ID-documents, such as ID-3 booklets and ID-1 cards. In addition to banknotes, inside the transparent window an additional individual hologram can be placed. This hologram could be the face image of the document holder.
Another optical security topic would be a color photo in PC-ID1- Cards, which can ́t be created using traditional laser engravingequipment.
Some security companies have created samples with 3-D face photo, collected on the PC card or holder-page.
All such research programs address additional optical security, toreduce fraud of official travel documents.
Outlook
The worldwide number of travelers is increasing dramatically, mainly in the area of air-traffic. IATA forecasts that passenger numbers will grow from 4.1 billion in CY 2017 to 7.8 billion in 2036. New standards for travel documents, such as the change from MRP to eMRP, and new technologies, as seen with the change from manual processes to ABC-systems, increases both border security as well as speed for the border process itself. In combination with other smart border processes, such as Electronic System for Traveler Authorization (ESTA) for online registration trust is increased for all stakeholders, such as travelers, transport organizations, border police and government.
If the border process doesn ́t need visa and/or entry- or exit-stamps, the ID-card with the ICAO data and functions will take over the role of the travel document. As well as trust this will bring additional convenience to the traveler.
New standards, such as LDS2.0 and passport datasets stored in HW-security in Smart Phones have the potential to create new workflow processes and further increase border security and speed once again. The standard LDS2.0 has already seen over 95% of data collected. So, it is safe to say that the technology change from SIM-card to eSIM will remain a priority for the immediate future.