Regional sites:
Specialized sites:
Thanks to International Civil Aviation Organization (ICAO) standards and the
recent introduction of ePassports, border security is currently one of the
driving applications in secure eDocuments. The ICAO sets the standards for
electronic travel applications that have already been incorporated into both
ePassports and eID cards. For operating software development, these standards
have resulted in remarkable functional and security requirements.
Harmonisation of identity documents is currently underway, for instance, in the Schengen zone, where national eID cards now serve as travel documents. Sweden has already established a benchmark in Europe by combining contactless ICAO-compliant travel applications with contact-based functionality in a national eID card. The contact interface offers access to governmental and private electronic services, while the contactless interface houses the ICAO-standardised electronic travel application.
As a result, contact and contactless national eID cards are being deployed widely in Europe, whether hybrid (two microprocessors and two interfaces for applications) or dual (one microprocessor with two interfaces). In both cases, it is the operating software that manages the data processing, transfers and communication. Such dual interface operating software must be designed using state-of-art technology and secured in order to meet the complex requirements of multi-application use.
The ICAO standardises machine-readable passports worldwide. In this capacity, it sets the standard for biometric passports, which contain biometrics to authenticate the identity of travellers. Biometrics have already been included in a number of national eID cards that also function as ePassports, especially those using the Match-on-Card functionality. The impact of biometrics is wide-reaching, by both securing authentication and enabling greater citizen convenience.
In ePassports, the operating software will securely filter access to the biometric fingerprint data to authorised organisations only, thanks to the Extended Access Control (EAC) privacy mechanism. This mechanism reinforces the security of an anti-skimming mechanism called Basic Access Control (BAC).
In Match-on-Card mechanisms incorporated into national eID cards, the operating software obtains a fingerprint from a reader and compares it to data stored securely inside the eDocument. The stored fingerprint data is never communicated, protecting the individual’s privacy. Secure storage of the fingerprint and optimised matching mechanisms are handled by the operating software.
Operating software is the cornerstone of any secure eDocument programme. Government authorities, when contemplating embedding electronic components in their secure documents, should consider the long-term perspective in addition to any short-term needs. Issued documents remain in the field for periods that can exceed 10 years and the success of politically-sensitive identity programmes is based on the smooth continuity and security of the secure document’s issuance and usage.
Choosing the right operating software is the first and most important step when building a secure eDocument project. Other considerations, including the selection of the microprocessor platform, should be the second step.
Any choice of operating software and supplier must therefore meet both immediate and long-term needs. Governments should look to operating software partners with extensive, field-tested expertise. They should also favor partners who can offer multi-sourcing of microprocessor to avoid any risk of shortage, which could seriously impact the national and international image of a government.
In summary, an ePassport, ID card, driving license or health card should contain carefully selected operating software. The choice of software will greatly influence the short-term success and long-term viability of any secure eDocument programme.
Coesys
eBorder Gate
Providing effective border control helping citizens
to travel freely.
