From cloud-based passport to virtual identity: reshaping the passenger experience


​​​Future of travel

The digitization of traditional paper-based processes is the new black. Electronic Visa Authorization systems, cloud-based passports, secure credentials on mobile phones, virtual identities and biometrics can simplify international travel as they eliminate the need to carry a physical passport or obtain paper-based visas. They speed up border crossing and streamline the traveler experience.

The good news for travelers is that the digital transformation is already taking place. However security, privacy and global governance are key concerns.

In this article, we'll detail the latest initiatives and trends shaping the future travel experience.

Let's dig in.

Australia, a pioneer in travel-related innovation

We are sometimes guilty of limiting our Australian references to anecdotes of kangaroos and surfing on Pacific waves. However, this country and continent is very much a pioneer when it comes to borders.

With border management, the aim is deceptively simple: to make travelers' lives easier without reducing – and even possibly increasing – the level of checks they are subjected to. The concept of the Electronic Travel Authority System (ETAS) – used to gain pre-travel authorization – was invented for the Sydney Olympic Games way back in 2000! The system has proved a great success in the ever-changing environment of post-9/11 arrangements, creating a "pseudo-visa" for visa-exempt travelers.

The Americans and then Canadians have since followed suit; and it's now the turn of Europe with its ETIAS (European Travel Information and Authorization System) project for non-EU countries.

Why ETIAS?

Given the relationships of trust between Europe and its partners, a huge number of countries – more than 60! – are exempt from visa requirements.

The absence of visas does, however, create a certain degree of risk, given the need of Member States to anticipate potential threats and associated malevolent acts.

The Australians found the right solution many years ago with their famous ETAS, designed to speed up arrivals during the 2000 Olympic Games. Inexpensive (just a few dollars) and relatively easy to implement, the system has become an important weapon in the post-9/11 arsenal! The Americans (Electronic System for Travel Authorization – ESTA) and Canadians (Electronic Travel Authorization – eTA) have recently followed the example of the Australians. ETIAS is a particularly effective measure applying to all modes of transport and not just air travel which is already burdened by a plethora of preventive measures (API, PNR, SIS, VIS, etc.). 

ETIAS : how does it work?

ETIAS is the European response to the American ESTA. No time-consuming consular formalities, but a simple online form for entry of passport data and payment of a tax costing a few euros for a period of three years.

The system is ambitious as it will require centralizing the approval of 28 – soon to be 27 – Member States. Requests are processed automatically by national databases and then by the EU in order to identify the reasons for any refusals. In the absence of a positive response ("hit"), authorization is issued in a very short space of time. If refused, the competent authorities conduct a manual assessment.

The procedure will allow all carriers crossing international borders – planes, boats, trains and coaches – to check whether third country nationals hold the valid authorization required.

It is the processing procedure that makes an ETIAS different from a regular visa.

 ETIAS requests are automated and centralized, whereas visas are granted on a case-by-case basis by the authorities of the Member States.

What benefits does this type of system offer?

ETIAS is one component in a battery of infrastructure (EES or Entry/Exit System in particular) that will be deployed by the EU by 2020 to prevent potential threats long before borders are crossed.

The aim is to accelerate, facilitate, strengthen and modernize control procedures by offering better protection against document and identity fraud. By granting authorization prior to travel, the number of entry refusals is considerably reduced.

The system offers numerous advantages in terms of border management: detection of malevolent acts and preventing irregular migration, but above all reducing waiting times by identifying people likely to present a risk before they arrive. The idea is therefore to prevent the presence of threats within EU borders and to deal simply with the problem before it even exists.

Etias

Creating paperless borders between New Zealand and Australia

The virtual passport is part of the Australian philosophy of facilitating checks and controls while also raising the bar! The concept was introduced in 2015. The credentials and biometrics of nationals who visit their New Zealand cousins are stored in the cloud.

Under this arrangement, the border becomes paperless and flights are considered to be "domestic". International airports will become a thing of the past! Passports disappear and with them the risk of loss or theft! Travelers are authenticated through facial recognition, this being the least invasive technology for camera-run checks.

Once the system was up and running, the Australians expanded it to "frequent travelers" for "contactless" checks and controls on departure and arrival of international flights.

A pioneer of the "Smart Gate" concept more than 10 years ago, Australia is making great strides towards virtual identity with the aim of automating formalities for 90% of the country's 50 million visitors by 2020, without the need for human intervention or even scanning of passports.

It has allocated a budget of AUS$90 million over five years for its "Seamless Traveler" program using identification data stored in the clouds!

The passport-less project is part of a technological revolution in which the fundamental functions of life are being increasingly replaced with new, virtual counterparts: identity, currency, signatures, transactions, etc.

The process appears to be unavoidable but will require a change in attitudes.

It's true that Australia benefits from important features – an 'island' location, relatively few visitors, and most of them accessing the country by air – to justify these technological leaps. Nowhere else in the world is in quite the same situation but recent smartphone-based programs are targeting the same objective.

DDL Advanced In-Field Verification

Smartphones as identity media

The Australian concept of virtual identity is not as revolutionary as it might first appear, given the general trend towards digital transformation.

While the cloud may represent the culmination of this process, the smartphone is often a prerequisite for it and key for the future of travel. A technological marvel being enhanced with new apps every day, your phone incorporates the two vital components of border checks and controls – identity and biometrics – and therefore embodies eGate in a nutshell.

The favored target of malevolent acts, airports are also taking the lead when it comes to innovation. For example, Dubai now offers the "Smart UAE Wallet", allowing residents and nationals to use their smartphones as passports. Introduced in collaboration with the Emirates airline, the system will be gradually expanded. The "Wallet" also allows storage of multiple government documents for administrative procedures.

Despite their mistrust of electronic devices – because the devices could contain explosives – the Americans have also launched their own flagship project. Developed by the company Airside in collaboration with the ACI (Airports Council International), a mobile app can send API data to border guards, thus avoiding the need to queue.

Mobile phones redefine identification

Increasingly connected through their smartphones, modern globetrotters have trouble dealing with the harsh realities of the physical world. Carrying proof of identity, risking losing it or getting it stolen seems laughable for those used to managing transactions worth millions over the Internet.

Electronic chips offer excellent capabilities and businesses are working hard on identity programs and mobile apps: for example, border crossings, driving licenses (as mobile driver's license in certain American states), access checks for industrial sites or university exams, and fraud prevention. Users either produce their identity stored on the chip – and that can be enough – or they identify themselves through iris, facial or fingerprint biometrics.

Telephones combined with biometrics therefore offer a robust and low-cost solution.

The Old World is generally reticent to make this leap, mainly because of privacy legislation and concerns about biometrics. However, mobile data can be signed using state certificates, like passports and identity cards, while offering a much better level of security.

There is every likelihood that developing areas – Africa, Asia, UAE – will become mobile pioneers in this area. ​

Standardization supports the trend

The International Civil Aviation Organization (ICAO) has already seen the potential of electronic identity and introduced its LDS2 (Logical Data Structure 2) specifications; the aim is to store paperless visas and travel data in new-generation chips. In 2016, the ICAO New Technologies Working Group created a "Digital Data" entity to work on standards. The authorities responsible for data protection supervise these programs, in compliance with EU directive 2016/679 on General Data Protection Regulation (GDPR).  

For a deeper view on the GDPR and biometric data please visit our web dossier: Biometric data and privacy: what the law says.  

Secure credentials in the cloud

Modern passports incorporate chips with biometric data to authenticate the holder. The smartphone represents a significant, but not revolutionary, technological leap.

Digital transformation to the cloud is a logical outcome since the events of 9/11. Travelers will no longer carry their identity in their luggage; however, the cloud will require a centralized data register.

And there's the rub, given the extreme reticence of legislators regarding mass storage of data.

And yet the cloud would solve the majority of problems related to identity theft and document counterfeiting. Once access to the cloud is locked, border guards can download API data through simple biometric authentication of a passenger.

Governments are aware of this; however, data storage – regardless of the level of cloud security – still represents a challenge in terms of "modus operandi".

Virtual Identity for travel: the Single Token concept of IATA 

Airline companies and airports are aware of the challenges around virtual identity. Several significant experiments have been conducted from Aruba to Dubai – SITA with its Smart Path concept, and Gemalto and IER using the "Fly to Gate" procedure.

Biometrics act as the common point of reference for different checks at the airport: check-in, baggage drop, security check, border control, boarding, etc. Our traveler smiles at the camera as soon as they arrive and all doors magically open: they no longer require a passport or boarding card and are simply recognized!

IATA, the trade association of airline companies, is now proposing to reuse this virtual identity for all travel.

Introduced by IATA at its World Passenger Symposium in 2016 and taken up by SITA, the airport infrastructure giant, the Single Token concept is consistent with the Australian philosophy of virtual identity: facial biometrics enrollment at the baggage drop and production of a token for all interactions with the airport (security, border control, boarding, etc.).

The logical next step is the temptation of a Mobile Token stored on a smartphone which can be reused anywhere in the world, for example, to access airport lounges and, why not, pay for duty-free purchases. This procedure does, however, have a weakness: enrollment by an airport operator rather than a state authority, is not as strong as a government issued ID.​

Blockchain and identity 

Blockchain and identity

The need for increased security following recent attacks in Europe and the United States, combined with a constant rise in airport passenger traffic, will require faster and simpler passenger control procedures.

Recent estimates from the World Economic Forum suggest that transnational travel will increase by 50% over the next 10 years, bringing the number of arrivals to 1.8 billion by 2030.

According to experts, the economic equation between increasing passenger numbers and security measures that would not compromise, and possibly even improve passenger experience, is likely to become unsolvable if major changes are not introduced.

Improvement of passenger experience and optimization of passenger flows would require increased sharing of passenger-related information:

  • passports,
  • biometric data,
  • plane tickets,
  • visas and previous travel records,

and if possible doing so ahead of time to allow use of early checking and control procedures.

Today, this information is held by a variety of public and private stakeholders (airports, airline companies, border police, etc.), and its exchange requires collaboration between both governments and a number of institutions.

The benefits of virtual identity

A blockchain-based data sharing system could be an interesting approach to this issue.

Blockchain technology would remove the need for a centralized database, with each node able to store information and confirm its integrity from a transnational perspective.

Two types of model are possible:

  • In the first model, data would be recorded directly in the blockchain. The information could then be accessed at any state or border crossing control point. This model could be completed by a mobile application through which the user could give their consent to data sharing.
  • In the second model, more like the concept of self-sovereign identity, the passenger's personal data would be stored in a personal device, such as their mobile phone. The blockchain would then only store the certificates and proof of validity of such information.
     

These technologies present real opportunities but also require prior collaboration by the different stakeholders involved. Definition of standards and an appropriate governance model for this type of ecosystem are some of the outstanding key challenges.

Another issue is the choice of business model likely to attract and convince the various stakeholders to join the system. Indeed, this type of model can only succeed if it unites a large number of stakeholders from within the ecosystem.

To go even further

Virtual identity is a real challenge for governments, and businesses such as Gemalto are here to help them through this digital transition, at the same time ensuring continuity of existing systems and the durability of processes used to verify and allocate identity and enroll users in specific programs.

This digital transformation can only be achieved in a totally safe and secure way using a range of biometric equipment from enrollment to authentication. Gemalto already offers such devices and deploys them for numerous clients around the world.

If you would like to discuss these issues further, please do not hesitate to contact us.

More resource on the traveler experience