• No results found

Passport, Identity Management and Access Control (PRIMA)

Application areas requiring identification, verification and authentication are expanding from persons to processes and infrastructures, including hardware and components, and addressing additional objectives for verification and au- thentication, moving from static environments to flexible and mobile ones. To respond to these trends, the PasspoRt, Identity Management and Access Control Action (PRIMA) has expanded the scope of its predecessor BORSEC embracing activities on electronic identification both in the context of border security and in access control. The main interest remains in cross-border and European-wide challenges related to secure electronic identity manage- ment.

Besides identification related technologies, such as biometrics, Public Key Infra- structures (PKI) or identification based on the use of hardware tokens (mainly smartcards), its goals include improving the underlying processes which play an important role to ensure overall interoperability in EU wide applications for citizens’ security.

The Action addresses upcoming needs, chances and challenges for necessary assessments, foster related methodologies, initiating required standards and criteria as a harmonised European security reference.

Major 2009 achievements

Conformance Testing of EU electronic passports

Following the successful interoperability and cross-over 2008 tests campaign, PRIMA completed in 2009 conformity testing of EU electronic passports. Standard implementations in electronic testing must be complemented by standard procedures in testing readers and inspection systems in order to ensure full interoperability. For this purpose, PRIMA started a joint project with the European Telecommunications Standards Institute (ETSI) which aims at developing a standard procedure to test conformity of readers and inspection systems, which will ultimately be used at borders to read and check electronic passports.

A new method to measure

electromagnetic disturbance in electronic passports

The electronic passport, which has been in force in the EU since 2006, contains an electronic component which consists of a contactless smartcard (also called a “proximity card”). Information on the contactless smartcard is read by authorised readers by using a contactless protocol. PRIMA has been performing conformity and interoperability tests on electronic passports for a number of years. One of the tests which is performed on the chip measures the electromagnetic distur- bance (EMD) emitted by the contactless smartcard. The EMD is an unwanted form of load modulation that degenerates the communication between the card and the reading device. An ISO standard specifies a limit for the EMD level that a proximity integrated circuit card is allowed to emit during a time period before it transmits. In 2009 scientists in PRIMA proposed a new method to measure the EMD level based on the use of a high resolution data acquisition system and dedicated analysis software. The method proposed by PRIMA proved to be better performing than a previous method based on a spectrum analyzer and therefore will be included in the normative EMD test method and the C programming code given as example in an informative annex.

Contact Antonia Rana Tel: +39 0332 785478 e-mail: [email protected] website: http://ipsc.jrc.ec.europa.eu/ showaction.php?id=25

P R I M A

Biometry-Based Access to Critical Infrastructures.

Electronic passport on a reference antenna.

Preventing spoofing of biometrics recognition

In an effort to increase border security, biometric identifiers have been intro- duced in various border control applications or systems (e.g. the electronic passports). The expected added value of biometrics is the increased prevention of counterfeiting and unique identification of individuals. However, it has been already observed for a long time that biometric identification devices (as used today) can be spoofed. Information on spoofing fingerprints and other modalities is available on the internet, ranging from general discussions to very detailed guidelines. In an exploratory research project, PRIMA evaluated such “public” information against several biometric sensors and for several modalities. Results show that, while efforts in the direction of developing sophisticated anti-spoofing technologies are still needed, particular attention must be paid also to the enrol- ment process which is the most delicate step of the workflow in which potential attackers would have access to the biometric system.

MOBIDIG: requirements and challenges for mobile identification

PRIMA organised two workshops to prepare the set up of a European Working Group on mobile identification addressing identification and verification of in- dividuals as well as authentication of documents in mobile environments. As a result, terms of reference and a future roadmap have been agreed.

Challenges for 2010 and beyond

The Action has been very active for a few years in the conformity and interoper- ability testing of electronic passports playing a prominent role in the organisa- tion and execution of interoperability test events with relevant players in the field and acting as an independent source of technical and scientific expertise in the field. Work in this area will be consolidated with the accreditation of the testing laboratory and with the extension of the conformity testing to other types of machine readable travel documents (such as visas and third country residence permits) and associated reading equipment. Machine readable travel documents are also becoming an important element in making border crossing more convenient and fast as well as secure, for “trusted traveller”, promising to replace trusted travellers schemes based on pre-registration and proprietary cards. Usability and security studies, as well as studies on the quality and security of biometrics applied to these automated border control systems will be the Action’s next challenges on studying the security of electronic passports.

As the electronic passport and electronic ID cards become more widespread, the possibility to realise cross-border “e-applications” will become more and more natural. Electronic identity management in EU-wide cross-border applications for European citizens will still require secure and trusted technical solutions for interoperable services. To respond to these trends, the Action will contribute to the technical assessment of security, trust and privacy of future applications in electronic identification applicable in static and mobile environments.

Electronic passport protocol test reference reader.

GLOSSARY

EMD Electromagnetic disturbance ETSI European Telecommunications Standards Institute

32

Communication and Radar Sensors