2-th May 2005Porvoo Group workshop 71 Seafarers Identity A Legislative & Interoperable Challenge on a Global Scale Porvoo 7 Reykjavik 26th May 2005 Alan

2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 11

Seafarers Identity Seafarers Identity A Legislative & A Legislative & Interoperable Interoperable

Challenge on a Global Challenge on a Global ScaleScale

Porvoo 7Porvoo 7Reykjavik 26th May 2005Reykjavik 26th May 2005

Alan Husselbee ISSAAlan Husselbee ISSAWith special thanks to Cleopatra Doumbia-Henry & Dr John With special thanks to Cleopatra Doumbia-Henry & Dr John

CampbellCampbell


Biometric Barcode Identity Biometric Barcode Identity SpecimenSpecimen

ILO Geneva May 2005ILO Geneva May 2005

SPECIMENSPECIMEN

SPECIMENSPECIMEN

SAMPLESAMPLE

SAMPLESAMPLE


ColombieColombie HondurasHonduras

KosovoKosovo LibanLiban

MauritanieMauritanie

NigeriaNigeria

PhilippinesPhilippines

Over 100 Over 100 Million Million

barcode barcode ID CardsID Cards


Information Systems Information Systems Security AssociationSecurity AssociationFor the Information Systems Security For the Information Systems Security

professionalprofessional

Over 13 000 members worldwideOver 13 000 members worldwide

95 Chapters in more than 22 countries95 Chapters in more than 22 countries

Supports CISSP certification (ISC)²Supports CISSP certification (ISC)²

& ISO 17799 (in Europe)& ISO 17799 (in Europe)


Saga of the International Saga of the International Labour Organisation & the Labour Organisation & the Seafer Identity DocumentSeafer Identity Document

Specialised Agency of Specialised Agency of the United Nationsthe United Nations

Created in 1919Created in 1919 Tripartite structure Tripartite structure

with representativeswith representatives– GovernmentsGovernments– Employers Employers – Workers Workers

176 member states176 member states GenevaGeneva 185 labour 185 labour

conventionsconventions


Seafarers IdentitySeafarers Identity

The need for a new Seafarers IDThe need for a new Seafarers ID ChronologyChronology Seafarers Identity Document System Seafarers Identity Document System

– LegislationLegislation– InteroperabilityInteroperability

ILO Biometrics Testing CampaignILO Biometrics Testing Campaign Outstanding ChallengesOutstanding Challenges Lessons LearnedLessons Learned


The new Seafarers IDThe new Seafarers ID

Existing seafarer IDs are paper based Existing seafarer IDs are paper based documents and lack strong security against documents and lack strong security against fraudulent use and copyingfraudulent use and copying

The new Seafarer ID is a professional identity The new Seafarer ID is a professional identity document not a travel documentdocument not a travel document– Right to shore leave for the bearerRight to shore leave for the bearer– Right to transit, transfer & repatriation without a Right to transit, transfer & repatriation without a

visavisa ILO Member States gain:- ILO Member States gain:-

– Increased security strongly linking ID to bearerIncreased security strongly linking ID to bearer– Improved Port Security Improved Port Security

Member states of the ILO Member states of the ILO – ratify the ILO convention 185ratify the ILO convention 185– Issue the Seafarer Identity Document to Issue the Seafarer Identity Document to

nationals/residentsnationals/residents


Global ScaleGlobal Scale

Over 2.3 million seafarers cards to be Over 2.3 million seafarers cards to be issued by the individual member statesissued by the individual member states

6 nations supply > 50% seafarers6 nations supply > 50% seafarers Over 64 member states changing Over 64 member states changing

national legislationnational legislation Over 64 Issuing Authorities Over 64 Issuing Authorities Numerous Verification pointsNumerous Verification points

– 2867 Maritime Ports (133 countries)2867 Maritime Ports (133 countries)– International Airports International Airports

Over 50 regional or national projectsOver 50 regional or national projects


Major Players on Major Players on LegislationLegislation

International Labour organisationInternational Labour organisation

International Maritime International Maritime OrganisationOrganisation


International Maritime International Maritime OrganisationOrganisation

Specialised Agency of the United Nations Specialised Agency of the United Nations 1959 First meeting1959 First meeting 1960 International Convention for the 1960 International Convention for the

Safety of Life at Sea (SOLAS) Safety of Life at Sea (SOLAS) Seafarer Standards on Training, Seafarer Standards on Training,

Certification & Watchkeeping STCWCertification & Watchkeeping STCW 2002 IMO ammendment to SOLAS 2002 IMO ammendment to SOLAS

Security Of Life At Sea (Security Of Life At Sea (International Ship International Ship and Port Facility Security Code)and Port Facility Security Code) ISPS code ISPS code

164 member states164 member states


ChronologyChronology The Seafarers are amongst the oldest of regulated professionsThe Seafarers are amongst the oldest of regulated professions

– France loi de Colbert 1681 (pensions, training, health)France loi de Colbert 1681 (pensions, training, health)– 1958 ILO convention 108 seafarers identity1958 ILO convention 108 seafarers identity

After September 11th 2001 concern over security of ports and After September 11th 2001 concern over security of ports and shippingshipping

March 2002 Revision of ILO Convention 108 (Seafarers March 2002 Revision of ILO Convention 108 (Seafarers Identity) on agenda by request of the IMOIdentity) on agenda by request of the IMO

June 2003 Seafarers Identity Document Convention (revised) June 2003 Seafarers Identity Document Convention (revised) 2003 (N°185) 2003 (N°185)

9th February 2005 Convention 185 entered into force with a 9th February 2005 Convention 185 entered into force with a transition arrangement for 63 countries (signatories to transition arrangement for 63 countries (signatories to convention 108 ) to issue new SIDsconvention 108 ) to issue new SIDs

France, Jordan, Nigeria, Hungary have ratified convention 185France, Jordan, Nigeria, Hungary have ratified convention 185 15th April 2005 Decision of the Council of Europe15th April 2005 Decision of the Council of Europe Korea, Philippines, Nigeria ready to roll outKorea, Philippines, Nigeria ready to roll out


Decision factorsDecision factors

Major concerns Major concerns – Nations with seafarers: export business, minimising Nations with seafarers: export business, minimising

cost & facility of implementationcost & facility of implementation– all nations : security of portsall nations : security of ports

national legislation on use of biometric national legislation on use of biometric datadata

– Seafarers unions: seafarer protection & privacySeafarers unions: seafarer protection & privacy– Shipowners: facilitating crew transits but at zero Shipowners: facilitating crew transits but at zero

costcost Choice should take into accountChoice should take into account

– Reliable, cost effective biometric with 1 to many Reliable, cost effective biometric with 1 to many searches (fingerprint selected)searches (fingerprint selected)

– Storage medium visible and unchangeableStorage medium visible and unchangeable Barcode and not IC chip selectedBarcode and not IC chip selected

– Application of international standardsApplication of international standards


ILO Convention 185ILO Convention 185 18 articles, 9 of which are substantive18 articles, 9 of which are substantive 3 annexes containing:3 annexes containing:

– Model for SIDModel for SID– Electronic databaseElectronic database– Minimum manadatory requirements & guidelines for Minimum manadatory requirements & guidelines for

issuance of SIDsissuance of SIDs Facilitated amendment procedureFacilitated amendment procedure Legal obligations for the states are:Legal obligations for the states are:

– Use of standards Use of standards – Monitoring for compliance Monitoring for compliance – Conformance to the SID specificationConformance to the SID specification– Replies to queries on suspect IDs at any timeReplies to queries on suspect IDs at any time


ILO Convention 185ILO Convention 185

Comparative analysis with Comparative analysis with February 2005 EC proposal for February 2005 EC proposal for

the VIS system (Visa system) has the VIS system (Visa system) has been carried outbeen carried out


ILO Convention 185ILO Convention 185 SID biometric SID biometric

– Fingerprint templateFingerprint template– Digital PhotographDigital Photograph– Description of specific physical characteristics Description of specific physical characteristics – signaturesignature

SID informationSID information– Full Name, sex, date of birth, place of birth, nationalityFull Name, sex, date of birth, place of birth, nationality – Issuing authority, name of authorised issuing officer, contact details, Issuing authority, name of authorised issuing officer, contact details,

date & place of issue & expiry datedate & place of issue & expiry date– Unique document number, document typeUnique document number, document type– Special mention « This document is a seafarers’…… »Special mention « This document is a seafarers’…… »

SID appearanceSID appearance– Cards or books all information visible Cards or books all information visible – ICAO 9303 layoutICAO 9303 layout


ILO Convention 185ILO Convention 185 SID storageSID storage

– ICAO 9303 compliant MRZ Machine Readable ZoneICAO 9303 compliant MRZ Machine Readable Zone– Barcode -we’re not aloneBarcode -we’re not alone

SID SecuritySID Security– Official seal or stamp of issuing authorityOfficial seal or stamp of issuing authority– Special inks, watermarks, holograms, micro-printing etcSpecial inks, watermarks, holograms, micro-printing etc

SID National Database 24h/24 7 days/weekSID National Database 24h/24 7 days/week– Unique document numberUnique document number– Issuing authority nameIssuing authority name– Full Name of SeafarerFull Name of Seafarer– Date of expiry/suspension/withdrawalDate of expiry/suspension/withdrawal– Biometric templateBiometric template– Digital photographDigital photograph– Details of all enquiries made against this IDDetails of all enquiries made against this ID


ILO Convention 185ILO Convention 185

The monitoring of the SID and the The monitoring of the SID and the issuing and verification systemsissuing and verification systems– Independent evaluationIndependent evaluation

Compliance with convention 185Compliance with convention 185 Quality control proceduresQuality control procedures Security proceduresSecurity procedures

– Physical documentPhysical document– IT systemsIT systems– PersonnelPersonnel– Physical accessPhysical access

– At least every 5 yearsAt least every 5 years– Audit report available to all membersAudit report available to all members– White list of compliant member statesWhite list of compliant member states– Right of appeal if struck offRight of appeal if struck off


Major Players on Major Players on InteroperabilityInteroperability

ISOISO

ICAOICAO


International Organization for Standardisation (ISO)

Worldwide federation of national standards bodies from 146 countries, one from each country, e.g.,- BSI – British Standards Institute

ISO was established in 1947 (www.iso.ch) Mission– to promote the development of standardization and related activities in the world with a view to facilitating the international exchange of goods and services, and to developing cooperation in the spheres of intellectual, scientific, technological and economic activity

2.937 technical bodies– 188 technical committees (TCs)– 550 subcommittees ( SCs)– 2.175 working groups (WGs)

ISO's work results in international agreements which are published as International Standards (IS)– 13.736 standards and standards-type documents– 889 published in 2002


ChronologyChronology ILO has special liaison with ISOILO has special liaison with ISO 29th September 2003 ILO meeting on standards to 29th September 2003 ILO meeting on standards to

use ICAO with ISO representatives from SC31 use ICAO with ISO representatives from SC31 (barcodes) SC17 cards & I.Ds SC37 biometrics(barcodes) SC17 cards & I.Ds SC37 biometrics– Fingerprint minutie and not pattern was selectedFingerprint minutie and not pattern was selected– 2 D barcode chosen2 D barcode chosen

ILO actions from the meetingILO actions from the meeting– Produce technical specificationProduce technical specification– Produce functional specification for issuance and Produce functional specification for issuance and

verification systemsverification systems– Accreditation of a laboratory for system Accreditation of a laboratory for system

componentscomponents


ChronologyChronology March 2004 SID0002 technical documentMarch 2004 SID0002 technical document June 2004 Request for participation over 18 June 2004 Request for participation over 18

vendors but standards compliance & timeline vendors but standards compliance & timeline eliminated manyeliminated many

August 2004 Initial interoperability August 2004 Initial interoperability October 2004 Live Test October 2004 Live Test January 2005 Lab Test using data from the live test January 2005 Lab Test using data from the live test February 2005 3 suppliers certified interoperable February 2005 3 suppliers certified interoperable

with each otherwith each other May 2005 Live demonstrations in Geneva of card May 2005 Live demonstrations in Geneva of card

issuing with verification and interoperabilityissuing with verification and interoperability June 2005 ILO to ratify testing laboratory June 2005 ILO to ratify testing laboratory


Standards Standards SpecificationSpecification

Technical SpecificationTechnical Specification– 2D Barcode selected because of cost2D Barcode selected because of cost

ISO 15415 & 15438 PDF 417 2D ISO 15415 & 15438 PDF 417 2D

– BiometricsBiometrics ISO 19793 template specificationISO 19793 template specification ISO 19794-5 Facial capture and image storage ISO 19794-5 Facial capture and image storage ISO 19784 BioAPI Biometric Interchange RecordISO 19784 BioAPI Biometric Interchange Record ISO 19785 Common Biometric Exchange FormatsISO 19785 Common Biometric Exchange Formats All draft standards status october 2003All draft standards status october 2003

– ISO 19794-2 finger minutiaeISO 19794-2 finger minutiae– ISO 19794-4 image capture parametersISO 19794-4 image capture parameters

– SID physical layoutSID physical layout ICAO document 9303ICAO document 9303 ISO/IEC 7810:2003ISO/IEC 7810:2003


ILO Biometric Testing ILO Biometric Testing CampaignCampaign

Biometric testing is same for barcode or Biometric testing is same for barcode or IC chipIC chip

Minutiae extraction, matching Algorithm Minutiae extraction, matching Algorithm and sensor pair with seafarer user and sensor pair with seafarer user populationpopulation

ConformanceConformance– Can biometric system read and write Can biometric system read and write

Biometric Interchange Records compliant Biometric Interchange Records compliant with ISO 19784 & ISO 19794-2with ISO 19784 & ISO 19794-2

PerformancePerformance– False match must be <1% FARFalse match must be <1% FAR– False non match must be < 1%FRRFalse non match must be < 1%FRR



MethodologyMethodology– Enrolment is 3 attempts per fingerEnrolment is 3 attempts per finger– Verification is one from 3 attempts per finger Verification is one from 3 attempts per finger

using two fingersusing two fingers Basic interoperability testingBasic interoperability testing

– Seafarer enrols two fingers on system ASeafarer enrols two fingers on system A– Can either or both be verified on system BCan either or both be verified on system B

Performance based interoperability Performance based interoperability testingtesting– Enroll system A and verify system AEnroll system A and verify system A– Enroll system A and verify system B Enroll system A and verify system B



Phase 1 LaboratoryPhase 1 Laboratory– 10 vendors tested for conformity with SID0002 10 vendors tested for conformity with SID0002

(ISO19794-2)(ISO19794-2) Phase 2 Crystal Harmony -Phase 2 Crystal Harmony -

– 126 seafarers 7 vendors accepted126 seafarers 7 vendors accepted– FAR & FRR + interoperabilityFAR & FRR + interoperability– Only 2 products reached performance criteria of < 1% Only 2 products reached performance criteria of < 1%

FRR & < 1% FARFRR & < 1% FAR– Both products were interoperableBoth products were interoperable

Phase 3: 2nd chancePhase 3: 2nd chance– Images from live testImages from live test– Modification to algorithmsModification to algorithms– A 3rd supplier reached performance levelA 3rd supplier reached performance level


2004 On Board Test:2004 On Board Test: Dual-Finger Dual-Finger FRR at 1% FAR*FRR at 1% FAR*

A C D E F G

A 0.0% 3.6% 19.8% 52.0% 1.6% 40.6%

Enrol Product

C 0.0% 1.7% 40.2% 5.5% 59.4% 3.0%

D 9.4% 40.4% 21.1% 49.7% 22.2% 37.0%

E 1.9% 6.3% 72.7% 4.9% 1.8% 3.6%

F 0.0% 4.9% 65.0% 41.9% 0.0% 27.3%

G 4.3% 46.6% 66.6% 6.3% 17.0% 1.6%

Verify Product


Fingerprints are the flow-like features (ridges & valleys)Fingerprints are the flow-like features (ridges & valleys) found on human fingers found on human fingersMinutiae Points Minutiae Points Local ridge features that appear as either ridge endings Local ridge features that appear as either ridge endings or ridge bifurcationsor ridge bifurcationsThe minutiae are encoded by location, angle type and The minutiae are encoded by location, angle type and qualityquality


Minutia TypeMinutia Type

Ridge endingRidge ending

Ridge bifurcationRidge bifurcation

OtherOther


Minutia LocationMinutia Location

Placement Placement is defined is defined carefully carefully for for compatibilcompatibility with ity with ANSI/NIST ANSI/NIST standardstandard

Ridge Endings Bifurcation


Quality minutiaeQuality minutiae


Bad quality minutiaeBad quality minutiae


Interoperability IssuesInteroperability Issues

Three types of minutiae in standard are Three types of minutiae in standard are not encoded uniformly by suppliersnot encoded uniformly by suppliers– Ridge endingRidge ending– Ridge bifurcationRidge bifurcation– OtherOther

Minutiae angles can be computed in Minutiae angles can be computed in different ways and quantized or notdifferent ways and quantized or not

Method of truncation to limit minutiae to Method of truncation to limit minutiae to 52 (for the barcode format)is interpreted 52 (for the barcode format)is interpreted differently by nearly all vendorsdifferently by nearly all vendors


Outstanding Outstanding challengeschallenges

Concern with quality of barcode printing and barcode Concern with quality of barcode printing and barcode readersreaders

Security of the ID needs to be enhancedSecurity of the ID needs to be enhanced Lack of a suitable Standard for issuing of Ids and Lack of a suitable Standard for issuing of Ids and

Identity management process Identity management process Guidelines for monitoring for compliance Guidelines for monitoring for compliance Virtual Project Management Office for > 50 projectsVirtual Project Management Office for > 50 projects Increasing the number of convention ratificationsIncreasing the number of convention ratifications National issues on use of biometricsNational issues on use of biometrics Security issues on infratstructureSecurity issues on infratstructure FinancingFinancing Roll-out for Korea, Phillipines, NigeriaRoll-out for Korea, Phillipines, Nigeria


Further ChallengesFurther Challenges

ISO 24713-3 Biometric application ISO 24713-3 Biometric application profile for the ILO seafarers ID for profile for the ILO seafarers ID for 20072007

Seafarers certificates, pension plan, Seafarers certificates, pension plan, healthhealth

Certification of auditors (ISO17799 )Certification of auditors (ISO17799 ) Certification of Compliant systemsCertification of Compliant systems


Lessons learnedLessons learned

SID is a globally interoperable biometric SID is a globally interoperable biometric based identity document for seafarers based identity document for seafarers

It exists because there is a real need backed It exists because there is a real need backed up by legislationup by legislation

Use of Standards is necessary to provide a Use of Standards is necessary to provide a basis for ensuring a globally interoperable ID basis for ensuring a globally interoperable ID systemsystem

Conformance to standards does not, on its Conformance to standards does not, on its own, guarantee interoperabilityown, guarantee interoperability

Laboratory testing of standard compliant Laboratory testing of standard compliant products reduces the riskproducts reduces the risk


Lessons learnedLessons learned Leadership is all importantLeadership is all important Consensus means getting all parties Consensus means getting all parties

to the table & legislating effectivelyto the table & legislating effectively Lack of biometric knowledge is not a Lack of biometric knowledge is not a

barrierbarrier Ongoing monitoring for compliance Ongoing monitoring for compliance

keeps everybody vigilantkeeps everybody vigilant


Thank You ReykjavikThank You Reykjavik

Convention 185 availableConvention 185 available Summary laboratory report availableSummary laboratory report available

Questions?Questions?

Alan HusselbeeAlan Husselbee [email protected]@paris.com

Documents

2-th May 2005Porvoo Group workshop 71 Seafarers Identity A Legislative & Interoperable Challenge on a Global Scale Porvoo 7 Reykjavik 26th May 2005 Alan