eID Credentials 2014.pdf

http://www.globalsmart.com

http://www.gi-de.com/

1w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S

Contents

Advertisers

ID Reviews

Stealing our miracles? Disruptive innovation and personal identityBy Ralph Adam, Freelance Editor, Communications & IT

The case for strong initial authenticationBy John Zurawski, Vice President, Authentify

Plotting a course for secure identity credentialsBy Anthony Ball, Senior Vice President with HID Global

Get set for biometrics in everyday lifeBy Isabelle Moeller, Chief Executive, Biometrics Institute reports

Beating the biometric fraudsters By Alastair Partington and Mark Crego of Accenture

Intelligence and efficiency through on-demand media analysis using face recognitionBy Carl Gohringer, Allevate Ltd.

Combating financial services fraud with voice biometric identity verificationBy Melinda Ziemer, Marketing manager, VoiceVault

Virtually insecureBy Greg Sarrail, Vice President, Solutions Business, Lumidigm

A photo is worth more than a thousand wordsBy Magnus Löfgren, CEO, Speed Identity

ABC gates – All problems solved? By Roberto Wolfer and Michael Weisbach, Cross Match Technologies GmbH

Certifying securityBy Georg Hasse, Senior Product Manager, Electronic Identities, Public Sector and Michael Schlueter,Head of Software Development, Electronic Identities, Public Sector, secunet Security Networks AG

Are immigration security priorities just competing, or conflicting?By Andrew Gilbert, Business Development Director, Ingenia Technology

Innovation drives hologram ID document protectionBy Ian Lancaster, General Secretary, International Hologram Manufacturers Association (IHMA)

Enabling secure use of mobile devices at the enterprise levelBy Dr Raoul-Thomas Herborg and Patrik Lindeberg, CEO, Virtual Solutions and Patrik Lindeberg,COO, Precise Biometrics

Secure mobile credentialing & identification The evolution of Privilege Entitlement & Access Controlsystems toward a single user profile for multiple services across multiple devicesBy Jay Meier, Vice President, Corporate Development, BIO-key

Secure mobile transactions – Fact or fiction?By Guillaume Forget, VP Sales EMEA, Cryptomathic

Database

Contents1

2

4

16

19

22

26

30

33

37

40

44

47

50

54

57

61

64

68

72

I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m2

Advertisers

CreditsCARTES

CONNECT: ID

CROSS MATCH

GIESECKE & DEVRIENT

ID CREDENTIALS

NAGRA ID

NFC & CONTACTLESS

RUHLAMAT GMBH

SDW 2014

SPS

EDITOR

SUB EDITOR

PUBLISHER

PRODUCTION MANAGER

PRINTED & BOUND

DISTRIBUTION

Wendy Atkins

Liz Harrison

Tim Courtney

Jo O’Connor

Henry Ling Ltd.

globalsmart.com

Mobile Technology International

I D C R E D E N T I A L S

134 Lots Road, Chelsea, London SW10 ORJ, UK

Tel: +44 (0)20 7385 8811Email: [email protected]: www.globalsmart.com

While every care has been taken to ensure that thedata in this publication is accurate, the publishercannot accept, and hereby disclaims, any liability toany party to loss or damage caused by errors oromission. All rights reserved. No part of thepublication may be reproduced, stored in anyretrieval system or transmitted in any form electronic,mechanical, photocopying, recording or otherwisewithout prior permission of the publisher.

Image sources: WikipediaistockphotosshutterstockIssue year 2014

73

BC

3

IFC

25

23

67

15

IBC

53

mailto:[email protected]


http://www.crossmatch.com/


ID forecasts

SMART CARD AND IC SHIPMENTS GROW

In 2012, 7.95 billion smart cards and 7.99 billion ICs wereshipped, representing a year-on-year increase of 9.4% and12%, respectively, according to ABI Research’s Smart Card &Secure ICs Research Service. The research firm says IC revenueshit a new high, with NFC RF and secure elements providing amore established proportion of IC revenues, which totalledU$2.69bn in 2012.

The top four smart card vendors remain unchanged withGemalto, Oberthur, G&D, and Morpho maintaining theirleading market share positions, based on units. Of thesevendors, Oberthur was the only one to maintain its overallpercentage share of the market with the others declining slightly. The biggest vendor movement was within thegovernment ID vertical.

ABI Research says Morpho was the highest climber in thegovernment ID market, gaining an extra 3% share compared to2011. Oberthur dipped slightly and dropped one position,while Gemalto lost a little of its share but still maintained itsnumber one position. G&D also posted slightly lower shipmentsthan 2011.

8.6BN SMART CARDS TO BE SHIPPED IN 2013

Smart card shipments are expected to hit 8.6 billion this year,according to ABI Research.

Of total shipments, 16% are forecasted to use a contactlessinterface, rising to 30% in 2018. The research firm saysGovernment ID will continue strong double-digit growth incontactless adoption. Other sectors to see similar strong growthare transportation and ticketing, and payment cards.

Over the next three years ABI says it expects to see a shift in thepenetration ratio of pure contactless and dual interfaceshipments. In 2013, it forecasts 59% of all contactlessdeployments will use a pure contactless interface, reducing to38% in 2018. The increase in dual interface adoption isapparent across multiple markets. It says that IC vendors NXP,Infineon, and STMicroelectronics are positioned to offer the best combination of convenience and high-end security over multipleapplications. Additionally, the increase in dual interfaceadoption will deliver greater margins benefiting IC and smartcard vendors alike.

SMART CARD SHIPMENTS FORECAST TO HIT1.15BN IN LATAM

ABI Research has forecast in its ‘Smart Cards in Latin America’report that total smart card shipments within the Latin Americaregion will increase from 752 million in 2013 to 1.15 billion in 2018.

According to the research firm, Latin America’s smart cardmarket is rising from the ranks of an emerging region to onewhere large-scale deployments are now being seen. This isparticularly true within the government ID and payment cardsmarket. The government ID market is being driven by high-endnational ID card deployments and continual migration to ePassports.

Brazil and Mexico are the two stand-out countries in terms ofshipment volumes driven by SIM deployments; Brazil’s dualinterface national ID card, alongside EMV and ePassportmigration in both Brazil and Mexico. Brazil’s smart cardadoption is being driven by its hosting of the 2014 FIFA Worldcup and 2016 Olympic Games.

Reviews


Reviews

COMMERCIAL BIOMETRICS ON THE RISE

Increasing awareness of biometrics across industries will spurthe global commercial biometrics market, according to newanalysis from Frost & Sullivan. While historically the adoption ofbiometrics has been concentrated in the government sector,recent years have witnessed considerable demand forapplications such as ATMs, retail points of sale, and finance.

Iris and face recognition algorithms have undergone substantialadvancements and are gaining prominence, while fingerprinttechnologies remain the most popular, says Frost.

The research group says that the commercial biometrics marketearned revenues of $1.48 billion in 2012 and estimates this toreach $6.15 billion in 2019. In addition to fingerprint, facialand iris biometrics, the study covers hand geometry, voice, andsignature technologies.

"Better end-user recognition of the unique capabilities ofbiometric technologies, including enhanced security as well asphysical and logical access control in applications, has helpedvendors win a number of projects and contracts," said Frost &Sullivan Senior Research Analyst Ram Ravi.

"Focus on building robust, error-free and efficient solutions willcreate added revenue-generating opportunities for biometricvendors."

Although improvements in technology augur well for themarket, any large-scale biometric project in enterprises takes along to implement and cover every employee. The high costand extended duration of deploying biometrics can restrictinstallation rates.

Moreover, the lack of knowledge among customers, fear overloss of privacy, and uncertainty over the reliability and securityof stored data also dampen adoption of biometrics. Withawareness at an early stage, solution providers, systemintegrators, and value-added resellers are the accepted channelfor distribution and therefore, their decisions will decide futureuptake levels.

"Business strategies with customised ROI models and reducedopportunity costs are expected to help biometrics sustainmomentum in emerging markets," said Ravi. "Regulatorymandates and procedures in compliance with medicalstandards are necessary to favour biometrics market expansion."

IPHONE FINGERPRINT SENSOR CONFIRMED BYAPPLE

Apple’s latest iPhone - the iPhone 5s – has been launched andhouses a fingerprint sensor within the home button. It's secondphone offering the iPhone 5c - a colourful lower cost alternative- does not have a fingerprint sensor.

The technology - which Apple calls TouchID - begins with alaser-cut sapphire crystal on the surface of the home button.According to Apple, this directs the image of a person's fingerto a capacitive touch sensor, which, as AuthenTec alwayspointed out before it was bought by Apple, reads beneath theouter layers of your skin to get a detailed print.

Surrounding the button is a stainless steel ring that detects thefinger, wakes the sensor, and improves the signal-to-noise ratio.Touch ID is reportedly capable of 360-degree readabilitymeaning that no matter what its orientation — portrait,landscape, or anything in between — the iPhone will becapable of reading a fingerprint. The Touch ID softwareinterface will let a phone owner enrol multiple fingerprints -including the people they trust, such as family members.In a bid to appease privacy concerns the encrypted fingerprintdata will never leave the confines of the phone.

EXPERTS INVESTIGATE RELIABILITY OF EID

Experts from Bundesdruckerei, Infineon and the FraunhoferInstitute for Reliability and Microintegration IZM have teamedup to examine the requirements for eID documents to providereliable functionality.

The project – known as the Secure and long-life eIDapplications for human-technology cooperation (SeManTik) –has been established for the partners to investigate reliable andnew integration technologies as well as realistic models to testand predict the life span of identity documents.

As the partners point out: “Identity and travel documents arevalid for a long period of time and must often withstand harshconditions of daily usage. Therefore they have to be extremelyrobust and at the same time secure and reliable.”

“Our goal is to develop multifunctional technologies for identitydocuments that will work without failure over a long period of


Reviews

time. In order to test the reliability of these technologies underrealistic conditions we need new standardised testingprocedures and simulation models which are investigated withinthe scope of the research project,” says Joachim Kloeser ofBundesdruckerei and overall head of the research project.

“SeManTiK provides us with new approaches to the qualitativeevaluation and selection of existing, long-life electronic highsecurity documents. We are now taking a major step towardreaching our common goal of being able to predict therequired durability of these documents reliably in the laboratory.In doing so, we extend our competitive edge in Germany,” saysPeter Stampka, initiator and project manager of SeManTiK atInfineon Technologies.

The project is being supported by the German Federal Ministryfor Education and Research (BMBF). As an associated partner,the Bundeskriminalamt (German Federal Criminal Police Office)is contributing its expertise in forensic and methodical analysis.Bayer Material Science is contributing its expertise in supportingmaterials to the project.

SECURE IDENTITY ALLIANCE MAKES SWIFTPROGRESS

Secure eDocuments companies 3M, Gemalto, Morpho (Safran)and Oberthur Technologies announced the formation of theSecure Identity Alliance earlier in 2013 and have now alsowelcomed HID Global, ABnote and Trüb to its ranks.

The new group aims to develop the use of government-issuedeDocuments – in particular, identity, health, driving licences and ePassports – for increased security, and to encouragedeployment of secure, convenient, online services to strengthenend user privacy.

The Secure Identity Alliance’s major objectives are to acceleratethe transition to smart eDocuments and enable an open,interoperable and efficient rollout of trusted eGovernmentonline services by:

• Describing and promoting use cases of convenient value-added eGovernment services;

• Sharing experiences and best practices between industry and governments modernising their services, in particularensuring the privacy of end - users’ personal information;

• Promoting standardisation of relevant and appropriate industry specifications;

• Making recommendations on the most up-to-date ways ofaddressing government identity and privacy challenges, including eDocument hardware, software and secureprinting technologies, materials and physical securityexpertise, to deliver the level of confidence and assuranceneeded for the rapid adoption of eServices that can betrusted by citizens;

• Providing consistent and transparent reference informationon security, identity and privacy challenges.

The Secure Identity Alliance says it is positioning itself as atrusted partner for governmental agencies and public entitiesdefining their eDocument approach and implementingassociated eGovernment services. Alliance members will beinvolved in focused workgroups with the aim of establishinginteroperable systems, and defining and promoting bestpractices that can be adopted across the world.

Frédéric Trojani, chairman of the Board of the Secure IdentityAlliance, said: “I am delighted to welcome HID Global, ABnoteand Trüb to the Secure Identity Alliance. With eGovernmentinitiatives on the rise, electronic identification has become a realcatalyst for the rapid adoption of online services. Convenience,privacy protection and security are the three pillars of trust inmodern, efficient electronic government services. The need foran independent forum able to address common areas ofinterest for all public and private stakeholders is clear to buildtoday’s generation of online services.”

Mobile ID healthcare

MOBILE IDENTITY SYSTEM CREATED FORHEALTHCARE

Orange, through its healthcare services subsidiary Almerys, andMorpho say they have jointly created the world’s first mobileidentity management system for the healthcare sector.

According to the companies, the solution represents asignificant breakthrough for healthcare data mobility, enablingsecure access to patient data anytime, anywhere and on anydevice.


ReviewsThis healthcare data mobility solution enables doctors tosecurely access patient files via a tablet or mobile device. Thesystem uses strong SIM authentication to establish a linkbetween the device’s SIM card and the doctor’s uniqueidentification number via the identity management platform.Once the SIM card is registered, an applet is directly loadedonto the mobile device or tablet that contains the SIM card. Thedoctor can then access patient files via a secure web site byentering his or her phone number. A pop-up messagerequesting the doctor’s unique identification number thenappears to complete the authentication process.

Morpho is providing the solution’s identity managementplatform, which is based on Morpho Trusted Identity Services.Orange provides the solution’s SIM-based authenticationfunctionality and is leading the integration of the entire solution.Orange is also operating the service by monitoring it througha highly secured platform and network.

Passports and Access control

ZETES AWARDED GAMBIA EPASSPORT CONTRACT

Zetes has been awarded a 15-year contract to implementePassports for the Gambia. It is estimated that 40,000 passportswill be produced each year as part of the subcontractingcontract, in which the primary contractor is Africard. Implementation has commenced and the first passports are expected to bedelivered in December 2013.

The Build, Operate and Transfer (BOT) project covers biometricenrolment and document personalisation. It also includes thedelivery and installation of 10 permanent enrolment posts, to beplaced at various locations including embassy buildings.Additionally, Zetes will deliver an automated identity control post(eGate) at the airport border.

As part of the project implementation, Zetes employees arebased in the capital, Banjul, to complete AFIS duplicate removalservices, centralise data, create a passport register andpersonalise secure documents.

G&D WINS IRAQ PASSPORT CONTRACT

Giesecke & Devrient (G&D) has been contracted by theRepublic of Iraq to produce and deliver the new Iraqi passports.These passports will be machine-readable and meet therequirements laid down by the International Civil AviationOrganisation (ICAO) for international travel.

The first batch of identification documents will be handed overto the Republic of Iraq’s Ministry of the Interior before the end

of this year. The order also includes the delivery of printers andprinter accessories to personalise the passports. Security measures incorporated into the printing mean that theIraqi passports are highly resistant to forgery. The documentsare printed in an offset and intaglio printing process and comewith security features such as G&D’s Printed and EmbossedAnti-Copy Key (PEAK).

AFGHANISTAN PREPARES FOR EPASSPORTS

The International Organization for Migration (IOM) hasformally handed over a Central Passport Office complete withAfghanistan’s first-ever machine-readable passport and visa-issuing system to the country’s Ministry of Interior.

Funded by the Australian Department of Immigration andCitizenship (DIAC), IOM’s assistance to the Government ofAfghanistan has included the construction and refurbishment ofthe Ministry of Interior premises, the purchase of the passportand visa-issuing equipment, and the hiring and training of theCentral Passport Office staff across the country.

“Some 1,200 machine-readable ordinary passports and 500machine-readable visas have been printed in this pilot phase,”said General Sayed Naser Hashimi, head of the Passport Officeat the Ministry of Interior. “We hope to be able to print 500passports daily.”

The project will bring Afghanistan in line with internationalstandards in travel document security, making the new Afghantravel document a reliable source of identity, thus facilitatinginternational travel for Afghan citizens.

Prior to the full-scale rollout of ordinary passports at the Ministryof Interior, IOM first established a similar system aimed atprinting diplomatic and service passports exclusively at theMinistry of Foreign Affairs. The office has been fully operationalsince August 2011 and has so far issued 1,500 diplomaticpassports and 25,000 service passports.

OMAN INKS EPASSPORT DEAL WITH GEMALTO

Gemalto is set to provide the Royal Oman Police with an end-to-end ePassport solution for the Sultanate. Applicants will beissued with secure travel documents in line with Oman’s goal toprovide enhanced services and protection to its citizens, usingthe latest digital security technologies.

The solution encompasses Gemalto’s ICAO compliant SealysePassport documents, and a full Coesys solution suite to enrolcitizens, personalise and issue secure documents. The multi-year contract also covers training, support and maintenanceservices.

Major Royal Oman Police offices will be equipped with fixed


Reviewsand mobile stations to register ePassport applicants withpersonal information and biometric data. According toGemalto, each ePassport will feature secure eTravel embeddedsoftware and a contactless microprocessor which will containthe holder’s digital fingerprints and photograph. The solutionwill facilitate Omani travellers immigration control, and speedup the passport application and document issuance process.

Gemalto says it is contributing to more than 80 governmentprograms worldwide, supporting ePassport initiatives in Côted’Ivoire, Denmark, Estonia, France, Korea, Norway, Malta,Morocco, Portugal, Singapore, Sweden and the US.

MEXICO SELECTS OBERTHUR FOR NEW PASSPORT

Oberthur Technologies has been selected by the MexicanMinistry of Foreign Relations (Secretaria de RelacionesExteriories) to supply a high-tech identity solution for Mexico’snew passport.

The company is supporting the Mexican government in theimplementation of a secure passport for all citizens, through acomplete solution for state-of-the-art personalisation,combining a high-level secure component and dedicatedtechnical equipment.

GEMALTO SCOOPS BELGIAN EPASSPORT DEAL

Gemalto is set to supply Belgium with its Sealys ePassport, dueto be introduced in May 2014. Gemalto will provide theBelgian Federal Public Service for Foreign Affairs with more than400,000 ePassports every year and Zetes will serve as thesystem integrator.

Under a five-year contract, Gemalto will supply the BelgianePassport programme with its Sealys range of ePassportbooklets, and its latest ICAO secure embedded software. Zetesis responsible for the personalisation and delivery of theePassports. According to Gemalto the combined expertise ofGemalto and Zetes was proven in a series of rigorous auditsconducted by the Belgian Federal Public Service for ForeignAffairs at both Gemalto and Zetes sites.

THALES AND ORANGE WIN FRENCH PASSPORTCONTRACT

Thales, in partnership with Orange Business Services, has beenawarded a contract to provide through-life support for thebiometric data acquisition system for French passports.

According to Thales, France’s biometric acquisition systemcurrently comprises around 4,000 biometric data acquisition

devices, located at local and regional government offices inmetropolitan France and the country’s overseas departmentsand collection points. These devices are used to capture digitalfingerprints, take photographs and record the personal detailsof applicants for French passports. Through-life support of thesystem must take account the dual imperatives of availabilityand quality of service.

Thales will also develop a modular, scalable biometric dataacquisition solution for ANTS. The new system will be device-agnostic to ensure interoperability with any equipment providedby any supplier, making it possible to deploy the highest-performance biometric, digitisation and security solutionsavailable at any given time without needing to redesign orupgrade the overall data acquisition solution. ANTS and Thalesare also developing a highly intuitive interface for the newsolution to make it quick and easy for users to familiarisethemselves with the local processing application.

INFINEON TO SUPPLY EPASSPORT CHIPS

Infineon Technologies is supplying the security chips for theworld’s first ePassports incorporating the Supplemental AccessControl (SAC) protocol, which enhances protection againstunauthorised access and possible abuse of personal data.

The passports, issued by the Republic of Kosovo, containInfineon security chips of the SLE 78 product family with IntegrityGuard, which Infineon says offers the highest level of datasecurity over the long term and are ideally suited for sovereigndocuments with a long period of validity. Germany-basedGiesecke & Devrient manufactures the ePassport solution forthe Republic of Kosovo.

To fulfil continually increasing security requirements forcontactless access to data stored on the passport, theInternational Civil Aviation Organization (ICAO) nowrecommends use of the SAC protocol. In contrast to the earliergeneration Basic Access Control (BAC) protocol, SAC is basedon asymmetric encryption. Within the EU, SAC will bemandatory for ePassports issued from December 2014. As thefirst European country to comply with the new requirement,Kosovo will issue 800,000 ePassports. According to currentestimates from market research firm IHS, roughly 192 millionePassports are in circulation in Europe. In this region, more than30 million new ePassports are issued each year.

GERMAN EGATE CONTRACT LARGEST IN EUROPE

Germany announced the winners of a major Euro 30 milliontender that will see biometric-based eGates rolled out acrossthe country on a scale yet to be seen in Europe.

Some 90 eGates will be implemented across Germany’s majorairports, including, Frankfurt, Munich, Dusseldorf and


Reviews

Hamburg. The contract is valid for 10years and includes an option for 180more eGates.

The Bundespolizei (Federal Police)awarded the EasyPASS eGate contract toBundesdruckerei and secunet SecurityNetworks. Adding to the “Made inGermany” feel, Cognitec Systems willprovide the face capturing and matchingsolution, while Magnetic AutocontrolGroup is the provider of the physicalgate. Bundesdruckerei will providedocument readers (VISOTEC Expert 600readers) and the document database.These will be integrated into the secuneteasygate solution, which takesadvantage of secunet’s biomiddlemiddleware and software backbone.

When rolled out the ambitious solutionwill be usable by holders of 1st and 2ndgeneration EU/EER/CH ePassports, aswell as German eID card holders.

The new eGates are expected to processtravellers in less than 18 seconds,including a validity check of the holder'sidentity document.

SAN DIEGO AIRPORT OPTS FORIDENTIVE

Identive Group has expanded theimplementation of its HIRSCH accesscontrol system at San Diego InternationalAirport to provide integrated physicalaccess and security for the airport’snewly redesigned Terminal 2, known asthe ‘Green Build.’

Identive’s access control system securesmore than 200 key entry points andrestricted areas at the new terminal,which is used by 10,000 airline andairport employees and contractors.

Identive’s access control system for SanDiego’s Green Build terminal includesDIGI*TRAC controllers as well as RUUand ScrambleSmartProx door readersthat enable a range of authenticationmethods including ID cards, smart cards,PIN codes and biometrics.

Countries ID

ALL SYSTEMS GO FOR FRENCHDRIVING LICENCES

As the EU continues with its plans tointroduce more secure driving licences,French state printer Imprimerie Nationaleis getting set to produce electronicpermits that use Gemalto and Infineontechnology.

Gemalto is delivering its Sealys eDrivinglicence and Coesys Issuance system,while Infineon says it is supplying thesecurity chips. The new polycarbonatesmart card, which replaces thetraditional paper document, contains anembedded SLE78 microprocessor withIntegrity Guard. The microprocessorstores the licence holder’s biometric andother personal data.

Secure authentication of the eDrivinglicence will also help the police toincrease road safety: a major issue inFrance, where up to 10% of drivingpermits in circulation are believed to becounterfeit, according to ‘L’usurpationd’Identité’, Guy de Felcourt, CNRSéditions – July 2011.

By 2033, standardised credit card-sizeddriving licences will be mandatory acrossEurope. They will replace theapproximately 110 different formats and

security levels currently in use, as part ofthe European Commission’s DigitalAgenda, which aims to introduceharmonised, eID documents throughoutthe EU.

MORPHO INKS SWEDISHTRANSPORT DEAL

Morpho has been awarded a contract bythe Swedish Transport Agency(Transportstyrelsen) to produce highlysecure driver licenses and digitaltachograph cards. Sweden beganissuing the new driver licenses in January2013.

Sweden’s redesigned driver licenses anddigital tachograph cards will integrateMorpho’s latest security features tocomply with new European Unionstandards and provide enhancedprotection against document fraud.

Morpho has also equipped Sweden witha criminal identification system, which isbeing upgraded with Morpho’s latestbiometric recognition technology.

SOUTH AFRICA OPTS FORINFINEON

Infineon has confirmed that theelectronic identity card (eID) issued bythe South African government willcontain its embedded security chips.

According to the company, the SLE78microcontroller based on ‘IntegrityGuard’ technology embedded into apolycarbonate smart card securely storesthe citizen’s personal data including adigital photograph and fingerprints.


Reviews

Besides preventing identity fraud andfurther strengthening citizens’ confidencein electronic identification documents,the South African eID also paves the wayfor fast and convenient eGovernmentservices.

The roll out of the new eID card to SouthAfrican citizens, which was launched onMandela Day on 18 July 2013, isexpected to take about eight years.

The eID, which is valid for 10 years,replaces South Africa’s traditional,paper-based ‘green book’ identitydocumentation. Its issuance marks thesecond and final stage of South Africa’sHome Affairs National IdentificationSystem (HANIS) programme tomodernise government systems andadministration services with numerousadvantages for both citizens andgovernment administration. Infineon said citizens can rely on the eIDas a single card for multiple applications:firstly for secure identification andregistration in the National PopulationRegister for voting as well as other civicinteractions such as online governmentservices; secondly it can serve for bankingservices, for example by using fingerprintauthentication to confirm identity whenvisiting a bank.

SOUTH AFRICA OPTS FORDATACARD

Datacard Group announced that theGovernment Printing Works in SouthAfrica will be using the Datacard MXseries card issuance and delivery systemsfor its new smart ID card programme.

The new ID cards replace existing greenbar-coded paper ID books. InitiallySouth Africans will be able to receive a

smart ID card replacement in 27locations throughout the country. Thiswill eventually ramp up to more sites inorder to issue 38 million smart ID cardsover several years.

The smart ID cards offer many moresecurity features than the previous paperdocuments, and will feature a dual-interface chip, as well as fingerprintbiometrics and biographic data –making it difficult for any forgery. SouthAfrican citizens will also receive their newcard in five to 10 days, compared to the47 days it took for the paper documentsto be produced and delivered.

The microchip in the smart ID card willalso enable the card to be used toaccess other government services suchas electronic health records.

MASTERCARD ROLLS OUTNIGERIAN PILOT PROJECT

The Nigerian National Identity Management Commission (NIMC) and MasterCard have announced the rollout of apilot programme involving 13 millionMasterCard-branded National IdentitySmart Cards with electronic paymentcapability. The National Identity SmartCard scheme is part of the recentlydeployed National Identity ManagementSystem (NIMS). This programme is thelargest rollout of a formal electronicpayment solution in the country and thewidest-scale financial inclusion initiativein Africa.

In its first phase, Nigerians aged 16 andolder, and all residents in the country formore than two years, will receive the newmultipurpose identity card which has 13applications including MasterCard’sprepaid payment technology.

Access Bank is the card issuer bank forthe pilot and Unified Payment Services(Unified Payments) is the paymentprocessor. Other issuing banks willinclude United Bank for Africa, UnionBank, Zenith, Skye Bank, Unity Bank,Stanbic and First Bank.

The new National Identity Smart Cardwill incorporate the unique NationalIdentification Numbers (NINs) ofregistered citizens in the country. Theenrolment process involves the recordingof an individual’s demographic andbiometric data that are used toauthenticate the cardholder andeliminate fraud and embezzlement. Theresultant National Identity Database willprovide the platform for several otherNIMC value propositions includingidentity authentication and verification.

Other identification schemes, such asdriving licence, voter registration, healthinsurance, tax, SIM and NationalPension Commission (PENCOM) can allbe integrated, using the NIN, into theNIMS multi-function Card Scheme.When using the card as a prepaidpayment tool, the cardholder can alsodeposit funds on the card, receive socialbenefits, pay for goods and services atMasterCard acceptance locationsglobally, withdraw cash from all ATMsthat accept MasterCard, and carry outother financial transactions that arefacilitated by electronic payments.

Once the National ID registrationprocess is completed, NIMC aims tointroduce more than 100 million cardsto Nigeria’s 167 million citizens.

KOSOVO SELECTS G&D FOR EID

Kosovo has chosen Giesecke & Devrient(G&D) to manufacture and deliver its


Reviewsmultifunctional, electronic and contactless smart ID cards. Asprime contractor, G&D is assuming responsibility for all aspectsof project management as well as for system development andcards manufacture.

Bundesdruckerei is sub-contractor for the Automated FingerprintInspection System (AFIS) and for the smartcard personalisationequipment. G&D is also in charge of implementing andstructuring all system components to support the whole IDdocumentation process, from applying for a card to deliveringit. The new ID cards, which Kosovo will begin issuing by the endof this year (2013), are among the most advanced smart IDcards in use anywhere in the world.

“By introducing these modern ID cards, the Kosovargovernment is achieving yet another milestone in modernisingits national, official ID documents. Kosovo will be first countryin Europe to comply with the EU requirement that all traveldocuments issued from December 2014 feature the newSupplemental Access Control (SAC) digital protocol,” saysBajram Rexhepi, Kosovar Minister of Internal Affairs.

A host of applications are stored on the card’s chip, includinga travel application containing biometric data that conforms toboth ICAO and EU standards, and the well-known eID functionthat is also found on Germany’s ID cards. When dealing withpublic authorities, banks or retailers online, card holders nowhave a secure way of providing proof of identity. What is more,this new form of ID supports the creation of legally bindingelectronic signatures.

The multifunctional ID card can still be used as conventional IDand offers an array of new security features. Personal data andbiometric features such as the ID card holder’s photo andfingerprints are stored securely on the chip in digital form.

IDENTIVE NOTCHES UP EID ORDER

Identive Group received an order for more than 300,000SCR3310v2 smart card readers to support a national eID cardprogramme in the Middle East. Identive’s smart card readerswill be used by citizens to enable secure access to eGovernmentand eAdministration applications, as well as to digitally signdocuments.

“Around the world many countries are in the process ofimplementing electronic identity card programmes to decreaseidentity fraud, manage access to public services online and atthe same time reduce administrative costs. We are pleased thatIdentive smart card readers have been selected to support thiscustomer’s national eID programme and to help both thegovernment and its citizens experience the full benefits of eIDs.

In addition to providing secure online authentication, eIDprogrammes enable delivery of government services in less timeand with more convenience, as online forms can be filed fromhome and processed more quickly,” said Dr M Mueller, executivevice president and COO Identification Products for Identive.

MONGOLIA SELECTS GEMALTO FOR EIDPROGRAMME

Mongolia’s Ministry of Justice and Home Affairs has selectedGemalto’s Sealys secure multi-service eID cards for its nationalID programme.

According to Gemalto, this new eID programme will secureMongolian citizens’ identities as well as pave the way for neweGovernment services.

Mongolia has approximately 3 million inhabitants and allcitizens aged over 18 years are set to carry these advancedsmart cards as their national ID document. In addition, thenational eID card will allow for more efficient updating of thenational registry. It will also enhance both the process andsecurity level of verifying identities. Gemalto worked with BodiInternational, the programme’s prime contractor and a leadingIT company in Mongolia on this project.

Gemalto says Mongolia is using its Sealys MultiApp ID. This isthe size of a credit card, and is fitted with a microprocessor andthe Gemalto software that securely manages the citizen’spersonal data, including the holder’s digital photograph andfingerprints, while respecting the holder’s privacy. The Mongolianational eID card also features Gemalto’s latest innovation insecure printing: the Sealys Clear Window, a transparent sectioncreated in the pure polycarbonate card body structure forenhanced protection against forgery.

IMAGEWARE TO PROVIDE CITY IDENTITYMANAGEMENT AND BOOKING SYSTEM

ImageWare Systems has received an order from the city ofFredericton, New Brunswick, Canada for a complete identitymanagement and booking system, which includes mug photo,signature and fingerprint capture.

ImageWare's LE Web thin client will allow officers andadministrative employees' access to record details and the fullsuite of investigative tools from various locations. The City ofFredericton will also be utilizing ImageWare's EPI Designer forLE reporting software. This allows users to create unique reports,agency-defined lineups, wristbands and employee/inmatebadges for an unlimited number of full-colour, dual-sided reportand card designs, complete with barcoding or encodedmagnetic strips. One of the features of the basic identitymanagement and booking system products is that it will beprovided in both French and English.

The system will be connected to the city's record managementsystem and will allow for submission of criminal fingerprints tothe Royal Canadian Mounted Police as well as fingerprintprocessing for civilian applications.


ReviewsUnder the terms of the agreement, ImageWare will receiveapproximately US$125,000 in revenue.

KFUPM OPTS FOR BELL ID

Bell ID has been selected by the King Fahd University forPetroleum and Minerals (KFUPM), Saudi Arabia, to advance itssmart card identity management system. In addition to asoftware upgrade, the solution has been extended to includetime and attendance functionality for staff and contractors.

The company says its Identity Token Manager is a vendorindependent web-based software solution that enables issuersof chip-based identity cards, such as universities, governmentsand enterprises, to effectively and securely deploy and managesingle and multi-application identity schemes. In addition tomanaging credentials on cards, the solution offers the possibilityto load and manage these on mobile devices containing a nearfield communication (NFC) chip.

The KFUPM existing solution provided by Bell ID provisions andmanages student identification smart cards. It has beenupgraded to support the university’s strategy to extend theintegration and usage of multi-application smart cardsthroughout the campus. This includes the capability toelectronically monitor staff and contractor attendance oncampus, which will improve workforce management processes,as well as achieve more accurate and streamlined invoice andaccounting procedures.

Dr Sami A Khaiyat, general supervisor, Services at KFUPM,comments: “The Bell ID solution provides us with the latestinnovative identity management software to increase the physicalsecurity of the campus and its data network. We are also lookingat future requirements and are keen to establish an infrastructurenow that will be scalable to future advancements. For example,the use of the identity card as a university payment card withincampus restaurants or to pay outstanding library fines.”

US ID solutions and schemes

AAMSCO AND DATACARD PARTNER FOR VOTER IDSCHEME

Datacard Group and AAMSCO Identification Products havepartnered to offer the Arkansas Secretary of State’s Officeservices, support, software and hardware solutions for a newvoter ID programme that will be rolling out in 2014.

The new voter ID card scheme will require citizens to showphoto identification to vote at the polls – which will bemandated via a new state law that was recently passed. Afterconsulting with AAMSCO to determine specific needs for the

scheme, voter ID card requirements and design preferences,the state purchased 98 Datacard SP25 Plus card printers as wellas Datacard ID Works identification software, and cameras forphoto capture. AAMSCO will also be providing local servicesand support to the state.

Each county clerk office will personalise their own voter ID cardsfor citizens living within the designated county. Individuals willhave their cardholder information and photo captured by thecounty offices, and then the voter ID cards will be personalisedimmediately on the Datacard SP25 printers.

US FEDERAL AGENCY CHOOSES IDENTIVE

Identive Group has been selected by a US federal agency withinthe Department of Homeland Security to implement its Hirsch-branded access control and security management systems atthe agency’s more than 200 locations nationwide. Identive’ssystems will secure entry and exit points at the agency’s facilitiesand provide secure work environments for agency employees.The DHS agency selected Identive based on the company’sreputation as a provider of security solutions to the USgovernment and the fact that Identive’s access control systemssupport simultaneous use of the wide variety of federally-issuedaccess credentials currently in use. This includes PersonalIdentity Verification (PIV) cards used by federal employees,Common Access Cards (CAC) used by military personnel, aswell as other, agency-specific credentials. Support for the arrayof federal ID credentials allows the agency to becomecompliant with federal standards and mandates governingsecure authentication and access, such as FIPS-201 and OMBM 11-11. In addition, the Identive solution is designed to allowupdates and integration to additional agency and federalsystems and databases as future standards and requirementsemerge.

ACCENTURE WINS FIVE-YEAR DEAL FROM TSA

Accenture Federal Services has received a five-year contractfrom the US Transportation Security Administration (TSA) tocreate identity management and credentialing system processesto verify and manage millions of identities for those working atsensitive, secure areas throughout the US transportation system.The contract has a ceiling of US$250 million.Accenture will work with the TSA to build a system to consolidatecredentialing platforms to include case management andcustomer relations management.

Multiple programmes exist to issue credentials and manageidentities today for transportation workers, including workers atairports, driver’s licenses to transport hazardous materials andseparate identifications for maritime workers. According toAccenture, this new process will consolidate these programmesinto one system over time, improve credentialing for new andexisting transportation sector workers, increase consistency of


Reviews

information across multiple programmesand provide improved customer serviceto applicants.

The first programme to be transitionedwill be the Transportation WorkerIdentification Credential (TWIC). TWIC isused to secure the US maritimetransportation system by providingbiographic and biometric identificationcredentials, such as fingerprints, forpersonnel requiring unescorted access tosecure areas of regulated facilities andvessels.

NIST ISSUES NEW OPTIONS FORPIV CARDS

The National Institute of Standards andTechnology (NIST) has issued a newpublication that broadens agencysecurity options for Personal IdentityVerification (PIV) cards. Biometric DataSpecifications for Personal IdentityVerification adds iris images as biometricidentifiers and on-card fingerprintcomparison as options for the cards.

A PIV card is a government-issued smartcard used by federal employees andcontractors to access governmentfacilities and computer networks. The PIVcard carries a photo, fingerprintinformation, personal identificationnumber (PIN) and a cryptographiccredential–random computer-generateddata that are recognized only by the PIV card.

To assist agencies seeking strongersecurity and greater operationalflexibility, NIST made several modifications to the previous version ofBiometric Data Specification for PersonalIdentity Verification. Major additionsinclude:

•On-card comparison of fingerprints forimproved privacy. The specificationsdescribe how to place one or twocompact fingerprint templates and arecognition algorithm on the card. Whenthe user wants to sign a documentdigitally or open a secure file, forexample, she can place her finger on areader attached to the keyboard to verifyher identity. Currently, employees have totype in a PIN for matching, which issubject to error and misuse.

•Iris recognition capability for increasedsecurity. Standardized compact imagesof one or both irises (the images are nomore than 3 kilobytes each) can beloaded on the PIV card for compact on-card storage and fast reading times. Thedocument provides performance specifications for iris biometrics to assure highaccuracy and provides specifications foriris cameras to guide implementers oncamera selection. These standards-based elements support interoperabilitywithin and across agencies using irisrecognition technology.

Agencies may choose to add iris imagesas an alternate biometric over fingerprints, because, for some users, fingerprint collection can be difficult. At times,the fingerprints are too dry to yield agood image, and lotions, wounds orillness also can make for poor images.Agencies now have the option of usingtwo biometric sources to avoid suchcircumstances.

G&D DELIVERS COMMONACCESS CARDS TO US DOD

Giesecke & Devrient (G&D) has receiveda contract award to provide the U.S.Department of Defense’s (DoD) DefenseManpower Data Center (DMDC) with

FIPS 201 PIV certified identification andphysical/logical access cards. FIPS 201is a U.S. Federal Government standardthat specifies Personal IdentityVerification (PIV) requirements forFederal employees and contractors.

For many years, the DMDC has beenproviding smart card technology as aDoD-wide Common Access Card/Personal Identity Verification (CAC/PIV).The CAC is the standard ID card foractive duty members of the UniformedServices, Selected Reserve, DoD civilianemployees, and eligible contractorpersonnel. It is the DoD’s HomelandSecurity Presidential Directive 12authorized personal identity verificationcards. The CAC/PIV is also the principalcard used to enable physical access tobuildings and controlled spaces and forlogical access to the DoD’s computernetworks and systems.

Axel Deininger, Group Senior VicePresident at G&D, said, “G&D StarSignFIPS 201 cards are very robust. They aredesigned to withstand the field conditionsthat have led to high card failure ratesoften seen in the PIV market today."

DHS CERTIFIES 19 STATESCOMPLIANT WITH REAL ID

The US Department of HomelandSecurity (DHS) certified in early 2013that 19 states were compliant with theREAL ID Act’s rules. Alabama, Florida,Kansas, Nebraska, Utah, and Vermontwere the latest states to join Colorado,Connecticut, Delaware, Georgia,Indiana, Iowa, Maryland, Ohio, SouthDakota, Tennessee, West Virginia,Wisconsin, and Wyoming as meeting theAct’s requirements. REAL ID compliantdriver’s licenses and identification cards


Reviews

are part of a multi-layered national security strategy that aidslaw enforcement to distinguish reliable state credentials fromstates with lax identity authentication.

The REAL ID Act, passed by Congress in 2005, enacts the 9/11Commission’s recommendation that the Federal Governmentset standards for the issuance of sources of identification, suchas driver’s licenses. The Act prohibits the Federal Governmentfrom accepting driver’s licenses and ID cards that do not meeta minimum security standard. The minimum standard includesprocesses to protect the card against counterfeiting and requiresreliable documentation from an applicant to prove they are whothey claim to be.

TROOP ID SOLUTION AWARDED GRANT TOPARTICIPATE IN NSTIC

ID.me's Troop ID solution, a digital authentication engine forverifying military and veteran affiliation online, was selected fora US$1.2 million grant as part of the President’s NationalStrategy for Trusted Identities in Cyberspace (NSTIC), withanother US$1.6 million anticipated in the second year of thepilot.

Troop ID, a part of the ID.me identity network, currently powersmilitary discount programs for retailers. The grant funding willbe used for product development in order to empower militaryfamilies to access sensitive information online from governmentagencies, financial institutions and health care organizations ina more privacy-enhancing, secure and efficient manner.

Managed by the National Institute of Standards and Technology(NIST), NSTIC is a White House initiative that works collaboratively with the private sector, advocacy groups, public sectoragencies and other organizations to improve the privacy,security and convenience of sensitive online transactions. TheNSTIC program envisions a set of interoperable technologystandards, policies, and identity solutions —an "IdentityEcosystem"— where individuals and organizations can beauthoritatively authenticated to increase the level of trust onlineTroop ID enables America’s service members, veterans, andtheir family members to verify their military affiliation onlineacross a network of organizations that provides discounts andbenefits in recognition of their service. More than 200,000veterans and service members use Troop ID to access benefitsonline.

HP ENTERPRISE CLOUD SERVICES SELECTED FORUSPS FEDERAL CLOUD CREDENTIAL EXCHANGE

HP Enterprise Services has been selected by SecureKeyTechnologies as a subcontractor to provide enterprise cloudservices to host the United States Postal Service's (USPS) newauthentication infrastructure.

The US government's Federal Cloud Credential Exchange(FCCX), which enables online access to multiple federalagencies, will offer individuals and organizations secure accessto federal websites and online services through existing,approved digital identification credentials.

Under the contract, HP will deliver HP Enterprise Cloud Services- Virtual Private Cloud for US Public Sector, a Federal Risk andAuthorization Management Program (FedRAMP) authorizedservice, to host SecureKey's briidge.net Exchange applicationfor the implementation of FCCX. Part of the HP ConvergedCloud portfolio, HP Enterprise Cloud Services deliver thebenefits of a cloud-based approach without sacrificing thesecurity required for mission-critical workloads.

The National Strategy for Trusted Identities in Cyberspace(NSTIC) and the Federal Identity, Credential and AccessManagement (FICAM) initiative call on all agencies to establishFCCX in an effort to broaden government acceptance ofapproved third-party credentials of varying strengths and types.

.... For more news items on ID Credentials please visitwww.globalsmart.com/ID-Credentials

http://www.globalsmart.com/ID-Credentials

SMART CARD SOLUTIONS · e-PASSPORT SOLUTIONS · MODULE SOLUTIONS · INLAY RFID SOLUTIONS

ruhlamat covers the complete range of passport manufacturing and personalisation. Proven solutions for booklet and eCover manufacturing (PA 2000). Pre-personalisation (LP 2000) including the patented security features PERFLEX (perforation with different character sizes using holes in different geometricshapes like squares and triangles). Personalisation ( LP2100, either laser or color injekt based the fastest equipment available). Test equipment (Bending,Torsion, Impact).

ruhlamat’s Pearl ID convinces with features like high speed laser engraving, very fast high definition drop on demand industrial colour printing (HDDOD) as well as a compact multiple chip personalisation tower (contact, contactless, hybrid or dual SIM with variable amount of loading stations).

LP 2100(e-)passport personalisation

Pearl ID card personalisation

HD DOD industrialprinting-colour

Laser engraving –grey scale, DMS

Optical inspection,verification,measurement

Encoding tower,contactless

Laser engraving –grey scale, MLI/CLI,Clear laser

HD DOD industrialprinting-colour

Encoding tower-contact, contactless,dual interface,dual SIM

Magnetic stripeencoding

Optical inspection,verification,measurement

ruhlamat – your reliable partnerfor high speed personalisationof (e-)passports and ID cards

www.ruhlamat.com

http://www.ruhlamat.com

http://www.ruhlamat.com/


Disruptive ID

What is innovation?

Look up ‘innovation’ in a dictionary and you will find a varietyof definitions. They will have several things in common: theimplication of novelty based on the use of existing resources,financial viability and evidence of meeting specified needs.Innovation also involves risk-taking and the creation of newmarkets. Imitation, on the other hand, requires less risk becauseit involves the use of existing products and developing them inthe hope of achieving better results. Some highly successfulimitation will, of course, turn out to be innovative. Anyinnovation is likely to lead to change within the adoptingorganisation and, therefore, require appropriately novelmanagement skills.

Disruptive innovation is the introduction of new technologies,products or services in an effort to promote change and gainadvantage over the competition. Here, ‘disruption’ does notimply disorder or chaos but, rather‘replacement'. It can becontrasted with continuous development while raising qualityand efficiency. The emphasis is on the achievement of small,incremental changes in the way things are done.

When innovation becomes disruptive

The term ‘disruptive technology’ was initially coined by ClaytonChristensen of the Harvard Business School. He used it todescribe an invention or new development that unexpectedlydisplaces an established form of technology. Christensendivided new technology into two categories: sustaining (i.e.reliant on incremental improvements to established techniques)and disruptive which may have “teething troubles” and,because it is new, initially appeals only to a limited market. Inaddition, it may not yet have immediately obvious practicalapplications (an oft-quoted example is Alexander Graham Bell's"electrical speech machine" - now called the telephone - forwhich hardly anyone could see serious potential uses!).

Stealing our miracles? Disruptive innovation and personal identity

By Ralph Adam, Freelance Editor, Communications & IT


Disruptive ID

We can all recall innovative products that have gone on salewithout having identifiable markets. Christensen emphasisedthat one of the most consistent patterns in business is the failureof leading companies to stay at the top of their industries whentechnologies or markets change. Big companies are frequentlystructured in such a way that they work best with sustainingtechnologies: such firms’strong points are knowing the market,staying close to customers (who may not see the benefits of newproducts) and having mechanisms in place to further developexisting technology. Conversely, they may encounter problemscapitalising on the potential efficiencies, cost-savings, or newmarketing opportunities created by low-margin disruptivetechnologies. It is really important that companies developstrategies to create frameworks and supporting processespermitting them to understand how disruptive technology or

innovation emerges. Such knowledge (really an aspect ofinformation management) can then be used to control theimpact and harness disruption positively by managing it andcreating positive management responses.

It is not unusual for a large organisation to dismiss the value ofa disruptive technology because it does not reinforce currentgoals, only to look foolish as the technology matures, gains alarger audience and market share while threatening to radicallychange how things are done. Christensen quotes as hisexamples some of the many big companies to have pooh-poohed disruptive inventions including Xerox’s rejection oftable-top copiers, IBM’s refusal to produce microcomputers andGoodyear and Firestone’s lack of interest in radial tyres. Thesemajor players did not, at the time, see how important suchinnovations would be for the market; by the time they did, it wasalready too late and (an often smaller) competitor had takenthe initiative, profiting from their lack of foresight.

Disappearing favourites

Disruptive innovation can be risky. Not only does it requirepeople to embrace radically different approaches to productdevelopment or marketing, but it may also appear out-of-stepwith the ‘normal’ or ‘accepted’ ways of doing things. At first,the creators of new products may appear quirky or as oddballs.On the other hand, successful disruptive innovations create newmarket opportunities where none existed before. Recenteveryday examples include mobile phones, CDs (which almosteliminated vinyl records) and digital cameras. In the‘personalidentity’ sphere there have been many such innovations. Someobvious ones are smart cards, e-wallets, downloadable applications (apps) and near-field communication.

Here is an interesting test: glance at a few trade magazines andconference proceedings from just a few years ago to see howrapidly what, at the time, were seen to be disruptive innovations

have disappeared from sight! A product that is ‘flavour of theshow’ at one year’s professional security event, may havecompletely disappeared by the next. As an example, who nowis still using WAP (Wireless Application Protocol), the widely-hyped secure specification allowing users to access informationinstantly via handheld wireless devices such as mobile phones,pagers, two-way radios, smart phones and other communications media? The technology fell far short of users (very high)expectations in terms of speed, practicality, appearance andinteroperability once the special handsets became available.Take-up was minimal.

What has all this to do with the identification market? Theidentity world has come a long way in recent years. Changes inbiometric technology, border-control credentials and tokens,identity cards, social security and healthcare documents have allhad a dramatic impact on how the industry operates as well ason our everyday lives and in the way issues are debated in themedia. Is it possible that further innovation can lead to yet morebig developments in security technologies? We are in aconstantly changing world. Fresh ideas will, undoubtedly,emerge in the near future; how best they can be applied will beinfluenced by several things. The likely increase in publicawareness of, and concern with, privacy issues will have animportant influence on future developments while new forms ofinformation technology and further internet developments aresure to appear as disruptive technologies in the world ofpersonal identity.

Where next?

The indications are that the next growth areas will come fromthat most-popular of devices the mobile phone. We have noidea, as yet, of the role that the 'cloud' will play; there will,doubtless, be many future needs for cloud-based mobileapplications. 2D bar codes represent another relatively cheapform of technology that has great potential as has its cousin,the QR code. The two can surely be combined with bothpersonal data and less-visible features leading to new forms ofencryption. We can go further: mini-videos and voice samplesare well suited to incorporation into bar codes as samplesignatures already are.

Other research is also becoming important. New forms ofbiometrics are very likely to appear as will innovationsdeveloping out of the current range of biometric features. Themassive governmental investment from many parts of the worldin nanotechnology and neuroscience will, undoubtedly, also beimportant. The increasing concern over privacy and identity isanother source of new ideas and, as technology becomes moresophisticated, so will new forms of fraud and deception createfurther needs for the industry. It is also very likely that we havenot, yet, imagined all the aspects of life for which personalidentification will become necessary with the result that, as newneeds appear, so will further developments in personal identitycredentials be required.

Mention of credentials implies highly sophisticated technologyto combat fraud. However, in the current (and, for the nearfuture) economic situation, expensive solutions may not be theanswer. Cheaper, tamper-resistant tools (using new types of

“ SCIENCE HAS STOLEN

MOST OF OUR MIRACLES ”


Disruptive ID

security thread and digital watermarks, for example) are morelikely to be the route to combatting document fraud (combined,for example, with aspects of personal data to create innovativeforms of security format) while future mobile technology maymean that there will no longer be a need for the escalation insophisticated electronic authentication and identity verificationtools to which we are becoming used.

None of this takes into account what might, a few years ago,have been considered near-science fiction, but which is nowbecoming reality. For example, we have already seen the oddbrave innovator experiment with chips implanted in his (and, sofar, it has always been a‘he!) own body in the hope ofdemonstrating where the future of credentials lies. While suchdevelopments, if they became standard, would be certain tohave a major impact we have not, so far, been able to evaluatethe extent to which the general public might accept them.

Even if nothing comes of such ideas, it is important to rememberthat, while we may not yet have body implants, those who, forinstance, store passwords on their mobiles can easily bemonitored by any of the three companies with access to them.That shows just how low is the value of passwords and how highthe need for other features to replace them. As mobiletechnology (and tablets – or whatever replaces them) becomeincreasingly important they will be carried by everyone andarguments on the role of data security (from both sides of thedivide – producers and users) can only increase in number.

Perhaps we can get a clue as to the future from the ‘everyday’world where facial recognition, the coming fashion, is intriguingthe media. If such technology becomes commonplace, it too,will be considered ‘disruptive’ and change how we behave.Here are a few examples:

Where’s your Eye-D?

Iris detection devices are used worldwide by border controlservices (iris recognition is not new - itwas first conceived as ameans of identification in 1936 by an ophthalmologist, FrankBurch,and has been widely used by James Bond). They havebeen tried at many locations including, for example,Manchester (Ringway) and Birmingham (Elmdon) airports.Facial recognition technology has also become a feature ofboth security and more general applications. For instance, ithas been introduced to some of San Francisco’s bars to give anidea of the sort of people frequenting them while an app withsimilar features monitors drinkers in Chicago. This type oftechnology is also used in cinemas to observe audiences.

Steven Spielberg’s film Minortiy report features a ‘pre-crime’police force (which can detect murders before they havehappened) using surprisingly realistic facial recognition softwareverified by biometric authentication devices. It is a world inwhich eye-scanners and tracking are commonplace (not just forsurveillance - the police can stop your car remotely, and arrestyou for merely thinking of committing a crime), but for trackingattitudes to advertising, too.

The film highlights a key issue with this type of software: anunpleasant person may be able to get round ‘Eye-D’ checks

by removing an offending eye (or amputating a head) to by-pass the device! This raises the question of whether or notany such devices would be able to tell if the eye (or any otherpart of the anatomy) is actually attached to a living body. Thisis a problem that has rarely been discussed in the biometricliterature but, nevertheless, reveals serious problems for high-security environments.

Up in the clouds

A New York company has created digital bill-boards that usecameras for monitoring passers-by and their attention toadvertisements: the software can also select ads that areappropriate for the age, gender and attention level of individualpedestrians. Similarly, Facebook uses facial recognition softwareto identify users’ friends when they upload photos and suggestnames for captions.

The ‘cloud’ may well become another form of disruptivetechnology. Its possibilities seem infinite - a Finnish company,for example, is developing a payment system that makes thetransaction almost instantaneous: customers scan theirpurchases while point-of-sale cameras photograph the items,simultaneously accessing the customer’s cloud-based wallet.The press of a button finalises the transaction.

Danny Witwer, Colin Farrell’s characterin Minority report, says:“Science has stolen most of our miracles”. An excellent mottofor the ID-world.

Technological developments are merging science fiction withreality. Both manufacturers and users will require sophisticatedknowledge and information skills. Not only are we discoveringnew ways of doing old things, but fraud and counterfeitdetection will be enhanced through the appearance of newpersonalisation techniques. The way credentials are used willchange: we shall be used to seeing self-authenticating biometricdevices with their details stored, for example, in 2D bar codescontaining document serial numbers linked to remotedatabases which can be accessed from smart phones. There isno doubt that science will provide the electronic identity worldwith yet more exciting inventions. But how many will disrupt ourtechnology. Watch this space!

For more information please email: [email protected]



Security

In the physical world, bartenders, bankers or airport securitypersonnel who rely on a driver’s license or passport trust thatthe issuing authority behind that license or passport has

exercised some diligence in authenticating the person to whomthat credential was issued. There are no driver’s licenses orpassports in cyberspace. Efforts aimed at producing that typeof federated identity credential for online use are still in theirinfancy. There is no cyber department of motor vehicles todayto issue an identity credential. Therefore, care must be takenwhen digital security credentials are issued to ensure they have been issued to the legitimate user of the associated digital identity. It matters very little if the credentials are ausername and password combination, a security token, a smartcard or any of the above in any combination. You are oftenboth the issuing authority and the relying party. It has becomea business imperative to know with certainty to whom you areissuing access credentials for your physical and digitalproperties. The strong authentication of a user to whom acredential will be issued is a critical success factor for mostglobal businesses today.

Authentication for the future

Once upon a time, authentication and credential issuance wasan easy task. You would have an employee escorted to thepersonnel office. The employee would sign for their buildingaccess card and network login credential, and, while they wereat it, they would sign the company security and network accesspolicy documents as well. Global commerce and globalemployment have dramatically changed those processes. Inthe modern ‘from anywhere at any time’ business environment,the in-person proofing and issuance or replacement of accesscredentials used by customers, partners or employees is just notpossible in many instances – at least not in a timely fashion.Still, the need for certainty of who is accessing your wiredproperties has never been more important. The resultingchallenge is how to get your authorised users connected and doit quickly while still thoroughly authenticating them.

Some of the time-honoured practices for rapidly activatingdigital security credentials remotely do not scale well on aglobal basis. The use of separate postal mailers, one for acredential and one for a PIN, lacks the speed required in an

‘always on’ eBusiness environment. Overnight courier requiringa signature is faster but expensive. An activation PIN deliveredvia email is fast but susceptible to interception as it is delivered‘in band’ and often ‘in the clear’. Delivering a credential andan activation code via email to the same device on which it willbe used might also be a security policy violation as the safety ofdelivery via a separate communication channel has been lost.

Timely and effective

Those who issue credentials to remote users and need a timelybut effective way to authenticate the end user receiving acredential should consider workflows that incorporatetelephone-based, out-of-band and telephone-based, two-factorauthentication schemas. The term out-of-band refers to the useof two separate communication channels to communicate andinteract with a remote user. The term two-factor refers to theform factors used to authenticate an end user. Form factors aretypically something you know (a password, perhaps), somethingover which you have possession and control (a telephone, asmart card, an RFID card) or something you ‘are’ – a biometric.Use of the telephone with its voice communication channel is asolid choice for a ‘something an end user controls’. The use ofa telephone as an authentication tool dates back to the earlydays of the Internet when dial up connections were common.An end user would dial into a remote server via modem andprovide a username and password. The server woulddisconnect and redial the telephone number corresponding tothat username retrieved from a directory. This keptunauthorised users from connecting to the service, even if theyhad compromised someone’s username and password. Theserver would dial back to the legitimate account holder’s phoneshutting the imposter out. Confirming the connection betweenthe user and their telephone is a second authentication step, orsecond authentication factor, via an out-of-band channel. Thisis sometimes called 2FA or two-step verification. This is a veryuseful process for activating a secure credential such as a smartcard or token for a remote user.

The use of telephony in modern two-factor authenticationworkflows has come a long way since those early days. The useof speech recognition and voice biometrics via the telephonevoice channel offers ways to reliably link specific users to specific

THE CASE FOR STRONG INITIAL AUTHENTICATION

A digital credential is only as strong as the workflow employed to issue it to the legitimate end user. Strong initial authentication is the key.

Relying on smart cards or other digital credentials means relying on the process used to issue and activate them.

If the end user is remote, strong authentication during the activation process must be achieved, but doing so in a

timely fashion takes careful consideration. John Zurawski, vice president, Authentify, reports.


Security

telephones. In addition, telephone-based, two-factor, out-of-band authentication can also be achieved via secure messagingapps on smart devices employing their data channels. One-time passwords (OTPs) delivered via the SMS channel are alsoconsidered a form of out-of-band delivery mechanism, but SMSOTPs have the challenge of being primarily a push-stylemessage. The store and forward structure of the SMS networkcan significantly delay the delivery of a message, although,there may be use cases when time is not an issue. That said,the voice channel offers interactivity and is bi-directional in realtime. Among the advantages this offers, voice can be used toexplicitly collect the end user’s consent to terms and conditionsattached to the use of a credential.

Example

By way of example, a Global 1000 manufacturer of informationtechnology, medical instruments and other high tech lines ofbusiness requires the use of smart cards and soft tokens foraccessing their global VAR and dealer network portal. Theinformation within this portal is sensitive and includes data onorders placed by various partners, distributors as well as someof the company’s own sales representatives. Information caninclude pricing and delivery schedules. This could soundfamiliar to your own environment.

Obviously, access to this portal and the information it containsis tightly controlled. Legacy security policies require handdelivery by the sales or marketing sponsor and a signature forthe new credential. It seems a little time consuming when yourglobal sponsor might be in London, but the VAR’s operationsare in Hong Kong. Plus, making a VAR wait for the next timetheir sponsor visits them in person takes some of the lustre offthe new relationship. The goal is to put the channel partner towork as quickly as possible.

Credential provisional portal

In this instance, the manufacturer developed a credentialprovisioning portal that relied on voice telephony as part of theauthentication process. A VAR’s sponsor within themanufacturing organisation would access the provisioningportal and create a user profile for the VAR they wished toenroll. The profile included a telephone number at which thesponsor trusted the authorised representative at the VAR couldreliably be contacted. In a sense, this was an in-person vettingof the telephone number.

Once the sponsor’s provisioning portion of the enrolment wascompleted, an email would be sent to the VAR’s authorisedrepresentative.Opening the email, the authorised representativewas instructed to click on a link for further instructions. Clickingon the link resulted in a telephone call being placed to the VARrepresentative’s phone as provisioned by their sponsor. Thephone call delivered a temporary passcode to access the portaland download a soft token – but the soft token was not fullyfunctional.

Once the token was downloaded, the VAR representative wasdirected to an activation step. During the activation step, asecond phone call would deliver an activation code and PINfor the token after the VAR’s representative was instructed tospeak a phrase agreeing to the terms of use for the credentialand portal. This workflow provided strong two-factor securityfor the token delivery and the token activation and automaticallycollected an electronic signature, via voice and speechrecognition, of the VAR’s agreement to terms of use. The timestamp and log files from the telephone network also become apart of the audit trail. The activation process for a VAR 10,000miles away that used to take weeks could now be completed inless than three minutes.


Security

Audit trail

A few words about the audit trail mentioned above may be inorder. The legal precedent for the use of telephone records asproof of contact and exchange between parties dates back tothe 1930s. For those with stringent compliance requirementsand a possible need to demonstrate that a particular individualreceived a specific credential and that agreed to specific terms,there is no equal.

A first time encounter with a remote user who is not anemployee but will be registering to use an online accountalways carries the highest risk. In addition, direct knowledge ortrust in the end user’s telephone number is absent in this newrelationship, but this does not preclude the use of the telephoneas a second authentication factor. It can still be used as asecond factor for account access or as part of a credentialactivation schema. There are a number of mechanisms forgleaning some level of trust relative to a phone number. Today,a number of public facing online portals and eCommerceproperties use out-of-band telephony to place outbound calls tousers registering for new accounts.

Typically, a second layer of services that offer reverse look-up fortelephone billing information, location services for mobilephones and trust scoring services are employed to helpdetermine if the telephone can be trusted as part of the accountactivation. There are variations by vendor, but these trustscoring services can be based on the appearance of thattelephone number across their network of services or otherbehavioural monitoring associated with the device. Forinstance, has the phone been used for authentication purposesover time within the existing customer base? Potentially, thecharacteristics of the phone itself are used. These might includewhether it is a mobile device or a landline, if it is provisioned bya reputable carrier, if it is a verifiable billing contract availableand so forth.

Smart devices and BYOD

Some readers may be thinking that the explosion of smartdevices and BYOD mobility has eroded the trust of two-factorauthentication or multi-factor authentication schemas thatemploy telephones. The telephone and computer have becomeone. That may be true, but not all smart devices are telephones.Many tablets do not have telephony voice channels. There arestill hundreds of millions of laptops in use, and I daresay thatworkstations have not totally gone the way of the dinosaur.Purely vanilla feature mobile phones have not gone away, and,in some countries, still represent the majority of mobile devices.Employing telephone-based two-factor authentication as a partof a security credential activation process can ensure that nouser is left behind or made to wait in the credentialing process,no matter what their technology ecosystem contains. It doesrequire flexibility, and the careful consideration cited earlier inthis article.

In additional workflow examples, consider an end user forwhom smart card access is required for access to a high limitfinancial securities trading account. Suppose they have theability to initiate trades from their mobile device. That user canstill be asked to accept a phone call at an office number knownto be theirs. An end user in need of a credential for their laptopcan take a call on their feature mobile phone as part of theauthentication process.

There is considerable value in employing telephony in credentialissuance authentication schemes. Devices can be mixed andmatched, voices recorded, biometrics employed, PINs deliveredvia secure encrypted channels and more. There is acombination of workflows that can meet the most stringentsecurity requirements. The biggest authentication advantage -no user need be left behind.

For more information please Tel: +1 773 243 0328 or email:[email protected].



Security

The identity credential is evolving along two paths. First,ID cards continue to become more secure and useful, andsecond, identity is no longer confined exclusively to a

plastic card, but can also be carried on Near FieldCommunications (NFC)-enabled smartphones. Planning forthe future is critical as physical credentials evolve, digitalcredentials emerge, physical and IT security credentialsconverge, and new printing technologies simplify how cards areproduced and distributed while making them more secure.

The traditional physical credential has transitioned frommagstripe to prox cards and on to smart cards that, over time,will coexist with digital credentials on NFC smartphones. Smartcards are also incorporating more layers of visual and digitalsecurity. Additionally, smart cards are combining physical accesscontrol for facility security and logical access control for ITsecurity, so they can be used to enter buildings, log onto thenetworks, and gain access to applications and other systems.Smart cards are also migrating into new market segments, withone of the most visible examples being solutions that implementthe Europay Mastercard Visa (EMV) global credit and debitpayment standard based on chip card technology.

Organizations must be aware of these and other developmentsas they implement more secure and useful smart cards ormobile devices, or both, within their physical access controlsystem (PACS). The broadest opportunity is to empowercustomers with a single solution for securing everything fromthe cloud to data to doors, so they can trust one source forauthenticating a range of applications.

Empowering Users – Today and Tomorrow

Increasingly, users want a more streamlined experience thatdoesn’t slow them down in a new era of on-line and cloud-hosted data, apps and services. This environment requires asecure identity management approach that mitigates escalatingand evolving risks, both internally and externally. Organizationsmust meet today’s needs while also preparing for the future.

The first step is to base the access control system on an openarchitecture so it can support new capabilities over time. Foroptimum security, the system should use contactless highfrequency smart card technology that features mutualauthentication and cryptographic protection mechanisms withsecret keys. With a highly secure smart card foundation inplace, organizations are also well positioned to improve riskmanage ment and comply with new legislation or regulatoryrequirements.

Cards should also employ a secure messaging protocol that isdelivered on a trust-based communication platform within asecure ecosystem of interoperable products. Also essential tointeroperability is a generic, universal card edge, also knownas the card command interface. This ensures that solutions willwork with a broad ecosystem of products within a trustedboundary. With these capabilities, organizations can ensure thehighest level of security, convenience, and flexibility, along withthe adaptability to meet future requirements.

One future requirement might be the ability to combinemultipleapplications onto a single card. In addition tocentralizing management, this eliminates the need foremployees to carry separate cards for applications includingopening doors, accessing computers, using time-and-attendance and secure-print-management systems, and makingcashless vending purchases. Other applications that can beadded include biometrics, which requires the cards to haveexpanded digital storage capacity for the templates. Ideally,cards should also include visual and other elements thatimprove overall security.

It also is becoming more important to implement multi-layeredsecurity in applications ranging from building access to dataprotection both in the cloud and on devices. Among the mostimportant best practices is authentication beyond simplepasswords, to ensure that individuals are who they say they are.Enterprises have typically focused on securing the networkperimeter, and relied on static passwords to authenticate usersinside the firewall. This is insufficient given today’s multifariousAdvanced Persistent Threats (APTs), ad hoc hacking, and internalrisks associated with Bring Your Own Device (BYOD) adoption.Static passwords must be extended with other authenticationfactors; however, while this is a primary strategic security pillar,users increasingly resist the idea of carrying around a separate,dedicated security token. Today’s contactless OTP loginsolutions remedy this problem by giving users a single card withwhich they can easily ‘tap in’ and ‘tap out’ for computer loginand logout with strong authentication.

Other components of a multi-layered security strategy includedevice authentication (including personal devices, to anapplication on a corporate network or in the cloud), browserprotection, transaction authentication/pattern-based intelligence, and application security. This requires the use of anintegrated multi-layered authentication and real-time threatdetection platform. Fraud detection technology has been usedin online banking and eCommerce for some time. Now, thistechnology is expected to cross over into the corporate sector as

PLOTTING A COURSE FOR SECURE IDENTITY CREDENTIALS

By Anthony Ball, Senior Vice President,

Identity and Access Management (IAM), HID Global

*

The Nagra ID “e-Service Display Card” is the last generation of Secure Identity Documents that provides Governments, citizens, corporations and e-Consumers with a higher visible security, greater user-friendliness and the best privacy protection.

Citizen e-IDs

e-Online Card

Key Card

Identity & Access Management

"Anywhere, Anytime,Any Device"Ensuring Security, Convergence & Convenience.

We reinvented the SmartCard

This is the most remarkable Smart-Card platform that we have ever come up with.

[email protected]

We supply secure Display Cards, Smartcards, Inlays, Prelaminates, polycarbonate data pages and e-Covers for e-Passports and e-IDs.

"Anywher

W

e"Anywher

& Convenience.Convergence Ensuring Security

Any Device"Anytime,

"Anywher

& Convenience.Convergence

Security

evicAnytime,

e"Anywher

& Convenience.

up with.we have ever come

d platformCardemarkable Smartr

This is the most

& Convenience.

we have ever come d platform that

-emarkable SmartThis is the most

d Authentication Number : CarCANd Authenticate Connection Establishment : PassworACEPPA*

d Authenticate Connection Establishment

Identity & Access

Citizen e-IDs

Identity & Access

Citizen e-IDs

otection.pr-friendliness and the best privacyeater usergr

and e-Consumers with a higher visible securitynments, citizens, corporationsovides Goverpr

e Identity Documents thatgeneration of SecurThe Nagra ID “e-Service Display Car

e Key : Dynamic SignaturDSKd Authentication Number : CarCAN

-friendliness and the best privacy,a higher visible securityy,

nments, citizens, corporationse Identity Documents that

d” is the lastThe Nagra ID “e-Service Display Car

Management

dKey Car

de-Online Car

Management

Switzerland2301 La Chaux-de-FondsCrêt-du-Locle 10a Kudelski group companyNagra ID

e-IDs.e-Covers for e-Passports and polycarbonate data pages and Smartcar

e supply securW

Switzerland2301 La Chaux-de-FondsCrêt-du-Locle 10a Kudelski group companyNagra ID

e-IDs.e-Covers for e-Passports and polycarbonate data pages and

elaminates, Inlays, Prds, Smartcards, e Display Care supply secur

ecision, quality methodologies and Swiss high prpatents and engineering pr

e contactless technologies, multiple 20 years in securoduct development, including onic pro-electrmicr

esults of 35 years of experience in e the rfamilies ars advanced technologies and prNagraID’

financial and e-Consumers ID’technologies for citizens ID’

solutions, value-added and fers tailor made prNagraID (Switzerland), of

e-Covers for e-Passports and polycarbonate data pages and

elaminates, ds,

ecision, quality methodologies and owned by ocesses crpatents and engineering pr

e contactless technologies, multiple oduct development, including

esults of 35 years of experience in oduct s advanced technologies and pr

s markets.rs ID’’ss, s, corporate ID’ns ID’’s

and transfer services solutions, oducts fers tailor made pr

de-Online Car

www

el: TTeSwitzerland

S

.nagraid.comwww

el: +41 (32) 924 04 04 Switzerland

ID@ id

e business and gre futuro ensurease their added valueincr

Customers the best technologies & solutions to ovide to our Partners and Our goal is to pr

heritage.

owth…e business and groposition and to help ease their added value pr

Customers the best technologies & solutions to ovide to our Partners and

http://www.nagraid.com


http://www.nagraid.com


Security

a way to provide an additional layer of security for remoteaccess use cases such as VPNs or Virtual Desktops. Meanwhile,two-factor authentication measures, which have typically beenconfined to OTP tokens, display cards and other physicaldevices, are now also being delivered through ‘soft tokens’ thatcan be held on such user devices as mobile phones, tablets,and browser-based tokens. A phone app generates an OTP, orOTPs are sent to the phone via SMS.

Many organizations will be content with a soft token credential,but the more security-conscious organizations will store theauthentication credential on a secure element inside the mobiledevice, which can be a subscriber identity module (SIM) orUniversal Integrated Circuit Card (UICC)-based secure element,or an add-on device such as a microSD card that incorporates asecure element. This approach on NFC-enabled mobilesmartphones will increase convenience while also ensuring simpleand secure user login across multiple cloud-based applications.

Identity management in the cloud will also become increasinglyimportant, especially as organizations increasingly leverage theSoftware as a Service (SaaS) model and mobile identitysolutions. The most effective approach for addressing datamoving to the cloud – not only with SaaS applications, but alsowith internal apps stored elsewhere – will likely be federatedidentity management, which allows users to access multipleapplications by authenticating to a central portal. Federated IDmanagement supports many authentication methods, it meetscompliance requirements through centralized audit records, andit doesn’t require end-user device changes. Federated identitymanagement also protects against APTs, ad hoc hacking,malicious acts from ex-employees, and internal threats such asemployee fraud, and will ensure that identity can be managedon both plastic cards and smartphones.

Moving to Mobile Credentials

Partnerships are underway with Mobile Network Operators(MNOs), Trusted Service Managers (TSMs) and other ServiceProviders (SPs), so that users can securely issue, revoke andmanage their identities anytime, anywhere, on any device, andmonitor and modify security parameters.

NFC smartphones will be able to receive many different digitalcredentials using convenient, secure and trusted cloud-basedprovisioning. This will change how we create, use and manageidentities. The industry will also need to define best practices formanaging and supporting today’s influx of personal mobilephones in the BYOD environment, while simultaneouslyensuring user privacy and protecting enterprise data andresources. Creating separate sections in the phone is a potentialsolution: all applications and other ID credentials are separatedfrom each other inside the phone between personal andenterprise use. This is already being done with NFC-enabledsmartphones that are used to open doors. All associatedencrypted keys, credentials and the company’s organizationaldata are stored in the phone’s encrypted, remotely-managedsecure element. Interaction between this secure element andthe rest of the device can be limited, according to policy, andstrong authentication can be required to access the applicationsand data residing there.

Smartphones may also need to support derived credentials andPublic Key Infrastructure (PKI), including personal identityverification (PIV) credentials carried by U.S. Federal workers.The combination of derived credentials with the use of separatesections for corporate/agency and personal information willcreate the additional need for hierarchical lifecycle management, so that organizations and agencies can only revoke auser’s “work” credentials if, for instance, a phone carrying PIVcredentials is lost.

Despite the high security and many clear benefits of mobilecredentials, it is unlikely in the coming years that smartphoneswill replace smart cards altogether for access control. After all,cards are also still preferred as a means of photo identification.For this reason, mobile access credentials carried inside NFC-enabled smartphones are expected to co-exist with cards andbadges. There are important developments on the cardissuance side as well.

Advances in Secure Credential Issuance

There have been many advances aimed at increasing thesecurity of cards, cardholders and issuance systems. Theindustry is rapidly moving to a multi-layered approach both forcard validation and overall system security.

In the past, a person requesting access was typically comparedwith a photo or other identifying data on the credential. Today’scredentials can include elements that enable more trustworthyvisual authentication while helping deter tampering and forgery.These visual elements may include higher-resolution imagesand holographic card over-laminates, as well as permanentlaser-engraved personalization attributes that are difficult, if notimpossible, to forge or alter.

Another validation dimension is the use of digital componentssuch as smart card chips or magnetic stripes. Multi-factorauthentication can be implemented by adding card datastorage. These additional authentication factors can includesomething the cardholder “has” (the card), something thecardholder “knows” (a password) and something the cardholder“is” (biometric data). Today’s smart cards also leveragecryptography and keys to ensure that the user possesses thecorrect keys at that specific moment.

The overall issuance system also requires multiple protectivelayers. The first includes mechanical locks that control access tothe system’s physical components, including the card input andoutput hoppers as well as the rejected cards. Physical locksshould also be placed on all access points to protect ribbon,film and other consumables. Additionally, personal identificationnumbers (PINs) should be used to control operator access toeach printer. Organizations should also ensure that print jobdata packets meet or exceed advanced encryption standards tooptimize system privacy, integrity and authentication all the wayto the final issuance endpoint. Finally, personal data on used

“ The industry is rapidly moving to amulti-layered approach both for cardvalidation and overall system security. ”


Security

print ribbon panels should be automatically eliminated, andprinters should feature integrated sensors so custom printribbons and holographic card over-laminates can only be usedin authorized units.

Personalization is also important. The best approach for mid-sized and larger organizations is an ID card printer that supportsmultiple types of electronic personalization, for multiple typesof cards including magnetic stripe as well as increasinglypopular contactless and contact encoding solutions. Thissimplifies migration to new technology and new encodingoptions as security requirements increase. Large organizationsalso may need different ways to control access throughout thefacility depending on area-specific security needs. This can beaccomplished if printer/encoder solutions include modules foradding secure visual personalization elements such asholographic over-laminates. Additionally, large organizationsmay need an integrated card personalization software solutionthat has the flexibility to link disparate databases from aroundthe world.

Ease of personalization must also be considered. Proper identityvalidation management requires routine synchronization of thepre-programmed data on the card’s electronics with personaldata printed on the outside of the card. This was previouslyachieved by first using a desktop card printer to add colour andtext to a card’s exterior. Then the card was extracted from theprinter’s output bin, and the pre-printed/pre-programmed ICnumber was transferred to a computer database. The latterstep was generally carried out either through manual data entryor by tapping the card to an external desktop reader. Today’sinline smart card personalization processes reduce this to asingle step, enabling users to submit a card into a desktopprinter equipped with an internal smart card encoder thatpersonalizes the card inside and out.

Nearly all major card printer manufacturers offer the option tobuild card readers/encoders into their machines, and they alsooffer card issuance software that is compatible with theintegrated system. If an organization already owns a cardprinter, it can usually be field-upgraded with an encoder. Byintegrating readers/encoders into card printer hardware,organizations can leverage the benefits of smart cardapplications well into the future.

The latest ID credential technology enables organizations to meet difficult security challenges, both today and to morrow, while creating a frictionless end-user experience.Thetechnology also supports Identity management’s move to thecloud, using federated identity management and proven fraud-detection technology to mitigate both internal and externalthreats. Additionally, today’s solutions solve the problems ofensuring secure identity and privacy across interoperableproducts in a world of growing threats, and they makecredentials portable to new mobile platforms that deliver a moreconvenient user experience, while still coexisting with plasticcredentials that continue to grow in security while becomingeasier to print and distribute.

For more information please email: [email protected],visit: www.hidglobal.com, or tel: +1 800 237 7769


http://www.hidglobal.com




Biometrics

26

The Biometrics Institute Industry Survey is now in its fourthyear, and provides members with an insight into differenttrends and important developments in the biometrics

industry that have taken place in the last 12 months as well aslooking to the future.

The survey was circulated by email to all members of theBiometrics Institute and other key stakeholders as well as mediacontacts, a total of about 4,000 contacts, in June 2013.

The facts

276 individuals responded to the survey of which 42% aremembers of the Biometrics Institute. The largest proportion ofrespondents are based in Australia but in comparison to lastyear there is greater participation from other parts of the world:20% of respondents are from continental Europe, 20% from theUK, 11% from the US, 10% from Asia and 7% from NewZealand. In line with the continuing expansion of the BiometricsInstitute into the UK/Europe the biggest change in therespondent profile is the marked increase in the percentagebased in Europe.

49% of respondents are representatives from user organisations(including universities) such as government agencies or financialinstitutions.

Reversing previous years’ surveys, fingerprint recognitionfollowed by facial recognition are the areas most respondentsare involved in. This year this is again followed by irisrecognition (especially as a secondary business area) and bymultimodal and voice/speech recognition.Not surprisingly given the increase in Europeans within thesample, the highest proportion of projects are now located inEurope (49%), principally the UK.

Significant development

When asked what they thought the single most significantdevelopment had been in the last 12 months, respondents weremost likely to cite biometrics at the border (16%) and theadoption of biometrics in everyday activities (15%) - the latterhaving been anticipated in last year’s survey.

Technology advances and large-scale national ID deploymentswere the next most highly mentioned, albeit the latter wasnotably down from last year.

While those in Australia/New Zealand (ANZ) and Europe heldsimilar views overall, users felt particularly strongly thatbiometrics at the border had been the most significantdevelopment.

Most significantdevelopment in past

2012 -2013 2011-2012 2010-2011 2009-2010

All respondents* (247 in2013)

Biometrics at theborder/adoption ofbiometrics in everydayactivities

Large-scale nationalID deployments/biometrics at theborder

Biometrics at theborder

Increased useracceptance

Get set for biometrics in everyday life

Adoption of biometrics in everyday life is again seen as the most significant likely development in

the next few years, according to a new survey from the Biometrics Institute. Isabelle Moeller, Chief

Executive, Biometrics Institute reports.


Biometrics

The adoption of biometrics in everyday life remained thedevelopment expected to be of greatest significance over thenext five years, both overall and among the key analysedsubgroups. When the data was combined from the top threeexpected developments, this aspect was followed by technologyadvances, improved interoperability and increased useracceptance.

To gain further insight respondents were asked an additionalquestion about their understanding of the term ‘biometrics ineveryday activities’. The diagram below shows this visually for

the top 50 mentions – the larger the word the more mentions(actual number of mentions in brackets).

Key findings

The key areas related to any kind of access in its broadest sense- whether relating to a mobile or ATM or to physical access to

a building, car or country for example. Financial words such asbanking, transactions and payments were all mentioned highly.

Most significantdevelopment in future

2013Survey

2012Survey

2011Survey

2010Survey

All respondents* (247 in2013)

Adoption of biometrics ineveryday life

Adoption ofbiometrics in everydaylife

Biometrics at theborder

Increased useracceptance


Biometrics

28

Going mobile?

In previous years, expected future implementations mainlyfocused on border security with smartphones and mobiledevices attracting the second highest mention last year. Thisyear smartphones/mobile devices gained the highest level ofmention followed by border security. Fingerprint followed byFacial (the reverse of 2012) are the biometrics expected to bemost likely to feature but there was notable mention ofmultimodal and, to a lesser extent, iris and voice recognition.Iris and voice attracted high levels of mention in terms of otherbiometrics which may be in contention.

Growing familiarity

Why are biometrics in every-day life possibly seen as the mostsignificant development? Biometrics have become morecommonplace. For example, consumers are used to biometricpassports and Automated Border Gates, which have beenintroduced in many countries across the world.

Heathrow, Gatwick and several other major UK airports haveintroduced ePassport gates using facial recognition technologyand the first gate went live in the UK at Manchester airport in 2008.

When the UK prepared for the London Olympics, biometricswere used to secure the Olympic Park.

Following the London riots, questions were asked about the useof facial recognition technology to identify those involved in theriots and the intrusion of privacy.

There are also an increasing number of stories about theintroduction of biometrics in schools or pubs and clubs toprovide access to services or entry to a building.

It seems people trust social networks and are quite willing toupload their personal information and photos for sharing withothers. We are seeing an increased consumerisation of IT, whichmakes it even more important to understand the opportunitiesbut also the risks of using new technologies in order to makingthe right decision about when biometrics are proportionate.

Smartphones and tablets

Over the last year, we have been hearing more and more aboutthe use of biometrics on smartphones and tablets. Apple’spurchase of the fingerprint sensor company AuthenTec resultedin numerous headlines about the technology and raisedquestions about the role of biometrics in the mobile world. So,one question people are now asking is will the mobile phonebecome the latest killer app for biometrics?

As last year, survey respondents were asked to select what theyviewed as the main future use of biometrics rather than listingseveral. Financial transactions were added to the list and someoptions were slightly altered for clarity.

Smartphone/mobile devices stood out as a response to thisquestion (selected by a fifth of the sample) and attracting highermention than border security, which had been the mainenvisaged implementation/use of biometrics in previoussurveys. Border security was next at 11% followed by passwordreplacement and identity documents (both at 9%, as was theposition last year).

Restraints

As in the previous survey, the two main market restraints arethought to be data sharing and cost with the poor knowledgeof biometrics among decision makers (especially mentioned bysuppliers) and concerns over reliability (especially among users)also mentioned again this year. There were some interestingdifferences between those in ANZ and European respondents.

The main areas felt to be in need of more research werespoofing/presentation attack and accuracy – both of whichfeatured highly last year. Many other aspects were mentioned bya third or more of the sample.

Technologies

As in the last two years, suppliers indicated that they mostly soldfingerprint closely followed by facial biometrics systems during2012- 2013. Iris and multimodal were next. The on-goingdominance of fingerprint and facial recognition systems wasconfirmed by the user respondents who also mainly claimed tohave bought/upgraded such systems during the last year.Echoing last year, just over a third of users claim not to havebought or upgraded any biometric systems in the last 12 months.

The largest proportion of the customers remain Governmentagencies/public sector (44% cf 51% in 2012) but law


Biometrics

enforcement and financial services gained slightly highermention than previously. The systems purchased/upgraded wereprincipally used for identity management and border securitybut law enforcement, access control and improved customerservice were also mentioned.

Again, as for the last couple of years, it is expected that facialand fingerprint biometrics will remain the main purchasesduring the next year followed by iris and voice with fewer (justover a third) saying they wouldn’t be buying or upgrading any.Similar uses are envisaged. Interestingly customer service andidentity management were the two areas gaining more mentionthan last year.

Budgets

Finally 57% of users expected their budget to be the same as thisyear with 15% expecting it to be higher and just under a thirdlower. This was a very similar response to last year.

The survey results will be further discussed at the Biometrics

Institute events including the Showcase Europe 2014 to be heldin London on the 26 June 2014 hosted at Australia House.

The mission of the Biometrics Institute is to promote theresponsible use of biometrics as an independent andimpartial international forum for biometric users andother interested parties.

The Biometrics Institute has more than 130 memberorganisations represented by more than 500 individuals. Themembership is split into user organisations such as governmentdepartments, financial institutions and universities and suppliers.50% of the organisations are based in Australia, 32% in Europe,9% in New Zealand, 5% in the USA and 4% in Asia-Pacific/theMiddle East.

The full 42-page report, including detailed analysis in the formof charts, tables and text is available to all members of theBiometrics Institute. To find out about becoming a member, visit:www.biometricsinstitute.org

Looking ahead, the MOST significant development will be:

Adoption of biometrics in everyday activities

Biometrics at the Border

Consolidation of the market

Improved formal education and training in

Growth in existing and new markets

Improved interoperability

Improved reliability and performance of systems

Improved understanding of human factors

Increased awareness of spoofing/presentation

Increased collaboration across government

Increased public awareness

Increased user acceptance

Large scale national ID deployments

Securing biometric data (to prevent concerns over

Standards development

Technology advances (i.e. contactless biometrics,

Don’t know

Other

http://www.biometricsinstitute.org


Biometrics

In recent years, the use of biometric technologies is being viewed less in therealm of forensics or science fiction and more in terms of a default option tovalidate identities and combat fraud. As one of the three classic

authentication factors, 1 biometrics represents ‘something you are’—effectivelytying a person to an identity claim and enabling secure identity recognition.Technology convergence affects us all—from our businesses running services inthe cloud or using analytics to better target services, to our rapid adoption ofsmart phones and tablets as fundamental to our personal and working lives. Ascompanies and consumers alike embrace the digital world, the proliferation ofbiometric technologies increases—and so, too, grows the inducement to attackthose biometric-enabled systems. With biometric technologies now beingdeployed in international travel, by bank automated teller machines, and evenfor school lunch payments, how can we be sure that today’s biometric systemscan be trusted? And what happens if that trust turns out to be misplaced?

Fast forward to fraud

The first biometric systems to be adopted at scale were those used by the law enforcementcommunity to capture and compare fingerprints from criminals, crime scenes, and suspects.These systems were closely supervised in use, giving little opportunity for fraud. Morerecently, biometric technology has matured to provide a flexible and cost-effective answerto a whole range of business scenarios and implementations; in airports, on the high street,in offices, and embedded in mobile devices. With biometric identification offering businessbenefits such as improved facilitation, enablement, and automation, the world is seeingtremendous uptake of this technology, and, along with that adoption, a tendency towardlighter scrutiny of where and how it is used—increasing the vulnerability to fraud.

Beating the Biometric Fraudsters By Alastair Partington and Mark Crego, Accenture


Biometrics

With limited emphasis on biometric fraud detection capabilitiesto date, serious criminals and petty opportunists are takingadvantage. Specifically, ‘biometric fraudsters’ attempt two kindsof attacks:

• Impersonation: an imposter seeks to be incorrectly recognised as a different, legitimate user

• Obfuscation: a user manipulates his or her own biometrictraits to avoid recognition.

Fraud is a serious business—especially when it involves personalidentities. In practice, attacks can include coercing legitimateusers, creating fake samples, or making use of mutilated bodyparts. The most desperate biometric fraudsters resort to surgery,risking permanent scarring (face or fingerprints), blindness(iris)—or worse.

Biometric systems are far from invulnerable. For instance, inJanuary 2012, a journalist from the Mingpao Daily successfullyspoofed a biometrics device at the self-service immigrationclearance e-channel system at the Hong Kong-China borderusing a US$14 fingerprint cast bought on a popular retailwebsite. At the same time, the barrier to entry for this type ofcriminality is lowering. Benefitting from the same technologyadvances (and cost reductions) that have enabled cyber-criminals to crack systems on the other side of the world, andthe proverbial teenage hackers to perform denial-of-serviceattacks from their bedrooms, biometric fraudsters can nowreadily access the technology to tamper with biometricdocuments, create biometric spoofs, and test their results—allfrom the comfort of their own homes.

Are any modalities immune?

Fingerprint casts aside, it would seem that even some of thenewer biometric modalities are vulnerable to spoofing attacks.In an assessment undertaken by Accenture we found thatfingerprint, face, and voice recognition systems appear to bethe most commonly affected by biometric fraud, due to theirwide deployment; however, iris, vein, and even DNA-basedsystems are also potentially vulnerable to attacks.

For those looking to create systems resistant to biometric fraud,the situation is complex. A typical approach to deter thefraudster is to opt for a multi-modal biometric system; while thisis an excellent first step toward reducing vulnerability, recentstudies2 have shown that even multi-modal biometric systemscan be breached. Often, successfully spoofing the singlemodality that is considered the most reliable (and often has thehighest weighting in the matching calculation) can be sufficientto fool a simple multi-modal system. System vendors are alertto this possibility, and have incorporated analytical features,additional data (for example, ‘soft biometrics’ such as gender,age, height) and more sophisticated biometric fusion algorithms

into their more advanced products to reduce this risk; yet it isapparent that multi-modality alone is not a panacea tosafeguarding identity. Organisations need to look further if theyare to successfully combat biometric fraud.

Turning the tables on fraudsters

In evaluating which countermeasures system architects candeploy to make their systems resilient to attack, let us first takea step back and consider the system to be protected.Depending on the business purpose of the system, and theexposure it has to the outside world, it will be at more or lessrisk, and may or not require significant fraud detectioncapabilities. There is often a correlation between a system’sbiometric accuracy requirements and the anti-spoofingcapabilities required, due to the relative aversion of highlysecure systems to the risk of false acceptances which could begenerated either by matching errors or through biometric fraud.It is also worth bearing in mind that anti-spoofing measures candecrease user convenience, as they can generate false alertson genuine users – and thus, these techniques should only beapplied when high levels of security are genuinely required.

Second, it is important to recognise that there is no silver bulletsolution to the challenges presented by biometric fraud. Nosingle biometric fraud detection technique is sufficient, as eachfraud countermeasure can be surmounted with the appropriateknowledge. ‘Defence in depth’ is key—attackers must bepresented with a series of varied barriers – making their worknot only considerably more challenging, but also impossible tosystemise.

With these considerations in mind, it is important to choose yourcountermeasures wisely. The specific defences that can be usedto strengthen a biometric system’s resistance to fraud attackscan be selected from the following three groups:

• Functional decisions, usually made at the design stage, such as the use of multi-modal biometrics, or thecombination of biometrics with behavioural characteristicsor additional authentication factors such as PIN codes ortokens.

• Technical capabilities such as biometric anti-spoofing and liveness-detection algorithms, advanced analyticscapabilities, cancellable biometrics, template-protectionalgorithms, etc.

• Operational decisions, such as the approach to be takento deter fraud attempts before they are conceived, the levelof supervision that should be applied to the system, thestrategy to be adopted to stay ahead of the threat(analogous to anti-virus management today), the securityupgrade/patching plan, etc.

When designing the biometric fraud detection approach, thereare many factors to take into account, such as the increasedcost and complexity of the solution; a possible dependency onspecific hardware or software components, some of which arelikely to be proprietary, and might limit future evolutions; theanticipated impact on system performance (potentially bothspeed, and accuracy) on user convenience and so on. Finally,a cost/benefit analysis is a necessary step, to balance the

“ As biometric systems adopt afundamental role in modern life, fraud

resilience becomes a more urgent need. “


Biometrics

anticipated costs of implementing the proposed biometric fraudcountermeasures with the expected benefits to be gained fromreduced biometric fraud, and justify the effort to the businessstakeholders. Many of these benefits are intangible, such asmaintaining user trust and organisational reputation, soinevitably, much of this cost/benefit analysis may be qualitativeas well as quantitative. In short, the path to reduced biometricfraud is a delicate balancing act between the complexities ofsecurity and facilitation; getting this balance right, consistently,is possible through the use of smart solutions that improve theway society works and lives.

Fraud detection—a shared responsibility

All the stakeholders in a biometric solution—business owners,biometric system vendors, system integrators, and indeed, theend-users—have a vested interest in the system being resistantto fraud. As biometric systems adopt a fundamental role inmodern life, fraud resilience becomes a more urgent need.

Effective biometric fraud detection requires a diverse set ofcapabilities—organisational, business-focused, and technical—as well as a broad range of third-party vendor, academic, andstandards-body relationships. If a secure identity solution is tobe achieved, organisations need to adopt a holistic approach;one that integrates not only robust biometric fraud detection,but also more traditional IT security techniques and processes.

Where is biometrics having an impact today?

Governments are using unique identity to protect privacy. The Unique Identification Authority of India’s (UIDAI) Aadhaarprogram is providing a unique identification number for thenation’s 1.2 billion citizens. The aim is to use the programmeas an identification framework for various government schemesand provide financial inclusion for socially disadvantagedcitizens. The Aadhaar program is being rolled out over the nextdecade and aims to process hundreds of thousands of identityvalidation requests each second against the world’s largestdatabase of individuals. The unique identification uses multipletypes of biometric data, including retina scans, fingerprints forall 10 fingers, and multiple facial images. Since 2011, around400 million citizens have been enrolled, making it the world’slargest biometrics-based database, processing around 1 millionenrolments every day at its peak.

Public Safety agencies are combining biometrics withanalytics to improve public safetySophisticated analytics techniques can quickly process a widevariety and volume of data sources—from video cameras,sensors, and biometrics—to dramatically transform policing.The Safe City pilot programme in Singapore, for example,integrates advanced analytic capabilities into the existing videomonitoring system used in the city by applying computer visionand predictive analytics to video feeds to detect public safetyconcerns. The solution can increase situational awareness,streamline operations and offer alerts that can enhance theresponse times to public safety incidents. What is more,successful intelligence sharing and proactive crime fighting—supported by interoperable systems and crime databases, andimproved data standards and management—can be advanced

by the use of technologies such as biometrics and automaticfacial recognition while respecting individual privacy andadhering to data protection laws

Biometrics to identify security threatsUsable and accurate, face-matching technologies are nowhighly versatile, not only enabling the automation of what werepreviously manual tasks but also allowing governments andbusinesses to introduce new sources of value to citizens andcustomers, while reducing costs and driving efficiencies.

Whether applied to the screening of people entering the country,upgrading the functionality of high-street security cameras,supporting efforts to locate criminals or augmenting policeefforts in the line of duty, by using biometrics technologies as anenabler, organisations can introduce a speed and level ofautomation which enhances decision making. Versatile waysthat public service organisations are using biometrics to benefitcitizens include:

• Schiphol, Amsterdam's International Airport, is using videoanalytics to prevent accidental or malicious intrusion ontorunway and hangar areas,3 while the airport’s automatedsystem uses a technical platform that enables consultationwith the databases of other agencies to highlight passengeranomalies and help prevent fraud and immigrationdiscrepancies.4

• The Metropolitan Police in London has announced it hopesto capitalise on the advances in vehicle number platerecognition, DNA detection and face recognition softwarein a bid to reduce crime rates.5

• The United States Federal Bureau of Investigation (FBI) isactivating a nationwide facial recognition service in selectstates that will allow local police to identify unknownsubjects in photographs.6

Today, in an always on and always connected world each of ushas a role to play to help biometric technologies remain apositive force in society, managing our digital demands andprotecting us from the efforts of disruptive fraudsters.

This article was provided by Mark Crego, managing director,Accenture Border and Identity Services ([email protected]) and Alastair Partington, senior manager withinAccenture’s Emerging Technologies & Innovation team([email protected])

1 http://www.itl.nist.gov/lab/bulletns/bltnaug04.htm

2 Examples include: Akhtar, Kale, Alfarid. Spoof Attacks on

Multimodal Biometric Systems ICINT 2011

3 http://www.sourcesecurity.com/markets/airports-and-

ports/news/co-882-ga.1008.html

4 http://www.accenture.com/SiteCollectionDocuments/Local_UK/

Accenture-Amsterdam-Schiphol-Airport.pdf

5 http://www.guardian.co.uk/government-computing-

network/2011/sep/28/met-police-hogan-howe-it?newsfeed=true

6 http://www.thecrimereport.org/archive/2011-10-fbi-facial-rec




http://www.itl.nist.gov/lab/bulletns/bltnaug04.htm

http://www.sourcesecurity.com/markets/airports-and-ports/news/co-882-ga.1008.html



http://www.accenture.com/SiteCollectionDocuments/Local_UK/

http://www.guardian.co.uk/government-computing-network/2011/sep/28/met-police-hogan-howe-it?newsfeed=true



http://www.thecrimereport.org/archive/2011-10-fbi-facial-rec


Biometrics

Western governments are implementing the mostsevere budget cuts of recent times. Against thisbackdrop, threats from terrorism, organised

crime and public disorder continue to rise. Yet recentstatistics in the UK demonstrate that authorities can remainresilient and still ensure law-and-order. The targetedapplication of technology can further increase resilienceand the readiness to respond to major events. Therelentless advance in the accuracy of face recognitiontechnology, increase in the availability of digital mediaand mass availability of cheap computing power nowprovide unique opportunities to meet challenging budgetsby drastically enhancing the operational efficiency offorensic investigators while even further enhancing publicsafety. Digital media can be bulk-ingested in anautomated fashion to be processed in a cloud computingenvironment to identify and extract potential actionableintelligence. Processing is continuous, consistent andpredictable. Multiple identification technologies can bedeployed and the most suitable algorithms integrated tomeeting evolving requirements. Analysts can now focuson investigating and confirming suggested results ratherthan having to manually watch countless hours of mediain the hope of stumbling across the required information.Expanding beyond traditional sources of media isincreasingly being accomplished by engaging the publicand crowd-sourcing intelligence in response to incidents.

Having previously written on the subject of the application offace recognition in airportsi and privacy concerns of facerecognition when used by retailii, this article focusses on theapplication of face recognition to support bulk processing ofmedia by what has traditionally been the first and thus far mostproliferate user of biometric technologies: law enforcement. Theconvergence of multiple advancements now provides a wholenew set of opportunities to use identification technologies inmanners that provide benefits that are only now being realised.

1 A Need for Enhanced Safety and OperationalEfficiency

Governments across Europe are in fiscal crisis. Austerity is theorder of the day and public budgets are being slashed. Againstthis backdrop, security risks are continuously increasing. Thethreat from terrorism, organised crime and public disorder isnot abating. Indeed, as reported by the BBC News on the 17thJuly 2013iii, the threat landscape is “substantial” and becomingever more fragmented, consisting of a greater number ofsmaller and less sophisticated plots.

However, the UK’s police forces have demonstrated that it ispossible to maintain and even improve upon public safetydespite the relentless pressure of austerity. Recent reportsindicate that crime in the UK is at an historic low, being at itslowest level since 1981 iv. As always, it appears that necessityis the mother of invention and it is likely that technology isplaying an innovative role in improving police efficiency.

What is not apparent from these recent reports, however, is thecurrent level of readiness to respond to a major event. Indeed,the UK’s Police Federation, the body representing rank and filepolice officers, warns that the police “could not handle moreriots”v after the budget cuts and Her Majesty’s Inspectorate ofConstabulary (HMIC) warns that neighbourhood policing risksbeing “eroded”. vi

There is a need to enhance public safety whilst reducing publicoperational budgets.

2 A Relentless Increase in Digital Media

The increase in the creation of digital media is relentless. Lawenforcement and intelligence agencies have amassed largecollections of biographical, video and photographic informationfrom multiple sources such as:

• Computer hard drives.

• Mobile phones and portable cameras.

Intelligence and Efficiency through On-Demand Media Analysis using Face Recognition

By Carl Gohringer, Allevate Ltd.


Biometrics

• Flash memory devices.

• Online sources on the Internet such as Facebook and YouTube.

Additionally, when tragic events or social disorder occur,investigators have a long and arduous task of reviewingcountless hours of CCTV footage, generally with a varyingdegree of concentration and scrutiny.

A solution that minimises manual effort in the extraction ofactionable intelligence from amassed media by automating thisprocess with a consistent and repeatable level of scrutiny willdeliver concise and consistent information in a fraction of thetime taken by operators undertaking the task completelymanually.

3 An Automated Media Processing and ExploitationSolution

Police, intelligence and other public order agencies wouldbenefit from the application of a powerful media processingsolution designed to process, ingest, analyse and index in anautomated fashion very large quantities of photographs andvideos to transform them into usable assets.

Such an automated solution ingests and processes media frommultiple sources. Once processed, law enforcement agenciescan analyse and make use of the extracted assets and managethem in a centralised repository of information. Data links,associations and metadata inferences can be managed acrossthe whole dataset by multiple users from a single common userinterface. Backend processing services are run in a cloud-computing environment, the capacity of which can beconfigured and incrementally scaled up and down to meet anorganisation’s changing demands; peaks arising from specificevents can be easily accommodated.

Features include:

• Automatically find, extract and index faces to enablebiometric and biographic searching of media.

• Create and manage watchlists of people of interest via aweb-based interface.

• Find and cross-reference all media instances in which aperson of interest has been seen.

• Identify, locate, and track persons of interest, their associates and their activities across all media.

• Discover, document and view links between people ofinterest, their activities and networks.

• Use of metadata (including geo data) in the media toenhance investigations and association of data.

• Integration into existing system environments, databasesand components via a flexible API.

3.1 Incorporating Other Detection Capabilities

In addition to face detection and recognition, other detectionengines can be incorporated, such as:

• Automatic Number Plate Recognition. (ANPR)

• Voice Biometrics.

• Object / Logo Recognition. (Other identifying features can be used to track individuals through other processed media.)

• Scene Recognition (Identify similarities in the entire frame, often used in childexploitation investigations) �

Vendor independence allows the use best-of-breedalgorithms.

3.2 Biographic Filtering and Fuzzy Match Capability

Forensic investigations are complex and require a holistic viewof all available data. This involves not only analysing media,but making full use of all textual and biographic data availableas well. This can include text from files recovered from harddrives and other storage devices, online sources, metadataassociated with photo or video files and data entered byinvestigators during the investigation.

Traditional Boolean search techniques only work within a blackand white, true and false paradigm. More applicable within acomplicated forensic analysis are techniques that use advanced“fuzzy” algorithms that to calculate similarities and aggregatematch scores using multiple criteria to enable a “shades ofgrey” analysis.

Such an approach can fuse match scores across multipledisparate search criteria and even allows for fusion andaggregation of search results across multiple biometric andbiographic criteria. �

The use of media metadata and other biographic datafurther refines biometric matching.

3.3 Working with Geo-Location Data

An ever-increasing amount of media available to investigatorsis captured on mobile devices and cameras affixed with locationdetermining technology. This includes media obtained fromCCTV, confiscated hardware and devices, online sources andvoluntarily made available by members of the public. Themajority of the time, this geo-location data is incorporated intothe media metadata, thereby providing significant potential tofurther enhance the analysis of the media. For example, geo-location can be used to:

• Compartmentalise and refine analysis by location of wherethe media was created.

• Overlay location of proposed matches onto maps.


Biometrics

• Chart movements of individuals of interest by location andtime of sightings.

• Link individuals at the same location and time even if theydo not appear together in media.

3.4 Architecture and Integration with Existing Systems

There are significant similarities in organisation and methodsof operation in many western law enforcement agenciesfacilitating increased levels of co-operation. Operationalsystems should support full control of information and data aswell as have sufficient in-built flexibility to enable authoriseddata exchanges.

In addition to utilising COTS components, adhering to commonstandards and being cloud-architected to enable massivescalability, a well delineated scope of functionality and openAPI enables:

• Flexibility in customisation and integration with existingsystems and workflows.

• Well-defined mechanisms of loading data and automatingingestion of media for processing.

• Dynamic alteration and sharing of watchlists, media,system-generated results and operator analysis.

3.5 Hosting, Cloud and Virtualisation Options

Full architectural flexibility enables flexibility of hosting options.Organisations can elect to:

• Take advantage of IaaS and SaaS options on cloudofferings. (UK accreditation of IL0 to IL3 is available via hosting partners)

• Fully host the solution on their own private and securepremises and datacentres.

• Deploy in a hybrid manner. (Thereby taking advantage of external processing powerwhilst retaining the most secret data)

3.6 Working Hand-in-Glove with Trained ForensicInvestigators

The human operator will always remain the critical andessential part of intelligence analysis; media analysis solutionsare not designed to replace the intricate skills and knowledge oftrained investigators. Rather, the operator is enabled to intelligently direct and apply their extensive training at suggestedresults, eliminating the necessity of rote viewing of countlesshours of media either in a sequential our random fashion. �

Integration of enhanced verification, charting and mappingtools enables operators to conduct detailed analysis ofsuggested matches and identifications to confirm or deny them.

4 Potential Use Cases

There are myriad different applications of a solution architectureas described herein within military, law enforcement, intelligenceand public site security agencies. These are summarised intothree broad categories:

4.1 Time Critical Investigations, Media of Critical Importance

In certain major incidents, timeliness of response is of theessence. Authorities need to quickly process evidence to identifyand apprehend individuals. The scale of the investigation isoften huge and the amount of media that needs to be processedmassive. Examples include terrorist events such as the recentBoston bombing and the Woolwich attack in South London.

Often, the media acquired in these instances is of such criticalimportance that the authorities may choose to review it all in itsentirety, frame-by-frame. However, in the early stages after theincident, decisive and immediate action is critical. Rather thanhaving to sift through the media in a random or sequentialfashion, a media analysis solution can quickly direct theinvestigators to the portions of the media that are most likely todeliver immediate results. Full review of the media can beconducted during subsequent stages of the investigation.

4.2 Bulk Ingestion of Media Arising from CriminalInvestigations

During routine operations or specific criminal investigations,authorities may recover significant quantities of media onconfiscated hard drives, mobile phones, flash / thumb drivesand other sources that need to be processed to either further theinvestigation or to assist in building an evidence base forcriminal prosecution. Examples include:

• Military or counter-terror officers raiding terrorist trainingfacilities.

• Specialist organised crime investigators raiding the officesof organised crime syndicates.

• Child protection officers raiding premises of individuals ororganisations involved in child exploitation.

This media can be bulk ingested in an automated fashion toprovide the investigating officers an overall summary of thecontents including focus areas for further investigation.

4.3 Continuous Background Processing of Media Sources

Authorities may as a matter of routine have access to masses ofmedia which may contain actionable intelligence, but typicallywould never be viewed or processed due to a lack of resourceand the time consuming nature doing so. Examples include:

• Media from specific cameras installed at high-profile orsensitive locations.

• Media from known or suspect online sources or accountsfrom social media sites.


Biometrics

• Media made available to the authorities by the generalpublic.

Intelligence in these sources may be missed entirely and neveracted upon.

This media can now be bulk ingested and processed in anentirely automated fashion to flag any relevant intelligence,using operator controlled criteria, to the authorities as requiredfor follow-up processing.

5 A Compelling Business Case

The solution and optional IaaS / SaaS components can bemade available on a monthly service-charge basis, therebyrequiring a minimal capital outlay and enabling a compellingoperating expenditure business model.

Whilst the human operator is an essential part of intelligenceanalysis, an entry level solution empowers the analyst to processup to an order of magnitude more media on a daily basis. Thisenables trained operators to apply their expertise and trainingby focussing on the analysis of results generated by the solutionin a more focused effort than manually watching hour uponhour of media.

Efficiency is dramatically boosted by bulk processingmedia 24x7 at a constant and predictable level of focusand accuracy: operational staff can focus on analysingresults.

6 Engaging the Public to Crowd-Source Media toaid Investigations

Increasingly, especially from crowded public events, authoritiesare making greater use of media captured intelligence in theform of photographs and videos that have been recorded bymembers of the public.

With the advent of smartphones, almost everybody has ahigh quality camera in their pocket.

Most members of society would welcome the opportunity toassist the authorities with their investigations, but often do notknow how or are fearful of being involved.

Allevate’s proposed PublicEye service is aimed at empoweringthe public to take a greater collective social responsibility andassist law enforcement in much the same manner as thephenomenally successful CrimeWatch. It enables members ofthe public to (at their discretion) upload media directly from theirmobile phone or other internet device to a public portal forprocessing and dissemination to the relevant authorities.

A PublicEye portal could be used:

• In response to appeals by the police to the public who werepresent at an event or disturbance.

• When individuals witness a crime being committed.• Upon suspected sightings of missing persons or individuals

wanted by the authorities.

A PublicEye enables the authorities to crowd-sourcemedia to augment their own sources.

7 Summary

Security concerns are ever increasing. However, public budgetsare being slashed. Law enforcement agencies are rising to thechallenge of implementing budget cuts partly through thefocussed application of technology. The accuracy of facerecognition has increased dramatically over the past 10 years.This, coupled with the massive increase in the creation of digitalmedia and the availability of cheap computing, now providesauthorities with the ability to bulk ingest and process media inan automated fashion. Results are continuous and predictable.Trained analysts can now focus their skills on investigatingsuggested results and on intelligence extracted by automatedsystems. Not only does this provide the ability to process criticalmedia even faster than ever before to respond time criticalinvestigations, but it also enables authorities to extractintelligence from media sources that in the past may never evenhave been looked at because of the significant resource thispreviously would have entailed.

Additionally, the availability of smartphones means almosteverybody is carrying in their pocket a high quality camera. Theability to process media rapidly and cheaply means theauthorities will be able to, on a continuously increasing basis,engage with members of the public to crowd-source media inresponse to major investigations.

For more information visit www.allevate.com and follow us onTwitter: @Allevat

i Allevate, July 2012:

http://allevate.com/blog/index.php/2012/07/17/advances-in-face-

recognition-technology-and-its-application-in-airports/

ii Allevate, January 2013:

http://allevate.com/blog/index.php/2013/01/07/face-recognition-

in-retail-profit-ethics-and-privacy/

iii BBC News, 17th July 2013

http://www.bbc.co.uk/news/uk-23334719

iv The Telegraph, 18th July 2013

http://www.telegraph.co.uk/comment/telegraph-view/1018

8194/Police-spending-is-down-yet-crime-has-fallen.html

v The Telegraph, 18th July 2013

http://www.telegraph.co.uk/news/uknews/law-and-order/

10187337/Police-could-not-handle-more-riots-after-budget-cuts.html

vi BBC News, 18th July


vii In cooperation with Tygart Technology

http://allevate.co.uk/index_files/Allevate_Limited_MXSERVER.htm

http://allevate.com/news/index.php/2013/05/09/revolutionary-face-

recognition-media-exploitation-system-now-available-to-enhance-pu

blic-safety-in-europe/

viii The UK’s G-Cloud Programme is a cross government initiative led

by Andy Nelson (Ministry of Justice) supported by Denise McDonagh

(Home Office) under the direction of the Chief Information Officer

Delivery Board as part of the Government ICT Strategy.

http://allevate.com/news/index.php/2013/05/13/face-recognition-

media-exploitation-system-g-cloud-iii-cloudstore/

http://www.allevate.com

http://allevate.com/blog/index.php/2012/07/17/advances-in-face-recognition-technology-and-its-application-in-airports/



http://allevate.com/blog/index.php/2013/01/07/face-recognition-in-retail-profit-ethics-and-privacy/




http://www.telegraph.co.uk/comment/telegraph-view/1018

http://www.telegraph.co.uk/news/uknews/law-and-order/


http://allevate.co.uk/index_files/Allevate_Limited_MXSERVER.htm

http://allevate.com/news/index.php/2013/05/09/revolutionary-face-recognition-media-exploitation-system-now-available-to-enhance-pu



http://allevate.com/news/index.php/2013/05/13/face-recognition-media-exploitation-system-g-cloud-iii-cloudstore/




Biometrics

In 2012, a new identity theft victim was generated every threeseconds in the US alone. These victims numbered 12.6million, alarmingly up 1 million from 2011, and netted a loss

of more than US$21 Billion.1 Identity theft is rising and theexpectations for high-security are very real, as embodied inrecent ISO 19092 and the Federal Financial InstitutionsExamination Council (FFIEC) guidelines. By definition, identityfraud refers to the crime of fraudulently obtaining and using avictim’s data for personal economic gain; economic gain thatcan be directly correlated to the advent of electrical bankingand the Financial Services model that no longer relies heavily onface-to-face transactions. Without new and innovativeapproaches to combat the increasing sophistication offraudsters, the rising amount of fraudulent activity and identitytheft, the upward trend is only set to continue.

As consumers have clamoured for convenience, financialinstitutions have obliged by allowing transactions to take placevia telephony or web channels. These solutions are now posingan exponential risk to the institution’s systems and processes, asthe requirement to verify the legitimacy of customer identifications, transactions, access and communications is still a veryreal issue. The need to protect customer identities and provideaudit trails of transaction activity means that new identityverification practices and end-to-end electronic workflows areneeded. Financial institutions must meet these demands foradditional security with a solution that improves and adds valueto the customer experience while adhering to ever-tighterindustry regulations. Specifically designed to deliver strongidentity verification, while providing an intuitive user experience,voice biometric solutions meet these needs.

By Melinda Ziemer, Marketing Manager, VoiceVault

COMBATING FINANCIAL SERVICES FRAUD

WITH VOICE BIOMETRIC IDENTITY VERIFICATION


Biometrics

Simple PIN (personal identification number) or password-basedidentity verification is not secure, especially with the growth ofsocial engineering techniques making passwords easilyobtainable and, particularly in smart device apps, just plaininconvenient. Yet, a key strength of biometrics in system securityis that they do not rely on external elements such as passwordsor PINs that could be used by someone other than theauthorized user. Biometrics rely on something you are (a personwith biometric characteristics) rather than something you know(a password, PIN etc). As a result, they are considerably moresecure. In other words, only biometrics can truly verify that youare who you claim to be.

Implementing a voice biometric enabled authentication systemis a very efficient means of providing strong multi-factor identityverification solutions that enhance the something you know (aPIN or password) with something you are (your unique voice).Needing only five seconds of speech to verify a customer’sidentity, financial institutions benefit from a simple and securemulti-factor authentication solution that provides a great userexperience and, on average, saves 30-45 seconds per call,reducing call centre agent costs and improving customersatisfaction. Voice biometrics are a flexible and versatile part ofa secure multi-factor process when used for: out of bandauthentication, authentication for Android / iOS smartphonesand tablets, self-service password reset, and voice e-signatures.The solutions enable financial institutions to: secure transactionsand application access; improve the customer experience; andimportantly, comply with increasing security and fraudregulations. Attracting new customers, and keeping existingones, by providing both a great user experience andreassurances of security and identity protection is vital to allfinancial services organizations.

Out of band authentication

Out of band authentication is a 'transaction verification' processwith the primary function to confirm that the transaction detailsoriginated with the user. It is an interactive process that conformsto FFIEC guidance and is particularly suited to authenticating anonline transaction, whether that is a session login or atransaction within that session. With the current prevalence ofdata breaches, specifically those of user names and passwords,adding a second factor to the authentication processdramatically decreases the likelihood that actual accountinformation will be compromised. The voice biometric solutionis phone-based and uses either an out of band call to a user-

registered phone number, or uses an Android / iOSsmartphone-based app. In this instance, the phone line, or theapp, is regarded as being one of the trusted parts of the strongmulti-factor authentication process, and the voice biometricelement adds yet another factor. This solution leverages the factthat phones and smartphones are ubiquitous and are never faraway, and that the use of them is non-invasive, intuitive and hasa low user experience impact.

Authentication for Android / iOS smartphones andtablets: Mobile Banking and Mobile Payments

More and more business is being conducted on smart deviceswhile on the go and outside of the traditional office. Expertspredict that the mobile transaction market will see volumes ofmore than US$605 billion a year by 2015. These devices havebecome fundamental digital assistants whose owners highlyvalue not only their security but also their usability. Whether it isto secure access to an online banking service, or enableincreased options and higher value transactions on mobilebanking applications, the solution must meet the requirementfor both convenience and increased protection against fraud.Financial institutions have attempted to offset the security risksby requiring customers to have multiple PINs or passwords, oranswer numerous knowledge based questions during agent ledverification, however, customers get frustrated with the addedrequirements, especially when they want to quickly access anapp or authorize a transaction.

A multi-factor voice biometric security framework (the device,the PIN and the voice biometric for example) can be usedseamlessly to both protect access to an app and to secureactivities initiated from within it. The five seconds of speechneeded for authentication is less than the time it takes to entera medium level password within an app and provides users withhigh security that doesn’t require them to have to rememberanything. Voice biometrics are well suited to smart device appsand form a natural part of a multi-factor authentication systemthat can be tailored to the needs of each type and value oftransaction (even within a single app). By just responding to ashort visual or audio prompt, a customer can secure any typeof transaction at any desired level of security. To match the waycustomers use their phones and devices, a range of interfacesand usage models can be used to tailor the experience andkeep the voice verification process unobtrusive and matched tothe needs for security or convenience. These include: on-screenprompting; an out of band call; or an in-app audio interface.


Biometrics

Automated password reset

Even with voice biometrics as part of a financial institution’smulti-factor authentication process, the need to provide apassword reset service is still a necessary requirement fororganizations. Traditionally password reset consists of a staffedhelp-desk and is a tedious experience for users and help-deskstaff alike. A typical password reset call to a help-desk costs anorganization approximately US$10 and with password resetactivities accounting for up to 35% of calls to a help-desk,represents a significant organizational expenditure. With voicebiometrics, a self-service password reset solution delivers a fullyscalable ‘un-manned virtual help-desk’ that is accessible to the customer from anywhere, at any time and from any phone.To provide a financial institution with rapid implementation anddeployment, the voice biometric system is fully hosted andleverages existing organizational password reset systems and services.

Since the process of using a phone-based system or smartdevice application is so natural, users can interact with thesystem in their chosen language and there is no costly usertraining required. The ability for a user to reset their ownpassword without the need to engage with the help-desk allowshelpdesk agents can be allocated to other tasks, increasingproductivity and enabling other areas of the financial institutionto benefit from reduced queuing times. It can also reduce thenumber of helpdesk agents needed to be on call 24/7 forpassword resetting and completely eliminates the security risksintroduced when a helpdesk agent is present during theresetting process. Automated systems are also popular with end-users in that they provide customers with a sense of empowerment and are seen as being non-intrusive.

Legally binding Voice e-Signatures

In today’s Financial Services environment customer signaturesare time-consuming and expensive to obtain. Customers arefavouring companies that don’t require cumbersome paperforms to collect their authorization and in particular,organizations that offer ‘go green’ paperless programmes toconduct business. In turn, financial institutions are looking forprocess improvement through shorter calls and the eliminationof the reliance on hand-written signatures to consummatetransactions. Research shows that no matter what the industry,there is a 30-55% falloff rate when a paper process is involvedin getting a signature from parties who are not face-to-face.However, that dropout rate goes to under 5% when a voice e-signature is obtained while the customer is captive on the phoneand the administrative costs associated with the typical papertrail that accompanies hand-written signatures is reduced by upto 80%.

Financial institutions are able to leverage voice biometrics withinany phone or smart device based process where a traditionalhand-written signature would normally be required. With nospecialized hardware, on-site software required, or changes toexisting call centre/IVR/IT infrastructure, the solution can quicklyand easily be incorporated into an existing call flow or smartdevice application. Within the voice biometric transaction,VoiceVault acts as a trusted third-party in delivering the e-

signature capability. This status extends to repudiation claimswhere VoiceVault is able to provide voice biometric evidencethat the person making the claim did in fact electronically voicesign the transaction under dispute. In the US, voice e-signaturesare recognized as legally binding under: The E-Sign Act; HIPAA;CMS; DOI; FDA 21CFR Part 11 and in Europe, they can beincorporated into processes that generate e-signatures with theresulting voice e-signatures being legally binding as defined byEU Directive 1993/93/EC.

Accuracy

In Financial Services where high security and fraud reductionare major drivers in application design, identity verificationaccuracy is paramount and dependent upon the system’s abilityto verify a customer using only a short sample of speech that iscompared to the enrolled voiceprint. Using that small amountof speech, voice technology solutions have raised the accuracybar to new levels with a verifiable equal error rate of only 0.1%.This level of accuracy has been proven in a real-worldapplication where voice biometrics is used for authorizingfinancial transactions on a smart device.

Results from a security conscious enterprise deploymentdemonstrates that the voice biometric engine can deliver a falseaccept rate of 0.01% while maintaining overall false reject ratesof less than 3%. With these levels of accuracy, financialinstitutions can deploy solutions that incorporate multi-factoridentity verification processes using voice biometrics knowingthat they are achieving the very highest levels of security anduser convenience while avoiding the need for customers to haveto remember PINs or passwords.

Voice Biometrics in action within Financial Services

A milestone for the international acceptance of voice biometricsin mobile applications was recently established with thesimultaneous deployment of an app in 40 countries by a topthree global US financial institution. Available now, the Androidand iOS smartphone and tablet application uses voicebiometrics as part of a multi-factor authentication process forsecuring commercial banking ACH payments and wire transfers.The solution provides critical high security multi-factorauthentication support for multi-million dollar financialtransactions, with billions of dollars in transfers already securedby active users in more than 30 countries. By recognizing thechallenges with such a global rollout and how imperative it wasthat the app was able to pass the regulatory authorities, legalreview, stringent privacy requirements, and required userconsent legislation in each of the locations it was available in,the app successfully became the first voice biometric mobileapplication that has obtained global regulatory acceptance.This was achieved while maintaining very rigid accuracy levelsdemanded by the financial services industry.

1. https://www.javelinstrategy.com/brochure/276

For more information email: [email protected], or visitWeb: www.voicevault.com

https://www.javelinstrategy.com/brochure/276


http://www.voicevault.com


Biometrics

Electronic healthcare records are protected by a thin veil ofsecurity, practically guaranteeing a future breach andproviding a false sense of assurance to patients. The

authentication model adopted by many healthcare institutions isdated and vulnerable and violates the promise of trust that theseinstitutions provide to their patients. Access to health informationneeds to be linked to the authorized individual and biometricauthentication is the best answer. It’s clearly time to retire passwordsand proximity cards and secure electronic healthcare records withauthentication that is secure and convenient.

Simple security is needed in the healthcare industry’spush for adoption of electronic systems

The healthcare industry has seen more than its fair share of change. Less than a decade ago, virtually all patient informationresided in paper charts stored in a records room. Patients (and, attimes, even their caregivers) rarely had access to these records andrecords were difficult to transfer from one facility to another. Today,thanks to regulations and the rapid advance in digital technologies,the adoption rate of electronic health records (EHR) has risen tonearly 72% by office-based physicians1. This dramatic shift over thepast five years has created tremendous pressure to ensure thatpatient data is readily accessible anytime and from any locationwithin the hospital.

Unfortunately, ready access to data has outpaced secure methods toprotect access to the data. These methods, such as username/password pairs or even proximity cards, are antiquated, overlycomplex to administer and lack a sufficient security model to protectsensitive and confidential patient data. And let’s face it: these solutionswere never designed to meet today’s security needs and threats.

Virtually Insecure

By Greg Sarrail, Vice President, Solutions Business, Lumidigm


Biometrics

Don’t put up barriers and slow me down! Singlesign-on for improved workflow

The accelerated use of electronic data for health records,prescriptions, drug interaction checks, clinical decision supportand a myriad of other systems has created a new problem: theneed to validate the identity of the person who is requestingaccess with the right level of assurance at all points of access.Enterprise single sign-on systems and EHR suite vendors haveimproved clinician workflow by binding disparate username andpassword systems to a single log-on event using one usernameand password.

But everyone knows that the username/password model is notsecure. From Bill Gates’ proclamation in 2004 that thepassword would soon meet its death to the constant barrage ofpassword-related security breaches at top companies such asLinkedIn and Yahoo! to examples of remote breaches, such asin the state of Utah, where the healthcare information of over780,000 Medicare patients was accessed through the use ofhacked username and passwords, it’s astonishing andfrightening to think of the modern systems that still rely on thisarchaic technology.

In fact, studies have shown that the healthcare market suffersfrom abnormally high breaches and associated costs. ThePonemon Institute’s Third Annual Benchmark Study on PatientPrivacy & Data Security disclosed that 94% of healthcareorganizations were breached from 2010-2012 with more than45% reporting they had more than five significant breachesduring that time 2. The majority of attackers gain initial access

by exploiting guessable passwords or through brute force“dictionary” attacks.

If the username/password model is insufficient for today’sthreats and single sign-on systems tie multiple passwords to asingle identity, haven’t the risks grown exponentially?

Two-factor authentication – a statistical necessity

To minimize this risk, two-factor authentication has become anecessity and is now generally being adopted. Two-factorauthentication is the combination of two out of the threepossible methods (something you know, something you have,something you are). One basic example is ATM access whichrequires a card (something you have) and a PIN (something you know).

Within the healthcare provider setting, the two authenticationfactors most commonly used to secure data are the proximitycard that the clinician already uses to access the facility and aPIN or password. To log on, all the clinician needs to do is tapa card and type a PIN. The problems mentioned above seem tobe solved: the reliance on a username/password pair isdiminished, information is accessible, workflow is enhanced,and a record is created that links the authentication request tothe access of the data.

But what sacrifices have been made to make access to data thissimple? Has security been sacrificed to ensure rapid clinicianadoption?


Biometrics

Dissecting the prox card – are traditional methodsgood enough?

Unfortunately, using a proximity card plus a password is not assecure as people may hope. Authentication with an RFIDproximity card and a password is better than a username andpassword, but it is far from secure. Proximity cards have been inuse for over 30 years for physical access control and are nowused to authenticate to networks and single sign-on systems.That technology was simply expanded for the new use case. But is it really the best choice for logical access control inhealthcare settings?

Proximity cards use a static number, called a card serial number(CSN), that is sent over the air, unencrypted, to a reader. Thisnumber is correlated to a user’s identity. In other words, thestatic CSN acts as a username and, with the password or PIN,the two are used to unlock a user’s desktop or single sign-onsession. In combination with a static CSN, newer RFIDcontactless cards offer the capability to write and store data ona card, encrypt data at rest and in transit, and securelyexchange this data.

Yet these features are typically only used for physical accesscontrol and are not used for desktop authentication. Thesehigher security features must be implemented in cooperation withthe card vendor, decrease the speed at which a user is recognizedand limit the interoperability of the system with various cardtechnology. For these reasons, most authentication softwareutilizes the CSN irrespective of what card technology is used.

In short, the common denominator is the card serial numberwhich is fast and interoperable. Unfortunately, the CSN is an unencrypted static number which can be simply copied or cloned. Is a static card number plus a password any more secure than the former username/password model thatit replaced?

The majority of single-sign on solutions also offers the capabilityto use either a proximity card with no PIN as an authenticationmethod or use a “grace period” feature that bypasses the needto enter a password for each logon event. At the start of theday, a card and password is required but, for the next four-eight hours, only the card is required for authentication. When no password or PIN is required for user authentication, if a card is lost or stolen, it can be used by anyone — evenwithout a password.

To summarize, in grappling with the new demands of electronichealthcare data, physician workflow was improved by tyingevery application and transaction requiring a username/password pair to a single authentication event. Then, thesecurity of this authentication event was “enhanced” byreplacing the username with a static card number. As a finalstep, two-factor authentication was bypassed and security was sacrificed, once again, to provide simplified access to information.

Security vs. convenience: users should not have tochoose!

The reality is that security has taken a backseat to workflow atevery stage. Proximity cards were never designed to protectnetworks, applications and sensitive patient data, yet manyhealthcare organizations rely on this technology to protect theirmost critical assets.

Clinicians log on to an EHR system as often as 75 times a day.These transaction events can add up to 45 minutes if using ausername and password. The use of electronic systems isundeniably valuable and necessary and access to those systemsmust be simple and convenient or they will not be adopted.What seems to have been forgotten in the rush to implement isthat access must also be secure to meet regulatory requirementsand to provide proper patient privacy.

If using a proximity card and PIN is not much better than theformer username/password model, what is the alternative? It must be as or more convenient than using a card andpassword and it must positively identify the person accessingthe information. Something that the clinician can share withothers such as a username and password does not identify“who” without some level of doubt. Something that can beeasily duplicated such as a static card serial number also doesnot absolutely identify “who.” Only through the use of abiometric can the authorized individual be positively identifiedto securely grant access while creating a record of theauthenticity of the transaction.

Knowing “who” matters!

Fingerprint biometrics is the most widely used biometrictechnology in healthcare for medication dispensing, electronicprescriptions of controlled substances and simple, secure loginto EHRs. More convenient than using a card-based system, afingerprint biometric authentication solution does not requirethe clinician to carry some other device, card or token.Requiring no more than the placement of a finger on a sensor,authentication using fingerprint biometrics enhances clinicianworkflow while delivering the level of security that is required toprotect sensitive health information.

However, not all fingerprint biometric solutions are createdequal. To maximize adoption, it is critical to select a fingerprintsensor that works in real world environments and that candeliver consistent results irrespective of race, gender, age orphysical conditions. To truly enhance workflow, the sensor needsto work every time, and for every user.

Multispectral imaging essential for healthcareenvironment

The purpose of any biometric technology is to provide consistentdata for verification that can be used to match the data thatwas captured during enrollment. Only then can the systemproperly identify and quickly accept the right people whilerejecting unauthorized users. A biometric sensor needs to collectusable data under a variety of real world conditions. Withinhealthcare, these conditions are typically characterized by

“ ....NOT ALL FINGERPRINT BIOMETRIC

SOLUTIONS ARE CREATED EQUAL. “


Biometrics

a diverse user population that has minimal training on biometric enrollment and high use of alcohol-based hand sanitizers and hand washing resulting in dry hands, along with a relativelycool, bright and dry environment. These conditions have causedtraditional fingerprint biometric sensors to have difficultysupporting the demands of both healthcare institutions and clinicians.

To address the shortcomings of conventional fingerprinttechnologies, Lumidigm has developed a fingerprint technologythat is able to work across the range of common operationalconditions. Called multispectral imaging, this technologycollects information about both the surface and subsurfacefingerprint to capture reliable data every time, regardless ofwhether a user’s finger is dry, wet, dirty, slightly rotated, ordifficult to capture.

Multispectral imaging allows clinicians to enroll andauthenticate quickly and accurately every time, removing theneed to call the help desk or use a secondary authenticationmethod due to issues with the primary mode. Multispectralimaging enhances user adoption rates because it is simple,reliable and secure.

The time has come to replace an inadequate and archaic securitysolution with one that is truly tied to the individual. The threatlandscape continues to grow along with the migration toelectronic records and increased access to systems andinformation, meaning greater exposure to unauthorized access and cyber-attacks. The healthcare industry’s reliance ontechnology designed over 30 years ago is not sufficient to protectus from the current threat landscape nor will it prevent newattacks. It’s time that we implement solutions that make nocompromise and deliver both security and convenience. It’s timethat authentic ation is tied to the user’s identity and validated ateach transaction. It’s time for widespread adoption of fingerprintbiometric authentication utilizing the most reliable technologyavailable. It’s time to adopt security that is effective AND efficient.

1 Office of the National Coordinator for Health InformationTechnology, Dec. 2012, Physician Adoption of ElectronicHealth Record Technology to Meet Meaningful UseObjectives: 2009-2012. ONC Data Brief, no. 7.

2 Ponemon Institute, Dec. 2012, Third Annual BenchmarkStudy on Patient Privacy & Data Security

For more please email Greg Sarrail at [email protected].

1 2 34 5 67 8 9* 0 #

Who knowsthe PIN #?

Who knowsthe password?

Who hasthe key card?

Now we know Who!

It�s Robert!

1 2 34 5 67 8 9* 0 #

Who knowsthe PIN #?

Who knowsthe password?

Who hasthe key card?

Now we know Who!

It�s Robert!



Biometrics

The purpose of a photo is not always merely to be abeautiful representation of a person, or a piece ofart. When it comes to identification purposes, aphotograph provides valuable biometric data thatcan be used in ID documents and ID verification.Therefore, it is important that the photo capture ismade with expertise in the field of biometric data,not only with photographic proficiency. The processof capturing data is vital to make the result ashomogenous as possible and there are manyaspects that need to be considered, aspects that caneasily be taken care of with today’s technology.

The issue of security is more important than ever and thewidespread use of biometrics is increasing steadily. With agrowing number of travellers, governments are working hard toensure their border control procedures meet the growingdemand for better security and faster throughput in bordercontrol by using ePassports and eGates/ABC (AutomatedBorder Control). But this is, in many cases, easier said thandone; the biometric data stored in ePassports needs to be ofhigh quality to enable automatic face recognition. Therefore astandardized process that captures facial photos with a focuson the biometric data is vital.

Poor photo quality Is costly

ePassports enable machine-assisted ID verification and can bea very good solution for smoother throughput in bordercontrols. But without good photo quality, the estimated timesaved in using eGates might end up as time wasted. Denial ofaccess and queues at border gates in airports can be the resultof biometric data not properly representing the documentholder or not complying with the standards (eg poor biometric

photo quality). The photo and document holder may be thesame person, but if the matching algorithms used in the eGatesolution cannot make a positive verification due to insufficientdata quality, the whole idea of biometric documents ischallenged. Certain nations have chosen to implementePassport solutions where not enough attention is given to thequality of the data. Thus, from time to time, the border controlworld falls victim to the classic Garbage In Garbage Out(GIGO) scenario where travellers are denied access and getfrustrated and stressed over spending more time than necessaryat border controls.

The main focus during tenders is often cost. Buying a newbiometric enrollment system is a big investment, but doingeverything correctly from the beginning can save a lot ofgovernment money and time for a lot of travellers. Quality andsafety surely come at a price, at least initially, but going with thehigher-quality solution will result in fewer issues and problemsover long usage periods. So again, what was intended to be agood solution to speed up the border control might result inlong lines and frustration if the documents and biometric dataaren´t prepared properly.

Strict standard requirements

ICAO has specified global standards for travel documents andhas decided on facial images as the primary biometric identifierfor all European countries. Photos used in ePassports shouldcomply with ISO/IEC 19794-5, which defines a standard forcodifying data describing human faces within a CBEFF-compliant data structure for use in facial recognition systems.The standard is intended to allow for computer analysis of faceimages for automated 1:n matching and 1:1 authentication, aswell as manual identification of distinctive features such asmoles and scars. To enable applications to run on a range ofdevices and to improve accuracy, the specification alsodescribes an array of other requirements such as lighting, pose,expression, positioning, image resolution, and image size.

The full-face frontal pose must have a background withouttextures, lines, or curves, as this could cause the softwarealgorithms to become confused in separating the face from thebackground. A plain background in uniform colour (white/gray)with no gradual change from light to dark luminosity in a singledirection is recommended. In the traditional approach, withindependent photographers creating and supplying passportphotos, such standardization is quite a challenge. Anothercause of problems is lighting. The light must be equallydistributed on the applicant´s face with no significant directionof the light from the point of view of the camera. Biometric datacapture systems with integrated photo illumination synchronizedwith the camera, in combination with illuminated back walls,minimize the dependency on ambient lighting; but 500 Lumenper square metre or more further reduces the risk of problemshandling all applicants from very light to very dark, independentof the lighting conditions of the room.

By Magnus Löfgren, CEO, Speed Identity

A photo is worth more than a thousand words


Biometrics

Ideally, a country or government agency creates a database ofquality-assured facial images which are as homogenous aspossible in all aspects, from illumination to background,contrast, and pose. A standardized biometric data capturingsystem with identical photo settings, illumination conditions, andbackgrounds and zero software modifications of the photo isbest served to achieve this. Standards are the essential part ofthe security document creation, ensuring that they can be easilyread and accepted anywhere in the world. The standards needto be understood and applied by everyone in the securitydocument issuance chain, from the data capture/enrolmentoffice to the document personalization process and thedatabases where the biometric data is stored for matching.

Photos for the job

A photo can have many different purposes. Photographs froma photo studio, taken by a professional photographer are oftenmeant to be aesthetically appealing, while photographs from abiometric data device have the main purpose of beingcompliant with ISO/ICAO specifications to facilitate quick,secure, and precise matching and identity verification. Bordercontrol officials and eGates don’t care about how a photo looksfrom an artistic standpoint. Applicants and enrolment officersshould realize that photo touch-up jeopardizes the wholepurpose of the biometric face image, and that the aestheticalaspects serve no purpose in the world of security and IDdocuments. When specifying requirements for a biometricsystem, there is no obligation to place the responsibility on thebest photographer in the team, and don’t consider theapplicants’ desire to look beautiful on their passport photos. Tryinstead to compare the biometric facial image with fingerprintsor iris images – their purposes are exactly the same and arenever touched up.

Compared with a professional studio setup, an integratedsystem designed for biometric purposes should offer a minimumof manual adjustments since the solution is already tuned tomeet the standards of ICAO and ISO/IEC 19794-5. Oneimportant aspect is the fact that the applicant can´t stand tooclose to the camera since the perspective of the face changeswhen it gets too close (geometrical distortion). A robustenrolment solution should have a distance sensor integrated tomake sure the distance between camera and applicant fallswithin the specifications. Seventy centimeters is normally theminimum to prevent perspective distortion. If the applicant istoo far away from the camera, there is a risk that the croppedphoto will not have a sufficient pixel ratio.

The travel document industry has been very equipment-focusedand it needs to start focusing on the outcome rather than thetechnology behind it. Before, industrial digital cameras didn’tdeliver enough photo quality, so there was a preference to usedigital consumer system cameras, allowing for huge variationsin photo settings and personal photographer preferences.Technology has evolved quickly and many industrial digitalcameras meet the ISO 19794-5 requirements today. Therequirements should be based on the desired result and thedelivered data, not the equipment behind it. Training enrolmentofficers to become professional photographers may be fun forsome, but the focus should be on governance and security,rather than photographic artistry. The industry needs tounderstand that they are buying quality biometric data, notartistic photographs.

Another significant drawback of using consumer cameras is thattheir life cycles tend to be short, with support for SoftwareDevelopment Kits (SDKs) being withdrawn from one day to thenext without notice. Industrial cameras have longer life cycles,in terms of both hardware and software. Imagine signing acontract for service or ‘system availability’ for a biometricenrollment system based on consumer components for fiveyears with optional extension. Your supplier needs to keep animpressive stock of spare cameras to be able to ensure serviceover this long time period in order not to have to swap cameramodels and make major changes to software and hardware.

Lower rejection rates with live enrolment

The process of capturing all biometric data at one time (eg facephoto, iris, fingerprint and signature) is called Live Enrolment.This method ensures that the captured data is securely tied tothe applicant while saving the applicant time, collecting all thedata in one go. To ensure that the biometric data capture systemmeets the required standards of biometric face photos it needsto have an integrated data quality assurance. The applicantshouldn’t be the one to decide the quality of their biometrics.The same goes for fingerprints, but out of tradition, applicantstend to want to look good on their passport pictures. To ensurestandards compliance, we need to use a software componentto decide whether a photo is approved or not. Integratedsoftware applications approve photos that meet standards andrefuses photos that don’t (eg hair across eyes, eyes closed, eyestilted, busy background, not centered, flash reflection on skin,redeye, shadows behind head, shadows across face, glare onglasses, shadows on face, and more).


Biometrics

Enrolment tenders should simply focus on the generation ofstandardized, homogenous ISO-/ICAO compliant face photosand leave camera specifications and possible user settings out,as this will eventually lead to non-desired results. In cultureswhere the representation of an applicant’s face is very sensitivethis is obviously a challenge but experience shows that this issomething people will get used to. If you show up in front of apassport inspector at a border control, the inspector will only tryand determine whether the person pictured is the same as theperson holding the passport. The bigger the discrepancybetween photo and holder, the bigger the risk that the inspectorwill want to check more thoroughly, which may cost valuabletime for the traveller, causing even longer queues anddemanding more government officials’ time.

Photographers can´t meet all the standard requirements withhomogenous results, since equipment, illumination, techniquesand personal touch differ from studio to studio. An obviousproblem with this approach is that most quality-assurancesoftware products have difficulties telling whether the photo has been modified or retouched to make the applicant moreappealing. It will then be the responsibility of the officer to make sure that the photo is representative of the applicant. The challenge here is to have the officer hold a sensitivediscussion with the applicant regarding the representativeness ofthe photo. The officer will then need to send the applicant awayto get a new photo which will cost time, money, and frustrationfor both parties.

Live Enrolment, where biometric data is captured by theauthorities with immediate quality control, is not only the bestway of ensuring high quality biometric data with the strongestpossible link between applicant and data, but also saves hugeamounts of time for all parties involved as it offers one-stopshopping for the document enrolment process.

In countries where the applicants bring their printed photos tothe enrollment office, rejection rates can be surprisingly high. Ifquality assurance is not handled properly at the enrolmentoffice, it will be performed by the document supplier, whoreceives applicant data and returns a ‘non-compliant’notification. Then the entire process needs to be redone, witheven greater loss of time for all involved. Or even worse, whendocuments with insufficient data quality are issued and sold tothe applicants.

With Live Enrolment and integrated quality assurance, rejectionrates are brought to an absolute minimum, while saving societyhuge amounts of resources. Live Enrolment is also the best wayof ensuring a strong link between applicant and biometric data.It is difficult to imagine an authority accepting printedfingerprints by the applicant to be scanned and used in securitydocuments. Facial photos should be treated the same way.

This article was provided by Speed Identity, for furtherinformation please visit: www.speed-identity.com

Live Enrolment station capturing face photo, fingerprints, and signature.

http://www.speed-identity.com


Biometrics

Introduction

There are many challenges facing today’s border controloperators as they seek to process increasing passenger volumeswhile accommodating the growing need for more intelligenceabout who is entering or exiting the country.

Traveler traffic at EU airports rose 4.8% in 2011 compared to2010, and this trend is predicted to continue over the next 20years, with global traffic growing some 6% annually.(1) As thenumber of travelers increases, it can be expected that it willplace greater stress on the current infrastructure at bordercrossing points due to the fact that today’s process is a largelymanual one with limited automation. Frankfurt Airport, forexample, on an average day processes 155,000 passengers.Given a standard number of border control personnel, thisplaces a heavy burden on operators to process and screentravelers in a timely and efficient manner, while ensuring acourteous experience and not missing those individuals thatrequire further processing or denial of entry or exit.

The dual objective of facilitating travel and maintaining securityrequires the introduction of new approaches and innovativesolutions to border management. The notion of automating asmany administrative border control stations as possible is anobvious solution and one that is currently being driven byFrontex within the European Union. The implementation ofAutomated Border Control (ABC) systems at a number ofEuropean airports serves as an integral part of the effort towardsa fully automated border control process.(2)

ABC Gates - all problems solved?

Automation is a key element to achieving a secure, rapid, andcost effective border control inspection process in the future.But is the current equipment for border control designed to beused in ABC gates? Is maximum security and efficiency beingachieved with the existing solution? In taking these questionsinto consideration, automation proves to be only one part of acomplex, total solution. The optimal system delivers themaximum security level in a timely and efficient fashion.

Is current level of security sufficient?

During an inspection, the border agent or ABC gate has tomake sure that the traveler belongs to his presented credential;this procedure has two steps. First, authenticating the credentialdocument itself, and second, validating the biometrics of thetraveler against the template stored on the credential’s chip. Inevaluating ABC gates’ performance in these two steps it can bedetermined that they do not conduct a thorough authenticationof the credential, thus creating security risks. This is due to

either the use of a document reader with a low resolutionoptical channel, which doesn’t allow a check of the document’soptical security features, or by not performing the ICAO PKIsecurity protocols. The first issue can be solved by simply usingdocument readers with a minimum resolution of 500ppi or higher, which is recommended, and a standard set of light sources (Vis, IR and UV). The second issue is not as simple to resolve as having an ISO 14443 compliantcontactless smart card reader is a matter of properlyimplementing the inspection system.(3) These security concernsare well-known and recognized by Frontex and there arealready good, existing examples of how to do it right, such asthe EasyPass Gates at Frankfurt airport.(3) While properlyconducting the authentication process eliminates some securityrisk, other gaps in security remain.

Almost all ABC gates currently in use support facial recognitionas part of the biometric authentication method to check if thedocument belongs to the traveler who presented it. The strengthand performance of facial recognition compared to otherbiometrics is weak, which is one of the reasons that mostEuropean Union member states introduced the secondgeneration ePassport that includes fingerprints.

As of yet, fingerprint verification is not in use and represents agap between the current levels of security and what could reallybe achieved. In order to read the fingerprint templates from an ePassport requires implementing a PKI structure as well as the protocols to exchange the necessary certificates. While all of these required implementation tasks and protocols arewell defined by the EAC (Extended Access Control) standarddefinitions, to capture the fingerprints of the traveler requiresintegration of a fingerprint capture device. While simplyintegrating a fingerprint device into the solution may seem likean easy fix, the reality is that implementation and hosting a PKIsystem for EAC is neither a simple nor inexpensive task. And forthis reason, fingerprints are currently not in wide-spread use inABC gates.

Is current technology ready for ABC gates?

For typical travelers, the current ABC gates represent a kind ofmystic technology with a high potential for a poor userexperience simply because they do not understand how to useit. Technology needs to be intuitive, much like the user-interfaceof an iPhone, otherwise the potential for confusion anddissatisfying experience is high. It is easy to see how confusedtravelers become when they attempt to place their passports onthe document reader of an ABC gate. They have littleunderstanding of how to do it correctly. While it is quite simpleto implement a solution for this problem by adding hardware toguide the document into the right position or packaging

ABC GATES – ALL PROBLEMS SOLVED? By Roberto Wolfer and Michael Weisbach, Cross Match Technologies GmbH


Biometrics

software that accommodates misaligned credentials, which areboth found in the new Cross Match Authenticator. This conceptis not only true for the document reader technology, butbecomes even more complex when capturing fingerprints.

An ABC system is, by definition, a self-service kiosk with noexplicit trained personal to advise users on how to capture theirbiometrics. Therefore it will require comprehensive userguidance, which enables even the untrained user to capture hisor her biometrics in an intuitive, efficient, and rapid manner. Inother words, the capture system must provide the best userexperience possible.

Current user guidance for fingerprint capture devices are basedon LEDs and some audible feedback but were not purposefullydesigned for self-service scenarios, but rather for an attendedor supervised capture process. Therefore existing livescandevices are not ideally suited for integration into ABC gateswithout a loss of overall gate performance and negativelyimpacting the traveler’s experience while capturing thefingerprints.

Figure 1: Examples of current UI Elements for FP capture devices

How to do it right?

Usability

Let’s have a closer look at what usability really means to atraveler in order to evaluate the usability of current fingerprintcapture devices as well of the next generation devices.ISO9241 is a multi-part standard from the International

Organization for Standardization (ISO) covering ergonomics ofhuman-computer interaction. According to the standard,usability can be defined as the combination of the followingmajor parameters:

- Effectiveness- Efficiency- Satisfaction- Learnability- Memorability

With regard to fingerprint capture devices these parameters canbe utilized as the metrics to measure the usability of not onlythe fingerprint capture device, but also the system.

To achieve the best usability it is important to consider not onlytechnologies when designing and developing the system, butalso “human” parameters such as height, age, gender,language, culture, disabilities, etc.

System Design

A technical system consists of several major design elements (4),with two of them essential to usability. They are InteractionDesign and the Interface Design.

The Interaction Design defines the communication between thesystem and the user during operation. Figure 2 shows anexample for the necessary interaction while capturingfingerprints.

Figure 2: Interaction while capturing 4 flat fingerprints


Biometrics

Where the Interaction Design defines the communicationbetween the machine and the user, the Interface Design defineshow the communication for each necessary interaction is done.For example, Figure 1 shows the interfaces of current fingerprintdevices consist primarily of LEDs – permitting limited interaction.These findings are the result of proprietary field studies, as wellas the review of several other studies, such as NIST’s “Usabilitytesting of ten-print fingerprint capture” and IEEE’s “Interactivequality driven feedback for biometric systems”.(5)

Process Analyses

Lessons learned from proprietary field studies and public studiesindicate that the key element for interaction while capturingfingerprints process is not only to provide feedback about thecurrent state, but also about the desired state. Implementing auser interface which provides feedback about the desired staterequires a completely different approach and technology thanjust providing a simple, current capture state.

It is helpful if the complete interaction process is segmented intoits atomic fundamental tasks and states, not only for the capturea single fingerprint, but also for the complete fingerprint captureworkflow. Once the complete interaction process is analyzed,the different states within the capture process need to beanalyzed. It is crucial to address not only position of fingers, butalso contrast, movement, number of fingers, and more.

The last essential step is the definition of what feedback isrequired and how to provide it for both the current and thedesired state.

A new UI approach

To provide feedback for both current status and desired statusrequires a break from the traditional Interface Design forfingerprint capture devices.

As a result of our proprietary research, the decision was madeto implement a new user interface using three fundamentalprinciples:

1. Feedback must provide a realistic view of the capture platen and must display the feedback in real-time;

2. No live image of the fingerprint should be displayed, asthis provides no valid feedback for an untrained user;

3. Instead of static symbols and text based feedback, animated real-time interaction should display on a screen, allowing the user to immediately visualize what they are being requested to do.

Following those simple design principles, the risk of misinterpretation is considerably minimized. Figure 5 shows twoexamples of the real-time feedback of the current and thedesired status while capturing flat fingerprints of the left handand both thumbs.

Figure 3: Live Feedback while capturing 4 flat fingers and thumbswith the new Guardian®

Leveraging this new user interface approach, both the latestGuardian® ten-print livescan fingerprint capture device as wellas the new Cross Match Authenticator secure credential readerdevice, are optimized for use in next generation ABC gates. Thisunique approach enables maximum efficiency and security atany high-volume border control checkpoint. This uniqueapproach allows for the processing of travelers in a minimumamount of time and improving the overall experience; reducingcycle times and costs-per-traveler; while enhancing thetraveler’s experience.

(1) Boeing, “Current Market Outlook 2012-2031 – Long TermMarket”, 2012.

(2) Frontex: “Best Practice Guidelines for Automated Border Control”

(3) eId Credentials: “Getting it right at the border” by G. HasseSecunet

(4) J. Garret: The elements of User Experiences, User –centricdesign for the web, 2003

(5) Theofanos et al: “Usability testing of Ten-print fingerprint capture” NISTIR 7403, March 2007 and Wong et al:“Interactive Quality driven Feedback for biometric systems”IEEE BTAS, 2010.

For more information please visit www.crossmatch.com

“ An ABC system is, by definition, a self-service kiosk with no explicit trainedpersonal to advise users on how tocapture their biometrics. Therefore it willrequire comprehensive user guidance,which enables even the untrained user tocapture his or her biometrics in anintuitive, efficient, and rapid manner... ”

http://www.crossmatch.com


ePassports

There’s no doubt that today’s ePassports – which make fulluse of leading-edge technologies – can both beef upborder control security and improve throughput at some of

the world’s busiest checkpoints. But the technology can providethe superior levels of security needed for the 21st century onlyif border control staff actually bother to check the digitalcertificates stored in the electronic machine-readable traveldocuments (eMRTDs).

Today’s sophisticated travel documents contain a raft ofelectronic and optical security features that are necessary forcountries to protect their borders. Optical techniques will alwaysbe important because if the ePassport’s security chip is broken,the document itself will remain valid. But electronic features thatcan be used to detect whether or not a document is genuinemust not be overlooked. The sad truth is that many systemsintegrators forget to tell border authorities about this technology,how it works and why it’s so important, creating a falseimpression of security.

Electronic security

ePassports store the passport holder’s data as data files on thechip. Data access is protected by access control mechanisms,while data integrity is protected by a digital signature suppliedby the passport provider. However, what many border authoritiesdo not realise is that if they don’t perform full certificate checksto ensure the document signing certificate is from a trustedsource, they could be letting a functioning passport that hasbeen falsified pass through their borders.

What’s more, some authorities do not know about passiveauthentication (PA), so they haven’t introduced checks at theborder. PA detects if the passport chip data has been modified.The chip holds a file that stores the hash values of all the files it contains (such as the passport-holder’s picture and fingerprints) and a digital signature of these hashes. The digitalsignature is made using a document-signing key, which itself issigned by a country-signing key. If a file in the chip (for example,the picture) is changed, this can be detected since the hashvalue will be incorrect.

With an increasing trend towards automated border controls,there is a greater need than ever to be sure that a documentisn’t a fake and hasn’t been altered in any way. The use ofautomated systems means that with the first-line inspection youcan no longer rely on your well-trained and experienced staff to

detect a fraudulent document based on a hunch, such asnoticing that the document holder is acting suspiciously orrecognising that some of the traditional security features don’tlook quite right. Instead, systems need to be put in place toensure that the document is properly checked the moment itenters the destination country. This is particularly important inEurope, where entry into one country in the Schengen areaautomatically allows free movement between other states thatare part of the scheme; just one weak border post couldultimately put the whole continent at risk.

Evolution of PKI

Many people are familiar with the general concept of public keyinfrastructure (PKI) technology. It has traditionally been used ininternet transactions, where keys need to be trusted across abroad range of users and organisational entities. This hasresulted in elaborate key certificate systems, where public keysare issued in certificates which are digitally signed by trustedissuing organisations called Certificate Authorities (CAs). Thistrust is further reinforced by higher level CAs as part of a trusthierarchy. It is also necessary to have Certificate Revocation Lists(CRLs), which indicate if a key (certificate) has lost its validity. Byrevoking a certificate and publishing this revocation in a CRL,the certificate’s issuer informs receiving parties that the contentscan no longer be trusted.

The International Civil Aviation Organization (ICAO) points outthat its operating environment is different from these commercialones. As a consequence, the ICAO has specified a customisedapproach, known as the ICAO PKI scheme. This specifies a two-layer certificate chain, enabling an inspection system to verifythe authenticity and integrity of the data stored in the eMRTD’scontactless IC. The root (highest level) CA in this scheme is theCountry Signing CA (CSCA), which authorises DocumentSigners (DS) to digitally sign the Document Security Object(DSO) on the contactless IC. The CSCA certificate is distributedbetween states. The DS certificate is published on the globalICAO Public Key Directory (PKD) and/or stored on the eMRTD’scontactless IC. CRLs are published on the PKD and exchangedbetween states.

The ICAO says its PKD acts as a central broker managing theexchange of certificates and CRLs. This central role is critical tominimise the number of certificates being exchanged, to ensuretimely uploads and to make sure technical standards areadhered to, to ensure interoperability is maintained.

By Georg Hasse, Senior Product Manager and Michael Schlueter, Head of SoftwareDevelopment, Electronic Identities, Public Sector, secunet Security Networks AG.

Certifying security


ePassports

The nuts and bolts

The introduction of eMRTDs normally means includingbiometric data as well. Just like traditional optical data, thiselectronic data has to be secured against manipulation andunauthorised access. Usually, this protection is achieved bymeans of PKI mechanisms. The backbone of the securitystructure for eMRTDs consists of two comprehensive PKIs. Whilethe ICAO-PKI ensures the authenticity and integrity of thedocuments, a second PKI, the Extended Access Control (EAC)-PKI, is needed for enhanced access security for more sensitivedata such as fingerprints. The exchange of the requiredcertificates makes modern border control highly complex.

When ICAO Doc 9303 – which contains the organisation’sspecifications for MRTDs – was initially published, it specifiedthat CSCA certificates had to be exchanged between stateswithout providing detailed specifications of how to achieve this.But during the first few years of states issuing ePassports, itbecame clear that the lack of such specifications produced awide range of interpretations and inefficient processes.

To address this, the ICAO has published a technical report onCSCA countersigning and Master List issuance. This highlightsan approach where countries create a list of received andvalidated foreign CSCA certificates. This so-called Master List iscountersigned by each country and published via the ICAOPKD, to support the distribution of self-signed certificatesbetween nations.

Trust

Only authorised organisations have access to the sensitivebiometric data (such as fingerprints) stored in eMRTDs.Therefore, the requirements for access control and communication confidentiality have been specified within the EAC-PKI.The EAC-PKI describes the security mechanisms which allow an

eMRTD to verify an access request by itself. To access eMRTDsfrom other countries, you have to be equipped with thecorresponding rights. To obtain those rights, EU countries haveagreed to accept the Czech Standard CSN 369791:2009 asthe common communication protocol.

When looking for a PKI solution, you need to choose a supplierthat can meet all the requirements for issuance, infrastructureand control. This includes the international exchange ofcertificates and other relevant information.

Whose responsibility?

The security of identity documents is the responsibility ofeveryone in the chain – from the organisation that issued themto the border control official who checks them and allowstravellers to enter a country. The chain is only as good aseveryone involved in it – and any weaknesses can be easilyexploited by criminals.

Modern ID documents which digitally store personal data onan integrated RF chip make the prospect of automated bordercontrols establishing mobile controls quite feasible. But beforethese new processes can be implemented, 194 states worldwidemust exchange information – such as certificates – with eachother and details of an estimated one billion flights per year, aswell as land and sea travel. Each nation keeps a list of thesecertificates. For example, Germany’s 15 August 2013 MasterList contains 141 CSCA certificates and CSCA link certificatesfrom 54 countries, and is also used by other countries.

ePassport PKI in a nutshell

Understanding how the various components of PKI technologywork in ePassports is essential to understanding how and why itshould be adopted.


ePassports

The general access protection for the data stored inside the eMRTD is implemented by the BAC or PACE mechanism.Using these protocols, a secure communication channel isestablished and the data printed on the document is needed toaccess the data.

EAC-PKI

Extended Access Control (EAC) provides additional securitymechanisms to ensure that only authorised organisations cangrant access rights to Inspection System (IS) for specific sensitiveeID data, such as fingerprints.

These access rights are granted by card-verifiable certificates(CVCs). Their three-layered infrastructure consists of a nationaltrust anchor (Country Verifying Certificate Authority/CVCA) thatis connected to authorized Document Verifying CertificateAuthorities (DVCAs). DVCAs issue short-term IS certificates tothe actual inspection system.

For international EAC certificate exchange, a centralizedinterface called the Single Point Of Contact (SPOC) has beendefined. The SPOC receives certification requests from foreigncountries and connects the DVCA to the corresponding CVCA.

ICAO-PKI

The authenticity and integrity of an eID can be checked byverifying its data’s electronic signature. The ICAO hasintroduced the mechanism used for this validation: passiveauthentication (PA). A complete PKI with the CSCA as thenational trust anchor and the DS as the document manufacturerhas to be provided. The exchange of certificate data can beprocessed via the ICAO-PKD.

Choosing a partner to provide software products for PKI meansselecting a company that fully understands all those issues. Thismeans finding a partner that can supply ICAO-PKI-relatedproducts such as CSCA and DS services, as well as componentswhich fulfil the requirements of the EAC-PKI, such as CVCA andDVCA services.

Speed

Checking certificate validity is a quick process. According to theresults of Germany’s EasyPASS automated border controlscheme, the average time taken to read and check ePassportdata using both optical and electronic checks is just five – sixseconds. What’s more, electronic document checks provedreliable, with less than 0.1% of travellers rejected due to thefailure of the checking system. The availability of CSCAcertificates is central to this. As those involved in the pilot pointout, it is necessary to have a combination of different checks to ensure the border control process is secure, and fully

Name Purpose

Country Verifying CertificationAuthority (CVCA)

The base of the EAC infrastructure. It issues the CVCA root certificates as well any DV-certificates.

Single Point Of Contact (SPOC) As a centralised interface, the SPOC allows certificate exchange within the EAC PKI.The international level is defined by the CSN 369791:2009 standard, while thetechnical guideline BSI-TR-03129 handles the national communication level.

Document Verifying CertificationAuthority (DVCA)

The EAC infrastructure requires at least one instance of a DVCA. The DVCA issues IScertificates to any associated document-reading system. The DVCA supports allcryptographic algorithms to ensure full interoperability with foreign and nationalCVCAs.

Inspection System (IS) The actual reading system that performs the document verification procedure. The IS isresponsible for performing all security mechanisms (especially passive authentication).

Terminal Control Centre (TCC) The TCC is a specialized variation of an IS. The centralized TCC implements theprimary security mechanisms such as passive authentication and EAC terminalauthentication to reduce the complexity of the verification process. The actual readingterminals are connected to this centralized system.

Country Signing CertificationAuthority (CSCA)

The CSCA serves as the trust anchor for the ICAO-PKI. It issues a country rootcertificate as well as the DS certificate for organizations issuing eIDs.

Document Signer (DS) The DS is responsible for the creation of digital signatures which ensure theauthenticity and integrity of the electronic data stored in the eID. Its main purpose isthe creation of a digital signature to ensure the document’s data integrity andauthenticity.

PKI glossary

ePassports

checking eMRTD electronic security features ensures a high levelof reliability.

The technology in action

The Latvian Ministry of Interior is renewing its existing PKI forePassports and issuing new national ID documents. As part ofthis project, the PKI is being extended with a centralinfrastructure for checking the validity of these documents. As aresult, the new system enables eID documents to be issued, andto be verified at border controls and Latvian consulatesworldwide. The integrator is using a solution that provides thecomplete range of functions required for the Latvian nationalPKI: it includes the systems needed for issuing national identitydocuments that conform with international ICAO regulations aswell as the EAC-PKI components used to verify internationaleIDs. The product’s flexible design means it fully meets thespecific requirements of the Latvian government, while at thesame time providing a secure and reliable system.

Summary

The current document verification process shows the importanceof comprehensive use of the security mechanisms provided bymodern travel documents. In particular, it’s essential to properlyuse the certificate infrastructure, which is vital for reliable and

secure verification procedures (especially for passiveauthentication).

As recently stated by Dr. Uwe Seidel (German Federal CriminalPolice Office): “A modern document verification process needsto comprise state of the art electronic and optical securitymechanisms. Especially the proper implementation of “PassiveAuthentication” for proofing integrity and authenticity ofelectronic data is indispensable for a secure border control”.

The main challenge to establishing a document verificationinfrastructure is still the international distribution of CSCAcertificates. The Master List concept plays an important role in this process. It is still a time-consuming process for eachcountry to collect and validate the different CSCA certificates.Even after the initial certificate exchange, it is important that countries are notified when a new CSCA certificate is used by acountry before the corresponding travel documents arepresented at the border.

A new approach could be the provision of an independentMaster List by, for example, the ICAO or other internationalbodies such as the European Commission.

For more information email: [email protected] [email protected]



http://www.s-p-s.com



Border Control

Irecently took a business trip to New York and my experiencesof immigration security at London Heathrow and New YorkJFK airport could not have been less similar. Any regular flyer

knows to expect that no experience will be exactly the same. If you arrive on a Saturday morning, you’re going to get alonger and less efficient queue than Wednesday lunchtime.However, what struck me was the extreme difference betweenhow immigration security was implemented on either side ofthe pond.

Passengers arriving at Heathrow are given a clear choice. If youhave an e-passport compatible with the automated gates andfeel confident using them, you can do that. The machines scanyour passport for authenticity and use facial recognitiontechnology to verify your identity against your passport photo.

If you don’t want to use the machines or have an older,incompatible passport, you have to be seen by an immigrationofficer who will scan your passport and verify your identity‘manually’. Similarly, if you try to use the machine and cannot be verified, you are ushered towards an immigration officer whocarries out this standard check. It’s a relatively fast experience

on the whole, and is only really made more time consuming bylow staffing levels and unmanned booths or technical issueswith the automated gates.

The scenario at JFK was in almost the complete opposite. Firstly,there is no choice regardless of your passport type – the samesystem is used for everybody. Each passenger has his/herfingerprints (thumb and forefinger) scanned and stored in adatabase. They then have their photograph taken and areassessed by a facial recognition system. Once this is complete,their passport is checked thoroughly by an immigration officerand scanned. Lastly the immigration officer asks someunobtrusive questions about the passenger’s reason for visitingthe US. For example, I was asked why I was visiting and whereI was headed when I left the airport.

This approach can fairly be considered best practice as it carriesall the benefits of using the latest approved authenticationtechnologies as well as allowing the professionally trainedimmigration officers to study the body language of thepassenger and conduct a more thorough check of thepassenger’s personal details and history. Despite this, it can be

ARE IMMIGRATION SECURITY PRIORITIES JUST COMPETING, OR CONFLICTING?

By Andrew Gilbert, Business Development Director, Ingenia Technology

“....... a multi-layered approach is essential to national security“....... a multi-layered approach is essential to national securityenforcement and people must be nurtured into accepting theenforcement and people must be nurtured into accepting theprocess they are expected to endure for the sake of their ownprocess they are expected to endure for the sake of their ownsafety. However, the technologies within this multi-layeredsafety. However, the technologies within this multi-layeredapproach must add value to the process as well as speed it up.”approach must add value to the process as well as speed it up.”


Border Control

extremely time consuming depending on the volume ofpassengers arriving at one time.

So, the question I would like to pose, having waited one hourand forty-five minutes to pass through immigration at JFK (aparticularly extreme experience) is whether there is a middleground?

Modern technology should make the process faster

Most people know deep down that security has to be the priorityand as someone who has worked within the security industry forsome time, my personal view is that a multi-layered approachmust be taken to any kind of authentication – whether it’speople at immigration security or products in a supply chain.

However, for business people being kept from importantengagements and holiday makers that want to get through theairport as quickly as possible after a long flight, the allure offeeling secure is eroded by what can be an extremely long andarduous process.

When it comes to speed, the model used at Heathrow is ratherpainless and certainly more extensive use of modern technologies can bring significant benefits to the immigration securityarena. It can decrease the possibility of human error andprovide a more accurate way of tracking the history of peopletravelling regularly or those suspected of criminal activity.

However, while new technologies can increase the speed of the process we should be clear that there are potentially some flaws in a system where passengers are barely exposed to interaction with human law enforcers. The electronic passport scanners check the photo page of the passport forlegitimacy and verify that the person using the document is whoit says they are. What they do not do is provide additionalinformation on that person, or indeed the secure document,such as whether the person is supposed to or allowed to bewhere they are and indeed whether the rest of the passport is alegitimate piece of documentation.

Actually, it’s important for immigration officers to be involvedin the process too. It is not simply a case of making sure theperson looks like the photo on their passport. These are trainedprofessionals who can tell from a person’s body language andmannerism whether they should be questioned further. This isone of the reasons for the seemingly innocuous questioning atJFK. Officers can also authenticate the entire document forlegitimacy and highlight any discrepancies within it, as well asscan it against an electronic passport reader. Furthermore, thehuman officers can use any intelligence that has been passed

onto them of whether any passengers on the flight are suspectedof criminal activity or whether they should be ‘watching out’ forany particular people.

There is no getting away from the fact that, time consuming as it is, the JFK model covers all the bases that we can currently cover and that security processes that do not combine both technology and human intelligence do notadhere to best practice.

The problems with a fully integrated approach

However, while such a fully integrated approach may be bestpractice, it is important to recognise that there are other factorsthat need to be considered when attempting to find the bestbalance between providing the highest possible security andspeed and convenience for passengers. In particular it is notjust the people waiting in line who know full well that they havenothing to hide who are likely to be annoyed by excessivewaiting times at immigration.

Airport operators ideally don’t want people to be held up soseverely for a number of reasons. A security process as stringentas the one used in New York slows down throughput massively,which has a knock-on effect on flight operators, airport basedbusinesses and the local tourism economy.

For flight operators, although the immigration security experience is nothing to do with them, from a customer serviceperspective, customers may naturally associate them with a poorexperience. So, even if they don’t put a foot wrong, the passenger may well leave the airport on the other side feeling thatthey have not had the flight experience they were hoping for.

Increasing the amount of time passengers spend in immigration,cut off from the rest of the airport, is also an issue for airport-based shops looking to entice the high footfall of potentialcustomers with duty-free prices and convenience items. If it onlytakes 10-15 minutes to pass through immigration, passengersare far more likely to allow themselves to be distracted by ashop they pass by. The longer they spend at immigration, themore they are likely to want to get out of the airport as soon aspossible, especially if they have been made late for anengagement or have pre-booked travel arranged. If storesbegin to see the value of locating at certain airports because ofthese issues, the airport operators stand to lose out.

Similarly, the airport itself has a customer service commitmentto uphold. Whether people see that strict security measures arefor the greater good or not, a bad experience is a badexperience and it will soon show financially if people avoidtravelling to certain airports for fear of standing in theimmigration area for what seems like an eternity. Again, flightoperators can be selective about what airports they basethemselves in, and they are likely to opt for the most popularlocations for their own financial gains.

Potentially the most important reason is that airport operatorshave their own budgets to work to and may not be able to justify the expense of a fully integrated approach. Investing inmodern technologies may have to come at the expense of

“ Using cutting-edge track and trace technology tocomplement the current facial recognition orbiometric systems can not only provide a moresecure way of authenticating a secure document,but also speed the process up. “


Border Control

immigration officers, the same as airports already employing alarge, competent team of professionals may not see the benefitsof embracing new authentication technologies. Both systemsalso come with their own pitfalls in terms of cost. Employinghuman beings means booths will be unmanned while membersof staff take breaks and that resources may be stretched whenstaff take holidays or sick leave. On the other hand, electronicsystems need constant maintenance and must perform reliablyin order to achieve a return on investment in terms of timesaving and competency.

Addressing the need for speed and security

Despite the potential ‘costs’ associated with a fully integratedmulti-layered approach in terms of passengers’ time and airportoperators’ budgets, the issues of security, counter-terrorism andborder control are not to be taken lightly. It’s easy to forget whenyou’re standing in line for an hour that actually these processesare in place for a very good reason. Counter-terrorism andimmigration control are sensitive issues and international bordercontrollers are under pressure from national governing bodies

to provide the greatest level of protection against external andinternal security threats. It’s not about adhering to a process fullof red tape, but the safety of a nation’s citizens and indeed thosewho are travelling. Ultimately, it should be recognised that theeffectiveness of national security is in the best interests of a greatdeal more people than the speed of which it is enforced.

Perhaps a greater deal of transparency is required from thebodies enforcing these security measures as to why they arenecessary to educate the general public about the issues beingaddressed by security processes. If more people actively boughtinto the checks being made and lobbied for security processesto follow best practice, exceptionally arduous experiences maybe accepted more willingly. It is also important that universalstandards are agreed on so that travellers know exactly what toexpect everywhere they fly.

However, the issues with the approach taken at JFK and similaroutlined above are legitimate ones and there is also a publicduty to ensure security measures are carried out efficientlyenough to ensure people are not being unnecessarily delayedor deterred from flying to certain airports or indeed at all.

Existing technology systems, in my opinion, are not yetsophisticated enough to completely replace the role of a highlytrained immigration officer. In fact, that point is still probablyquite some time away. It is important that immigration securitymeasures consider as much information as they have availableto make an informed decision on who is coming in or goingout of a country. The facial recognition systems being used rightnow do not assess enough. It is important that secure documentation is authenticated and tracked as completely as the humanbeing it is assigned to.

Using cutting-edge track and trace technology to complementthe current facial recognition or biometric systems can not onlyprovide a more secure way of authenticating a secure document, but also speed the process up.

For example, there are already technologies availablethat can identify whether a secure document is legitimateor not and exactly which document it is based on aunique digital signature developed by its surface structureat a micro level. By tracing documents in this way at anindividual level, combined with biometric authenticationtechniques such as facial recognition and fingerprinting,it is possible to determine not only whether a documentis authentic, but also that a specific document belongs toa specific person and whether the entire document hasbeen previously passed as legitimate.

As databases grow more sophisticated and searchable,further information attached to these secure documentscan be stored and assessed more efficiently and securely.This provides immigration officers with more informationon which to base their judgement or a person’s legitimacyand ultimately help them do their job faster and moreeffectively. While stripping away immigration officerscompletely is actually subtracting a vital layer of security,it is possible to add layers that help them carry out theirpart of the process far more quickly and assuredly.

To conclude, a multi-layered approach is essential to nationalsecurity enforcement and people must be nurtured intoaccepting the process they are expected to endure for the sakeof their own safety. However, the technologies within this multi-layered approach must add value to the process as well asspeed it up. The authentication of secure documents should betaken as seriously as the person itself, and new technologiesshould be embraced to carry out fuller checks of documentationand provide immigration officers with as much information aspossible for them to work with.

For more information email: [email protected],visit www.ingeniatechnology.com/ or tel: + 44 207 256 9231


http://www.ingeniatechnology.com/


Holography

The first metallised hologram to appearon an ID document was in 1984 onUnited Nations’ passports – these weresimple authentication devices on thecover – quickly followed by passports forBrunei and Iraq, where the hologramappeared inside the passport, but still asan authentication device as opposed toprotection for the personal data.

It wasn’t until the 1990s that the first all-over transparent hologram appeared ona passport, this time on passports heldby United Arab Emirates’ nationals. Inthis instance, the hologram was used notonly as an authentication feature butalso to protect the bio data containedwithin the passport. This required thedevelopment of new techniques for highrefraction index (HRI) coating of thehologram. This marked a turning pointbecause from this time onwards thenumber of passports issued withholograms as a laminate to protect thebiodata page as a combined protectionand authentication device steadilyincreased, so that now there are very fewrecent issues that use a hologram only asan authentication device.

In 1999, the European Union draftedsecurity standards for passports which, in2004, were incorporated with ECResolution No 2252/2004 for minimumstandards. These stipulated that ‘Anoptically variable (OVD) or equivalentdevice, which provides the same level ofauthentication and security as currentlyused in the uniform visa format, shall beused on the biographical data page andshall take the form of diffractive structureswhich vary from different anglesincorporated into the hot-sealed or anequivalent laminate (as thin as possible)

or applied as an OVD overlay, or stickerson a non-laminated paper inside page(as metallised or partially demetallisedOVD with intaglio overprinting) orequivalent devices’.

Another major driver for the inclusion ofholographic technology on ID documents came in 2002 when the ICAO(International Civil Aviation Organisation) specified that passports shouldfeature optically variable devices likeholograms to combat counterfeiters,particularly in the wake of 9/11. MRTD

It might be more than 65 years since the invention of the hologram but today the technology remains a potentweapon in the ongoing battle against the counterfeiters and organised criminal gangs seeking to takecontrol of a multi-billion dollar trade in illicit passports, driving licenses and other fake ID documents.

Ian Lancaster, general secretary of the International Hologram Manufacturers Association (IHMA),charts the rise of ID holograms over the last three decades since the first passport applications before turningthe spotlight on some of the latest developments which will ensure holography remains a relevant andadded value solution well into the future.

Innovation drives hologram ID document protection


Holography

(Machine Readable Travel Documents) of ICAO Doc9303, Part1 Passports, 6th Edition. This states that ‘When the biographicaldata page of a passport book is protected by a laminate oroverlay, an optically variable feature (preferably based ondiffractive structure) should be integrated into the page. Such afeature should not affect the legibility of the data…The inclusionof a diffractive optically variable feature is recommended toachieve an enhanced level of protection against reproduction’.

So with the regulations governing passport standards within theEuropean Union specifying holograms, plus ICAO alsostipulating an optically variable device, more and more thetechnology is appearing as one of the front line weapons inthwarting passport counterfeiting, with the majority of thesebeing the diffractive version. Today an estimated 80 countriesfeature holograms on their national passports, and accordingto a survey conducted by Keesing Reference Systems andpresented in Dubai in last year, 55 % of passports now use anOVF – optically variable device - to protect the data onpassports, and of this 67% are DOVIDS.

The overall production of passports is estimated to be 150-300million per year. This may fluctuate annually, but is undoubtedlyset to continue growing as populations increase, and escalatingnumbers of people travel abroad. This allied to the fact that allICAO member countries must now issue MRPs with ICAOrecommending the use of OVDs, all but guarantees a growingmarket for holograms. Local factors will also see growth in thenumber of passports, such as the requirement for travellersbetween the USA and Canada to have a passport, not just adrivers’ licence or other ID as had been the case up until not solong ago.

Security shield

The role of a hologram on a passport and other identitydocuments is principally to shield against the forgery of thephotograph and personal data, otherwise known as the‘variable information’. However, the ability of the hologram toprovide effective protection lies in the continuous innovation,invention and evolution of holographic techniques. Both opticaleffects and material science techniques have createdauthentication devices that are easily recognised yet difficult tocopy accurately. They can be safely integrated within theproduction process and stand up to the rigorous demands ofbeing in use for a period of anything up to ten years.

Of course virtually anything can be copied, and the holographicindustry continues to work hard to get the message across thateven the most sophisticated holograms can be reproduced tosome extent. The real debate is just how accurately canholograms be copied? The answer is not very accurately at all,and this is where the real value of holograms designed forsecurity applications should be appreciated. The intrinsicfeatures of holograms mean that the techniques and visualeffects make it difficult to copy 100% accurately an authenticsecurity hologram. This has ensured their success – thedocument they protect may have been counterfeited but,whereas it can be relatively easy to simulate the effects of otherovert features, a poorly copied hologram is more often than notthe tell tale sign that all is not what it appears. Because a passport is probably the most important identificationdocument, authentication alongside the protection of personaldata (name, date of birth and photo) must be guaranteed.


Holography

Effectively, holograms serve not only as a deterrent and securemeans of protection and authentication, but also as a warningthat it might be counterfeit. Therefore, a hologram is not solelyto prevent counterfeits but acts as an effective detection device,making it easier for the trained eye to distinguish the legitimatefrom the fake.

Passport production and critically, personalisation is exactingand has proved technically challenging for the holographicindustry. However, it is one that manufacturers are respondingto, with recent developments including a whole new generationof personalised photopolymer holograms which match the biodata contained within the passport.

One example of this is an innovative new technology fromHologram.Industries called HoloID® which combines IDsecurity with high speed in-line holographic personalisation.Utilising advanced photosensitive material to create uniquecolour patterns and animations, the technology provides precisecontrol and colour modulation to create portraits, among other features. The information is recorded in the holographic laminate and the printed data on the substrate,providing an extremely high primary level of security that isvirtually impossible to falsify. At a secondary level, data in the electronic chip also matches with the holographic andprinted information to provide an extremely high level of securityand authentication.


Also making an impact in the battle for greater ID documentsecurity is Hologram.Industries’ DID® visual security device.Visually quite different from traditional holograms, this is a zero-order optical nanostructure combined with thin films. This isbasically a 2 colors diffractive image appearing at the directreflection angle which permutes when the document is rotated90°. The technology has so far been adopted by around 20countries around the world, including China last year, meet therequirement by authorities for a very easy to use but extremelydifficult to imitate security device – to date, there has been noreported attempts to counterfeit the technology or even imitateits colour permutation effect.

We are also seeing smart, or e-passport solutions, coming tothe fore which combine print, optical and electronics securityfeatures to ensure authenticity and user flexibility. These complywith the requisite standards for international travel IDdocuments and have overt and covert security features such asvisa pages containing custom paper and bespoke designs tocombat counterfeiting. Optaglio’s OVMesh™ is an example ofthe latest generation of metallic holographic micro system ofprotection for e-passports as well as other documents such asID cards and driving licenses against the threat of counterfeit.

This advanced technology can be incorporated as an integralpart of the overall design. It features materials and a structurethat combine to form a level of protection that also offersgreater scope for the design of security features in accordancewith the overall document design.

We are also seeing the development of holographic technologythat provides documents with visually appealing features,coupled with added security. Here, technology like 3M’stransparent hologram security laminate can offer protectionagainst any attempts at counterfeiting or alteration. It shows afaint holographic image that indicates tampering while alsoproviding protection against the wear and tear of everyday use,ensuring that printed information is readable and usable for thedocument's intended life.

The Kurz KINEGRAM® is an example of how the industrycreates innovative anti-counterfeiting solutions based onestablished and successful products. In particular, there aredevelopments to use the technology to link with and protect theRFID chips now used on passports to improve security levels.One approach is to use a metallised KINEGRAM®/moiréimage combination with a transparent window. Here, when thedata page of the document is tilted back and forth about thehorizontal axis, the projected letters ‘OK’ are seen to move upand down with adjacent columns moving in opposite directions.Although the contour-based letters “OK” show strong contrastwith respect to the background, these images cover very littlesurface area and therefore allow for sufficient see-throughtransparency to see the chip. Any attempts to physically tamperwith the chip module would then become immediately evidentthrough the destruction of the KINEGRAM® structures.

Another method is to use semi-transparent KINEGRAM®elements with appropriate diffractive structures both above andbelow the chip module so that when the card is viewed fromthe top with back-light, the chip module can be inspected for

evidence of tampering or damage. This effect relies on theinteraction of the two DOVIDs placed on either side of the chipmodule. The upper foil DOVID is demetallised into a patternof opaque and transparent linear raster, while the lower foilDOVID is demetallised into a pattern of opaque andtransparent areas which forms images when viewed intransmission information layer. In the example shown, a DOVIDwith a fine raster of metallisation appears opaque when lightingcomes from above, however, when back-lighting is used, apattern of stars is seen in transmission along with a shadow ofthe chip module. Therefore, any attempt to physically accessthe chip module from either side of the document will becomevisually evident.

Elsewhere, OpSec’s Holofuse™, a previous winner of theIHMA’s ‘Best Applied Security Product’ category at theExcellence in Holography Awards, is a holographic securitylaminate layer for PC ID cards. It therefore requires noadditional card manufacturing stage, and the material bonds atthe molecular level. It thwarts ID and passport counterfeitingbecause the holographic layer is essential and cannot beremoved from the rest of the card. Another interestingdevelopment comes from Centro Grafico DG whose OPSpassport protection system provides passport data pageprotection. The system is constructed as super-thin polymericmembranes, which are specially formulated for infilling bycolour laser printers: after welding these membrane on datapage, it becomes practically impossible to alter personal datawithout destroying it.

Future challenges

It’s clear that holography continues to demonstrate anunquestionable ability to adapt and move with the times,remaining a highly effective and competitive counterfeitingdeterrent, protecting not only the integrity of identity documentsbut adding real value in through more scope for design,functionality and user ease-of-use. The challenge remains, asever, for manufacturers to respond to changing customerrequirements and keep one-step ahead of competingtechnologies through research and development andinnovation. If the evidence of the last few years is anything to goby, then the future for holography in ID document securityremains assured.

The International Hologram Manufacturers Association (IHMA)is made up of nearly 100 of the world's leading hologramcompanies. IHMA members are the leading producers andconverters of holograms for banknote security, anti-counterfeiting, brand protection, packaging, graphics and othercommercial applications around the world. IHMA membercompanies actively cooperate to maintain the highestprofessional, security and quality standards. More atwww.ihma.org

Issued on behalf of the IHMA by Mitchell Halton Watson Ltd.For further details contact Andy Bruce on +44 (0) 191 2331300 or email [email protected]

Holography

http://www.ihma.org



Mobiles

iOS and Android devices have started a megatrend in mobilesecurity – and the driving force is the user. Smartphone andtablet users are fascinated by how these tools revolutionize theirpersonal and business lives.

But the harsh reality is that corporate data is not secure onmobile devices. Smartphones and tablets get lost or aretargeted by hackers, and data communications often take placein unsecured public spaces (such as airports). Moreover, existingsecurity measures often do not provide adequate protection.The challenge for IT departments at the enterprise level is tocreate a protected area on mobile devices to hold importantbusiness data and reliably protect this valuable resource againstunauthorized access.

Even when employees are banned by their companies fromaccessing business data with their iPhones and iPads, they stillfind ways of doing so by using, for instance, private emailaccounts or online services such as Dropbox. They often simplydo not understand the security risks associated with doing this.What is needed is a controllable solution so that business datais accessed in a secure way.

Enterprise IT executives may find themselves dreaming of a dayin the future when ‘smart cards’ will provide a genuinely securesolution that allows user-friendly access to confidential companydata and sensitive information using mobile devices with thesame level of protection afforded on the desktop. Fortunately,thanks to the latest hardware and software developments inauthentication technology, that dream is now a reality.

Meeting mobile security challenges

What is it about mobile devices that, more than anything else,keeps enterprise IT executives awake at night – especially intoday’s increasingly ‘bring your own device’ (BYOD) environment?

No doubt, the biggest security worry about mobile devices forenterprise IT executives is how to be sure that a device is in thesafe hands of the right person. Are the actions being performedon that device authorized? Another concern is maintainingsecure communications when mobile devices are connectingwith WiFi.

These concerns translate into three main mobile securitychallenges:

• How to authenticate who is able to access enterpriseinformation;

• How to ensure the security of enterprise data; and

• How to keep the back-end of the system secure.

Today we are dealing with a host of BYOD devices, includingsmart phones and tablets, which are not standardized and muchmore difficult to integrate. In fact, with so many operatingsystems and data platforms, it is no longer possible to maintainstandard integration and data profiles. There is mountingpressure on IT enterprises to find a way to integrate and managethis proliferation of mobile devices.

By Dr Raoul-Thomas Herborg, CEO, Virtual Solutions

and Patrik Lindeberg, COO, Precise Biometrics

Enabling secure use of

mobile devicesat the enterprise level


Mobiles

But the shift in the mobile communications industry towardincreased convenience and personalization is hard to stop andorganizations are looking for a way to work across all platformsand tie convenience to security.

Effective enterprise-level management of mobile devices mustdo more than allow for various security levels and ensure end-user authentication. It also needs to maintain the quality ofend-users’ experience by integrating work and personal digitalspace on a single device and providing ease of use andconvenience. At the same time, mobile device managementmay also have to handle persistent data across multipleplatforms and protect end-users’ private information.

Finally, managing mobile devices means being prepared tosupport further expansion of BYOD initiatives in the future.

So what is the answer? Delivery of secure access and servicesto mobile devices depends on application of strong multi-factoruser authentication. Proof-positive authentication should becomprised of some combination of what you know (passwordor PIN), what you have (ID card or token) and who you are(biometrics). The more factors, the stronger the authentication.

Passwords alone are inadequate because they can be so easilycompromised. While solutions combining password/PIN andID card/token are often considered strong enough, onlybiometrics can provide absolute proof that a person is who theyclaim to be. Fingerprinting is the most common biometric,strongly supported by standards developed by organizationssuch as the National Institute of Standards and Technology(NIST) in the US. Ultimately, only multi-factor authentication canprovide the level of ‘anywhere, anytime’ identification assurancethat this person has the right to access this data from this device.

The good news is that the much-needed mobile authenticationsolution at the enterprise level is based on a commonly usedsecurity tool – the smart card. The secret sauce mixed with thesmart card combines equal parts PIN/fingerprint reader and amobile app that brings business information securely to themobile device.

Making the case for anywhere, anytimeauthentication

One approach now being rolled out is to use a casing, such asthe Tactivo casing for smartphones and tablets, which enablesmulti-level authentication for mobile devices – anywhere andanytime – based on familiar smart card technology. This is thehardware side of the enterprise-level security solution sourgently needed by corporate IT departments.

Tactivo is a combination of smart card and fingerprint reader foriOS and Android devices. Connected directly to the device anddesigned specifically to complement the Apple or Androiddesign, the case provides both a smart card and fingerprintreader to protect against unauthorized application access.Together with special purpose apps, Tactivo enables companiesand government agencies to maintain a high-level of enterpriselevel authentication and security when employees use mobiledevices to access sensitive information.

Technologies such as this makes the end-point – smartphone,tablet or other mobile device – a trusted access point. It enablesconvenient security, making it easy to pick up the iPhone oriPad, swipe a finger and authenticate the device. By using publickey infrastructure (PKI) and a smart card certificate, thistechnology provides the strong front-end authentication neededto establish secure access to the enterprise network data center.

iOS toolkit extends range

Taking the technology a step further, an iOS toolkit for Tactivoenables developers to implement self-contained authenticationor integrate with third-party identity managers and serviceproviders. As a result, this can be used with a virtually unlimitednumber of apps. The iOS toolkit enables iOS app developersto integrate smart card or fingerprint authentication, or both.Smart card and fingerprint functionality can be integratedseparately or together to replace passwords or PINs, enhancingconvenience and increasing security. App developers can alsocombine these authentication methods with other iPhone andiPad features such as GPS.

The Precise iOS Toolkit has a simple API and, to ensure shortdevelopment time, sample implementations for smart cardintegration and fingerprint enrolment/verification are included.

This functionality can be directly integrated into other apps.

Taking enterprise-level mobile security to anew level

Precise Biometrics has integrated the Tactivo smart casing forthe iPhone and iPad with SecurePIM, an enterprise iOS secure-container app developed by Munich-based software developervirtual solution AG. SecurePIM consists of five modules: Mail,Calendar, Contacts, Secure Browser and Documents. ThePrecise iOS toolkit is the enabler that brings Tactivo hardwareand SecurePIM software together, taking mobile security to theenterprise level with surprising ease.

Simply put, SecurePIM is an app on the mobile iOS device thatputs all business functions at the users’ fingertips. They canaccess business emails, contacts, calendars and documentscentrally without having to switch apps. All data is stored inencrypted form inside the secure container. SecurePIM’smodular design means users can attach documents to emails oradd appointment details contained in emails to a securecalendar with a tap of the finger.

SecurePIM stores all company-related information inside asecure area on a mobile device.Business data is, therefore,reliably isolated from personal data. This meets the stringentrequirements of the German Federal Data Protection Act byensuring that personal and business data are stored andmanaged separately from one another. SecurePIM also includesthe Mobile Application Management Portal that lets the ITdepartment easily control and configure the access to data.

SecurePIM provides a secure way of accessing data in abusiness environment using an iPhone or iPad without restrictinguse of those devices. Employees can access their business


Mobiles

emails, contacts, calendars and documents centrally all fromthe same app. This personal information manager is asstraightforward and intuitive to use as one would expect from anapp running on an Apple device.

How SecurePIM maximizes smart card security

All data inside the SecurePIM container is strongly encryptedusing soft certificates or in the high security version with smartcards. Enabled by the Tactivo smart case, smart cards areintegrated into SecurePIM to execute decryption and encryptioncommands directly on the smart card. The smart card is alsorequired for authentication. Hence, without the smart card it isimpossible to access the stored data on the mobile device.

The user must insert the smart card into the smart card readerwhen the application starts. Only after the user has entered theassociated PIN to authorize the smart card for cryptographicoperations will it be possible to use the app. Depending on thesmart card’s configuration, the card will be blocked after thePIN is entered incorrectly a predefined number of times. If thecard is removed, it is no longer possible to use the app.

All data including emails, documents and contacts is stored inthe hermetically isolated SecurePIM security container with thehelp of strong encryption algorithms based on the user’spersonal key. Authentication in SecurePIM is by password inputin accordance with the enterprise’s internal guidelines. At thehighest security level, authentication and decryption areperformed using a smart card (ISO 7816). This makes accessimpossible, even in the event of theft of the device, withimmediate deactivation of the network link.

A fully integrated solution

Because SecurePIM is integrated in the enterprise infrastructure,it offers a number of levels of security:

• Email can be encrypted according to the S/MIME standard.

• Personal and business contacts or calendar entries are keptstrictly separate and synchronized with enterprise-widesystems. Not only is SecurePIM completely integrated withMicrosoft Exchange servers, but it also provides fullintegration with Microsoft Sharepoint. SecurePIM alsointegrates into the PKI, which operates as an authenticationchannel correlating user identities with each person’s secretand unique code or password.

• An integral web browser permits secure access, with strongencryption, to web-based applications – for example, aninternal customer relationship management system.

• Documents can also be used off-line on the mobile device.They are encrypted at all times and comments can beadded to them. Access to internal document managementsatisfies the very highest security standards.

All of these modules require no compromises in terms offunctionality and usability in comparison with the standard appsfrom Apple. Because SecurePIM is strongly oriented on Apple

standards, high usability (on a par with standard apps) as wellas outstanding user acceptance are ensured.

In addition, SecurePIM can be adapted to enterprise-specificrequirements and policies. SecurePIM does not requireproprietary hardware or complex IT infrastructure and can beeasily integrated into existing mobile device management(MDM) systems. In addition, the app provides a framework forsecurity and back-end integration that permits implementationof individualized apps.

Mobile application management

The Mobile Application Management Portal lets a company’s ITdepartment centrally manage and configure the SecurePIM appon all the mobile devices used by each individual user. And ifworst comes to worst, all enterprise data stored in SecurePIMcan be locked immediately. Any personal data stored on thedevice, however, remains unaffected by this. Since the serversupplies all the necessary settings centrally, the task ofintegrating SecurePIM in the company’s IT infrastructure cannotbe simpler.

Because of the strict separation of business and personal dataon the mobile device, SecurePIM reliably respects the guidelinespertaining to the protection of employee data. The user has fullpersonal use of his or her mobile device while the MobileApplication Management Portal ensures the company retainscomplete control over all enterprise-related data and canenforce its internal security policies.

The takeaway: A triple win

At times, mobile security at the enterprise level seems like a no-win situation for corporate IT directors. On the one hand, usersof iOS devices want access to both personal and businessinformation without having to change anything. On the otherhand, corporate IT departments have serious concerns aboutmixing personal information with sensitive enterprise networkdata.

But now, thanks to the integration of smart card hardware andauthentication software a triple win in enterprise-level mobilesecurity is achievable. It is now possible to achieve enterprisesecurity that encompasses:

• Authentication;

• Encryption; and

• Back-end protection.

Thankfully, this means enterprise IT executives can, at last, resteasy about maintaining maximum security at the enterprise level without creating inconvenience for iOS and Android device users.

For more information please email [email protected] or [email protected]






Mobiles

By Jay Meier, vice president of Corporate Development, BIO-key


Mobiles

The evolution of PrivilegeEntitlement & Access ControlSystems toward a single userprofile for multiple servicesacross multiple devices

“Our passwords are failing us.” said Michael Barrett, PayPal’sChief Security Officer. He’s not alone. According to the Verizon2013 Data Breach Investigation Report, roughly 76% of all databreaches were enabled by weak credentialing and userauthentication. Thus, we might safely say that most, if not allof our traditional security measures do little to closecredentialing vulnerabilities. If that’s safe to assume, then weneed to discuss replacing them with something that does work.Yet, in fact, according to a May 2013 whitepaper, US MobilePayments Landscape-Two Years Later, which was producedjointly by the Boston and Atlanta Federal Reserve Banks, mobilepayment services are advancing faster than expected, butwithout much regard to standards and security. The paper notes‘unresolved security and privacy issues’. It further suggestedthat ‘as the (mobile payments) ecosystem matures, it willchallenge new entrants in their ability to achieve scale andsustainability’. It further concluded ‘the need for interoperability,industry guidance and standards to ensure a secure and cost-efficient ecosystem’.

Yet, the story is bigger than that. You'll hear us repeat phrasessuch as Secure Credentialing or Privilege Entitlement andAccess Control. That's because it's actually the correct way tothink about things like mobile payments. After all, what aremobile payments? Aren't they your ability to pay, crammed intoyour phone? What are we cramming into that phone? A creditcard or debit card? What's that? A credit card is nothing but apiece of plastic, with a number written on it, which representsyour PRIVILEGE to use a pre-approved bank line-of-credit. Nowjust consider how many credentialed privileges we enjoy on adaily basis. Driving a car (driver’s license), boarding a train orplane (ticket/boarding pass), entering a building (securitybadge), international travel and immigration (Passport/Visa),accessing Government services/Entitlements (Social SecurityCard/ Medicare Card), network access and logon (Password/PIN), using a cell phone (SIM card), employment (CorporateID), education (school ID), and healthcare (health card), Web-services (SSL/PKI certificate)...we enjoy these privileges dailywithout even thinking about them and they are all represented

Secure Mobile Credentialing & Identification


Mobiles

by a credential of some sort. Of course, these privileges areextremely valuable, which is why people try to steal them ordamage them. Thus, the credent ialing system is nothing but anaccess control system designed to protect access to thosevaluable privileges. With seemingly countless data-points andfrequent news reports of data breaches, it’s hard to argue, witha straight face anyway, that what we have been using to protectour valuable online assets, services and privileges actually works.Biometrics seem inevitable.

Of course, the privileges are represented by a numeric value,aren’t they? A card number? A user ID number? (We are all‘just a number’ to them, aren’t we?). Those ID numbers arebeing digitized, but still represent the same entitled privileges.They can and are being stored in computer files within our PCs,laptops, tablets and smart mobile devices. And so, as we stepback to account for this movement, we can see the evolutionarymigration of all our credentials into our smart devices, whichare increasingly mobile. In fact, we see major technologyproviders attempting to stand up digital wallets, exactly for thepurpose of administrating those digitized privilege credentials.For sure, one day soon, all our credentials will reside in oursmart mobile devices. Those devices will communicate andguard those privilege credentials. Consequently, each mobiledevice and credential must interoperate with the multitude ofdisparate services and providers accessed by the credentialshoused in the device.

Central to any Privilege Entitlement Access Control negotiationis the concept of risk. The level of potential risk to the asset orservice determines the required level of security, including stronguser authentication, before access is granted. Further, the binarydecision to deploy strong authentication, including biometrics,is also risk based and, specifically economic risk-based, whichcan also be viewed as economic feasibility. Stakeholders won’tdeploy it if they lose money at it. The reason industry stakeholders and technology leaders have declared traditionalCredentialing & Access Control systems dead, like password/PIN, is because the expense of the frauds and breaches hasbecome sufficiently large enough to offset the cost of replacingthose systems. The risk of relying on traditional access controlmechanisms is now too high. Thus, today, the question of

‘should we upgrade our Privilege Entitlement & Access ControlSystems?’ has been replaced with ‘How should we upgradethese systems?’ Further, ‘How do we upgrade the system asefficiently as possible without compromising trust or incurringrisk?’ Further yet, just how do we do that in a distributed mobilenetwork environment? To answer that question, we mustconsider the authentication system design, in terms of economicfeasibility, liability, trust and convenience. Unfortunately, theseconcepts are perceived and valued very differently by serviceproviders than by consumer privilege holders.

Importantly, the location of the authentication transaction affectsthe risks, liability, convenience and economic feasibility for theservice provider and consumer differently. Consider that thereare effectively only two locations where the user-authenticationtransaction can occur; on the device, and/or in the cloud. Let’sconsider each location in terms of economic feasibility, risk,liability and trust.

Authentication on the device implies just that, processing theauthentication of the user on the phone. Many phonemanufacturers contemplate including fingerprint sensors on thedevice to authenticate the phone user, presumably the entitledprivilege holder associated with the credentials stored on thephone or in some data repository elsewhere. On-deviceauthentication suggests that the fingerprint comparison occurs– or is transacted – literally on the phone, with a binary resultthen transmitted securely to the service provider for acceptanceor rejection. In this case, the service provider accepts higher riskand liability, as that service provider must agree to trust any andall authentication data transmitted from that phone. This meansthe service provider has limited control of the risk and may be unlikely to accept this authentication in higher-valuetransactions. Moreover, this model may be less economicallyfeasible as that service provider must also support the potentialmultitude of disparate and proprietary authentication datasources that could be generated by any number of handsetmanufacturers, cellular operators, fingerprint sensors ormatching algorithm template providers. This could be costly toadministrate and support. However, refusing to support variousdisparate authentication systems could create inconvenience forthe potential customer, including and maybe especially theenterprise customer, requiring the customer to use a selectphone manufacturer or forgo the benefit of the service.Moreover, the customer owning multiple devices would berequired to enrol on each device and potentially for eachservice. Further still, the enterprise customer may experiencesignificant friction and cost related to upgrades and end-of-lifereplacement plans and is, thus, unlikely to invest in this model.Therefore, in our opinion, this model may be used early in theadoption cycle for strong mobile credentialing, but is less likelyto enjoy long-term or deep penetration. The system will evolveto something different.

Authenticating in the service provider’s cloud implies capturingthe biometric data on the phone and securely retrieving ortransmitting it to the service provider’s cloud, where theauthentication transaction takes place. In this case, the serviceprovider could reduce risk by comparing user-authenticationdata, captured during applicant enrolment, to data of existingcustomers to negate dual enrolments and fraud. This is not

66

Mobiles

possible when enrolling and authenticating on the phone.Further, the service provider would enjoy reduced risk bymaintaining control of the authentication process. It seemsnatural that the service provider can trust its own, in house,systems more than those owned and operated outside theservice provider’s control. Deploying a hardware and operatingsystem agnostic authentication engine in the service provider’scloud would provide complete interoperability with handsetinput devices, significantly reducing the service provider’scapital investment in multiple disparate authentication engines.This would further allow the individual and enterprise customerthe choice of handset providers, without disrupting serviceavailability, reducing friction and cost, while increasingconvenience of upgrade and end-of-life replacement. Bothconsumer and enterprise customers are likely to prefer andinvest in this model, as a result. In our opinion, this modelreduces risk and capital outlay to the service provider, whileincreasing convenience to the consumer. Further, in our opinion,this model is viable in enterprise environments, while the on-device model is not. Thus, we believe strong authentication inthe mobile credentialing evolution will emerge on-device,primarily in consumer applications, but will migrate to the cloudover time, which will facilitate enterprise adoption.

There is, however, a third design option involving a third-partyauthentication service in the cloud. In this case, the on-devicesensor captures the print, converts it to a template and securelysends it to the third-party cloud, which presumably would usethe aforementioned single hardware/operating system agnosticand interoperable authentication engine. The service providermust agree to trust binary authentication confirmation data fromthe third-party provider, but this would eliminate the need totrust more than one outside source. Otherwise, this designwould operate similarly to that of the service provider cloud-based system. Assuming the third-party authentication service

provider incorporates hardware and operating system agnostic(interoperable) systems, the consumer and enterprise customerwould enjoy open choices between handset providers, who alsowould enjoy open choices between sensor providers. This wouldreduce risk and cost to the service provider, the handsetmanufacturer and, both, the consumer and enterprise customer.The third-party authentication system would allow the consumerand enterprise customer to enrol only once, but associate thatsingle user identity with multiple services and across multipledevices, regardless of make or design. In effect, the third-party,cloud-based authentication service would allow for ‘IdentityAnywhere’ or ‘Identity Everywhere’.

Mobile payments are part of a larger Secure Credentialing &Identification evolution. Our Privilege Entitlement & AccessControl systems are migrating into the emerging smart mobilecomputing ecosystem and must satisfy both risk and economicrequirements, without excessive friction. In our opinion, themigration of these strong authentication systems, includingbiometrics, will emerge on devices in relatively cumbersomeconsumer-facing applications. They will continue to migrate tothe cloud and ultimately will largely reside and function in thecloud. Risk determinations, including economic feasibility, willdetermine whether the authentication occurs in the serviceprovider’s cloud (highest risk assurance), or in the third-partycloud (middle risk assurance), or on the device (light riskassurance). End user convenience and cost will likely drive themajority of Mobile Credentialing authentication to the cloud,especially at the enterprise level. Thus, we encourage stakeholders to consider the evolutionary trajectory of suchcapabilities and invest accordingly.

For more information email: [email protected] or visitweb: www.bio-key.com tel: +1 651 789 6116

67


http://www.bio-key.com



Mobiles

With mobile devices being used for morecredentialing based activities, the question ofmobile security is becoming increasingly

important. The mobile security landscape, however, is stillimmature, so how can service providers successfullydeliver secure mobile services today?

Smart card-based technology is at the heart of mobile devices,thanks to the SIM cards that have been installed in them for thepast 15-plus years. As mobile phones have become smarter, sotoo have SIM cards. Today, the combination of phone and cardis giving businesses many opportunities to ‘go mobile’.

Banks and other organisations, including governments andairlines are taking advantage of the ubiquity offered bysmartphone devices by developing their own applications(apps). This means that the smartphone can also double as aform of ID or a key card. Some of these store users’ credentialsand other sensitive data in the SIM card or secure element of thephone in order to allow the smartphone owner to carry out avariety of credentialing, payments and transactions activities.

Operating in a secure manner in the mobile space, however, isperhaps still considered by many to be adventurous. Yet there ismore than simple optimism driving this surge: the homogeneityof platforms affords an easy distribution channel for software,with a low entry barrier, presenting significant savings to bothapp developers and hardware manufacturers.

Today, most app developers have directed their attentiontowards the user experience, but – as is often the case – fewhave placed emphasis on security. This is partially due to thecommercial priorities of the mobile community, but also a lackof knowledge and industry fragmentation as markets cometogether for the first time to develop security standards. In otherwords, despite the widespread adoption of smartphones,operating systems (OSs) still remain relatively immature when itcomes to security.

To tackle this, technologies such as the Trusted ExecutionEnvironment (TEE) – a secure area within a mobile device thatis comprised of software and hardware to ensure that sensitivedata is stored, processed and protected in a trusted environment– are emerging. It could be some time, however, before theaverage user will actually benefit from the security thesetechnologies offer when making a transaction with theirpreferred apps.

So, should organisations that want to deploy mobile-basedcredentials refrain from using mobile devices until the securitystandards and frameworks are fully defined and agreed? Or, isthere a security strategy that they can adopt to mitigate the risksand safely deliver mobile services today?

The threats

Currently malware has some presence on Android, but is muchless prevalent on iOS. Nearly all malware operates within thebounds of requested permissions, where the user clicks andagrees to grant the app the permission it needs to performmalicious acts. Therefore, the primary attack channel is todisguise the malware as a legitimate app and advertise it in theofficial app store, where it is installed by consent.

For example, an attacker can reverse engineer existing apps,thereby adding malware to the app and then resubmitting it to the app store under a similar name. The same attacker mightsubmit 50-100 new apps to the marketplace, which look andfeel the same as genuine apps. Alternatively, rather than create its own apps, a malicious attacker might steal from alegitimate but lapsing developer to launch the attack. Typicalmalware functionality includes concealed sending of SMSmessages and calling of premium rate numbers, click diversion(for stealing advertising revenue) and a little keylogging/SMSinterception for harvesting credentials and SMS-based one-time-passwords (OTPs).

A key challenge for the mobile community is to contain the costof manufacturing apps to encourage legitimate developers toparticipate, yet successfully recognise the ‘fake’ apps.

Anti-virus

Companies looking to expand their anti-virus and protectionsoftware suites to mobile platforms have been seen todeliberately raise fears, uncertainty and point towards anextremely fast rate of malware development. The same view,however, is not held by other stakeholders within the industry.Unlike anti-virus vendors that are playing catch-up on PCmalware, mobile security researchers are very active andsurging ahead of the criminal community. While there is someevidence of adoption of research ideas by hackers, it is thegeneral view of the industry that malware within mobile securityis not that advanced. In reality, the malware development rateis comparable to the growth rate of the platform itself.

By Guillaume Forget, VP Sales EMEA, Cryptomathic

Secure Mobile Transactions – Fact or Fiction?


Mobiles

In addition to this, the trend towards more similar, closed andregulated platforms – such as Android and the iOS – is assistingmanufacturers with security as it enables them to focus theirefforts more effectively.

It therefore appears that the OSs controls are effectivelypreventing apps from exceeding their authorised permissionstoday. The major problem is the persistent challenge ofeducating users to make cautious decisions regarding whichapps to install. While user error is a threat for deploying mobile authentication in general, it does mean that users who exclusively install legitimate apps are not threatened bygeneral malware.

The threat model

Malicious mobile device hackers have a variety of goals.Foremost is monetary gain, but retribution, anarchy, curiosityand perceived public good can all be part of the motivation.The attackers can be grouped by resource levels and goals, asillustrated in figure 1.

Understanding the motivation of a hacker highlights that a goodmobile security strategy must not only defend both againstspecific mobile threats, but also more generic threats such asreputational or ethical attack. These could have an increasedprevalence on the dynamic mobile market as end users must

Threat Resource (R) / Goal (G) Notes

Malware attack R: large black-market economy G: monetary gain

Malware attack remains the primary threat forauthentication mobile apps. Regardless ofinstallation channel (phishing, app storepoisoning, drive-by website) the result is similarand those deploying the attack are likely fromthe same criminal economy. Resistance comesfrom technical phone measures, usereducation and distribution channel policing.

Borrowed phone R: single layperson + commercial spywaremarket G: revenge, monetary gain

The attacker might obtain brief direct access tothe phone of a family member or colleague.Here the individual’s resources are very limitedbut they may buy/licence quite advancedspyware. Best security is afforded throughplatform lockdown to prevent any type ofspyware being installed, and userauthentication before granting access to theauthentication token (e.g. a PIN). Commercialspyware manufacturers can possibly bepressured to ensure their products cannot beused for stealing authentication credentials.

Stolen phone R: small black-market economy G: monetary gain

Research shows that the majority of users willnotice the theft of a mobile phone within anhour, so the challenge is to ensure thatcredentials cannot be stolen, sold and abusedwithin this timeframe. Measures to damageefficiency of the criminal economy will helphere. Some phones now have remote killswitches and tracking.

Reputational attack R: large organisation, top staff, limited budget G: perceived public good, anarchy

Researchers, pressure groups and lobbyistsmay take a dislike to a particular project (forexample, related to personal datacentralisation and privacy) and attack theauthentication mechanism as a way ofhighlighting risk or simply because it is there.What is important here is that the architectureis seen to be secure and that security claimscan be justified and defended.

Figure 1: An example of how mobile security attackers can be categorised by resources and goals.


Mobiles

‘trust’ that their mobile services will operate securely and withoutrisk, personal corruption / financial loss or impact on civil rightsand privacy.

By identifying potential threats, it is clear that attacks involvingdirect physical contact – the theft and borrowing of a mobiledevice - are limited due to lack of scalability and ease of‘blocking’ the phone.

Understanding the ecosystem

With iOS and Android releasing updates roughly every six and12 weeks respectively, it is important to appreciate the driversand rate of software and hardware platform changes within thesmartphone industry.

• OS vendors release new versions to:o Close security loopholes that allow users to install

unapproved software.o Correct bugs or performance issues.o Add new features to be innovative or match

competition.

• Phone manufacturers advance technology to:o Bring new handset models to market.

o Deliver more powerful CPU/GFX to the platform forgaming.

o Offer application programming interface (API) and OS updates.

Given this natural rate of flux and unpredictability, it is perfectlyreasonable to expect app security updates several times a year.Mobile phone app stores ensure that users are sufficientlyreminded and motivated to install updates by promoting newfeatures and fixing issues related to new OS versions.

Detecting and managing attacks

Once an app service is launched, the appropriate measurementtechniques need to be implemented to ensure a malware attackis detectable, as illustrated in figure 2.

A key benefit of this industry is the digital records that areautomatically created. This means that if a malicious app isdownloaded that uses privilege escalation from an app store,the store provider can share a list of all users who havedownloaded both the authentic app and the malicious app. Thisenables a targeted security warning to be issued.

Malware infecting an OS via a browser drive-by attack (wherethe user is infected automatically upon visiting a website due to

Figure 2: Techniques for monitoring mobile app attacks.


Mobiles

a browser vulnerability) will not be as easy to contain, but shouldbe less frequent as it requires two exploits together: one to seizecontrol through the web browser, and a second to exploit rootprivileges. A root exploit is a process that allows an attacker toattain full administrative control of an OS subsystem bycircumventing the security policies set by the OS manufacturer.Root exploits require countermeasures to be deployed to limitthe ability of the malware to steal credentials until the OSvendor can amend the vulnerability and affected users canrecover their phones.

The solution – developing a mobile securitydefence strategy

The mobile and app developer community is investing resourcesto advance new hardware-backed security features. Forexample, the Trusted Platform Modules (TMP) developed by theTrusted Computing Group, or GlobalPlatform’s TEEarchitecture, which may also comprise the use of secureelements (SEs), a tamper-resistant platform capable of securelyhosting apps and their confidential and cryptographic data (e.g.key management). There are also proprietary crypto processors,such as those found in the iPhone.

While security measures take advantage of these emergingtechnologies, it is important to recognise two caveats.

1. Shared risk. By adopting a security technology that is usedby other apps on the mobile platform, all parties must alsouse and abide to the same security framework. There needsto be a level of industry compromise as not everyone willhave exactly the same needs. Yet, if one element of themobile services framework is undermined, the wholemobile secure services offering will come under jeopardy –including all apps that share the security infrastructure. Theoverall risk of this platform is shared.

2. Negotiating access. A smartphone will have some securecapabilities, such as an SE, but access to these areas toload and host an app requires cooperation of both handsetmanufacturers and mobile network operators. This isparticularly relevant to those creating payment or trans action authentication apps as other access-granting

companies may demand payment in the form of atransaction fee. For technology to be considered thereneeds to be a credible route for it to become widelyavailable; no-one wants to get locked-in to an expensive,proprietary agreement.

So, how can app security be effectively managed today andin the future?

All developers need to ensure that an app offers a sufficientlevel of protection against malware, borrowed phones andreputational attacks on all supported platforms including, butnot limited to, iOS and Android, which are very different indesign.

To achieve this they need to:

• Build a secure yet convenient registration workflow.

• Implement reverse engineering resistance and introducetechniques such as anti-debugging, anti-tampering(modifying the app to patch out protections), anti-jailbreaking and emulation detection.

• Preserve multi-channel security and ensure that apps andbrowsers run on different devices to mitigate risks.

• Store in a secure manner user credentials and sensitive keymaterial.

• Be able to uniquely identify devices and implement somedevice fingerprinting techniques that cannot be reverseengineered easily.

• Establish a trustworthy connection to the backend to beable to exchange data and ultimately sign transactions.

Based on the above points, Cryptomathic assists its clients in developing evolutionary mobile security strategies and providestailored solutions to enhance app security and support futuretechnologies, without the need to invest time and costs redeveloping apps to support changing requirements.This ensures thatmobile apps and their security framework remains future-proofedand requires fewer resources to manage long-term.

For more information email: [email protected] call +44 (0)1223 225350

GlobalPlatform’s Trusted Execution Environment architectureGlobalPlatform is a cross industry association which identifies,develops and publishes specifications that promote the secureand interoperable deployment and management of multipleapplications on secure chip technology. Its technicalspecifications focus on the secure element (SE), trustedexecution environment (TEE) and system messaging.GlobalPlatform’s work to standardise the TEE – a secure areathat resides in the main processor of a connected device whichensures that sensitive data is stored, processed and protectedin a trusted environment – supports the needs of smart devicestakeholders such as smartphone and tablet applicationdevelopers and device manufacturers.


72

database

I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m

ASSOCIATIONS

ACT Canada is the internationally-rec-ognized authority, trusted knowledgeresource and catalyst for change inpayments and secure identity. We servestakeholders from around the world,working with them to shape the futureof mobile, NFC, loyalty, leveragingEMV and secure payments. For 22years, ACT Canada has been providingmembers with insights, networking op-portunities and visibility in this ever-changing market.

Web: www.actcda.com ....................................................

Association for automaticidentification and mobilityAIM is the international trade associationrepresenting automatic identification andmobility technology solution providers.Through the years, industry leaders con-tinue to work within AIM to promote theadoption of emerging technologies.AIM actively supports the development ofAIM standards through its own TechnicalSymbology Committee (TSC), GlobalStandards Advisory Groups, and RFIDExperts Group (REG), as well as throughparticipation at the industry, national(ANSI) and international (ISO) levels.

Web: www.aimglobal.org....................................................

The Biometric Consortiumserves as a focal point for research,development, testing, evaluation, andapplication of biometric-based personalidentification / verification technology.

Web: www.biometrics.org....................................................

The Biometric Institute wasfounded in 2001 and now has an inter-national membership of biometric users,suppliers and academics. The BiometricsInstitute has more than 130 member or-ganisations represented by more than500 individuals. The membership is splitinto user organisations such as govern-ment departments, financial institutionsand universities and suppliers. 50% ofthe organisations are based in Australia,32% in Europe, 9% in New Zealand, 5%in the USA and 4% in Asia-Pacific/theMiddle East.

Web: www.biometricsinstitute.org....................................................

European Campus Card Association ECCA is a non-profit ed-ucational association that works to pro-vide learning and networkingopportunities for campus ID card andcard industry professionals. The associ-ation offers a newsletter website, an an-nual conference, and regional workshops on topics related to campus cards.

Web: www.ecca.ie ....................................................

EUROSMART is an international non-profit association located in Brusselswhich represents the voice of the SmartSecurity Industry for multi-sector applica-tions. Since its creation, Eurosmart hasbeen committed to expanding the world'ssmart secure devices market, developingsmart security standards and continuouslyimproving quality and security applica-tions.

Web: www.eurosmart.com....................................................

Intellect is the voice of the UK'stechnology industry. Our businessservices help companies of all sizescompete and innovate in a dynamicglobal market. We represent theviews of industry to government andregulators and also provide opportu-nities for government and regulatorsto interact with industry on key policyand market issues.

Web: www.intellectuk.org....................................................

International HologramManufacturers AssociationThe IHMA is made up of nearly 100 ofthe world's leading hologram companieswho actively cooperate to maintain thehighest professional, security and qualitystandards in support of their customers.It was founded in 1993 to represent theinterests of hologram manufacturers andthe hologram industry worldwide. It isdedicated to promoting the interestes ofthe hologram industry worldwide andand to helping users achieve theircommercial, aesthetic and authentication objectives through the effectiveuse of holography.

http://www.actcda.com

http://www.aimglobal.org

http://www.biometrics.org

http://www.biometricsinstitute.org

http://www.ecca.ie

http://www.eurosmart.com

http://www.intellectuk.org

19,072 Visitors

435 Exhibitors

137 Countries

BUILDING TRUSTIN MOBILE LIFE

EXHIBITION & CONFERENCESECURE SOLUTIONS FOR PAYMENT, IDENTIFICATION AND MOBILITY

Paris Nord Villepinte FRANCE

19-21 NOVEMBER 2013Register on www.cartes.com

Phot

o cr

edit:

Shu

tters

tock

, Get

ty Im

ages

.

172 Speakers

http://www.cartes.com

74

database


IHMA membership confers authenticityand credibility on companies that join -all of which are rigourously vetted andadhere to a strict Code of Practicegoverning standards, business ethics,customer service, respect for andprotection of customers' and each others'intellectual property.

Web: www.ihma.org....................................................

National Association of Cam-pus Card Users NACCU is the onlyassociation that specializes in the cam-pus card transaction industry serving thenational and international community,NACCU is the one source dedicated tohigh quality educational programs, re-sources, services, and tools. NACCU of-fers members infinite advantages innetworking, developing partnerships,leveraging technology, problem- solving,insight sharing, and professional devel-opment.

Web: www.naccu.org....................................................

The Silicon Trust is the Industry’sBenchmark Silicon Based Security Part-ner Program. Since the year 2000, whenthe Silicon Trust was founded by InfineonTechnologies as a marketing programfor smart card solutions, the programhas developed to be a key partner plat-form for companies aiming at promotingthe use of silicon-based security in abroad variety of applications includingIdentification, Telecom and Payment.

Web: www.silicon-trust.com....................................................

Smart Card Alliance is a not-for-profit, multi-industry association workingto stimulate the understanding, adop-tion, use and widespread application ofsmart card technology. The Alliance in-vests heavily in education on the appro-priate uses of technology foridentification, payment and other appli-cations and strongly advocates the useof smart card technology in a way thatprotects privacy and enhances data se-curity and integrity.

Smart Card Alliance IdentityCouncil is focused on promoting theneed for technologies and usage solu-tions regarding human identity informa-tion to address the challenges ofsecuring identity information and reduc-ing identity fraud and to help organiza-tions realize the benefits that secureidentity information delivers.

Web: www.smartcardalliance.org....................................................

Smart Card Forum of China SCFC is a non-governmental and non-profit, multi-vendor and end-user society,supported by manufacturers, suppliers,institutions, organizations and individu-als as well as the corporate societies etc.in the smart card industry, which pro-motes the smart card industry and thevalue of its products and services whileproviding an independent forum tospeak for the industry.

Web: www.scfc.org.cn....................................................

Smart X Central Intelligence isthe only professional association for theindustry covering Southern Africa, withmembers in the major business centresof the country. Smart x membership isrepresented by private and public sectorend-users, solutions providers and con-sultants that receive real benefits fromthe associations’ active participation inthe industry. The aim of smart x is tomake its members aware of the devel-opments taking place in the industry bothin South Africa and internationally.

Web: www.smartx.co.za....................................................

Smartex Limited serving the smarttechnology community since 1993.Smartex operates an international net-work of professional associations con-cerned with smart card and RFIDtechnologies, and applications.Smartex also provides a range of inde-pendent consultancy, project manage-ment and systems integration servicesrelating to citizens' card schemes forLocal Authorities, and campus cardschemes for universities.

Web: www.smartex.com ....................................................

STANDARDS

GlobalPlatform works across in-dustries to identify, develop and publishspecifications which facilitate tand inter-

http://www.ihma.org

http://www.naccu.org

http://www.silicon-trust.com

http://www.smartcardalliance.org

http://www.scfc.org.cn

http://www.smartx.co.za

http://www.smartex.com

75

database

w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S

CATEGORIES

ACCESS CONTROL

3M CogentAceprox IdentifikationsAllsafe Technologies Inc.ATOS Worldwide SA/NVBayometric Inc.CiVinTecComputime Systemscv cryptovision GmbHDESKO GmbHDiletta ID-SystemsEDSIEntrustGemalto NVIDpendant GmbHiDTRONIC GmbHIdentive GroupIntercede Group plcIris ID Systems, Inc.LEGIC Identsystems Ltd.Merkatum Corp.Mühlbauer AGNARBONINatural SecurityNEXPERTS GmbH

OmniPerception LtdOrcanthusRosanSafran MorphoSpringcardThalesTSSI Systems LtdXerox FranceW.Arnold GmbHWitte Safemark GmbH

BIOMETRICS

3M Security Systems3M CogentAthena Smartcard SolutionsATOS Worldwide SA/NVBayometric Inc.BIO-key International, Inc.Bion Biometrics Inc.BundesdruckereiCetisCognitec Systems GmbHCross Match TechnologiesDaonDESKO GmbHeKryptoID3 SemiconductorsInteligensaJura JSPKeynectisMerkatum Corp.MorphoNatural SecurityNEC CorporationNidec SankyoNISOmniPerception LtdOrcanthusPrecise Biometrics ABRegula LtdSafran Morphosecunet Security Networks AGSmartmaticSpeed Identity ABSpringcardST Incard S.r.lSuprema Inc.SybernautixSyx Graphics ID SolutionsTAG Systems SAThalesTrüb AGTSSI Systems LtdVlatacom d.o.o.VirdiW.Arnold GmbH

operable deployment and management of multiple embedded applications onsecure chip technology. GlobalPlatformSpecifications enable trusted end-to-endsolutions which serve multiple actors andsupport several business models.

Web: www.globalplatform.org....................................................

Integrated Transport Smartcard Organisation ITSO is a Gov-ernment-backed, non-profit organisationwhich defines and develops the UK-widetechnical specification for smart ticketing.Our main aim is to help make rail andbus travel throughout the UK seamlessand hassle-free.

As originators and custodians of the UK’sdefined technical standard for smart tick-eting – the ITSO Specification – we helptransport and other service providersmake the technology work effectively forthem and their customers, ensuring it isreliable and secure.

Web: www.itso.org.uk....................................................

Java Card Forum. JCT’s primarypurpose is to promote and develop Javaas the preferred programming languagefor multiple-application smart cards.Java, invented by Sun Microsystems in1995, has important features that makeit the ideal choice for smart cards.

Web: www.javacardforum.org....................................................

MAOSCO Ltd. The MULTOS Con-sortium is a group of globally based, industry-wide companies, whose remit is to develop, manage and promote MULTOSand the MULTOS product specifications.The members may be business competi-tors, but all share the common goal ofpropagating MULTOS, and so work to-gether to this end. The MULTOS Con-sortium is managed by MAOSCO Ltd.

Web: www.multos.com ....................................................

http://www.globalplatform.org

http://www.itso.org.uk

http://www.javacardforum.org

http://www.multos.com

76

database


CHIP

AdvanIDe GmbHAmatechCryptography ResearchDatang Microelectronics Tech Co., Ltd.Infineon Technologies France S.A.SLEGIC Identsystems Ltd.MaskTech GmbHMikronNXPSecure ICSTMicroelectronics

CONSULTING

ARE CON GmbH & Co,. KGAustria CardConsult HyperionEDSIHJP Consulting GmbHLEGIC Identsystems Ltd.MaskTech GmbHMulticardRosanSafelayerSOLIATISSybernautixThames card technology LtdTrusted Labs

FINGERPRINT

Aceprox IdentifikationsAntheus Tecnology Inc.ARHAuthenTec, Inc.Aware, Inc.BIO-key International, Inc.Digital Persona, Inc.eKryptoMerkatum Corp.NEC CorporationOrcanthusPrecise Biometrics ABSmart Cube Information Technology

DRIVING LICENCE

Arjowiggins SecurityAthena Smartcard SolutionsCBN ID Systems DivisionEDAPS ConsortiumGET GroupGiesecke & Devrient (G&D)

Hologram IndustriesMaskTech GmbHMühlbauer AGProoftag SASSafran MorphoSybernautixTrüb AGVTT Verschleißteiltechnik GmbHZetes

HOLOOGRAPHY

CT LayEDAPS ConsortiumEDSIHologram IndustriesOPSEC Security Ltd.OVD Kinegram AGPGP Group LtdRadeče papir, d.o.o.Security Foiling LtdTAURUS SecureSolutionS Ltd.

ID & AUTHENTICATION

3M Security SystemsAccess ISAdvanIDe GmbHApplicamARHASKAthena Smartcard SolutionsATOS Worldwide SA/NVAustria CardAvalon Biometrics SLBilcare TechnologiesBundesdruckereiCherrycorpCognitec Systems GmbHCryptomathic Ltd cv cryptovision GmbHDaonDESKO GmbHDigital Identification SolutionDigital Persona, Inc.DSSeKryptoEntrustGET GroupGiesecke & Devrient (G&D)icarID3 SemiconductorsIdentita Technologies Inc.IDpendant GmbHIAIInfineon Technologies France S.A.S

Ingenia Technology (UK) Ltd.Ingenico Healthcare/e-IDINKSUREInteligensaInspectron Ltd.Intercede Group plcIris ID Systems, Inc.Keesing Reference Systems B.V.KEOLABSKeynectisLMC S.p.A.LEGIC Identsystems Ltd.MaskTech GmbHMikronMorphoMorphoTrustNatural SecurityNEXPERTS GmbHOberthur TechnologiesOn Track Innovations, Ltd. (OTI)OPSEC Security Ltd.OrcanthusOtto Künnecke GmbHPayne SecurityProoftag SASSafe ID Solutions AGSafelayerSafeNet UKSafran MorphoSTMicroelectronicsSybernautixTAG Systems SATAURUS SecureSolutionS Ltd.ThalesToppan Printing CompanyTrüb AGTSSI Systems LtdUL Transaction SecurityVasco Data SecurityVlatacom d.o.o.

ID CARDS

ASKAthena Smartcard SolutionsBell IDBG IngénieriBilcare TechnologiesBundesdruckereiCardag Deutschland GmbHCardLogixCBN ID Systems DivisionConsult Hyperioncpi card groupCPScv cryptovision GmbHDatang Microelectronics Tech. Co., Ltd.

77

database


DedemDe La Rue Identity SystemsEDAPS ConsortiumEDSIElliott identification systemsEmperor TechnologyGemalto NVGEP SPAGET GroupGiesecke & Devrient (G&D)HJP Consulting GmbHHOB�MHOTech Hellenic Organotikihw-engineering GmbH & Co. KGIdentita Technologies Inc.IDpendant GmbHIncard SAIAIInfineon Technologies France S.A.SInteligensaIntercede Group plcIris ID Systems, Inc.Istituto Poligrafico e Zecca dello StatoS.p.A.IXLA S.A.LAB ID srlLEGIC Identsystems Ltd.MagicardMorphoTrustMühlbauer AGMulticardNagraID - Kudelski GroupNARBONINEOWAVENEC CorporationNISNXPOberthur TechnologiesOn Track Innovations, Ltd. (OTI)OPSEC Security Ltd.OrcanthusORIBIPGP Group LtdPrecise Biometrics ABProoftag SASRosanSafelayerSafran MorphoSceencheck Europe BVSmartmaticSmart Packaging Solutions (SPS)SMARTRAC N.V.Speed Identity ABST Incard S.r.lSyx Graphics ID SolutionsTAG Systems SAThames card technology LtdToppan Printing Company

Trüb AGTSSI Systems LtdValid USAVlatacom d.o.o.Vision Database SystemsVTT Verschleißteiltechnik GmbHZetes

ID MANAGEMENT

3M CogentAmgraf Inc.AuthenTec, Inc.Bell IDBundesdruckereiCherrycorpCognitec Systems GmbHCollis B.V.cv cryptovision GmbHGiesecke & Devrient (G&D)HOTech Hellenic OrganotikiIdentita Technologies Inc.IDpendant GmbHID Technology Partners, Inc.Identive GroupIntercede Group plcMorphoTrustMulticardOmniPerception LtdSafe ID Solutions AGsecunet Security Networks AGSpeed Identity ABTSSI Systems Ltd

INTEGRATOR

GET GroupGIE SESAM-VitaleicarOn Track Innovations, Ltd. (OTI)Vlatacom d.o.o.

MANUFACTURE &PERSONALISATION

3M Security SystemsABnoteAdhesive Security ProductsAdvanced Card Sytems LtdAGYSAllsafe Technologies Inc.AmatechAthena Smartcard SolutionsAtlantic Zeiser GmbHAustria Card

Avalon Biometrics SLAware, Inc.AxodeBobst North America Inc.Cancard Inc.Cardag Deutschland GmbHCardLogixCentro Grafico DGCIMcpi card groupCPSCryptography ResearchCryptomathic Ltd CT LayCTS electronics SpaDatacard GroupDatang Microelectronics Tech. Co., Ltd.DedemDigital Identification SolutionDSSEDAPS ConsortiumEDSIEmperor TechnologyGemalto NVGET GroupHJP Consulting GmbHHOB�MHologram Industrieshw-engineering GmbH & Co. KGIdentita Technologies Inc.Incard SAIdentive GroupIAIInteligensaITW Covid Security GroupIXLA S.A.Jura JSPKURZLeonhard Kurz Stiftung & Co. KGMaskTech GmbHMatica System S.p.a.MorphoMühlbauer AGNagraID - Kudelski GroupNarboni NBS TechnologiesOberthur TechnologiesOPSEC Security Ltd.Otto Künnecke GmbHOVD Kinegram AGPAV CARD GmbHPayne SecurityRosanruhlamat GmbHSecurity Foiling LtdSmart Packaging Solutions (SPS)SmartwareST Incard S.r.l

78

database


Syx Graphics ID SolutionsTAG Systems SATeam NiscaThalesThames card technology LtdTrüb AGValid USAVlatacom d.o.o.VTT Verschleißteiltechnik GmbH

MOBILE ID

3M Security SystemsAccess ISCiVinTecGMX YouTransactorIntercede Group plcKobil Systems GmbHMerkatum Corp.MorphoXerox France

PASSPORT

ABnoteAconiteAmatechArjowiggins SecurityASKAthena Smartcard SolutionsBell IDBundesdruckereiCBN ID Systems DivisionC&C RFID (SHANGHAI)CO.,LTDCentro Grafico DGCherrycorpClear2PayCollis B.V.CSPCTS electronics SpaDedemDigital Identification SolutionDiletta ID-SystemsEDAPS ConsortiumGemalto NVGEP SPAGET GroupGiesecke & Devrient (G&D)HID Global HJP Consulting GmbhHologram IndustriesicarIAIInfineon Technologies France S.A.SInspectron Ltd.Istituto Poligrafico e Zecca dello Stato

S.p.A.IXLA S.A.KEOLABSLandqart AGMaskTech GmbHMELZER maschinenbau GmbHMorphoMühlbauer AGNagraID - Kudelski GroupNEC CorporationOberthur TechnologiesOn Track Innovations, Ltd. (OTI)OPSEC Security Ltd.PAV CARD GmbHProoftag SASRosanruhlamat GmbHSafelayerSafran MorphoSICPA SASmart Cube Information TechnologySmart Packaging Solutions (SPS)SMARTRAC N.V.Suprema Inc.SybernautixThalesToppan Printing CompanyTrüb AGTrusted LogicTSSI Systems LtdVTT Verschleißteiltechnik GmbHZetes

PAYMENTS

ARHDUALi IncEmperor TechnologyUL Transaction Security

PKI

cv cryptovision GmbHFeitian Technologies Co., Ltd.NISSafelayerST Incard S.r.l

PRINTERS

A3MABnoteAllStar Card SystemsASKAtlantic Zeiser GmbH

AxodeB-Id GmbH & Co., KGCancard Inc.CardLogixC&C RFID (SHANGHAI)CO.,LTDCentro Grafico DGCetiscpi card groupCSPCTS electronics SpaDatacard GroupDe La Rue Identity SystemsDigital Identification SolutionDiletta ID-SystemsDSSGarsų pasauliGemalto NVGET GroupGoznakHID Globalhw-engineering GmbH & Co. KGInspectron Ltd.InterpolarisIXLA S.A.Jura JSPKURZLodvilaMagicardMatica System S.p.a.NagraID - Kudelski GroupNBS TechnologiesOberthur TechnologiesPanasonicRadeče papir, d.o.o.Sceencheck Europe BVSmart Cube Information TechnologySyx Graphics ID SolutionsTAURUS SecureSolutionS Ltd.Team NiscaVTT Verschleißteiltechnik GmbHWitte Safemark GmbHZebra Technologies Corporation

READERS

3M Security Systems3M CogentA3MA.R. Hungary, Inc.Aceprox IdentifikationsAccess ISAdvanced Card Sytems LtdAdvanIDe GmbHAPIS Ltd.ARYGON Technologies AGASKAthena Smartcard Solutions

79

database


ATOS Worldwide SA/NVAuthenTec, Inc.Bayometric Inc.B-Id GmbH & Co., KGCardLogixCBN ID Systems DivisionCherrycorpCIMCiVinTecCross Match TechnologiesComputime SystemsDESKO GmbHDigital Persona, Inc.Diletta ID-SystemsDUALi IncEDSIeKryptoHologram IndustriesID3 SemiconductorsID TechIDpendant GmbHiDTRONIC GmbHIncard SAIdentive GroupIngenico Healthcare/e-IDINKSUREKeywareLAB ID srlLMC S.p.A.LEGIC Identsystems Ltd.Natural SecurityNidec SankyoNXPOrcanthusPanasonicPrecise Biometrics ABRegula LtdSmartwareSOLIATISSpringcardSTMicroelectronicsSybernautixThalesTSSI Systems LtdVasco Data SecurityVirdiW.Arnold GmbH

SECURE PAPER/DOCUMENTS

Angstrom Technologies Inc.APPVIONArjowiggins SecurityAustria CardAvalon Biometrics SLAware, Inc.Bell ID

Bilcare TechnologiesCentro Grafico DGCetisCSPCT Laycv cryptovision GmbHDe La Rue Identity SystemsDSSEDAPS ConsortiumGemalto NVGEP SPAGET GroupHID GlobalicarIAIIngenico Healthcare/e-IDINKSUREInspectron Ltd.Istituto Poligrafico e Zecca dello StatoS.p.A.Landqart AGMorphoTrustNagraID - Kudelski GroupOberthur TechnologiesPAV CARD GmbHProoftag SASRadeče papir, d.o.o.Selp SecureSICPA SASmartmatictesa scribos GmbHTeslin SubstrateTrüb AGTSSI Systems LtdVTT Verschleißteiltechnik GmbHZetes

TESTING

HJP Consulting GmbHAconiteBG IngénieriBion Biometrics Inc.Clear2PayCollis B.V.Cryptography ResearchDUALi IncicarKEOLABSNBS TechnologiesRiscure B.V.SOLIATISTrusted LabsUL Transaction Security

COUNTRIES

ANDORRATAG Systems SA

AUSTRIAAustria CardJura JSPNEXPERTS GmbH

BELGIUMATOS Worldwide SA/NVClear2PayKeywareSyx Graphics ID SolutionsVasco Data SecurityZetes

CANADABion Biometrics Inc.Cancard Inc.CBN ID Systems DivisionIdentita Technologies Inc.

CHINACiVinTecDatang Microelectronics Tech. Co., Ltd.Emperor TechnologyFeitian Technologies Co., Ltd.PGP Group Ltd

FINLANDAventra Oy

FRANCEA3MAGYSApplicamArjowiggins SecurityASKAxodeBG IngénieriEDSIEthertrustFasverFIMEGIE SESAM-VitaleGMX YouTransactorHologram IndustriesID3 SemiconductorsInfineon Technologies France S.A.SIngenico Healthcare/e-IDKEOLABS

80

database


KeynectisNARBONINatural SecurityNBS TechnologiesNEOWAVENXPOberthur TechnologiesOrcanthusProoftag SASSecure ICSelp SecureSmart Packaging Solutions (SPS)SmartwareSOLIATISSpringcardThalesTrusted LabsTrusted LogicXerox France

GERMANYAceprox Identifikations-SystemeAdvanIDe GmbHARE CON GmbH & Co,. KGARYGON Technologies AGAtlantic Zeiser GmbHB-Id GmbH & Co., KGBundesdruckereiCardag Deutschland GmbHCherrycorpCognitec Systems GmbHcv cryptovision GmbHDERMALOG Id. Systems GmbHDESKO GmbHDigital Identification SolutionDiletta ID-Systemsexceet Card AG MünchenGiesecke & Devrient (G&D)HJP Consulting GmbHhw-engineering GmbH & Co. KGID TechIDpendant GmbHiDTRONIC GmbHKobil Systems GmbHLEONHARD KURZ Stiftung & Co. KGMaskTech GmbHMELZER maschinenbau GmbHMühlbauer AGNISOtto Künnecke GmbHPAV CARD GmbHruhlamat GmbHSafe ID Solutions AGsecunet Security Networks AGtesa scribos GmbHVTT Verschleißteiltechnik GmbHW.Arnold GmbHWitte Safemark GmbH

GREECEHOTech Hellenic OrganotikiTAURUS SecureSolutionS Ltd.

HONG KONGAdvanced Card Sytems LtdC&C RFID (SHANGHAI)CO.,LTD

HUNGARYA.R. Hungary, Inc.ARH

IRELANDeKrypto

ISRAELOn Track Innovations, Ltd. (OTI)

ITALYCentro Grafico DGCIMCT LayCTS electronics SpaDedemGEP SPAIstituto Poligrafico e Zecca dello Stato IXLA S.A.LMC S.p.A.Matica System S.p.a.

JAPANAthena Smartcard SolutionsNEC CorporationNidec Sankyo

JORDANSmart Cube Information Technology

KOREASuprema Inc.Virdi

LITHUANIAGarsų pasauliLodvila

REPUBLIC OF BELARUSRegula Ltd

RUSSIAGoznakRosan

SERBIAVlatacom d.o.o.

SINGAPOREInterpolaris

SLOVAK REPUBLICAPIS Ltd.

SLOVENIACetisRadeče papir, d.o.o.

SOUTH KOREADUALi Inc

SPAINicarSafelayer

SWEDENPrecise Biometrics ABSpeed Identity AB

SWITZERLANDIncard SALandqart AGLEGIC Identsystems Ltd.NagraID - Kudelski GroupOVD Kinegram AGSICPA SASTMicroelectronicsTrüb AG

THAILANDAmatechCSP

THE NETHERLANDSBell IDCollis B.V.Gemalto NVIAIKeesing Reference Systems B.V.MorphoORIBIRiscure B.V.Safran MorphoSMARTRAC N.V.UL Transaction Security

TURKEYHOB�M

UKAccess ISAconiteAdhesive Security ProductsBilcare TechnologiesConsult Hyperioncpi card groupCPSCryptomathic Ltd Computime Systems

81

database


Datacard GroupDe La Rue Identity SystemsFoster & Freeman LtdHID GlobalIngenia Technology (UK) Ltd.Inspectron Ltd.Intercede Group plcMagicardOmniPerception LtdOPSEC Security Ltd.PanasonicPayne SecuritySafeNet UKSecurity Foiling LtdSmartmaticSybernautixThames card technology LtdToppan Printing CompanyTSSI Systems Ltd.

UKRAINEEDAPS Consortium

USA3M Security Systems3M CogentABnoteAllsafe Technologies Inc.AllStar Card SystemsAmgraf Inc.Angstrom Technologies Inc.Antheus Tecnology Inc.APPVIONAuthenTec, Inc.Aware, Inc.Bayometric Inc.BIO-key International, Inc.Bobst North America Inc.CardLogixCross Match TechnologiesCryptography ResearchDaonDigital Persona, Inc.DSSElliott identification systemsEntrustGET GroupGraphic Security Systems CorporationID Technology Partners, Inc.Identive GroupINKSUREInteligensaIris ID Systems, Inc.ITW Covid Security GroupMerkatum Corp.MorphoTrustMulticardSceencheck Europe BV

Team NiscaTeslin SubstrateValid USAVision Database SystemsZebra Technologies Corporation

COMPANIES

3M Security SystemsSt. Paul, MN 55144-1000USATel: +1 800 328 0067Web: www.3m.comManufacturing & Personalisation,Identification and Authentication,Biometrics software, Biometric andDocument Readers, DocumentIssuance, Card test tools, ID cards.

3M Cogent639 N. Rosemead Blvd.CA 91107USATel: +1 626 325 9600Web: www.cogentsystems.comBiometric Identification Systems,Readers, ID Management, AccessControl, ID Cards.

A3M13 bis, Rue de la Cour des Noues75020 ParisFranceTel: +33 1 64 25 73 12Email: [email protected]: www.a3m.euID Contactless Smart Cards, Readersand Writers, Printers.

A.R. Hungary, Inc.Alkotás utca 41,Budapest 1123

HungaryTel: +36 1 20 19 650Email: [email protected]: www.arhungary.huReaders & Terminals, e-PassportReaders, Travel Documents, OCR,ePassport, Visa and ID Card Readers.

ABnote2200 Fletcher AvenueFort LeeNJ 07024USATel: +1 201 592 3400Email: [email protected]: www.abnote.comID Solutions, ePassports,Personalisation Systems & Software,Contactless Secure Identity Cards,Secure Printing.

Aceprox Identifikations-SystemeBahnhofstrasse 73HelpsenD-31691GermanyTel: +49 5724 98360Email: [email protected]: www.aceprox.deBiometric Readers & Terminals,Fingerprint Recognition, Access ControlSystems.

Accenture1 Grand Canal SquareGrand Canal HarbourDublin 2IrelandTel: +353 1 646 2000Web: www.accenture.comConsulting, Security Solutions.

Access IS18 Suttons Business ParkReadingBerkshire RG6 1AZUKTel: +44 118 966 3333Email: [email protected]: www.access-is.comID Secure Document Readers, IDAuthentication & Verification, Readers/Writers, Mobile Identification devices.

Aconite Capital TowerLondonSE1 8RT

A

82

database


UKTel: +44 207 803 1070Email: [email protected]: www.aconite.netID systems, Card Test Tools, IDSmartcards, e-Tickets, ePassports.

Adhesive Security ProductsLevington Park,Levington, Ipswich,Suffolk, IP10 0JE,UKTel: +44 1473 659159Email: [email protected]: www.aspsecurity.co.ukPersonalisation, Security LaminatingSystems, ID Card Laminate.

Advanced Card Sytems LtdUnits 2010-2013, 20th Floor8 Wang Hoi Road, Kowloon BayHong KongTel: +852 2796 7873Email: [email protected]: www.acs.com.hkManufacturing & Personalisation,Contactless Readers, ID smartcards.

AdvanIDe GmbHAm Klingenweg 6A, 65396 Walluf,GermanyTel: +49 6123 791 400Email: [email protected]: www.advanide.comMicrocontrollers, Readers & Terminals,Secure Smartcard ICs, ID &Authentication Applications.

AGYS4 avenue SébastopolCedex 3FranceTel: +33 825 120 999Email: [email protected]: www.agys.frPersonalisation Systems.

Allevate Ltd.Unit G, Kingsway Business Park,Oldfield Road, Hampton, Middlesex, TW12 2HD,UKTel: +44 20 3239 6399Email: [email protected]: www.allevate.co.ukFace Recognition.

Allsafe Technologies Inc.290 Creekside Dr.Amherst,NY 14228USATel: +1 716 691 0400Email: [email protected]: www.allsafe.comID Contactless Card, Access Control.

AllStar Card Systems5220 Spring Valley Rd 200Dallas,Texas 75254USATel: +1 800 290 0463Email: [email protected]: www.allstarcardsystems.comID Card Printers, ID Card Software.

Amatech142 Moo 1 Hi-Tech Industrial EstateBan Laean, Bang-Pa-In,Phra Nakorn Si Ayutthaya 13160ThailandEmail: [email protected]: www.amatech.deID Manufacturing Equipment,ePassports Chip Implanter.

Amgraf Inc.1501 Oak StreetKansas City,MO 64108-1424USATel: +1 816 474 4797Web: www.amgraf.comSecurity Documents ManagementSoftware.

Angstrom Technologies Inc.Florence,Kentucky 41042USATel: +1 859 282 0020Email: [email protected]: www.angtech.comID Documents.

Antheus Tecnology Inc.22241 Larkspur TrailFlorida 33433USATel: +1 561 459 4813Email: [email protected]: www.antheustechnology.comFingerprint Identification Software.

APIS Ltd.APIS, spol. s r.o.974 01 Banská BystricaSlovak RepublicTel: +421 48 4712 614Email: [email protected]: www.apis.skReaders.

Applicam2 Avenue Sébastopol57070 Metz,FranceTel: +33 3 87 75 82 00Web: www.applicam.comID & Authentication Applications.

APPVION825 E Wisconsin AveAppleton,WI 54912USATel: +1 920 734 9841Web: www.appvion.comSecurity Paper.

ARE CON GmbH & Co,. KGStau 144OldenburgD-26122GermanyTel: +49 441 8000 676Web: www.are-con.comConsultancy, ID products Solutions.

ARHKirályhágó tér 8-9 H-1126 Budapest HungaryTel: +36 1 201 9650Email: [email protected]: www.arhungary.huDocument Readers, FingerprintReaders, Automatic Number PlateRecognition and Automatic ContainerCode Recognition.

ARYGON Technologies AG Identive Technologies AG Dagobertstrasse 9D-55116 MainzGermanyTel: +49 61 31 30 476 0Email: [email protected]: www.arygon.deSecure Readers for Electronic IDDocuments, eID Reader.

83

database


Arjowiggins Security21, boulevard Haussmann75009 Paris France Tel: +33 1 57 75 93 21Email: [email protected]: www.security.arjowiggins.comSecurity Document Paper, e-PassportSolutions.

ASK2405 route des Dolines06560 Sophia-AntipolisFranceTel: +33 4 97 21 40 00Email: [email protected]: www.ask-rfid.comID & Authentication, eID Solutions, e-Passports, Identity Cards, ElectronicDrivers’ Licenses, eID Solutions,Contactless Readers.

Athena Smartcard Solutions1-14-16, Motoyokoyama-choTokyo, 192-0063,JapanTel: +81 426 60 7555Email: [email protected]: www.athena-scs.comReaders & Terminals, ID Smartcards,Personalisation Systems, ePassports,Drivers Licence.

Atlantic Zeiser GmbHBogenstr 6-8 78576 Emmingen-LiptingenGermanyTel: +49 7465 291 0Email: [email protected]: www.atlanticzeiser.comPersonalisation Solutions, SecurityPrinting.

ATOS Worldwide SA/NVChaussée de Haecht 1442 1130 Brussels BelgiumTel: +32 2 727 61 11Email: [email protected]: www.atosworldline.comIdentity Access Management,Authentication Server & PKI Solutions,Biometrics Software.

Austria CardLamezanstrasse 4-81230 Vienna

AustriaTel: +43 1 61065 0Email: sales@austriacardWeb: www.austriacard.atPersonalisation, Consulting, SecureDocuments, ID & AuthenticationApplications.

AuthenTec, Inc.Apple Inc.,Melbourne, FL 32901USATel: +1 321 308 130Web: www.authentec.comID Management, Fingerprint Readers,Biometrics.

Authentify EMEARhijngeesterstraatweg 40d2341BV OegstgeestThe NetherlandsTel: +31 70 891 9001Email: [email protected]: www.authentify.comAuthentication & Verification, Identity & Access.

Avalon Biometrics SLCalle de Basauri 1728023 MadridSpainTel: +34 91 70 80 5 80Email: [email protected]: www.avalonbiometrics.comPersonalisation Solutions, SecuritySolutions, Authentication & Verification,Document Verification, SystemIntegrator.

Aventra OyLanttikatu 2FIN-02770 EspooFinlandTel: +358 9 4251 1251Email: [email protected]: www.aventra.fiManufacturing & Personalisation, PKIProducts and Systems, eID Cards,Consulting, MyEID Cards.

Aware, Inc.40 Middlesex TurnpikeBedford, MA 01730USATel: +1 781 276 4000Email: [email protected]: www.aware.com

Personalisation Systems, BiometricSoftware, Document Authentication,Secure Credential Applications.

AxodeZAC de la Petite Camargue34400 LunelFranceTel: +33 467 667 050Email: [email protected]: www.axode.comManufacturing & PersonalisationSystems, Security Card Printers.

Bayometric Inc.1743 Park Avenue, CA 95126USATel: +1 877 917 3287Email: [email protected]: www.bayometric.comBiometric Security Solutions, AccessControl Systems, Card Readers.

B-Id GmbH & Co., KGVon-Seebach-Strasse 28D-34346 Hannoversch MuendenGermany Tel: +49 5541 95 66 70Email: [email protected]: www.b-id.euManufacturer of RFID Products, Readers& Terminals, ISO Cards, Tags & Fobs.

Bell IDStationsplein 453013 AKRotterdamThe NetherlandsTel: +31 10 885 1010Email: [email protected]: www.bellid.comID Token Management Solutions,Credential Management, ID SoftwareProvider, ID Cards & ePassport SecuritySolutions.

BG IngénieriZAC de la Goulgatière,35220 ChateaubourgFranceTel: +33 2 99 00 89 97Email: [email protected]: www.bginge.comCard & e-Passport Testing Equipment,Manufacturing ID Cards, Testing.

B

84

database


Bilcare TechnologiesMalvern Hills Science Park,Malvern,WR14 3SZUKTel: +44 1684 585 257Email: [email protected]: www.bilcaretech.comID & Authentication, ID Credential andDocument Security, NonClonableID.

BIO-key International, Inc.Allaire Corporate CenterBuilding D Suite A Wall, New Jersey NJ 07719USATel: +1 732 359 1100Email: [email protected]: www.bio-key.com/fingerprintbiometricsBiometric Identification Solution, IDSoftware Provider, Finger-basedIdentification Systems.

Bion Biometrics Inc.38 Summerwind Crescent Nepean,ON K2G 6G5 CanadaTel: +1 613 823 8928Web: www.bionbiometrics.comBiometric Standards & Systems, Testing.

BundesdruckereiOranienstrasse 91D-10969 BerlinGermanyTel: +49 30 25 98 0Email: [email protected]: www.Bundesdruckerei.deVerification & Authentication Solutions,eID-Credentials, ID Management, IDcards, Biometric Smart Cards,Biometric Solutions, ePassports

Cancard Inc.177 Idema Rd., ON L3R 1A9CanadaTel: +1 416 449 8111Email: [email protected]: www.cancard.comManufacturer & Card PersonalisationSystems, ID Card Printing.

Cardag Deutschland GmbHAn der Allee 6D-99848 Wutha-FarnrodaGermanyTel: +49 36921 30 70Email: [email protected]: www.cardag.deManufacturing & Personalisation, IDCards.

CardLogix16 Hughes, Suite 100Irvine,CA 92618USATel: +1 949 380 1312Web: www.cardlogix.comManufacturing & Personalisation,Identity Smart Cards, Card Readers,Card Printers.

CBN ID Systems DivisionCanadian Bank NoteOttawaON. K2E 7T9CanadaTel: +1 613 722-6607Email: [email protected] Web: www.cbnco.comSecure Documents Solutions, IDCredential Design & Issuance, Readers,ID Cards, Passports, Visas, DriversLicences.

C&C RFID (Shanghai) CO., Ltd.,14/F, C&C Building,Tai Po, N. T.,Hong KongHong KongTel: +86 21 5922 6666Email: [email protected]: www.candcprinting.comSecurity Printing, Inlays, ePassports.

Centro Grafico DGVia Einstein, 7620010 MarcalloItalyTel: +39 02 9761301Web: www.centrograficodg.itCard Personalisation Solutions, SecurityFoils, Security Printer, , Security PapersSecurity Hologram, ePassports

CetisGraphic and Documentation Services Čopova 24SI 3000 Celje

SloveniaTel: +386 3 4278 500Email: [email protected]: www.cetis.siSecure Printed Document Systems,Biometric Passports, ID Cards.

Cherrycorp ZF FriedrichshafenD-91275 Auerbach/OPFGermanyTel: +49 9643 18 0Email: [email protected]: www.cherrycorp.comBiometric Readers, Identity AccessManagement, Authentication Server.

CIMLoc. Braine, 54/A BolognaItalyTel: +39 051 67 76 611 Email: [email protected] Web: www.cimitaly.itManufacturer & Card PersonalisationSolutions, Card printers.

CiVinTecF17, 1703, Headquarters Economic Center Building, Zhonghaixin Science & Technology ParkBu Lan Road,Shenzhen 518057,ChinaTel: +86 755 8611 7608Email: [email protected]: www.civintec.comReaders, Access control & Attendance,Mobile Identification Devices.

Clear2PayIntegri NVB-1932 ZaventemBelgiumTel: +32 2 717 69 00Email: [email protected]: www.clear2pay.com/carddivisionePassport Test Validation Platforms.

Cognitec Systems GmbHGrossenhainer Str. 101Tower B GermanyTel: +49 351 862 920Email: [email protected] Web: www.cognitec-systems.deIdentity Management Systems, Face

C

85

database


Recognition Software, Verification,Biometric Solutions.

Collis B.V.De Heyderweg 12314 XZ LeidenThe NetherlandsTel: +31 71 581 36 36Email: [email protected]: www.collis.nlIID Management, e-IdentificationTesting Tools, ePassports, Health Cards,EU Tachograph Cards.

Consult HyperionTweed HouseGuildfordSurrey GU2 4HNUKTel: +44 1483 301 793Email: [email protected]: www.chyp.comConsultants Secure ElectronicTransactions, Smart Identity Cards.

cpi card groupThe New Mint HousePetersfieldHants GU32 3ALUKTel: +44 01730 235700 Web: www.cpicardgroup.comManufacturer & Personalisation, NFC &Contactless Cards, Secure Printing.

CPS Card Personalisation Solutions Ltd.CheltenhamGloucestershire GL51 8HEUKTel: +44 0845 130 0240Email: [email protected]: www.cardps.comPersonalisation Solutions, ID Cards.

Cross Match Technologies GmbHUnstrutweg 407743 JenaGermanyTel: +1 561 622 1650Email: [email protected]: www.crossmatch.com

Biometric Identity ManagementSystems, Document Biometric Readers,Mobile Biometrics, Biometrics Software.

Cross Match Technologies, Inc.. is aleading innovator and provider ofbiometric identity management solutionsto governments, law enforcement agencies, and businesses around the world.Offerings include software, hardware,and related services addressing multiplebiometric technologies. Solutions supportmobile or stationary applications encompassing fingerprint, palm, and irisscanners; facial capture systems; document readers; AFIS/ABIS systems; and,professional services.Learn more at www.crossmatch.com.

Cryptography Research11th FloorCA 94105San Francisco,USTel: +1 415 397 0123Email: [email protected]: www.cryptography.comSemiconductor Security Technologies,Personalisation, Testing.

Cryptomathic Ltd 327 Cambridge Science Park Milton Road,Cambridge, CB4 0WGUKTel: +44 1223 225350Email: [email protected]: www.cryptomathic.comManufacturing, Personalisation, ID &Authentication, PKI, ID Issuers.

CSPChan Wanich Security Printing699 Silom Road, Bangrak,Bangkok 10500 ThailandTel: +66 2635 3355Email: [email protected]: www.chanwanich.comSecurity Printing, Security Documents:ID Cards, Passports.

CT LayVia Medicine 875San Vito di SpilambertoModena 41057Italy

Tel: +39 059 799933Email: [email protected]: www.ctlay.comSecure Documents, Personalisation,Lamination, Holograms.

CTS electronics SpaCorso Vercelli 332,ItalyTel: +39 0125 235611Web: www.ctselectronics.ctsgroup.itPrinting & Personalisation: ePassports

Computime SystemsUnit 4 Woodside MewsLeeds LS16 6QEWest YorkshireUKTel: +44 113 230 2002Email: [email protected]: www.computimeuk.comAccess Control Solution, Readers &Terminals, Time & Attendance.

cv cryptovision GmbHMunscheidstr 14GermanyTel: +49 209 167 24 50Email: [email protected]: www.cryptovision.comEmbedded Security & Crytography, IDDocument Issuance, eID Cards,Authentication Server, PKI.

Daon11955 Freedom DriveReston,VA 20190USATel: +1 703 984 4000Email: [email protected]: www.daon.comIdentity Security software, Biometric andIdentity Solutions, Verification.

Datacard Group Datacard EMEIAWhiteley, FarehamHampshire, PO15 7FHUKTel: +44 1489 555 600Email: [email protected] Web: www.datacard.comPersonalisation, Secure ID Solutions,Printers, Identity & Issuance.

D

86

database


Datang Microelectronics Technology Co., Ltd.6, YongJia North Road ,Haidian DistrictBeijing, 100094ChinaTel: +86 10 58953111Web: www.dmt.com.cnManufacturer & Personalisation, IDContactless Smart Card, ID Chip.

Dedem Via Cancelliera,59Roma00040 Ariccia ItalyTel: +39 06 930261Email: [email protected]: www.dedem.itPersonalisation, Passports, DriversLicenses and ID Cards, ePassports.

De La Rue Identity SystemsDe La Rue House, Jays Close ViablesHampshireRG22 4BSUKTel: +44 1256 605000Email: [email protected] Web: www.delarue.comSecure Documents Solutions, Secure IDSolutions, Security Printing, ePassports.

DERMALOG IdentificationSystems GmbHMittelweg 12020148 HamburgGermanyTel: +49 40 413 227 0Email: [email protected]: www.dermalog.deBiometric Fingerprint ID Cards,Biometric Readers, Biometric Solutions,Mobile Identification Devices, IdentityProofing Services.

DESKO GmbHGottlieb-Keim-Str. 56Bayreuth95448GermanyTel: +49 921 79279 0Email: [email protected]: www.desko.deReaders, Access control, BiometricVerification.

Digital Identification SolutionTeckstraße 52Esslingen am Neckar 73734GermanyTel: +49 711 341689 0Email: [email protected]: www.digital-identification.comPersonalisation Systems, AuthenticationID, ID Card Printing, SecurityIdentification Solutions, ePassport/Visa,Security Printing

Digital Persona, Inc.720 Bay RoadCA 94063USATel: +1 650 474 4000Web: www.digitalpersona.comReaders & Terminals, FingerprintBiometrics, Authentication.

Diletta ID-SystemsIndustriestrasse 25-2764569 NauheimGermanyTel: +49 6152 1804 0Email: [email protected]: www.diletta.comPassport Printers, Access Management,Passport Personalisation Systems.

DSS28 Main Street EastRochesterNY 14614USATel: +1 585 325 3610Web: www.dsssecure.comPersonalisation, Document SecuritySystems, Printing, Authentication & ID.

DUALi Inc552 Woncheon-dong, Youngtong-gu Suwon, Gyeonggi-do 443-380South KoreaTel: +82 31 213 0074Email: [email protected]: www.duali.comID Card Readers, Test, E-PaymentSolutions, Secure ID Solutions.

EDAPS Consortium64 Lenina Str.,Kyiv 02088Ukraine

Tel: +38 44 561 25 90 Email: [email protected]: www.edaps.comID Security Documents, Manufacturing,Personalisation, ePassports, DriversLicence, Security Document Printing, IDSmart Cards

EDSI immeuble Atalis 135510 CESSON-SEVIGNE,FranceTel: +33 2 23 45 14 30 Email: [email protected]: www.edsi-smartcards.comPersonalisation & Card Test Tools,Secure Smartcard Operating Systems,Healthcare & Transport ID Cards,Reader Access Control, Consulting.

eKryptoElectronic Trade Solutions Ltd.Beaux Lane House, Mercer Street LowerDublin 2IrelandTel: +353 87 929 0768Email: [email protected]: www.eKrypto.comID Cards & Passport Readers,Fingerprint Scanner, Biometric Readers,ID & Authentication Application.

Elliott identification systemsMemphis,TN 38134USATel: +1 901 372 4600Email: [email protected]: www.elliottdata.comSecure Identity Solutions, ID CardSolutions.

EntrustThree Lincoln CentreDallas, Texas 75240USATel: +44 118 953 3000Email: [email protected]: www.entrust.comIdentity-Based Security Solutions,Access Control, Authentication & ID.

Emperor TechnologyShenzhen Emperor TechnologyDevelopment Co., Ltd.China

E

87

database


Tel: +86 755 83416677Email: [email protected]: www.xiongdi.cnCard Personalisation Systems, SecureID Systems, Card Payment Terminals, ID Cards Solutions.

Ethertrust 27 bis Bd Charrier,FranceTel: +33 6 80 23 77 79Email: [email protected]: www.ethertrust.comSecurity of Credentials, Identity AccessManagement.

exceet Card AG MünchenEdisonstraße 3GermanyTel: +49 89 33034-0 Email: [email protected]: www.exceet-card-group.comID Management Solutions, Readers,Embedded Electronics & SecuritySolutions.

FasverITW Security GroupZAE La Biste - BP4834671 Baillargues CedexFranceTel: +33 4 67 87 66 99Email: [email protected]: www.fasver.comDesign & Produce Security Documents,Authentication & Verification,Manufacturing & Personalisation.

Feitian Technologies Co., Ltd.Floor 17th, Tower B, Haidian DistrictBeijing 100085ChinaTel: + 86 010 62304466Email: [email protected]: www.ftsafe.comID Smart Cards, Readers, PKI,Authentication Token.

FIMEImmeuble le Phénix 124 rue Émile Baudot91120 PalaiseauFranceTel: +33 1 64 53 36 50Web: www.fime.comConsulting, eIdentity Testing Solutions,Testing ePassport.

Foster & Freeman LtdVale Business Park,WorcestershireWR11 1TDUKTel: +44 1386 768050Email: [email protected]: www.fosterfreeman.comAuthentication & Verification,Verification Instruments for SecurityDocuments i.e. Passports & ID Cards.

Garsų pasauliSalomėjos Nėries str. 69,LT-06304, Vilnius,LithuaniaTel: +370 5 24 999 00Email: [email protected]: www.gp.ltSecurity Printing Solutions.

Gemalto NVBarbara Strozzilaan 3821083 HN Amsterdam,The NetherlandsTel: +31 20 562 06 80Web: www.gemalto.comID Security Solutions, Secure PersonalDevices Software, Identity and AccessManagement, ID Cards & ePassports,Secure Documents.

GEP SPABuilding U & V80022 Arzano (NA) ItalyTel: +39 02 26599419Email: [email protected]: www.gepitalia.itEmbedding Security Paper, ePassports,ID Cards.

GET GroupGlobal Enterprise Technologies Corp.Waltham, MA 02451,USATel: +1 781890 6700Email: [email protected]: www.getgroup.comID Document Systems Integrators &Issuers, Authentication & ID, ePassports,Visas, Drivers License & IdentificationCards.

Giesecke & Devrient (G&D)Prinzregentenstrasse 159D81677 Munich,GermanyTel: +49 89 4119 0Email: [email protected]: www.gi-de.comID Security Solutions, Passports, Visas,National ID Cards, Drivers licences,Health Cards, Tachograph Cards &Residence Permits, Identity Proofing.

Giesecke & Devrient is a leading international technology provider with a longtradition. G&D develops, produces, andmarkets products and solutions forpayment, secure communication, andidentity management. The companyprovides innovative security technologiesin connection with banknotes, securitydocuments, and ID systems as well assmartcard-based solutions for telecommunications, electronic payments,and secure mobile applications. G&Dmaintains a leading competitive andtechnological position in these areas.The group’s clients most notably includecentral banks and commercial banks,wireless communications providers,businesses, governments, and publicbodies.

GIE SESAM-Vitale5, Boulevard Marie et Alexandre Oyon 72019 Le Mans Cedex 2FranceTel: +33 811 709 710Email: [email protected]: www.sesam-vitale.frSystems Integrator, ID Health Cards.

GMX YouTransactor32, rue Brancion75015 PARISFranceTel: +33 1 75 43 75 20Email: [email protected]: www.youtransactor.comMobile Identication Devices.

GoznakMoscow,115162Russia

G

88

database


Tel: +7 495 363 2370Email: [email protected]: www.goznak.ru/engSecurity Printing Solution.

Graphic Security Systems Corp. Lake Worth,FL 33467USA Tel: +1 561 966 0501Email: [email protected]: www.graphicsecurity.comSecurity Printing Solution,Authentication & Verification,Document Security.

HID Global Haverhill Business ParkHaverhillSuffolk CB9 7AEUKTel: +44 1440 714 850Email: [email protected] Web: www.hidglobal.comSecure Identity Solutions, GovernmentDocument Security Solutions, e-Passports, e-Visas, e-Health & e-DriversLicence, Authentication Tokens.

HJP Consulting GmbHHauptstrasse 3533178 BorchenGermanyTel: +49 5251 41776 0Email: [email protected]: www.hjp-consulting.comID Systems Consultancy,Manufacturing, Personalisation & CardTest Tools, e-Passports, eID Cards andeHealth Card & IT Systems.

HOBİMBAYRAMPASABayrampaşaIstanbulTurkeyTel: +90 212 4672467Email: [email protected]: www.hobim.comManufacturing & Personalisation, IDCards & Health Cards..

Hologram Industries22 Avenue De l’EuropeFranceTel: +33 1 64 76 31 00

Email: [email protected]: www.hologram-industries.comManufacturing & Personalisation,Digital Security Solutons, Identity &Travel Documents, Driver’s Licenses,Passports, ID Cards, Visas, ID Cards &Passport Readers.

HOTech Hellenic Organotiki 3 Alkmanos st. GR-11528, AthensGreeceTel: +30 211 1817900Email: [email protected]: www.hotech.euIdentity Management Solutions, ID Card Solutions.

hw-engineering GmbH & Co. KGIm Schönblick 24DE - 73066 UhingenGermanyTel: +49 7163 530818Email: [email protected]: www.hw-eng.comPersonalisation & Authentication, IDCard Solutions, ID Card Issuers,Machinery-Personalisation, Printers.

icarRonda Can Fatjó 2108290 CerdanyolaBarcelonaSpainTel: +34 935942474Email: [email protected]: www.icarvision.comAuthentication of ID DocumentSystems, Integrators, ID-Cloud, IdentityFraud & Document Mangement.

ID3 Semiconductors5 rue de la VerrerieFranceTel: +33 4 76 75 75 85Email: [email protected]: www.id3semiconductors.comReaders & Terminals, ID &Authentication, Identity ProofingServices, Biometrics Software.

ID Tech Rothenberg Nord 3Germany

Tel: +49 8851 4099980Email: [email protected] Web: www.idtechproducts.comContactless Reader.

Identita Technologies Inc.4580 Dufferin StreetNorth YorkOntario, M3H 5Y2CanadaTel: +1 416 650 9505Email: [email protected]: www.identita.comIdentity Authentication Solutions &Systems, ID Smartcards, Machinery-lamination, Identity ManagementPlatform.

IDpendant GmbHEdisonstr. 385716 UnterschleissheimGermanyTel: +49 89 3700 110 0Email: [email protected]: www.idpendant.deIdentity & Access Security Solutions,Readers & Terminals, Authentication, IDCard Management Systems, ID Cards.

ID Technology Partners, Inc.Conference and Technology CenterSuite 110Gaithersburg, MD 20877USATel: +1 301 990 9061 Email: [email protected]: www.idtp.comIdentity Credentialing Solutions, IdentityManagement, Credentialing Systems.

iDTRONIC GmbHDonnersbergweg 167059 LudwigshafenGermanyTel: +49 62 166900940Email: [email protected]: www.idtronic.deRFID Readers and RFID Tags, AccessControl.

Incard SACH - 1228 Plan Les OuatesGenevaSwitzerlandTel: +41 22 929 29 29Email: [email protected]: www.incard.it

I

H

89

database


Manufacturing & Personalisation,Readers & Terminals, e-ID Smartcards.

Identive Groupc/o Hirsch ElectronicsSanta Ana, CA 92705USATel: +1 949 250 8888Email: [email protected]: www.identive-group.comIdentity Solutions Management,Readers, Personalisation, PhysicalAccess.

IAIIAI industrial systemsP.O. Box 2005500 AE VeldhovenThe NetherlandsTel: +31 40 254 24 45Email: [email protected]: www.iai.nlPersonalisation Systems, ID &Authentication, Passports, SecurityDocuments, ID Card PersonalisationSystems.

Infineon Technologies S.A.S39/47, Boulevard Omano93527 Saint-Denis CEDEX 2FranceTel: +33 1 48097200Web: www.infineon.comChip Manufacturers, ePassportSolutions, Government Identification: e-Passport, ID cards, Health Cards,Social Card & Driver License.

Ingenia Technology (UK) Ltd.4-6 Throgmorton AvenueLondon EC2N 2DL,UKTel: + 44 207 256 9267Email: [email protected]: www.ingeniatechnology.comDocument Authentication, Scanner.

Ingenico Healthcare/e-ID“Immeuble River Seine” 92158 Suresnes CedexFranceTel: +33 1 46 25 80 80 Email: [email protected]: healthcare-eid.ingenico.come-ID & Authentication, Secure e-Identitydocuments, Healthcare e-ID &Transport Cards, Card Readers.

InkSure 18 East 16th StreetNew York, NY 10003USATel: +1 646 233 1454Email: [email protected]: www.inksure.comAuthentication, Security DocumentReader.

Inteligensa19495 Biscayne Blvd.Suite 800 Aventura,Florida 33180USATel: +1 305 682 9220Email: [email protected]: www.inteligensa.comManufacturing & Personalisation,Biometric Smart Card, ID &Authentication, Authentication Tokens.

Inspectron Ltd.Apex HouseSomersetBA11 3AS,UKTel: +44 01373 452555Email: [email protected]: www.inspectron.comSecure Document Verification Solutions,ePassports, Secure DocumentsSolutions, Security Print.

Intercede Group plcLutterworth Hall, St. Mary’s RoadLeicestershireLE17 4PSUKTel: +44 1455 558 111Email: [email protected]: www.intercede.comID & Credential Management Systems,Identity Verification, Physical Access,Mobile Identity Verification.

Interpolaris 1 North Bridge RoadSingapore 179094SingaporeTel: +65 6338 8370Email: [email protected]: www.interpolaris.netGovernment Secure CredentialingProcesses, Secure Printing, IdentityManagement.

Iris ID Systems, Inc.Cedar Brook Corp CenterCranbury, NJ 08512USATel: +1 609 819 4747Web: www.irisid.comAuthentication & Verification, NationalID, Access Control.

Istituto Poligrafico e Zecca delloStato S.p.A.Via Salaria,1027 – 00138 RomaItalyTel: +39 06 85081Email: [email protected]: www.ipzs.itSecure Documents, Identity Cards,ePassport.

ITW Covid Security Group32 Commerce Dr,NJ 08512,USTel: +1 609 395 5600Email: [email protected]: itwcovid.comPersonalisation, Holography, SecurePrinting, Secure Documents.

IXLA S.A. GAP Laser srl, Via Ponte Chiusella, 2810090 Romano C.se (TO) ItalyTel: +39 0125719286Email: [email protected]: www.ixla.chCard & ePassports Personalisation, IDCards, ID Secure Printing.

Jura JSPGebhardtgasse 13/81190 ViennaAustriaTel: +43 1 367 83 88Email: [email protected]: www.jura.atCard Personalisation, Biometrics, HighSecurity Features, Biometric Reader, Secure Printing Technology.

Keesing Reference Systems B.V.Hogehilweg 17Amsterdam

J

K

90

database


NetherlandsTel: +31 20 7157 800Email: [email protected]: www.keesingreferencesystems.comID Document Checker & Scanners,Authentication & Verification.

KEOLABS17, avenue Jean Kuntzmann38330 MontbonnotFranceTel: +33 4 76 61 02 30Email: [email protected]: www.keolabs.comTesting & Certification, ePassport TestValidation Platforms.

KeywareIkaroslaan 24B-1930 ZaventemBelgiumTel: +32 2 346 25 23Email: [email protected]: www.keyware.comeID Solutions, Terminals.

Kobil Systems GmbH67547 Worms, GermanyTel: +49 6241 30040Web: www.kobil.comMobile Identification Devices.

KURZLeonhard Kurz Stiftung & Co. KG90763 FuerthGermanyTel: +49 911 71 41 0Email: [email protected]: www.kurz.dePersonalisation System, Hot FoilStamping, Signature Foils, SecurityFoils, Secure Printing Technology.

LAB ID srlVia Corticella 11/4Loc. Trebbo di Reno,ItalyTel: +39 051 70 59 41Email: [email protected]: www.lab-id.comRFID Contactless ID, Readers.

Landqart AG Kantonsstrasse 16

CH-7302LandquartSwitzerlandTel: +41 81 307 90 90Email: [email protected]: www.landqart.comSecure Identity Paper, Passports & VisaPaper.

LMC S.p.A.Laser Memory Card00197 - RomaItalyTel: +39 06 3361 6091Email: [email protected]: www.lasercard.itAuthentication & Verification Systems,Readers & Writers.

LEGIC Identsystems Ltd.Binzackerstrasse 41Post Box 1221CH-8620 WetzikonSwitzerlandTel: +41 44 933 64 64Email: [email protected] Web: www.legic.comReaders & Terminals Chips, ContactlessID Cards, ID/Access Contactless Cards,Access Control, Consulting.

Leonhard Kurz Stiftung & Co.KGSchwabacher Strasse 48290763 Fürth, GermanyTel: +49 911 71 41 0Email: [email protected]: www.kurz.dePersonalisation System, Hot FoilStamping, Signature Foils.

Lodvila Sėlių st. 3A,LT-08125Vilnius,LithuaniaTel: +370 5 271 59 37Email: [email protected]: www.lodvila.ltSecurity Printing Solutions.

Lumidigm, Inc.801 University Blvd SE, Ste 302Albuquerque, NM 87106USATel: +1 505 272 7084Web: www.lumidigm.com

Authentication Solutions, FingerprintReaders, Attendance Terminals.

MagicardUltra Electronics Card SystemsDorset DT4 9XD,UKTel: +44 1305 767 100Email: [email protected]: www.ultramagicard.comPrinters, ID Smart Card Printers.

MaskTech GmbHNordostpark 1690411 NurembergGermanyTel: +49 911 955149 0Email: [email protected]: www.masktech.deSecure ID Solutions, Chip OperatingSystems, ID Chip Solutions,Personalisation Software, ePassport,eNational-ID, Health Cards, eDriversLicense.

Matica System S.p.a.Via G. Rossa 4/620037 Paderno Dugnano (MI)ItalyTel: +39 02 922 72501Email: [email protected]: www.maticasystem.comCard Personalisation Systems, CardMailing Systems, Printers, DigitalIdentification Solutions, Secure PrintingTechnology.

Merkatum Corp.Suite 1039111 Jollyville Road Austin, Texas78759USATel: +1 512 687 3157Email: [email protected]: www.merkatum.comBiometric Security & ID, BiometricIdentity Management Solutions,Credentialing, Mobile Identification,Access Control, Tme & Attendance.

MELZER maschinenbau GmbHRuhrstr. 51-5558332 SchwelmGermanyTel: +49 2336 9292 0

M

L

91

database


Email: [email protected]: www.melzermaschinenbau.deID & Security Machine Solutions, e-passports, RFID Tickets, Tags & Labels.

MikronJSC MikronZelenograd, Moscow 124460RussiaTel: +7 495 229 72 99Email: [email protected] Web: www.mikron.sitronics.comID Chips, Authentication Tokens.

MorphoPostbus 53002000 GH HaarlemThe NetherlandsTel: +31 23 799 5111Email: [email protected]: www.morpho.comManufacturing & Personalisation,Biometric ID Documents, e-Documents,Identity Cards, Passports, DriverLicenses and Healthcare cards, Identity& Access Management, AuthenticationServer, ePassports.

MorphoTrust296 Concord RoadBillerica, MA 01821USATel: +1 978 215 2400Email: [email protected]: www.morphotrust.comDocument authentication, IdentityManagement Solutions, Contactlesssmart card.

Mühlbauer AGJosef-Mühlbauer-Platz 193426 RodingGermanyTel: +49 9461 952 0Email: [email protected]: www.muehlbauer.deManufacturing & Personalisation,Secure ID Solutions Machinery, e-Passports, e-Driving Licences, e-IDCards and RFID labels.

Multicard3370 N San Fernando Rd., Ste 202Los Angeles, CA 90065USATel: +1 888 383 6083Email: [email protected]

Web: www.multicard.comSecure ID card solutions, IDManagement, Consultancy.

NagraID - Kudelski GroupLe Crêt-du-Locle 10, P.O. Box 1161 2301 La Chaux-de-Fonds,SwitzerlandTel: +41 32 924 04 04Email: [email protected]: www.nagraid.comManufacturing & Personalisation, IDCard Solutions, Government & SecureID Credentials, e-Service ID Cards:Citizen ID’s, Key Card, e-ConsumersCard, Identity & Access Management.

NagraID offers tailor-made solutionsbased in multi-application smart cardsolutions including high security printingfeatures with contact and/or securecontactless technology, and has developed a unique and patented process tomanufacture ISO Display Cards forcitizens ID’s and secure ID’s useapplications.

We support also Citizens ID programswith our NagraID Bio-platform that is anideal solution for rapidly and safelydeploying applications such as nationale-ID’s, eHealth and other ID programs.The core software of our Bio-platformsolution are based in the latesttechnologies available on the market(COTS - Commercial-Off The-Shelf) andhas been designed and integratedtransparently with other information andbusiness systems. This approach insuresthat the system provided has robust andscalable foundations that comply withcurrent national and internationalstandards.

Secure Manufacturing Plant for IDCredentials certified ISO 9001:2000

NARBONI3 Avenue d’Amazonie,91952 Les Ulis cedex, FranceTel: + 33 160 92 23 23Web: www.narboni.comManufacturing & Personalisation, ID &Access Cards.

Natural SecurityParc Euratechnologies165 Avenue de Bretagne59000 LilleFranceTel: +33 0 361 761 461Email: [email protected]: www.naturalsecurity.comBiometric Access Control Reader, ID &Authentication Application.

NBS TechnologiesZone Industrielle, Avenue Villevieille13106 Rousset CedexFranceTel: +33 4 42 53 27 72Email: [email protected]: www.nbstech.comID Manufacturer, ID Card Printers,Personalisation, Trusted ServiceManager (TSM).

NEOWAVEPôle d’activités Y. Morandat13120 Gardanne FranceTel: +33 4 42 50 70 05Email: [email protected]: www.neowave.frIDentity Solutions, Smart Card IdentitySolutions.

NEC Corporation7-1, Shiba 5-chome,TKY 108-8001JapanTel: +81 3 34541111Web: www.nec.comContactless Smartcards, Fingerprint,ePassport, Healthcare ID, BiometricsIdentification Solutions,

NEXPERTS GmbHSoftwarepark 37A-4232 HagenbergAustriaTel: +43 7236 3351 4600Email: [email protected]

N

92

database


Web: www.nexperts.comID & Authentication Application, Access& Security.

Nidec Sankyo5329,Shimosuwa-machi,Suwa-gun, Nagano393-8511, JapanTel: +81 75 922 1111Email: [email protected]: www.nidec-sankyo.co.jpBiometrics Reader.

NISLe Grand Bosquet - Bât CA-4232 HagenbergGermanyWeb: www.nis-infor.comID Card Solutions, ID & Health Cards,Contactless Card Readers, PKI.

NXP 4 rue du port aux Vins92150 SuresnesFranceTel: +33 1 40 99 52 00Web: www.nxp.comSemiconductors, ID Cards IC, ReaderICs, eGovernment.

Oberthur Technologies50, quai Michelet92532 Levallois-PerretFranceTel: +33 1 55 46 72 00Email: [email protected]: www.oberthurcs.comManufacturing & Personalisation SecureIdentity Documents, Secure Documents,ID Smart Cards, Security Printing,Personal ID Verification Card.

OmniPerception Ltd20 Nugent Road,Guildford,Surrey GU2 7AFUKTel: +44 1483 688350Email: [email protected]: www.omniperception.comIdentity Management Solutions,Biometric Solutions, Access Control,Time & Attendance, Face Recognition.

On Track Innovations, Ltd. (OTI)ZHR Industrial ZoneRosh Pina, 12000IsraelTel: +972 4 6868000Email: [email protected]: www.otiglobal.comSmart ID Integrating & IssuingSolutions, ID & Authentication, eIDCards, ePassports, Driver Licenses,ePasspots.

OPSEC Security Ltd.40 Phoenix RoadWashington,Tyne & Wear NE38 OADUKTel: +44 191 417 5434Email: [email protected] Web: www.opsecsecurity.comPersonalisation & Authentication,Passport and Travel DocumentSolutions, ID Card Security, ID Cards.

OpenTrust11-13 rue René Jacques 92131 Issy-Les-Moulineaux CedexFranceTel: +33 01 55 64 22 00Web: www.keynectis.comTrusted Identities, IDigital IdentityManagement Solutions, Citizen ID &Corporate ID.

Orcanthus18, rue de Cosswiller,67310 WasselonneAlsaceFranceTel: +33 3 88 40 25 01Web: www.orcanthus.comAccess Control, Identification &Authentication Solutions, BiometricContactless Cards, Readers, FingerprintScanners.

ORIBIPostbus 4The NetherlandsTel: +31 13 52 11 256Email: [email protected]: www.oribi.nlID Document Solutions.

Otto Künnecke GmbHBülte 1Holzminden37603

GermanyTel: +49 55 31 93 00 0Email: [email protected]: www.kuennecke.comPersonalisation Systems, ManufactureMachines, Verification.

OVD Kinegram AGZählerweg 12CH-6301 ZugSwitzerlandTel: +41 41 724 47 00Email: [email protected]: www.kinegram.comSecurity Personalisation, SecurityHolographic Element.

PanasonicWilloughby Road,Berks, RG12 8FP,UKTel: +44 1344 706900Email: [email protected]: www.panasonic.net/pss/ePassportReader/ePassport Reader, Handy Terminal/Printer, POS System.

PAV CARD GmbHHamburger Strasse 6D-22952 LütjenseeGermanyTel: +49 4154 799 0Email: [email protected]: www.pav.deCard Personalization, Passport Inlays,Secure Document Solutions, CardPrelaminates, Passport Inlays.

Payne SecurityWildmere RoadOxonOX16 3JUUKTel: +44 1295 265601Email: [email protected]: www.payne-security.comID & Authentication, PersonalisationSystem, Security Overlays, Passports &National ID Cards Print & Holography.

PGP Group LtdSanlian Industrial ZoneShenzhen 518108,ChinaTel: +852 8191 4158

P

O

93

database


Email: [email protected]: www.pgpgroupltd.comManufacturing & Personalisation,Security ID Cards, Holographic.

Precise Biometrics ABBox 798220 07 LundSwedenTel: + 46 46 31 11 00Email: [email protected]: www.precisebiometrics.comBiometric Solutions, Card Readers,Fingerprint Solutions, Smart ID Cards,Government ID Systems.

Prooftag SAS1100, Avenue de l’EuropeF-82 000 Montauban FranceTel: +33 5 63 21 10 50Email: [email protected]: www.prooftag.comSecure Document Solutions, ID &Authentication, PersonalisationSolutions, Passport, Identity Cards,Visas, Driving Licence.

Radeče papir, d.o.o.Njivice 7SloveniaTel: +386 3 568 03 01Email: [email protected] Web: www.radecepapir.siSecurity Paper, Security Printing,Holograms.

Regula LtdRegula Forensic science systemsMinsk220036Republic of BelarusTel: +375 17 2862825Email: [email protected]: www.regulaforensics.comPassport & ID Document Readers,Biometric Reader.

Riscure B.V.Frontier Building2628 XJ DelftThe NetherlandsTel: +31 15 251 4090Email: [email protected]: www.riscure.comSecurity Test tools.

RosanFloor 4125212 Moscow,RussiaTel: +7 495 933 8513Email: [email protected]: www.rosan.ruPersonalisation ID Cards, AccessControl, Consultancy, BiometricPassport Software.

ruhlamat GmbHSonnenacker 299819 MarksuhlGermanyTel: +49 36925 929 0Email: [email protected] Web: www.ruhlamat.comManufacturing & Personalisation,Passport Processing Solutions,ePassports, RFID inlays, PersonalisationMachine Solutions.

ruhlamat is an innovative Germanmachine manufacturer providing equipment for the production of:

· Smart cards· (e)-Passports· RFID Inlays· Chip modules

With an extensive background as aninnovator in the industry, ruhlamat’sparticular areas of expertise in cardpersonalisation are high quality laserengraving and HD DOD inkjet printingunmatched in today’s industry.

Safe ID Solutions AGWilly-Messerschmitt-Straße 1 85521 OttobrunnGermanyTel: +49 89 45 21 26 0 Email: [email protected]: www.safe-id.deID & Authentication, Public &Corporate Security, Secure,Credentials, ID DocumentsManagement.

Safelayer Safelayer Secure Communications S.A.C/ Basauri 17 Edif. B, Plta. Baja Izq. Ofic. B 28023 MadridSpainTel: +34 917 080 480Email: [email protected]: www.safelayer.comID & Authentication, eID Cards &ePassports, PKI, Consultancy, ElectronicSignature.

SafeNet UKRivercourtBlackwater, CamberleySurrey GU17 9AB ,UKTel: +44 1276 608000Email: [email protected]: www.safenet-inc.comID & Authentication, GovernmentSecurity Solutions.

Safran MorphoHaarlem, NH 2031 CGThe NetherlandsTel: +31 23 799 51 11Email: [email protected]: www.morpho.comID & Authentication, Identification,Detection and eDocument, Biometrics,ePassports and Identity Cards, DriversLicences.

Sceencheck Europe BV2621 Corrinado CourtFort Wayne IN 46808 USATel: +1 866 484 0611Email: [email protected]: www.screencheckna.comID Card Software Systems andSolutions, ID Printers.

Secure IC37- 39, rue Dareau,75014 Paris,FranceTel: +33 1 45 81 82 34Email: [email protected]: www.secure-ic.comChips, Secure Microchips.

Security Foiling LtdFoxtail RoadIpswich,

S

R

94

database


Suffolk IP3 9RT,UKTel: +44 1473 707204Email: [email protected]: www.securityfoiling.co.ukSecurity Foils, Holograms.

secunet Security Networks AGKronprinzenstr. 3045128 EssenGermanyTel: +49 201 5454 0Email: [email protected]: www.secunet.comBiometrics and Electronic ID Solutions,Secure Electric Processes, IdentityManagement.

Selp SecureRue Louis Pergaud16000 AngoulêmeFranceTel: +33 5 45 25 17 00Email: [email protected]: www.selpsecure.comSecure Documents Solutions, Printing.

SICPA SAAvenue de Florissant 411008 Prilly,SwitzerlandTel: +41 21 627 55 55Web: www.sicpa.comSecurity Ink Technology, Passports,Government Security Solutions.

Smartmatic105 Piccadilly, 6th floorLondon W1J 7NJUKTel: +44 20 7629 9279Email: [email protected]: www.smartmatic.comSecure Document Solutions, ID &Authentication, Biometric Security,Identity Management Software,Biometric Identity Management.

Smart Cube Information Tech.PO Box 1301 AmmanJordanTel: +962 6 460 2000Email: [email protected]: www.smartcube.coPassport & Visa, ePassports, AutomatedFingerprint Identification System, SecurePrinting Technology, e-Gate System.

Smart Packaging Solutions (SPS)85 avenue de la Plaine,ZI de Rousset13106 Rousset CedexFranceTel: +33 4 42 53 84 40 Email: [email protected]: www.s-p-s.comManufacturing, Pre-Personalisation,Secured Contactless Products,ePassport, Identity, Banking.

With more than 20 years, SmartPackaging Solutions (SPS) is a providerof high value added components for thecontactless Smart Cards market.Ideally located in Rousset in Provence,the French Silicon Valley, SmartPackaging Solutions uses its skills andunique know-how to deliver high quality,reliable and easy to use patentedproducts.

SPS is specialized in the development,production and sale of high value addedcomponents for secured contactlessproducts. SPS is therefore positioned atthe heart of the value chain as a supplierof semi-finished products to systemsintegrators and cards/passports manufacturers or issuers.

SMARTRAC N.V.Strawinskylaan 8511077 XX AmsterdamThe NetherlandsTel: +31 20 30 50 150Email: [email protected]: www.smartrac-group.comeID inlays, ePassports, eID Cards.

SmartwareLe CarthagéneZ.A. de Courtaboeuf91940 Les UlisFranceTel: +33 1 64 86 25 25Email: [email protected]: www.smartware.frReaders, e-Passport & ID Card Reader,Personalisation.

SOLIATIS128 Place Gambetta13300 Salon de ProvenceFranceTel: +33 4 90 57 30 20Email: [email protected]: www.soliatis.comTest Tools, Card & Reader Test Tools,Consultancy.

Speed Identity ABGlödlampsgränd 1SE-120 31 Stockholm,SwedenTel: +46 8 702 33 50Email: [email protected]: www.speed-identity.comBiometric & Security Solutions,Biometric Data Capture System forTravel & ID Documents.

Springcard 13 voie la CardonParc Gutenberg91120 PalaiseauFranceTel: +33 164 53 20 10Email: [email protected]: www.springcard.comReaders & Writers, ID Biomericsolutions, Access Control.

STMicroelectronics39, Chemin du Champ des FillesPlan-Les-OuatesCH 1228 GenevaSwitzerlandTel: +41 22 929 29 29Web: www.st.comManufacturer Semiconductors, Readers& Terminals, ID & Authentication.

ST Incard S.r.lZ.I. Marcianise Sud Marcianise CE 81025ItalyTel: +39 0823 630 111Email: [email protected]: www.incard.itManufacturers ID Cards, BiometricSolutions, eID Cards, Biometric ID, PKI.

Suprema Inc. 16F Parkview Office Tower, Jeongja-dong, Bundang-gu Seongnam,Gyeonggi, 463-863Korea

95

database


Tel: +82 31 783 4502Email: [email protected]: www.supremainc.comePassport Readers, Time & Attendance,Biometric Reader.

Sybernautix13 Station ApproachAshfordTW15 2GHUKTel: +44 1784 730352Email: [email protected]: www.sybernautix.comIdentity Management Solutions, IdentityAuthentication & Verification, IDReaders, Biometric Security SoftwareSolutions, Drivers Licenses, Passport/Visas, National ID Cards.

Syx Graphics ID SolutionsDr. Vandeperrestraat 1822440 GeelBelgiumTel: +32 14 96 00 96Email: [email protected]: www.syx-graphics.comManufacturing & Personalisation, IDCard Solutions , ID Security Solutions,Printing, Biometrics Software.

TAG Systems SACtra. de la Comella, 49AndorraTel: +376 879 600Email: [email protected]: www.tagsystems.netManufacturing & Personalisation, SmartID cards, High Security ID cards,Authentication Server, BiometricsSoftware.

Taurus Secure SolutionS Ltd.Athens 11257 GreeceTel: +30 210 8225926Web: www.taurus.comSecurity Printing Solution, Holographic,Authentication & Verification.

Team Nisca100 Randolph Road Somerset, New Jersey, 08873 USATel: +1 732 271 7367

Email: [email protected]: www.teamnisca.comMachinery Personalisaton, ID CardPrinters.

tesa scribos GmbHQuickbornstr. 2420253 HamburgGermanyTel: +49 40 4909 6330Web: www.tesa-scribos.comSecurity Solutions, DocumentProtection.

Teslin SubstratePPG Industries Monroeville, PA 15146 USATel: +1 888 774 2774Email: [email protected] Web: www.ppg.comSecurity Papers.

ThalesSecurity Solutions & Services Division92526 Neuilly-sur-Seine CedexFranceTel: + 33 1 57 77 80 00Email: [email protected]: www.thalesgroup.comReaders & Terminals, ID &Authentication, Manufacturing &Personalisation, ID ManagementSoftware Solutions, Access Control,Biometrics Software.

Thames Card Technology Ltdthames houseRayleighEssex SS6 7UQUKTel: +44 1268 77 55 55Email: [email protected]: www.thamescardtechnology.comManufacturer and Personalisation IDcards, Consultancy.

Toppan Printing CompanyOld Change House, 128 Queen Victoria StreetLondon,EC4V 4BJUKTel: +44 20 7213 0500Email: [email protected]: www.toppan.co.ukID & Authentication, DocumentSecurity, Kamicard, ePassport.

Trüb AGHintere Bahnhofstrasse 12 5001 Aarau,SwitzerlandTel: +41 62 832 00 00Email: [email protected]: www.trueb.chManufacturing & Personalisation,Secure document Solutions, ID &Authentication, National IdentityDocuments, ID Smartcards.

Trusted Labs5, rue du Bailliage 78000 Versailles,FranceTel: +33 1 30 97 26 20Email: [email protected]: www.trusted-labs.comEmbedded System Security, Test Tools &Compliance, Security Consulting.

Trusted Logic6, rue de la Verrerie92197 Meudon CedexFranceTel: +33 1 78467600Email: [email protected]: www.trusted-logic.comSecurity Platform Solutions, ID SmartCards, e-Passport and PersonalIdentification Platform.

TSSI Systems LtdRutland House, Groundwell Ind. Estate, Swindon, SN25 5AZ UKTel: + 44 1793 747700 Email: [email protected]: www.tssi.co.ukReaders, Document Security, ID CardManagement, Passport Readers,Biometric Security, Access Control.

UL Transaction SecurityDe Heyderweg 22314 XZ LeidenThe NetherlandsTel: +31 71 581 3636Email: [email protected]: www.ul-ts.comTransaction Security, Test Tools,eDocuments, Tachographs, Verification& Authentication.

T

U

96

database


Valid USA220 Fencl LaneIL 60162USATel: +1 708 44 2800Email: [email protected]: www.validusa.comPersonalisation Solutions, IDSmartcards, Secure Identity &Credentialing Solutions.

Vasco Data SecurityKoningin Astridlaan 164,B-1780 WemmelBelgiumTel: +32 2 609 97 00Email: [email protected]: www.vasco.comAuthentication Server, Reader.

VirdiUnion Community Co.Ltd44-3, Bangi-dong,Seoul, 138-050KoreaTel: +82 2 6488 3062Email: [email protected]: www.virditech.comBiometric Readers.

Virtual SolutionsOne Broadway, 14th FloorCambridge, MA 02142Massachusetts USATel: +1 617 395 5895Email: [email protected]: www.virtualsolutions.comSecure data platforms.

Vision Database Systems1562 Park Lane South 500, Jupiter, FL 33458 Songpa-gu,USATel: +1 561 748 0711 Email: [email protected]: www.visiondatabase.comID Card Software, ID card and TrackingSolutions.

Vlatacom d.o.o.5 Milutina Milankovica11070 Belgrade,SerbiaTel: + 381 11 377 11 00

Email: [email protected]: www.vlatacom.comManufacturing & Personalisation,Authentication & Verification, BiometricID and Travel Documents, ID SoftwareSolutions, .

VoiceVault Inc.400 Continental Blvd.6th FloorEl Segundo, CA 90245USATel: +1 310 426 2792Email: [email protected] www.voicevault.comIdentity Verification, Authentication,eSignatures.

VTT Verschleißteiltechnik GmbHAm Pferdemarkt 16D – 30853 LangenhagenGermanyTel: +49 511 519350 0Email: [email protected]: www.vtt.deSecure Document Solutions, Passports,Personalisation Solutions, Machinerylaminating, National IDs, DrivingLicences.

W.Arnold GmbHMörfelder Landstrasse 11D 63225 LangenGermanyTel: +49 610379023Email: [email protected]: www.cardcontrol.comRFID Readers & Terminals, AccessControl, Biometric Systems.

Witte Safemark GmbHSendener Stiege 448163 MünsterGermanyTel: +49 2536 991 00Email: [email protected]: www.witte-group.deSecure Printing Technology, AccessControl.

Xerox FranceRue Claude ChappeB.P. 345

07500 Guilherand-GrangesFranceTel: +33 4 75 81 44 44Web: www.xerox.cmMobile Identification Devices, IdentityAccess Management.

Zebra Technologies Corporation475 Half Day Road, Suite 500Lincolnshire,Illinois 60069USATel: +1 847 634 6700Web: www.zebra.comSecure ID Card Printers, Secure PrintingTechnology.

ZetesRue de Strasbourg 1130 Brussels BelgiumTel: +32 2 728 37 11Email: [email protected]: www.zetes.bee-ID & Authentication, Secure IDDocuments, eID Cards, ePassports,Visas and Driving Licences.

.... For more information please visitwww.globalsmart.com

W

X

Z

V

http://www.sdw2014.com

http://www.connectidexpo.com