Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
CAN UNCLASSIFIED
Defence Research and Development Canada Contract Report DRDC-RDDC-2017-C282 November 2017
CAN UNCLASSIFIED
FASTER-PrivBio Project Plan Kim Burrett-Scott WorldReach Software
Jean-Guy St. Amour Immigration, Refugees and Citizenship Canada
David Bissessar Canada Border Services Agency
Prepared by: WorldReach Software 2650 Queensview Drive, Suite 250 Ottawa, ON K2B 8H6 PSPC Contract Number: B8625-160470-001-SV Technical Authority: Jean-Guy St. Amour DRDC Contact: Brian GreeneContractor's date of publication: November 2015
CAN UNCLASSIFIED
© Her Majesty the Queen in Right of Canada (Department of National Defence), 2015 © Sa Majesté la Reine en droit du Canada (Ministère de la Défense nationale), 2015
CAN UNCLASSIFIED
IMPORTANT INFORMATIVE STATEMENTS
The information contained herein is proprietary to Her Majesty and is provided to the recipient on the understanding that it will be used for information and evaluation purposes only. Any commercial use including use for manufacture is prohibited.
Disclaimer: This document is not published by the Editorial Office of Defence Research and Development Canada, an agency of the Department of National Defence of Canada, but is to be catalogued in the Canadian Defence Information System (CANDIS), the national repository for Defence S&T documents. Her Majesty the Queen in Right of Canada (Department of National Defence) makes no representations or warranties, expressed or implied, of any kind whatsoever, and assumes no liability for the accuracy, reliability, completeness, currency or usefulness of any information, product, process or material included in this document. Nothing in this document should be interpreted as an endorsement for the specific use of any tool, technique or process examined in it. Any reliance on, or use of, any information, product, process or material included in this document is at the sole risk of the person so using it or relying on it. Canada does not assume any liability in respect of any damages or losses arising out of or in connection with the use of, or reliance on, any information, product, process or material included in this document.
This document was reviewed for Controlled Goods by Defence Research and Development Canada (DRDC) using the Schedule to the Defence Production Act.
Abstract_____________________________________________ Project CSSP-2015-CP-2114 (FASTER-PrivBio) aimed to develop a proof-of-concept for an innovative ‘end-to-end’ screening process for foreign travellers applying for an Electronic Travel Authorization (eTA) and crossing the border into Canada by leveraging the capabilities of the ePassport, smartphone, and Automated Border Control kiosks. The reports collected here capture the project’s initial planning and design work.
Table of Contents_____________________________________ Concept of Operations – Use Case Model Issuance Exercise Test Scenarios Baseline Demonstration Report Exercise Plan Integration Analysis Report
Concept of Operations (Use Case Model) FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 1
FASTER – PrivBio
CSSP -2015-CP-2114
Concept of Operations - Use Case Model
30 November 2015
FINAL
(Charter Task# 2.1, Contract Milestone# 1)
Concept of Operations (Use Case Model) FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 2
Introduction A Concept of Operations diagram and process descriptions have been provided as a guideline of the functionality, flow
and sequence of activities which are part of the FASTER-PrivBio project. The next level of decomposition provides a
more granular look at these activities. This has been done in a use case module presenting all of the actors (human or
system) and actions or steps. This is not presented in a sequential flow necessarily but is more representative of the
decomposition of the steps.
Concept of Operations (Use Case Model) FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 3
Record of Amendments Version No. Amendment / Section Amended Entered By Amendment
Date
Version 1.0 Initial version Richard Gauthier 16 October 2015
Version 1.1 Updates from WorldReach
review
Richard Gauthier 23 November
2015
Version 1.2 Revisions based on project team
feedback
Kim Burrett-Scott 27 November
2015
Concept of Operations (Use Case Model) FASTER – PrivBio
Concept of Operations (Use Case Model) FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 5
Description of each action Request Pin The applicant requests a PIN after entering a valid email address
Generate Pin Faster server generates a random 4 digits PIN and sends it to the applicant’s email address
Login The applicant logs in to the Faster app entering the valid email address used when
requesting the PIN and the PIN received
Authenticate user Faster server authenticates the credentials entered by the applicant. Secure connection is established between the user’s phone and the FASTER server.
Take photo of MRZ The applicant takes an image of the ePassport bio-page using the mobile phone’s camera
Validate MRZ Faster app reads the MRZ lines from ePassport bio-page image and validates the passport issuing country and the passport validity
Set phone on ePassport The applicant sets the phone on a valid passport where the ePassport chip is located
Read ePassport chip Faster app reads the chip using the mobile phone’s NFC capability
Extract data groups Faster app extracts the logical data structure (data groups) and the security data objects (data group hashes) from the ePassport chip: Data group 1 – contents of the Machine readable zone (MRZ) Data group 2 – Passport holder’s photo Data group 15 – Active Authentication public key info (if present)
Take selfie The applicant takes a self-photo using the mobile phone’s camera
Validate selfie quality Faster app validates the applicant’s photo to meet the quality ICAO standards
Extract selfie template Faster app extracts a photo template from the valid self-photo
Answer questions The applicant answers a set of background questions such as criminal convictions, current health conditions etc.
Upload required documents
The applicant provides additional information required by uploading documents
Submit payment info The applicant enters the payment information and submit it
View application info The applicant reviews the application information entered, can continue a partially completed application or submitted
Validate payment Faster app validates and processes the payment information
Submit application info Faster app submits the application information (applicant’s and passport information) to the Faster server
Store application info Faster server stores the application information submitted by the applicant. No images or data are kept on the phone
Concept of Operations (Use Case Model) FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 6
Request biometric token Faster app request the biometric token to be generated
Generate biometric token
PrivBio app generates the biometric token using the photo template and pieces of the applicant/traveler personal information
Request biometric token signature
PrivBio app requests the signature of the generated biometric token
Sign biometric token PrivBio server signs the generated biometric token
Store signed biometric token
PrivBio app stores the signed biometric token on the mobile phone
Retrieve application info Faster server retrieves the application information submitted by the applicant
Validate ePassport data group hash
Faster server hash each data group extracted from the passport chip and compares it with the data group hashes also stored in the ePassport chip
Validate ePassport Issuer Signature
Faster server validates the data groups’ hashes using the Document signing certificate use to sign them
Validate ePassport Country Signature
Faster server validates the Document signing certificate using the Country signing certificate authority
Evaluate selfie Against ePassport Photo
Faster server compares the applicant self-photo versus the passport photo extracted from the ePassport chip and determines the percentage of match
Query Lost & Stolen Passport List
Faster server sends queries about the passport information tothe lost and stolen passport database and only stores only responses indicating pass/fail or ok/not ok (no data is passed)
Query Watch Lists Faster server sends queries about the passport holder information to the watch list databases and only stores only responses indicating pass/fail or ok/not ok (no data is passed)
Approve Application Faster server automatically approves the application if all the check criteria have passed
Generate QR code Faster server generates a QR code once the application has been approved
Send Notification to Applicant
Faster server sends the required notifications to the applicant’s email address: - Request additional information - Request interview - Approval confirmation - Rejection confirmation
Review Application The Immigration reviewer or the Immigration approver can look at the application information when it has not been auto-approved to determine the next step
Request Additional The Immigration reviewer or the Immigration approver can issue a request for further
Concept of Operations (Use Case Model) FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 7
Documentation information to the applicant’s email.
Approve Application The Immigration approver decides to approve the application after reviewing all the application information received
Reject Application The Immigration approver decides to reject the application after reviewing all the application information received
Send Interview Request to applicant
The Immigration approver sends an Interview request if deemed necessary to the applicant’s email address, indicating place, date, time and name of the Immigration interviewer
Attend to interview The applicant attends the interview if it was requested
Interview Applicant The Immigration interviewer meets with the applicant and uses an interview script specific to the applicant’s case
Record Interview Notes The Immigration interviewer registers the notes with answers and comments related with the interview
Present Travel Authorization Credentials
The applicant/traveller presents the ePassport and Biometric token stored in the applicant/traveller’s mobile phone
Verify Biometric Token Signature
PrivBio kiosk verifies the Biometric token signature presented by the applicant/traveler
Retrieve Biometric Token
PrivBio kiosk retrieves the Biometric token once its signature has been verified
Scan ePassport PrivBio kiosk scans the biopage of the applicant/traveller’s ePassport to retrieve the MRZ lines
Validate MRZ PrivBio kiosk reads the MRZ lines from photo and validates the passport issuing country and the passport validity
Read ePassport Chip PrivBio kiosk reads the chip using the kiosk’s NFC capability
Take Photo of Traveller PrivBio kiosk takes a photo of the applicant/traveller using the kiosk’s camera
Extract Traveller’s Photo Template
PrivBio kiosk extracts a photo template from the photo taken by the kiosk
Generate Biometric Token
PrivBio kiosk generates the biometric token using the photo template and pieces of the applicant/traveler personal information
Compare Generated Token Against Stored Token
PrivBio kiosk compares the biometric token just generated with the one stored on the applicant/traveller’s phone
Provide Verification Feedback
PrivBio kiosk informs the applicant/traveller the result of the verification of their travel authorization credentials
Concept of Operations (Use Case Model) FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 8
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 1
FASTER – PrivBio
CSSP -2015-CP-2114
Issuance Exercise Test Scenarios
30 November 2015
FINAL
(Charter Task# 2.1, Contract Milestone# 1)
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 2
FASTER-PrivBio Issuance Exercises
Goal/Purpose The two technology demonstration exercises are intended to provide the project team and partners an
opportunity to work through a series of different usage scenarios highlighting the interfaces and
interaction of the technologies, processes and policies that constitute the FASTER-PrivBio Concept of
Operations.
Exercises There are 2 technology demonstration exercises as part of FASTER-PrivBio CSSP-2015-CP-2114. The first
exercise will focus on the steps leading to the issuance of a response to an application - Issuance
Exercise which will take place in February 2016.
The second is the Verification Exercise which will take place in July 2016.
Exercise 1
The objective of this document is to outline the content of various scenarios to be executed in Issuance
exercise 1. A second set of scenarios will be prepared at a later point to focus on Verification processes
for exercise 2.
All scenarios are simulated; however, the exercises will make use of volunteered ePassports provided by
individuals close to the project. The information read from these ePassports as part of the application,
assessment and issuance processes for electronic travel authorization will be kept in a separate, secure
test database, used and disclosed only for the purposes of this project and will not be retained any
longer than the duration of this project. At the end of the project, the volunteered data will be securely
destroyed.
No data associated with this project will be integrated with external databases. Any Interpol Stolen and
Lost Travel Document Database (SLTD) or watchlist references in the scenario outcomes are strictly
fictitious for the purposes of understanding the relevant processes and policies.
All information and discussions as part of the exercise are to be treated as confidential and not for
disclosure outside the exercise.
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 3
Scope Scope Item Description
Type of exercise This is a functional tabletop exercise. Expected to take 1 day (x hours?)
Situation Consists of a number of volunteer individuals and groups going through the process of applying for an Electronic Travel Authorization & Agency (IRCC) personnel reviewing & making determinations on issuance.
Functions /Activities Simulation of application process – by volunteers public users Simulated assessment process –
i) FASTER application automated steps, including checks of IRCC database(s) ii) Manual steps, by IRCC agents in the case of flagged applications
Simulated issuance process – PrivBio automated credential preparation, signing & issuance
Agencies involved Public citizens - represented by volunteers project team & invitees IRCC –Immigration agency CBSA – Border agency DRDC –as observer OGDs -as observers, participants
Personnel CIC – Strategic Business and Analysis Unit and Subject Matter Expertise (SME) from the Operational Management and Coordination Branch CBSA , Ottawa U & Ryerson U – biometrics, privacy & mobile platform security (PrivBio) WorldReach – technical application & platform development and requirements gathering (FASTER)
Exercise tools
1. Android phones 2. ePassports (voluntarily provided by project team members & invitees, as well as specimens provided by IRCC) 3. FASTER mobile application downloaded to phones 4. FASTER issuance server 5. PrivBio application 6. PrivBio issuance server
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 4
Scenarios Scenario 1
Simulation outline –Single Applicant Auto-approval - 1 person applying for an eTA from a visa-exempt country - not flagged on any watchlist - ePassport is valid, not fraudulent - passport photo is of the person applying - selfie matches on passport photo
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily - Immigration processing agent can quickly search for the approved applicant if they wish to look for it -it is clear to the applicant what the token is for
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, place phone on ePPT and take self-photo
May require more than one self-photo if quality not good enough for submission
Enter address information as required.
Answer questions in such a manner that no additional information is necessary (e.g. no criminal convictions, health or other concerns)
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 5
Submit payment This is a simulated payment –no credit card information needs to entered
Receive approval email and token on phone
No action – application is auto-approved
Scenario 2
Simulation outline – Single Applicant – Flagged on Watchlist - 1 person applying for an eTA from a visa-exempt country - Gets flagged on watchlist( Facilitator will request passport # in advance of executing this scenario) - ePassport is valid, not fraudulent - passport photo is of the person applying - selfie matches on passport photo
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily -Instructions for follow-on activities are clear -Immigration processing agent can quickly access the application & become aware of what the issue is -Multiple agents involved can see what others have added to
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device. If a PIN has been issued as part of another scenario, it
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 6
can be reused. the file.
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, place phone on ePPT and take self-photo
May require more than one self-photo if quality not good enough for submission
Enter address information as required.
Answer questions in such a manner that no additional information is necessary (e.g. no criminal convictions, health or other concerns)
Submit payment This is a simulated payment –no credit card information needs to entered
Reviewer -Hit for this passport # on the watchlist flagged
Hit on watchlist means Immigration wants applicant to appear at mission closes to applicant.
Reviewer -Issue request for further information/ interview. Note to file for interviewer.
SME to indicate what information would be required.
Receive email request for interview, more info Access application again to submit additional information. In person interview at Mission/embassy
Will require adding an attachment/ scanned passport
Interviewer – access existing data on applicant & can update notes. Passport may be seized & application rejected. Appropriate information to file after interview
Information on seized passport to be relayed to other systems? CBSA procedures kick in.
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 7
Scenario 3
Simulation outline –Single Applicant – Selfie & ePassport photo are not for the person applying (intentional misuse/fraud) - 1 person applying for an eTA from a visa-exempt country - not flagged on any watchlist - ePassport is valid, not fraudulent - passport photo is not of the person applying - selfie manipulated to try to match on passport photo
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily -Applicant can easily access application previously submitted to provide additional information -Immigration processing agent will see a very high match (e.g. over 99% if the applicant has a copy of the passport photo that they are able to submit as the selfie) & can quickly determine that additional photo required & execute request
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device. If a PIN has been issued as part of another scenario, it can be reused.
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, place phone on ePPT and provide a self-photo
Passport does not belong to the applicant. A photo that matches the passport will be provided to use in place of a selfie the person applying for this scenario.
Enter address information
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 8
as required.
Answer questions in such a manner that no additional information is necessary (e.g. no criminal convictions, health or other concerns)
Submit payment This is a simulated payment –no credit card information needs to entered
Reviewer- the application has been flagged due to selfie & ePPT photo receiving too high a % match. Request another photo, ask for a different pose (e.g. mouth open, eyes closed)
Receive request for additional photo by email, access mobile app to redo self-photo & submit
Applicant tries again to submit a photo that is not a selfie but a photo of a photo.
Reviewer- it should be apparent to reviewer that this is not a self-photo.
SME to indicate what would be done in the case where you believe someone was trying to use false documentation to obtain eTA
Receives refusal email.
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 9
Scenario 4
Simulation outline –Single Applicant – ePassport expired - 1 person applying for an eTA from a visa-exempt country - not flagged on any watchlist - ePassport has expired
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily -Applicant is clear on why the process cannot proceed with this passport
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device. If a PIN has been issued as part of another scenario, it can be reused.
Follow instructions on the application to take photo of ePassport(ePPT) MRZ,
After user takes photo of the ePPT, system will detect that it is an expired ePPT & present a message to the applicant. Processing will not proceed unless a valid ePPT is used.
User will cancel the application.
No record of this applicant should be
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 10
found in the system
Scenario 5
Simulation outline – Group (Family) Application -1 Applicant Flagged on Watchlist - family of 2 people applying for an eTA from a visa-exempt country - 1 applicant is flagged on watchlist ( Facilitator will request passport # in advance of executing this scenario) - Both ePassports are valid, not fraudulent - passport photos are of the persons applying - selfies match on passport photo
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily -Applicant can easily access application previously submitted to provide additional information -Immigration processing agent can quickly determine that additional information required & execute request.
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device. If a PIN has been issued as part of another scenario, it can be reused.
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, place phone on ePPT and take self-photo of first applicant
May require more than one self-photo if quality not good enough for submission
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 11
Enter address information as required.
Answer questions in such a manner that no additional information is necessary (e.g. no criminal convictions, health or other concerns)
Follow instructions to add a second applicant on the same application
Same as 2 steps above. Assumption is that family will want to make one payment covering both people
Submit payment This is a simulated payment –no credit card information needs to entered
Reviewer -Hit for 1 of passport # on the watchlist
Reviewer -Issue request for further information for both applicants. Notes to file on both applicants.
SME to indicate what information would be issued to applicant.
Receive email request for more info for applicant who was on watchlist. Provide documentation
Will require attachment of documentation. Sample document will be available for applicant to use
Approver – Determination is that applicants are to be approved. Notes to file for Border agency
SME to indicate what the situation would be to result in approval of both. If rejection, were to occur for 1 applicant note how to handle tracking of this.
The way FASTER works currently is approval or refusal on all applicants in the application. The flexibility to approve some applicants while refusing others that have been submitted in the same application will be modified by time of second exercise.
Receive approval email and token on phone
Scenario 6
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 12
Simulation outline – Group/Family Application – 1 Applicant Triggers Manual Review - Family of 2 people applying for an eTA from a visa-exempt country - 1 applicant’s answers to questions triggers further inquiry - Both ePassports are valid, not fraudulent - passport photos are of the persons applying - selfies match on passport photo
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily -Applicant can easily add attachments/scans when required -Immigration processing agent can quickly determine that additional information was provided & sufficient to approve.
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device. If a PIN has been issued as part of another scenario, it can be reused.
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, place phone on ePPT and take self-photo of first applicant
May require more than one self-photo if quality not good enough for submission
Enter address information as required.
Answer questions in such a manner that additional information is necessary (e.g. criminal conviction, health problem)
Will require explanatory text to be entered
Follow instructions to add Same as 2 steps above.
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 13
a second applicant on the same application
Assumption is that family will want to make one payment covering both people
Submit payment This is a simulated payment –no credit card information needs to entered
Reviewer –application is not auto-approved due to answers to questions so the application becomes available to review.
Reviewer -Issue request for further information for both applicants. Notes to file on both applicants.
SME to indicate what information would be issued to applicant.
Receive email request for more info for applicant. Provide documentation
Will require attachment of documentation. Sample document will be available for applicant to use
Approver – Determination is that applicants are to be approved. Notes to file for Border agency
SME to indicate what the situation would be to result in approval of both. If rejection, were to occur for 1 applicant note how to handle tracking of this. Currently system only allows approval/rejection on all applications in a submission
Receive approval email and token on phone
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 14
Scenario 7
Simulation outline –Single Applicant – Token Misplaced - 1 person applied for an eTA from a visa-exempt country and was approved - Was not flagged on any watchlist - ePassport was valid, not fraudulent - passport photo is of the person applying - selfie matches on passport photo - Token received but misplaced by applicant & want to reobtain token
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily - Immigration processing agent can quickly search for the approved applicant if they wish to look for it -applicant is easily able to obtain replacement token
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device. If a PIN has been issued as part of another scenario, it can be reused.
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, place phone on ePPT and take self-photo
Enter address information as required.
Answer questions in such a manner that no additional information is
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 15
necessary (e.g. no criminal convictions, health or other concerns)
Submit payment This is a simulated payment –no credit card information needs to entered
Receive approval email and token on phone
Misplace token & need to re-aquire prior to travel to Canada
Q-to PrivBio team –how will this be handled?
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 16
Scenario 8
Simulation outline –Single Applicant – Change Phones After Token Issuance - 1 person applying for an eTA from a visa-exempt country and was approved - not flagged on any watchlist - ePassport is valid, not fraudulent - passport photo is of the person applying - selfie matches on passport photo - applicant has a new phone & wants to reobtain token
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily - Immigration processing agent can quickly search for the approved applicant if they wish to look for it -applicant is easily able to obtain replacement token
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device. If a PIN has been issued as part of another scenario, it can be reused.
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, place phone on ePPT and take self-photo
Enter address information as required.
Answer questions in such a manner that no additional information is
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 17
necessary (e.g. no criminal convictions, health or other concerns)
Submit payment This is a simulated payment –no credit card information needs to entered
Receive approval email and token on phone
Acquire a new mobile phone in advance of travel to travel to Canada and need to re-aquire token???
Q-to PrivBio team –do they need to get another token or would it be associated with the email that was received?
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 18
Scenario 9
Simulation outline –Single Applicant – Passport which is not an ePassport - 1 person applying for an eTA from a visa-exempt country - not flagged on any watchlist - Passport does not contain a chip
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily -Applicant is clear on why the process is altered after trying to read chip & determining not possible. - Immigration processing agent can quickly search for the approved applicant & see that this was not an ePPT application but that all other available information is valid & application is -it is clear to the applicant that their application has been approved and email with 2D bar code is proof.
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, place phone on ePPT and take self-photo
After user places phone on passport system after a period of a number of seconds it will not be able to detect chip & present a message to the applicant that the step can’t be completed & they should proceed to the next step to take the selfie.
Enter address information as required.
Answer questions in such a manner that no additional information is
The applicant should be found in the system but the information available
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 19
necessary (e.g. no criminal convictions, health or other concerns)
for review will be less than was available for an ePPT submission. Review and approve the application.
Submit payment This is a simulated payment –no credit card information needs to entered
Receive approval email with 2D bar code.
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 20
Scenario 10
Simulation outline –Single Applicant – Passport which is not for a Visa-exempt country - 1 person applying for an eTA from a country which is not visa-exempt - not flagged on any watchlist - ePassport is valid, not fraudulent
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily -Applicant is clear on why the process cannot proceed with this passport
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device. If a PIN has been issued as part of another scenario, it can be reused.
Follow instructions on the application to take photo of ePassport(ePPT) MRZ,
After user takes a photo of ePPT, system will detect that it is not a passport for a visa-exempt country & present a message to the applicant. Processing will not proceed unless a
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 21
valid ePPT is used.
User will cancel the application.
No record of this applicant should be found in the system
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 22
Scenario 11
Simulation outline –Single Applicant – Passport holder is a refugee for Visa-exempt country - 1 person applying for an eTA has passport from a visa-exempt country but applicant nationality is another country & they are a refugee - not flagged on any watchlist - ePassport is valid, not fraudulent
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions
Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily -Applicant is clear on why the process cannot proceed with this passport
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise, either on the smartphone being used or another device. If a PIN has been issued as part of another scenario, it can be reused.
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, and place phone on ePPT
After user takes a photo of ePPT & places phone on passport to read the chip, system will detect that the nationality is for refugee or non-visa-exempt country & present a message to the applicant. Processing will not proceed unless a
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 23
valid ePPT is used.
User will cancel the application.
No record of this applicant should be found in the system
Issuance Exercise Test Scenarios FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 24
Scenario 12
Simulation outline –Single Applicant – a Minor - 1 person applying for an ETA from a visa exempt country is a minor - not flagged on any watchlist or SLTD - ePassport is valid, not fraudulent - passport photo is of the person applying - selfie should match on passport photo
Player Actions Applicant Immigration Agents
Actions Comments/ Instructions Actions Comments/ Instructions
Evaluation criteria Observations /Comments
Access the WR VisaReach (henceforth FASTER) application on the phone
The application will be loaded on the phones used in the exercise in advance
-Applicant is able to follow instructions on mobile application to complete process quickly & easily - Immigration processing agent can quickly search for the approved applicant if they wish to look for it -it is clear to the applicant what the token is for
Follow instructions on the application to provide a valid email account & access PIN
Email account needs to be accessible from the location of the exercise
Follow instructions on the application to take photo of ePassport(ePPT) MRZ, place phone on ePPT and take self-photo
No requirement for information on someone submitting on behalf of a child. Is it necessary?
Submit payment This is a simulated payment –no credit card information needs to entered
Receive approval email and token on phone
Minor will require possession of the token or a QR code at verification time.
Baseline Demonstration Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 1
FASTER – PrivBio
CSSP -2015-CP-2114
Baseline Demonstration Report
30 November 2015
FINAL
(Charter Task# 2.1, Contract Milestone# 1)
Baseline Demonstration Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 2
Contents Record of Amendments ................................................................................................................................ 3
Executive Summary ....................................................................................................................................... 4
Overview of Baseline Demonstration ........................................................................................................... 4
Where we are in the project ..................................................................................................................... 4
Participants ............................................................................................................................................... 6
Overview of Workflows ............................................................................................................................ 7
Principles of PbD ........................................................................................................................................... 8
Demonstration Record of Observations and Findings .................................................................................. 9
Baseline Demonstration Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 3
Record of Amendments Version No. Amendment / Section Amended Entered By Amendment
Date
Version 1.0 Initial version Kim Burrett-Scott 12 November
2015
Version 1.1 Updates from WorldReach
review
Kim Burrett-Scott 20 November
2015
Version 1.2 Revisions based on project team
feedback
Kim Burrett-Scott 30 November
2015
Baseline Demonstration Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 4
Executive Summary
The “Facilitation and Secure Identification of Low Risk Categorized and Extremist Traveller (FASTER Priv-
Bio)” Technology Demonstration project seeks to demonstrate a mobile technical solution that would
facilitate the remote authentication of travellers applying to the Immigration, Refugees and Citizenship
Canada (IRCC) formerly known as Citizenship and Immigration Canada (CIC) using a mobile device, the
ePassport and privacy preserving facial biometrics (Renewable Biometric Reference or RBR). This would
allow for early identification, screening and facilitation travellers to Canada and accelerate the screening
processes throughout the air travel continuum while protecting the traveller’s personal data, such as
biometrics, passport and other sensitive biographic information. The demonstration will apply the
Privacy by Design framework and 7 Foundational Principles.
The project will conduct software integration of a number of key technologies, including RBR, which will
then be used in a number of technology demonstration exercises for which WorldReach is providing the
software and technology platform. The project partners will participate in the exercises, consisting of
realistic business scenarios simulating remote pre-screening. The project is a simulation, no real
person/applicant information or data or government traveller systems or networks will be used in
testing.
.The first phase of the Execution Stage of this project included tasks to complete the baseline
demonstration of the technology and the definition of test scenarios for the first technology
demonstration. Feedback received during this phase will be used in the following phase to define the
potential project integration points. The baseline demonstration resulted in a number of findings
detailed in this report that will influence the next phases of the project.
Overview of Baseline Demonstration
Where we are in the project At the project Kickoff meeting, held on August 17, 2015, the diagram below which formed part of the
FASTER-PrivBio Project Charter was presented. At the beginning of this baseline demonstration it was
revisited to update partners on the current state of the project.
Baseline Demonstration Report FASTER – PrivBio
The first phase of work in the Execution Stage of this project was to carry out a number of tasks to facilitate a baseline demonstration. These included:
Setting up a ‘sand-pit’ environment for this project which WorldReach and Ottawa U can do installs and integration of software for use in the project. This is an isolated environment not connected to any live systems or containing any live data. Establishment of a set of test scenarios to be used in the first technology exercise focusing on the Issuance process of electronic travel authorizations scheduled for the 1st Quarter of 2016. Elaboration on the concept of operations initially presented in the Project Charter in conjunction with information gained in discussions with universities & other partners. Conduct baseline demonstration with partners reviewing potential integration points and flow between the components in FASTER and PrivBio Execute the test scenarios using the baseline technology and software to the extent possible for the Issuance processes
These tasks have now all been completed and the deliverables circulated for feedback with the project team.
Baseline Demonstration Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 6
Participants The following is a list of the participants from all the project partner organizations who were able to
attend the baseline demonstration /working session:
Immigration, Refugees and Citizenship Canada (IRCC)
Jean-Guy St-Amour – Manager, Business and Strategic Research, Operations Performance Management Branch
Kimberly Chrétien –Policy Advisor, NHQ Admissibility Branch
Waleed Shatob – Statistical Analyst, Operations Performance Management Branch
Karen Tso – Manager, NHQ Admissibility Branch
Canada Border Security Agency (CBSA)
Nicholas Koutros –Senior Policy Officer, Access to Info. & Privacy Division
David Bissessar- Research Scientist, Border Technology Division
Kai Paul - Senior Program Advisor, Air Division, Identity Management
Lori Pucar – Manager, Traveller Transformation -Air Division, Identify Management
Marnie McKinstry Manager, Traveller Transformation -Air Division, Passenger Processing
Ottawa University
Carlisle Adams - School of Electrical Engineering and Computer Science (EECS)
Maryam Hezaveh – working on PhD (EECS)
Ali Noman – working on PhD (EECS)
Xiaomei Zhang –Post doctorate (EECS)
Fayzah Al-Shammari –working on Masters (EECS)
Ryerson University
Michelle Chibba –Research Associate
Alex Stoianov –PhD, CIPP/C
WorldReach Software
Gordon Wilson –President
Kim Burrett-Scott –Requirements & QA
Richard Gauthier –Architecture & Development
Ana Negrete –Business Analyst
Randy Wong –Business Development -Canada
Steven Grant –Business Development - International
Jason Knapp –Technical Architect
Shelley Bryen –Marketing
Baseline Demonstration Report FASTER – PrivBio
Overview of Workflows During the baseline demonstration of the FASTER-PrivBio project, two main workflows were discussed and foundation principles of Privacy by Design were considered. The first discussion focused on WorldReach’s current VisaReach platform for the application and issuance of secure travel authorization. This baseline product was used to demonstrate the data capture and authentication process of the applicant, for usage in the approval of an electronic travel authorization. The following diagram represents the workflow that was demonstrated through the WorldReach application. This workflow is a subset of the concept of operation from the initial FASTER-PrivBio proposal and charter.
Application and Issuance of Electronic Travel Authorization
Baseline Demonstration Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 8
The second part of the discussion focused on the PrivBio concept. The following diagram was
presented by CBSA. It describes the components involved in acquiring and processing the data required
for the generation of the Renewable Biometric Reference (RBR). The data is first captured with the
mobile device, then processed by the issuance server to generate the RBR. The RBR is then transmitted
to the mobile device to be available during the verification process. The generation of the RBR will be
available for demonstration during the first Issuance Exercise to be conducted in late February 2016. The
verification process will be demonstrated in the second Verification Exercise in the early summer of
2016.
Generation of the Renewable Biometric Reference (token)
Principles of PbD Michelle Chibba was able to attend in person for the follow-up face-to-face meeting (September
28/2015) and refresh the group on the principles of Privacy by Design as summarized in the diagram
below. After reviewing these, and in the context of the demonstration of the FASTER baseline, there
were numerous comments and considerations noted with relation to embedding privacy into the design
and functionality of the overall system, the use of privacy-preserving biometrics and resulting policy
implications.
Baseline Demonstration Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 9
Demonstration Record of Observations and Findings The baseline demonstration generated a great deal of interactions and discussions which provided
valuable input for the technology integration, capabilities review (e.g. business policy), as well as privacy
and biometric security reviews being carried out in subsequent phases of this project.
For those who couldn’t attend the group session, a separate demonstration was arranged at IRCC and a
general offering to conduct demonstrations was put forward for anyone in partner organizations.
Observations from such demonstrations are also included below.
These observations and comments have been summarized in subcategories below.
Visibility /Transparency
General Observation
Ensure clarity to members of the public using FASTER (WorldReach VisaReach application) on:
o How their personal information is to be used when submitting this information to a
government agency to request a travel authorization.
o Only the necessary information is requested.
Baseline Demonstration Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 10
o What will become of the information in the long term (eg. specific use of the
information by the government agency, who has access to this information, information
storage procedure and time limit, etc.)
The baseline version of FASTER collects only the information captured from the ePassport. The
interface has been developed with the goal of using graphical images as much as possible to
instruct the user on the steps required, and provide instructions that are simple and brief.
For consideration in FASTER
Terms & conditions should be easily accessible to the “enrollee/applicant” at any point when
completing the application process and duplicated on the website
The terms & conditions should be concise, given this is a mobile application, and clearly stated
The questions asked of the applicant may change over time, therefore the public application
must have the facility for these questions to be easily modified by the government agency as
required.
FASTER must have the capability for the user to cancel their application at any point in the
process or securely delete it after they have submitted their application.
Data Protection/Security
General Observation
Ensure that there is adequately protection of the personal information a user has entrusted to
the application, on the mobile device and wherever the personal information is stored or
transmitted.
It was noted that FASTER is intended for transmission and storage of personal data using the
encryption standard appropriate to the sensitivity of the data.
For consideration in FASTER
Ensure that the phones log files (image gallery) do not retain any images of the passport MRZ
snapshot or selfie that are submitted as part of the application process. Minimal personal data
should be stored on the mobile device.
Team members looking at Privacy by Design (Ryerson) are to consider and provide feedback on
the email/PIN process and the sufficiency of this process for protection of private data.
A depersonalization process needs to be configurable for the government agency to set the time
period for retention of the data, as this may vary due to policy changes over time.
Baseline Demonstration Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 11
Usability/ User Interface
General Observation
A user-centric approach which encompasses User Interface Design features that make it easy for
the user to:
o Know what they have to do
o Know where they are in the process
o Easily complete these tasks
o Provide the user feedback to confirm what they have done is right or needs correction
o Encounter minimal risk of making mistakes that result in incorrect information being
submitted or having to abandon the application
The FASTER mobile application currently reads as much information from the passport as
possible to minimize data entry required by the applicant which helps to reduce keying errors. It
was noted in discussions with the IRCC – eTA group that there is a % of current applications via
their web application that require manual review due to data entry errors (e.g. entry of date of
birth or typo in a name).
For consideration in FASTER
Ensure the application is as stream lined as possible– e.g. all necessary instructions to complete
a task should be able to be seen without scrolling.
Make clear distinction between actions that have not been completed correctly, therefore user
correction is required and where the user can take action to delete information or applications
voluntarily. Provide clearly differentiated visual cues (e.g. how to take a picture of your
ePassport bio page, not covering the MRZ lines, garbage cans presented where the user can
choose to get rid of information; caution or exclamation signs where the user has something not
completed correctly – along with text describing steps for corrective action).
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 1
FASTER – PrivBio
CSSP -2015-CP-2114
Exercise Plan
30 January 2016
FINAL
(Charter Task# 2.2, Contract Milestone# 1)
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 2
RECORD OF AMENDMENTS
Version No. Amendment / Section Amended Entered By Amendment Date
Version 1.0 Initial version Kim Burrett-Scott 26 November 2015
Version 1.1 Revisions from internal review Kim Burrett-Scott 27 November 2015
Version 1.2 Revisions from project team
review
Kim Burrett-Scott January 2016
Note: It was determined that it was not possible to obtain enough time from participants to approach the
exercise in this interactive manner. Voluntary involvement by one or two participants was decided as a
reasonable approach.
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 3
Table of Contents
RECORD OF AMENDMENTS .............................................................................................................................2
Table of Contents ....................................................................................................................................................3
Purpose ...................................................................................................................................................................4
Exercise Description ............................................................................................................................................4
Background .........................................................................................................................................................4
Overview .................................................................................................................................................................5
Objectives ............................................................................................................................................................5
Process ................................................................................................................................................................5
Assumptions ........................................................................................................................................................5
Evaluation / Analysis Methodology .........................................................................................................................6
Agenda ....................................................................................................................................................................7
FASTER-PrivBio Issuance Exercise Tentative Agenda ..........................................................................................7
Roles & Expectations ...............................................................................................................................................8
Facilitator, Players, Evaluators, Observers ..........................................................................................................8
Players Role .....................................................................................................................................................8
Players Expectations........................................................................................................................................8
Facilitator Role ................................................................................................................................................8
Facilitator Expectations ...................................................................................................................................8
Evaluator Role .................................................................................................................................................9
Evaluator Expectations ....................................................................................................................................9
Observer Role ..................................................................................................................................................9
Additional Material .............................................................................................................................................. 10
Scenarios / Narrative ............................................................................................................................................ 10
Training ................................................................................................................................................................. 10
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 4
Purpose This Exercise Plan will identify the processes,
procedures, and administrative requirements, type
of exercise and exercise roles and responsibilities
that will support the exercise planning initiatives.
Exercise Plans provide exercise developers and
potential participants with guidance concerning
procedures and responsibilities for exercise design,
and how it is conducted, evaluated and supported.
It explains the exercise concept, establishes the
basis for the exercise and establishes and defines
the exercise support structure needed before,
during and after the exercise.
Exercise Description The exercises for FASTER-PrivBio will be in the form
of workshops, which are a type of discussion-based
exercise used to draw information from players
regarding specific topics while using software to go
through specific pre-defined business scenarios.
There will be 2 exercises held during 2016, one in
the late winter and one in the summer. The first
exercise will focus on the Issuance process for
secure biometric references. The second exercise
will focus on the Verification process at the point of
entry.
Background FASTER-PrivBio represents a unique collaboration
between Citizenship and Immigration Canada (CIC),
the Canada Border Services Agency (CBSA),
WorldReach Software Corporation, and multi-
disciplinary experts in the fields of biometrics,
privacy, security and border management to
facilitate legitimate travel and traveller
convenience, improve the safety and security of
Canadians while at the same time addressing
privacy and data security, and protecting the
integrity of the border from real and present
threats.
The project also explores the use of electronic
travel credentials carried on the Smartphone and
the ability to secure them using privacy-preserving
biometric references.
The concept of operations for the project involves a
traveller applying for a travel document by
providing travel information and access to his/her
ePassport to retrieve facial biometric and
biographical information. Access to the ePassport
provides a secure and reliable method of identifying
the traveller. Once approved by an agency, the
traveller is issued an electronic travel credential
which is then carried on the Smartphone. The
credential is used at various points during the
traveller’s trip, to provide added security and
convenience throughout the travel experience.
These exercises, as part of the project, are intended
to demonstrate this process in a non-production
implementation using voluntarily provided
ePassports which will not be retained after the
exercises.
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 5
Overview
Objectives The following objectives will be addressed
throughout the exercise:
Ensure that the FASTER-PrivBio system
accommodates the normal use
scenarios for valid travellers going
through the process to obtain an
electronic travel authorization.
Test out scenarios where someone is
fraudulently attempting to obtain an
electronic travel authorization and
ensure they get flagged and/or
rejected.
Ensure that user privacy is protected
and security concerns are addressed.
Confirm ease of use and identify gaps
and areas for improvement.
Process This workshop will involve the completion of a
number of different scenarios with participants
carrying out various rolls. The day will begin with a
brief training session on the use of the agency side
application intended for use by immigration officers
(for the issuance exercise) and border control
agents (for the verification exercise). There will be a
Player briefing followed by the initiation of the
scenarios by the exercise controller(s).
The exercise is intended to raise awareness of the
intended interrelationship & integration between
the application, assessment, issuance and
verification stages of the FASTER-PrivBio process
and other systems that may be queried and
connected to during the life cycle of an electronic
travel document.
Following the exercise a Wash-up / Debrief will take
place, the purpose of which will be to highlight the
key issues raised, obtain participant feedback and
propose possible recommendations for
improvement.
Assumptions In order to achieve the exercise objectives during
exercise play, it is intended that exercise events will
progress in a logical and realistic manner. To
ensure these realisms, the following assumptions
must be made:
Basic scenarios will be used with a brief
narrative. Players are asked to use the
scenario to stimulate discussion and
consideration of variables that may
affect the process.
In the absence of appropriate written
instructions, Players will be expected to
apply individual initiative to satisfy
response requirements.
Players will assume that any
organization not participating in the
exercise is responding to the best of
their ability or at full capacity unless
otherwise noted by the Facilitator.
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 6
Evaluation / Analysis Methodology Evaluation is an integral component of the exercise
and is designed to focus on the overall discussion.
For this exercise the aim is to get a sense of the
processes and components involved in achieving
integrated security and authentication of citizens in
order to issue a biometric reference and identifying
strengths and noting opportunities for
improvement in the process. Evaluators will
observe, assess and compare Player actions to the
list of objectives to enable an efficient analysis and
review process.
A Wash-up / Debrief is a post-exercise session that
allows Players to explore the following:
What happened
Why it happened
How to sustain strengths
Areas for improvement
Lessons learned
After both the Issuance and Verification Exercises
an exercise report will be prepared. This serves as a
record of events and written analysis of the
exercise. The exercise participants will be asked to
review a draft of the report produced from each
exercise and provide comments within a set
timeframe and a final Exercise Report will be
disseminated following that review process. The
Exercise Report will include the following:
A record of observations
A record of issues and lessons learned
Recommendations for future integration,
analysis and exercises
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 7
Agenda
FASTER-PrivBio Issuance Exercise Tentative Agenda Time Activity Notes
09:00-09:15 Welcome and Introduction
09h15-
10h00
Training
10:00-10:15 Introduction of Scenario Provided by FASTER-PrivBio
team
10:15-12:00 Exercise – scenario execution
Facilitator (for Exercise) will
prompt discussion & direct
flow of interaction between
players as required.
12:00-12:45 Break
12:45-
2:0000
Exercise – scenario execution
cont’d
2:00-3:00 Wash-up / Debrief .
The exercise will take place on {a date yet to be determined towards the end of February 2016}.
The activities will begin at 0900 with Welcome and Introduction and will end by 1530.
All activities will take place in {location to be determined}
In the event that the HPEOC is activated for a real-life event the workshop will be relocated or
postponed to later date.
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 8
Roles & Expectations
Facilitator, Players, Evaluators, Observers
Players Role
Players are all personnel who discuss or carry out either a role assigned to them as part of the scenario
(e.g. member of the public applying for a travel authorization) or a role they are currently familiar with
through their work (e.g. immigration officer reviewing applications). Players discuss/take actions in
response to the simulated situations.
Players Expectations
The following can be expected of the exercise Players:
Players should have a working knowledge of their standard operating procedures where they are applicable to the scenario.
Players with relevant experience are expected to share those experiences with less experienced participants during the discussions.
Facilitator Role
The Facilitator manages the conduct of the exercise by directing and monitoring the pace and intensity
of play. The Facilitator is the only non-player who may provide information or direction to Players.
Interaction will only occur as required to ensure the flow of the exercise and that exercise objectives are
being addressed.
Facilitator Expectations
The role of the Facilitator is to guide the participants through the exercise. Primary responsibilities
include:
Read and understand this guide prior to conducting the exercise.
Become familiar with the objectives of the exercise and ensure the participants are familiar with these objectives prior to the exercise.
Establish and monitor a basic set of ground rules for participants to follow during discussion.
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 9
Keep the exercise on schedule.
Identify the appropriate times for breaks and lunch (if applicable).
Facilitate discussions by asking pertinent questions rather than offering opinions. Keep all discussions focused by bringing the group back on track if the conversation strays off topic.
Encourage interaction among the different groups as they would be in the “real world.”
Encourage the participants to share their experiences and ideas so that they can learn from one another.
Identify participants that have relevant and recent experience with scenarios such as this and encourage them to share with less experienced participants.
Evaluator Role
The Evaluator collects information and is responsible for recording observations about what happens
within the exercise. It is important to emphasise that the Evaluator(s) are not evaluating players but
rather they are evaluating the relevant plans, processes and procedures.
Evaluator Expectations
The role of the Evaluator is to monitor and capture detailed player activities throughout the exercise.
Primary responsibilities include:
Read and understand this guide prior to the exercise.
Become familiar with the objectives and evaluation forms of the exercise.
Be clearly identified as an Evaluator.
Avoid personal conversations with exercise Players.
Do not prompt players with specific responses or interfere with Player performance in any way.
Stay in proximity to Player decision makers.
Observer Role
Observers do not participate in the exercise but will observe in order to gain a better understanding of
the FASTER-PrivBio and its objectives.
Exercise Plan FASTER – PrivBio
Project: CSSP-2015-CP-2114 Page 10
Additional Material Reference documents may be made available in advance of the exercise, such as Concept of Operations,
Integration Analysis Report etc. This will be determined by the FASTER-PrivBio team in advance of the
exercise.
For the exercises it will be necessary to have numerous Smartphones and ePassports for Players in the
role of members of the public applying for an electronic travel authorization. On a voluntary basis,
participants will be asked in advance to bring their ePassport and /or Smartphone to the exercise. Once
again it will be emphasized that no personal data voluntarily provided for the exercise will be retained
after the exercise or used outside of the project. Details on the number of ePassports and Smartphones
required will be provided closer to the first exercise.
Scenarios / Narrative The scenarios for the Issuance Technology Demonstration Exercise have been circulated separately and
feedback has been provided by project team members. These scenarios will be reviewed and circulated
again just prior to the exercise in order to address any changes necessary based on the integration work
of the PrivBio biometric reference with FASTER.
Training A brief overview of the Agency application interface and its basic functionality will be provided on the
day of the exercise for those who will carry out the role of immigration officer reviewing applications
that have been flagged for various reasons.
There will not be any training provided on the mobile application used by members of the public to
submit their application for an electronic travel authorization as one of the outcomes of the exercise will
be to see how intuitive and user friendly the application is for people downloading it to their
Smartphone and using it for the first time. This will ensure a more accurate real-world test of the
usability of the mobile application.
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 1
FASTER – PrivBio
CSSP-2015-CP-2114 Integration Analysis Report
Initial: Issuance Report Release 14 December 2015, v0.5
Update: Verification Report Release
May 30, 2016, v0.6
(Charter Task# 2.4, Contract Milestone# 5)
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 2
RECORD OF AMENDMENTS
Version No. Amendment / Section Amended Entered By Amendment Date Version 0.1 Initial version Richard Gauthier 24 November 2015 Version 0.2 Updated on initial internal feedback Richard Gauthier 26 November 2015 Version 0.3 Initial draft for internal project team
distribution Richard Gauthier 27 November 2015
Version 0.4 Changes to Option 1 & 2 sequence diagrams
Richard Gauthier 02 December 2015
Version 0.5 Overall edits and addition of the acronym list.
Richard Gauthier 14 December 2015
Version 0.6 Revised to include verification integration points.
Richard Gauthier 30 May 2016
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 3
TABLE OF CONTENT
ACRONYMS ........................................................................................................................................................................... 4
ACRONYMS ........................................................................................................................................................................... 4
1. INTRODUCTION ............................................................................................................................................................. 5
1.1 Purpose..................................................................................................................................................................... 5
1.2 Background ............................................................................................................................................................... 5
2. INTERFACES/INTEGRATIONS ...................................................................................................................................... 6
2.1 Application Data Interface......................................................................................................................................... 6
2.2 ePassport Key Validations ........................................................................................................................................ 7
2.3 FASTER-PrivBio Application Integration .................................................................................................................. 7
Option (1) ......................................................................................................................................................................... 7
Option (2) ....................................................................................................................................................................... 10
Conclusion ..................................................................................................................................................................... 12
2.4 Watchlist Service .................................................................................................................................................... 12
2.5 PrivBio Issuance Interface ...................................................................................................................................... 13
2.6 Kiosk Verification Interface ..................................................................................................................................... 13
3. PRIVACY-BY-DESIGN .................................................................................................................................................. 15
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 4
ACRONYMS CBSA Canadian Border Service Agency
eTA Electronic Travel Authorization
GCMS Global Case Management System
HTTP Hyper Text Transfer Protocol
ICAO International Civil Aviation Organization
IRCC Immigration, Refugee and Citizenship Canada
MRZ Machine Readable Zone
NFC Near Field Communication
PKD Public Key Directory
QR Quick Response
RBR Renewable Biometric Reference
TRL Technology Readiness Level
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 5
1. INTRODUCTION 1.1 Purpose
The Integration Analysis Report defines the potential integration points between the FASTER, PrivBio and external systems that are considered for the technology demonstrations. This report provides a description of the integration points and approaches for implementation. For the purpose of the technology demonstrations, the integration may be limited to a simulation of what a full production integration would require. Live external systems will not be accessed for the technology demonstrations, only representations with test data.
1.2 Background
FASTER-PrivBio represents a unique collaboration between Immigration, Refugees and Citizenship Canada (IRCC), the Canada Border Services Agency (CBSA), WorldReach Software Corporation, and multi-disciplinary experts in the fields of biometrics, privacy, security and border management to facilitate legitimate travel and traveller convenience, improve the safety and security of Canadians while at the same time addressing privacy and data security, and protect the integrity of the border from real and present threats. The project provides an option for an innovative “end-to-end” screening process of millions of immigration applicants by leveraging the capabilities of the ePassport and the Smartphone (such as Near Field Communication (NFC) technology). The technology will demonstrate and test the ability for applicants to self-authenticate during their online immigration application, and the ability of the technology to transmit trusted biometric/biographic data for enhanced screening against watchlists/databases. The technology process would then demonstrate how the results drawn from the client’s information could be used during adjudication of their application. The technology project will also include the creation of a digital client token and show how it can be used to authenticate an approved client to facilitate the movement of the traveller in the travel continuum. In the proposed scenario, the traveller applies for a travel document by providing travel information and access to his/her ePassport to retrieve biometric and biographical information. Access to the ePassport provides a secure and reliable method of identifying the traveler. Once approved by an agency, the traveller is issued an electronic travel credential which is then carried on the Smartphone. The credential is used at various points during the traveller’s trip including points of entry into Canada, to provide added security and convenience throughout the travel experience. Requirements that naturally emerge from this scenario are that the issued credential should be verifiable by authorized verifiers, and should not be lendable from traveller to traveller.
Integration Analysis Report FASTER – PrivBio
1. Application Data Interface 2. ePassport Key Validations 3. FASTER-PrivBio Application Integration 4. Watchlist Service 5. PrivBio Issuance Interface 6. Kiosk Verification Interface
1. Application Data Interface 2. ePassport Validations 3. FASTER-PrivBio Application Integration 4. Watchlist Service 5. PrivBio Issuance Interface 6. Kiosk Verification Interface
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 7
The data elements required for this interface include:
Applicant profile information Application information (e.g.: travel dates, answers to questions) ePassport data groups including Machine Readable Zone (MRZ) information and photo Applicant’s selfie Supplementary documents
2.2 ePassport Key Validations
The ePassport Key Validation interface is embedded within the WorldReach VisaReach platform. The purpose is to validate the data residing on the ePassport chip. The following validations are performed as part of this interface:
1. Data Group Hash values are computed for each of the data groups stored on the ePassport chip. The resulting hash values are then compared with the hash values in the Security Data Object on the chip to ensure the content of the chip is not corrupted.
2. The Document Signing Authority is then validated by comparing the Security Data Object signature with the Document Signing Certificate.
3. The Document Signing Authority is validated against the Country Signing Certificate Authority to determine if the document signing authority is valid.
The Data Groups and the Security Data Object for the ePassport are the data elements required for this interface. For the purpose of the technology demonstration the certificate list is maintained and validated within the WorldReach platform and therefore there are no external sources or external interfaces. Countries issuing ePassport are responsible for maintaining their Document Signing and Country Signing Certificate Authorities which include the private and public keys. The International Civil Aviation Organization (ICAO) provides a public key directory where issuing countries can share public keys. In a production environment, the –public key directory would be provided and maintained by an agency such as IRCC.
2.3 FASTER-PrivBio Application Integration
The purpose of the FASTER-PrivBio integration is the exchange of data required by PrivBio to generate the renewable biometric reference (RBR). There are two options being considered to meet this requirement. The options differ in when and where the data is being shared.
Option (1) Option (1) shown in the sequence diagram below proposes that the integration be implemented on the mobile device. Processing required to generate the RBR is performed on the mobile with the exception of the signing process which is performed on thePrivBio Issuance Server. The data exchange and processing is performed after the application is submitted and approved by the responsible agency which for purposes of the technology demonstration would be IRCC. The data exchange in the Sequence Diagram Option 1 within the red dotted lines, represent the FASTER-PrivBio integration points. The blue dotted line around the FASTER App and PrivBio App indicates that both of these apps reside on the smartphone.The sequence diagram focuses on data flow while not specifically stating all of the functional steps (e.g. selfie ok, continue, not ok so retake). The processing flow is as follows:
1. Data Acquisition and Payment Processing a. Smartphone acquires input data. This includes selfie, ePassport data and payment info b. Payment information is sent to the server for fulfilment
2. Application assessment and Notification
a. FASTER Server conducts name-based search on Global Watchlist b. FASTER Server conducts Passport-based search on Lost and Stolen Passport list.
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 8
c. FASTER Server conducts biometric match verification on passport image and selfie d. FASTER Server conducts validation of ePassport chips information. e. FASTER Server sends acceptance status and QR Code(eventually to be a Signed Digital Seal information
to applicant
3. Credential is prepared and delivered a. FASTER App passes Data Group, Passport template and confirmation number to PrivBio Smartphone
component b. PrivBio smartphone component prepares data for credential issuance c. PrivBio smartphone component invokes PrivBio Server component d. PrivBio Issuance Server component prepares the credential and signs it e. PrivBio Issuance Server component sends the credential to the PrivBio Smartphone Component f. PrivBio smartphone component stores the credential in phones storage
Integration Analysis Report FASTER – PrivBio
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 10
Option (2) Option (2) shown in the sequence diagram below proposes that the integration be implemented at the server level. All processing required to generate the RBR is performed on the PrivBio Issuance Server. The data exchange and processing is performed after the application is approved by the agency. All the data required to generate the RBR is provided by the FASTER server. There is no direct communication between the mobile device application and the PrivBio Issuance server. The data exchange in the diagram within the red dotted lines, represent the FASTER-PrivBio integration points for option (2). The processing flow is as follows:
1. Data Acquisition and Payment Processing a. Smartphone acquires input data. This includes selfie, ePassport data and payment info b. Payment information is sent to the server for fulfilment
2. Application assessment and Notification
a. FASTER Server conducts name based search on Global Watchlist b. FASTER Server conducts Passport search on Lost and Stolen Passport list. c. FASTER Server conducts biometric match verification on passport image and selfie d. FASTER Server conducts validation of ePassport chips information.
3. Credential is prepared and delivered
a. FASTER Server passes Data Group, passport photo template and confirmation number to PrivBio Issuance server
b. PrivBio Issuance Server component prepares data for credential issuance c. PrivBio Issuance Server component prepares the credential and signs it d. PrivBio Issuance Server component sends the credential to the FASTER Issuance server e. FASTER Issuance Server sends acceptance status, QR code and credential information to applicant f. FASTER App requests credential download g. FASTER Server sends credentials. h. FASTER App stores credentials.
Integration Analysis Report FASTER – PrivBio
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 12
The benefits of each option are outlined in the following table.
Option (1) (mobile device integration)
Option (2) (server integration)
Increased privacy: Biometric and biographical data required to generate the RBR contained within the mobile devide and not shared with server.
Simpler integration with a single call at the server level to generate the signed RBR.
RBR generating process is easier to maintain and modify with greater access to servers than distributed mobile applications.
Reduced communication traffic between mobile device and server. Data required to generate RBR is also required for application processing.
Execution constraints (mobile capacity, OS and device differences) are not a factor in this option.
2.3.1. Conclusion The FASTER and PrivBio technology are at different Technology Readiness Levels (TRL). The FASTER component will be a prototype by the time of the Verification Technology Demonstration. The PrivBio components are at the concept and prototype level. For the integration of FASTER and PrivBio, the overall technology needs to be considered at the lowest common denominator. The Benefits outlined above for Option (2) are generally associated with taking a technology to production ready levels (TRL 8 or 9). The objective, as defined in the charter, of the FASTER-PrivBio project is to demonstrate that the technology can move to TRL 7 which is defined as “Demonstration and Validation/Engineering Feasibility – Concept, process, or system prototype demonstration in an operational environment.” The approach described in Option (1) is more in line with the original intent of the PrivBio project regarding privacy, and therefore is the integration option chosen by the project team.
2.4 Watchlist Service
The purpose of the Watchlist Interface is to identify lost & stolen passports and to identify individuals who may be considered high risk travellers. In a live environment the interface to watchlists can be implemented in a number of ways. In some instances, a centralized solution for evaluating the risk of a traveller is centralized within an organization. The centralized solution can provide a web service where information about the applicant is provided and a risk factor is returned. The FASTER platform also supports biometric watchlist verification in which the ePassport photo could be compared with records in the watchlist to identify a person that may have entered under a different alias. For the purpose of the FASTER-PrivBio project, this interface will be simulated with two reference files. These files can be updated by WorldReach to trigger the desired scenarios during the technology demonstrations. The Global Watchlist file contains records with surname, given name and date of birth. When an applicant’s information matches all these fields, the application will be flagged as a person of interest. The system will not provide additional information as to the reason it was flagged. It is expected that if further investigation is required, a processing agent would perform it outside of the system. The Lost & Stolen file contains a list of records with issuing state, passport number, surname, given name and date of birth. When an applicant’s passport matches the issuing state and passport number or when the applicant’s information
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 13
matches surname, given name and date of birth, the application will be flagged as a potential lost and stolen passport and will require further manual review by the processing agent.
2.5 PrivBio Issuance Interface
The purpose of the PrivBio Issuance interface is to digitally sign the RBR. It was originally intended to have this capability embedded within the PrivBio library on the mobile device. However, this is not feasible as there is need to have access to the PKI hosted either by IRCC or CBSA for generating the digital signature and therefore it would need to be hosted in a more controlled IRCC or CBSA environment than the mobile device. The hash value of the RBR is generated and provided by the PrivBio library on the mobile device. The PrivBio Issuance interface will return the digital signature which is then kept as part of the RBR. When the signed RBR is provided as part of the verification process, the signature together with the public key provides the assurance that RBR was issued by the issuing authority and that it has not been tampered with.
2.6 Kiosk Verification Interface
The purpose of the Kiosk Verification Interface is to validate the credentials of the traveller through the kiosk at the border. The data exchange and processing is performed when the traveller presents him/herself at the kiosk on entry into the country. For the purpose of the technology demonstration, the interface with the FASTER server will be established directly with the kiosk. In a production environment, it is expected that all kiosks would interface with FASTER through a centralized CBSA server. In this context the focus is on the data exchange, therefore not describing the processes related to the encrypting and decrypting of the renewable biometric reference /token. The processing flow is as follows:
1. eTA Validation a. The kiosk will read the ePassport, and the eTA QR code to extract the Passport Country of Issuance,
Passport Number and ETA Number. b. The kiosk will send the FASTER Server the Passport Country of Issuance, Passport Number and eTA
Number c. The FASTER Server will return one of the following eTA statuses:
i. Active ii. Not Valid
iii. Expired iv. Revoked
2. Kiosk Photo Validation
a. The Kiosk will take a photo of the traveller. b. The kiosk will read the photo extracted from the ePassport c. Using facial recognition software, the kiosk will compare the photos.
The decision to allow the traveller entry or send them to a border agent for further assessment due to the eTA status or % match between the photo of the traveler and the extracted ePassport photo, will be a manual process handled outside of the FASTER-PrivBio system.
Integration Analysis Report FASTER – PrivBio
Integration Analysis Report FASTER – PrivBio
Project: CSSP-2015-CP-2114 page 15
3. PRIVACY-BY-DESIGN One of the goals of the FASTER-PrivBio technology demonstration project is to identify privacy factors within the technology and concept of operations. Initial considerations were identified during the baseline demonstration and are documented in the FASTER-PrivBio Baseline Demonstration Report. Although, integration of new privacy-by-design considerations was not an objective of the FASTER-PrivBio technology demonstration project, the following considerations are either already included in the design of the WorldReach platform or will be added for the next technology demonstrations.
1. The term & condition should clearly state what data is captured, its purpose and how it will be shared to
external parties. 2. Terms & condition should be accessible to the user anytime during the application process. 3. Capture only the data that is required for the review, approval and verification of the travel document. 4. Ensure that there is no residual private data including ePassport data or photos on the mobile device (such as
logs). 5. Ensure that transmission of data between the mobile device and server uses encryption technology (such as
HTTPS). 6. Ensure that the user provides consent to the mobile device application for accessing certain components such as
camera and NFC reader prior to collecting data from these components.
DOCUMENT CONTROL DATA (Security markings for the title, abstract and indexing annotation must be entered when the document is Classified or Designated)
1. ORIGINATOR (The name and address of the organization preparing the document. Organizations for whom the document was prepared, e.g., Centre sponsoring a contractor's report, or tasking agency, are entered in Section 8.) WorldReach Software 2650 Queensview Drive, Suite 250 Ottawa, Ontario K2B 8H6 Canada
2a. SECURITY MARKING (Overall security marking of the document including special supplemental markings if applicable.)
CAN UNCLASSIFIED
2b. CONTROLLED GOODS
NON-CONTROLLED GOODS DMC A
3. TITLE (The complete document title as indicated on the title page. Its classification should be indicated by the appropriate abbreviation (S, C or U) in parentheses after the title.) FASTER-PrivBio Project Plan
4. AUTHORS (last name, followed by initials – ranks, titles, etc., not to be used) Burrett-Scott, K.;Bissessar, D.; St. Amour, J.-G.
5. DATE OF PUBLICATION (Month and year of publication of document.) November 2015
6a. NO. OF PAGES (Total containing information, including Annexes, Appendices, etc.)
70
6b. NO. OF REFS (Total cited in document.)
0 7. DESCRIPTIVE NOTES (The category of the document, e.g., technical report, technical note or memorandum. If appropriate, enter the type of report,
e.g., interim, progress, summary, annual or final. Give the inclusive dates when a specific reporting period is covered.) Contract Report
8. SPONSORING ACTIVITY (The name of the department project office or laboratory sponsoring the research and development – include address.) DRDC – Centre for Security Science Defence Research and Development Canada 222 Nepean St., 11th Floor Ottawa, Ontario K1A 0K2 Canada
9a. PROJECT OR GRANT NO. (If appropriate, the applicable research and development project or grant number under which the document was written. Please specify whether project or grant.)
9b. CONTRACT NO. (If appropriate, the applicable number under which the document was written.)
B8625-160470-001-SV
10a. ORIGINATOR’S DOCUMENT NUMBER (The official document number by which the document is identified by the originating activity. This number must be unique to this document.) DRDC-RDDC-2017-C282
10b. OTHER DOCUMENT NO(s). (Any other numbers which may be assigned this document either by the originator or by the sponsor.) CSSP-2015-CP-2114
11a. FUTURE DISTRIBUTION (Any limitations on further dissemination of the document, other than those imposed by security classification.)
Public release
11b. FUTURE DISTRIBUTION OUTSIDE CANADA (Any limitations on further dissemination of the document, other than those imposed by security classification.)
12. ABSTRACT (A brief and factual summary of the document. It may also appear elsewhere in the body of the document itself. It is highly desirable that the abstract of classified documents be unclassified. Each paragraph of the abstract shall begin with an indication of the security classification of the information in the paragraph (unless the document itself is unclassified) represented as (S), (C), (R), or (U). It is not necessary to include here abstracts in both official languages unless the text is bilingual.)
Project CSSP-2015-CP-2114 (FASTER-PrivBio) aimed to develop a proof-of-concept for an innovative ‘end-to-end’ screening process for foreign travellers applying for an Electronic Travel Authorization (eTA) and crossing the border into Canada by leveraging the capabilities of the ePassport, smartphone, and Automated Border Control kiosks. The reports collected here capture the project’s initial planning and design work. ___________________________________________________________________________
13. KEYWORDS, DESCRIPTORS or IDENTIFIERS (Technically meaningful terms or short phrases that characterize a document and could be helpful in cataloguing the document. They should be selected so that no security classification is required. Identifiers, such as equipment model designation, trade name, military project code name, geographic location may also be included. If possible keywords should be selected from a published thesaurus, e.g., Thesaurus of Engineering and Scientific Terms (TEST) and that thesaurus identified. If it is not possible to select indexing terms which are Unclassified, the classification of each should be indicated as with the title.) Biometrics, Border Security, Traveller Screening