Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
Page 0
The Lebanese E-Passport
البيومتريجواز السفر اللبناني
مكتب شؤون المكننة-المديرية العامة لألمن العام
Page 1
Page 2
Overview
The project involves the deployment of acomplete biometric enrollment and electronicpassport personalization solution for Lebanon.
The project covers 6 types of E-passports: The Lebanese normal passports The Diplomatic Passports The Special Passports The Service Passports The Palestinian Refugees Travel Documents The Laissez-Passer
Page 3
Overview
The solution already deployed in:GDGS Headquarter and Production Center All Regional GDGS centers.
The Public Relations Department.
The solution will soon be deployed in: The Ministry of Foreign Affairs and Emigrants. 88 diplomatic missions abroad
Page 4
Project scope
• E-Passport booklets and laminates• Application forms. • E-Passport Application Software:
Enrollment, workflow and delivery solution. Personalization solution PKI User management Interfaces with border control system.
• E-Passport Hardware Infrastructure: Data center Production center Enrollment Sites infrastructure preparation and
equipment.
Page 5
Project Goals
• Compliance: The new passport is an electronic machine-readable ICAO, ISO, and EU standards-compliant E-passport.
• Security:
The new passport will include the latest security features.
Tailored enrollment solution.
Personalization and issuance solution to prevent skimming, eavesdropping, counterfeiting, and other fraudulent activities.
• Service enhancement: The migration to the new E-passport system was considered as an opportunity to increase the service level:
Better service and faster issuance times.
Increased flexibility and fully automated work environment.
Better control and visibility on the applications and documents life cycle.
Page 6
Project Goals
• Identity Management: By using the cutting edge biometric technology to complement current authentication methods to:
Eliminate duplications in registrations.
Prevent identity fraud or theft.
Better identify and verify individuals (Unique Personal Number UPN for each registered individual).
• Crossover use of Electronic Security Credentials (beyond passport booklets):
Border control faster processing and greater convenience .
Issued credentials could be used as the accredited basic building block to facilitate derivation into a “virtual” ID for online use.
Issued credential could be used with other public-sector or private-sector services
Page 7
Request Life-Cycle
Page 8
Booklets Life-Cycle (Before Delivery)
Page 9
Booklet Life-Cycle (After Delivery)
stm Issued documents state
Initial
DELIVERED
LOST STOLEN DAMAGED CANCELLED
Final Final Final Final
REVOKED
Final
[Moving from the
production DB]
[Marking as
damaged]
[Marrking as
lost]
[Marking
as stolen]
[Marking as
cancelled]
[Marking
as
revoked]
Page 10
New Application forms
• A4 paper
• 100 gsm paper density
• Multicolor printing
• Anti-scan/copy pattern
• Barcoded uniquely serialized (each form will have unique barcode/serial number)
Page 11
New Application forms
Page 12
The biometric Enrollment solution
• Facial Image Capture
• Ten Fingerprint Capture
• Biographic Data Capture
• Business Rules Enforcement
• Summary Display and application form printing
Page 13
Ten Fingerprints Capture
Page 14
The Enrollment Workstation
Page 15
The Enrollment Workstation
• Suitable for mass enrollment
• Rapid on-site process.
• Top quality biometric capture.
• Automatic height and lighting adjustment
• Fully automated data processing (enrollment, data transfer, authentication)
Page 16
The Portable Enrollment Workstation
Page 17
The Portable Enrollment Workstation
• Light Weight.
• Rapid on-site process.
• Biographic and high quality biometric capture.
• Fully automated data processing (enrollment, data transfer, authentication)
• Robust components
• Easy to carry, no loose components and long-lasting battery
Page 18
The New Electronic Passport
• Compliant to ICAO Doc 9303.
• Components:
Cover: including the inlay with its Integrated Contactless Chip and antenna.
Data page – Additional Info Page – Visa Pages.
• New design concept: Modern – Abstract.
• Security Features.
Page 19
The Cover
E-Passport Logo
Page 20
The Cover
Page 21
Security Features
• More than 50 security Features.• Consistent set of overt (obvious, visible) and
covert (hidden) security features.• Security features inserted during booklets
manufacturing and during the personalizationprocesses.
• Security features of four levels:Level 1: No equipment needed to check the
security feature - usually overt.Level 2: requires a simple, easily available
equipment e.g. UV light source (border controlofficer)
Level 3: requires special inspection equipmentin laboratory (forensic)
Page 22
The Cover (UV)
Page 23
The Datapage
Page 24
The Datapage (UV)
Page 25
The Visa Pages
Page 26
The Visa Pages (UV)
Page 27
The Visa Pages
Page 28
The Visa Pages (UV)
Page 29
The Personalization Machines
• Two industrial e-passports printers.
• Each machine is designed to accommodate the personalization of up to 600 epassports / hour (up to 3600 epassport / day).
• Flexible so that it can be easily extended in the future for higher volumes of personalization, and even different personalization technology.
Page 30
The Personalization Machines
• Allow for fully automated personalization operations: Automatically read the blank booklet serial
number Personalize the electronic passports optically Personalize the chip of the e-Passports Laminate the ePassport. Perform automatic quality control Update the stock management system
automatically
Page 31
Industrial e-passports Printers
Page 32
Lebanon PKI overall solution
Page 33
Country Signing CA = Root CA
• The Certification Authority for e-passports compliant with ICAO is CSCA (Country Signing CA). CSCA issues signing certificates to Document
Signer Server. Document Signer digitally signs the information
contained in the chip.
GDGS is responsible for
the operation of the CSCA
Page 34
PKI Trust Hierarchy: based on X.509 standard
Document Signer certificate
Root CSCA
CRL
CSCA
CRL
1234234749
7623469324
5612129234
7656465234
5623465283
47652
DS
Page 35
Passive Authentication
• Secure the production of passports
• Ensure the authenticity of the passport
• Ensure the data integrity (no data alteration)
Page 36
• The National Certification Authority for Terminal Authentication is called CVCA.
• CVCA issues certificates to DVCA (delegated CA)
• DVCA is delegated CA and issues authentication certificates to Inspection Systems.
GDGS is responsible for
the operation of the CVCA and DV
Root Country Verifying CA
Page 37
PKI Trust Hierarchybased on ISO 7816 standard
DVCA
IS certificate
CVCACVCA
DVCA
IS
Page 38
Extended Access Control(Chip Authentication
& Terminal Authentication)
• Protect access to traveler’s fingerprints (sensitive Data)
• Verify the travel document holder
Page 39
Certificates Validity Periods
Page 40
Interoperability : Foreign Documents verification
Page 41
Interoperability : Verify Foreign Travelers Identity
Page 42
The SPOC(Single Point of Contact)
• An European Framework EU Common Policy guides information exchange (TR-03139) Internationally standardized protocol SPOC (CSN 369791) Read Access to biometrics protected by EAC (TR-03110) All Member countries must deploy SPOC (EU Commission)
• Global Interest Initiatives to create regions, where cross border travel is
facilitated
• New application fields LDS 2.0 (ability to write Visa data into the epassport)
requires EAC protection Management of write rights on international level.
Use of Standardized Solutions
is the key to Success
Page 43
ICAO PKD
(Public Key Directory)
• ICAO has set up the ICAO Public Key Directory to facilitate the exchange of:
Document Signer Certificates
Certificate Revocation Lists (CRLs)
CSCA Master Lists
CSCA Defect Lists
• General information about PKD :
58 registered countries
Page 44
THANK YOU