Upload
brice-paul
View
217
Download
1
Tags:
Embed Size (px)
Citation preview
October 8th, 2015Neology © 2015 Confidential October 8th, 2015Neology © 2015 confidential
e-Breeder Documents – closing the gap in the identity management chain
NEOLOGY
Dr. Bernhard DeufelSenior Segment Development Manager
USA Mexico12760 Danielson Ct. Suite A Juan Escutia 21Poway, Ca 92064 Col. Hipodromo Condesa, 06140
Mobile: +49 151 4618 1380eMail: [email protected]
© Neology Inc. 2015
October 8th, 2015Neology © 2015 Confidential
Breeder documents (e.g. birth certificates) have- No common format / content- No specification of system of security or security features- No standards, no interoperability- No international foundations
Consequences: breeder documents can be counterfeited very easily
E-Breeder - Introduction
October 8th, 2015Neology © 2015 Confidential
October 8th, 2015Neology © 2015 Confidential
ICAO: TRIP Strategy
Breeder Docs, civil registries, integrity of the issuance process, etc.
Integrity of the issuance process, etc.
MRP,e-PassportsVisas, ID Cards.
PKD, forensic travel Doc examination, etc.
API/PNR, watch lists, information sharing.
October 8th, 2015Neology © 2015 Confidential
EU: Fidelity Programme / Origins Programme
«FIDELITY: Fast and trustworthy Identity
Delivery and check with e-Pasports
Leveraging Travel privacy»The focus of FIDELITY is the security and usability ofe-travel documents and more particularly ePassports.
October 8th, 2015Neology © 2015 Confidential
BREEDER DOCUMENTC O N S I D E R A T I O N S
Analogue breeder docs are: Use cases for breeder docs: Yet, the lifetime of the doc is not crucial:
W H AT ’ S T H E S O L U T I O N ?
Difficult to verify by untrained people, especially identifying the origin, authenticity and integrity of content.
Missing means of direct information, database access and digital verification.
Identity Docs for children.
Applying for /opening bank accounts.
Obtaining a driving license. Social Security card, etc.
Breeder docs are often issued and used for a specific one time purpose
Many breeder docs need to verified and often the verification is performed by untrained people.
Many important processes depend on genuine breeder docs.
October 8th, 2015Neology © 2015 Confidential
October 8th, 2015Neology © 2015 Confidential
QR Code vs. Chip Technology
-Printed during personalization- Easy to apply- Non transferable
TWO POSSIBLE APPROACHES ARE THINKABLE
October 8th, 2015Neology © 2015 Confidential
The integration of RFID transponders (is a small embedded computer system) into
physical documents has led to the evolution of machine readable documents. This
technology brings considerable advantages to breeder documents:
RFID Stickers can collect context information (e.g. images, biometrics) if
used with a chip offering sufficient memory (>2kB).
Context information can be separated into private and public data.
Stickers can exchange relevant information with other computer systems.
RFID stickers can be read with smartphones.
Enable automated document tracking.
Increase the security of the document.
Improve document handling processes.
Usage of the identical eco system as in the e-PP and e-ID world.
Why RFID?
October 8th, 2015Neology © 2015 Confidential
DOCUMENT FORMAT
Basically the existing document design can be maintained.
The blank document must have a pre-printed barcode, called Form Control Number (FCN). It is the number which is used for the inventory control of the blanks as well as for linking the personalization data to the document itself.
The blank document must offer an area where a RFID sticker can be placed (e.g. size 3cm × 3cm).
RFID STICKER
The sticker will be self-adhesive with an adhesive that firmly sticks to the birth certificate. Any attempts to remove the sticker from the birth certificate will lead to a destruction of the sticker.
The sticker has a preprinted Inventory Control Number (ICN) which is initialized during sticker production.
The sticker contains an RFID chip.
UTOPIAICN: 0012014044738821
Document and Sticker Format
FNC
October 8th, 2015Neology © 2015 Confidential
1. Forenames of child (48)2. Surname of child (48)3. Sex of the child (1)4. Date of Birth (8)5. Time of Birth (5)6. Place of Birth (32)7. Forename of the first parent (48)8. Surname of the first parent (48)9. Birth name of the first parent (48)10. Sex of the first parent (1)11. Date of birth of the first parent (8)12. Place of birth of the first parent (32)13. Citizenship of the first parent (3)14. Credential number of the first parent (16)
15. Forename of the second parent (48)16. Surname of the second parent (48)17. Birth name of the second parent (48)18. Sex of the second parent (1)19. Date of birth of the second parent (8)20. Place of birth of the second parent (32)21. Citizenship of the second parent (3)22. Credential number of the second parent (16)23. Name of the issuing authority (48)24. Date of issuance (8)25. Place of issuance (32)26. Name of issuing officer (48)27. Address of issuing authority (48)28. Citizen Registration Number (8)
Personalization Data
Data can easily be stored on chips with 2k of EEPROM memory!
October 8th, 2015Neology © 2015 confidential
All SAMs in the system are in turn issued and managed by a central entity that is responsible for the security of the system.
Components making up the system can be manufactured by multiple vendors and managed by different parties allowing maximum flexibility.
To increase the security in the system and perform an effective management, it will be only possible activate a slave SAM installed in a remote reader through an authorization from the backend system.
The backend system will have a Master HSM, which will calculate and deliver the activation keys (Master Key) for the slave SAM. In this way, only the authorized readers will be able to issuance the eBreeder certificates.
Secure Access Module (SAM)
SAM
October 8th, 2015Neology © 2015 confidential
Single sign-on authentication process.
Digital Certificate.
Authenticity of blank certificates through FCN.
Reader UID Authentication.
Secure reader SAM Authentication.
Secure sticker authentication through ICN.
Security Elements
October 8th, 2015Neology © 2015 confidential
eBreeder Personalization System
October 8th, 2015Neology © 2015 Confidential
The e-Breeder App
User taps smart-pohone to the NCF label adhered to the breeder document.Corresponding e-breeder app launches, allowing access to data provided in the «Document Information» tab for verification of document authenticity.Multi-level access rights allows authorized users to access more detailed underlying data-up to a complete population registry dataset.
October 8th, 2015Neology © 2015 Confidential
Summary of the Advantages of a digital approach
RFID Labels are attachable to any paper based document, e.g. eBirth Certificates, eVehicle registration, Weapon IDs, University Diploma, Land Titles etc.
Allows verification of authenticity and integrity through cryptographic procedures.
Allows usage of SmartPhones with NFC interface for easy verification.
Can provide additional (private) information stored on the chip which are only accessible if appropriate keys are present with SAM.
The system architecture supports offline and online functionality by default.
Can be operated in insecure (disconnected) environments (hospitals, universities).
Information travels with the people.
October 8th, 2015Neology © 2015 Confidential
Thank you for your attention!