< PreviousXXXXX8 ICAO MRTD RepORT – Issue 2 20158 ICAO MRTD RepORT – Issue 2 2015The ICAO New Technologies Working group logical Data Structure 2 (lDS 2) policy Sub-group is currently exploring a possible and optional extension to the existing biometric passport (epassport) data structure. This article reviews the lDS 2 concept; how it could be used in the process of travel and border clearance; and the known challenges that may arise should it be deployed. The article closes with a brief summary of the lDS 2 policy Sub-group’s future work and areas of focus. CONTeXT The introduction of the biometric passport (commonly referred to as the ePassport) offers a multitude of benefits for facilitating the passage of travellers and securing data contained in the document. The most significant difference between a traditional Machine Readable Travel Document (MRTD) and the ePassport is the inclusion of an electronic chip, which may be used to store and secure the biographic (on page two) and biometric (photo) data of the holder. Other travel data added to the ePassport (additional biometrics, travel stamps, visas and observations) must be physically added to the document or stored in a parallel database at or prior to arrival at the border. The inability to digitally record this data on the ePassport can result in duplicative/supplementary systems and places this additional travel data at risk for fraud, which can result in poor determinations at the border crossing point. The more manual processes that are currently used to inspect this information also preclude the document from being processed in a fully automated fashion, which counters efforts to more effectively balance security and facilitation using intelligent technologies. Recognizing the vulnerabilities presented by the manual addition of this supplemental travel data, the International Civil Aviation Organization (ICAO) New Technologies Working Group (NTWG) is exploring possible optional security and functionality enhancements to the ePassport, which align with the mandate of the Traveller Identification Programme (TRIP) Strategy to effectively manage the identities of travellers through, among other things, travel document issuance and control. LOgICAL DATA sTRuCTuRe 2: OVeRVIeW AnD useLDs 2 suMMARyAbOuT JASpeR MuTSAeRS He is currently a Research and Development Advisor with the National Office for Identity Data of the Ministry of the Interior and Kingdom Relations, the Netherlands. In his current role, he focuses on the electronic and biometric components of travel documents. Mr. Mutsaers holds an MSc in Public Administration and Political Sciences from Erasmus University Rotterdam. AbOuT JuSTIN IKuRA He is currently the Deputy Director of the International Unit of the Canadian Passport Programme, which is administered by the Department of Citizenship and Immigration Canada (CIC). Prior to joining the CIC’s Passport Programme, he worked on labour market and services trade policy in a variety of departments. Mr. Ikura holds an undergraduate degree in International Business and Marketing and Master’s Degree in Public Administration, both from the University of Ottawa.Determining how the technology could be used, and what border and identification management issues it may contribute to solving, is paramount.As ICAO’s travel document programme gradually shifts its efforts to ensuring that the identity management practices supporting the issuance and control of travel documents are sound, it will remain committed to pursuing systemic enhancements to travel documents that strike an effective and manageable balance between security and facilitation.To support this work, the NTWG has created a sub-group that has been mandated with developing international policy relating to use cases, limitations and the relationship with technical specifications. The LDS 2 Policy Sub-Group has taken a leadership role in ensuring that the international policy behind the technical specifications that have been developed to date are aligned with ICAO’s current policies and recommendations relating to travel documents, particularly those with an electronic component. HOW THe TeCHNOlOgY WORKS Logical Data Structure (LDS) is the international standard that issuing (or sending) States must apply to the storage of data on the chip contained in the ePassport. The application of this mapping ensures that documents are globally interoperable and can be read in any State where they are presented (receiving States). Current ICAO technical specifications (Doc 9303) encourage states issuing ePassports to protect data stored in the documents using a Public Key Infrastructure (PKI) and “lock” it at the time of issuance. LDS 2 would retain the “locked” section, while providing optional additional chip space that could be used by sending and receiving States to add other travel information not included in the current LDS (Figure 1). The digitization of this remaining data would provide an additional mechanism to protect this data from manipulation and fraud, and would also lend the document to different inspection procedures and processes with the right systems and procedures in place. WHAT ISSueS COulD IT SOlVe?While still several years away from implementation, the prospect of an enhanced travel document has attracted attention and raised interesting policy and technical questions. Determining how the technology could be used, and what border and identification management issues it may contribute to solving, is paramount. Each of these are outlined and explained below:Authenticity of document data: The use of digital and encryption technologies to add and secure data in the LDS 2 portion of the chip provides States, namely border authorities, with added assurances about the authenticity of travel data added to the ePassport. As information added to this section would be backed by digital signatures, this content could be readily authenticated using automated systems.LDs 2 suMMARy ICAO MRTD RepORT – Issue 2 2015 9Figure 1: LDS data is locked at issuance; LDS2 data allows for States to add additional travel information.Travel patterns and more intelligent borders: LDS 2 creates more intelligent documents that can be leveraged to assist in facilitating processes and procedures performed at the border. The consistent and electronic format of travel stamps and visas lend themselves to sorting and assessments that are much more difficult to undertake through manual inspection. Capitalizing on the advantages of LDS 2-enabled documents, States may be able to deploy tailored programmes to automatically assess the risks presented by incoming travellers and, in combination with other tools, prevent the travel of high-risk travellers. Cost efficiencies: The implementation and use of LDS 2-enabled ePassports presents cost saving opportunities to both document issuers and border management. On the travel document issuance side, these entities may be able to realize savings from the reduced or eliminated need for designing, transporting and issuing visas, as well as the reduced or eliminated need for biometric databases. Conversely, border management authorities may be able to realize cost efficiencies in reducing border service personnel with less investment in inspection tools and more automated processes.policy and programme alignment: In general, more and more States are exploring additional ways to use information technology, biometrics and centralized systems to make travel and identification management more convenient and secure for their citizens. The digitization of the travel data that is currently entered into the document using manual techniques offers States solutions to unique problems that emerge as more programmes are brought online and away from traditional recording techniques. For instance, States wishing to migrate to e-visas or adopt entry/exit systems may rely more heavily on documents that record or read information that would otherwise be pulled from a database or manually entered into the document.Synergies with trusted traveller or pre-enrollment programmes: LDS 2 provides a vehicle to house additional biometric data that may be needed to participate in various initiatives or programmes, such as a trusted traveller programme. Not only does LDS 2 offer a platform to store this data which can be accessed in transit, it also eliminates the need for parallel databases and ensures that citizens can opt into a programme after the document has been issued.lIMITS OF THe TeCHNOlOgYWhile LDS 2 does provide incremental offerings over the current version of the ePassport, its use would also require infrastructure, process flow and IT systems capable of harnessing its functions. More specifically, States wishing to use LDS 2 in their processes for clearing passengers should adopt a less manual approach to clearing passengers while investing in new equipment or systems that are capable of adding or assessing data contained in the LDS 2 portion of the ePassport. The combination of these factors, namely investments and raising risk thresholds, must be carefully weighed in decisions to adopt this new technology. Another key factor that States will have to carefully weigh when deciding to adopt LDS 2 technology, which can be viewed as a limitation, is the decreased tangibility, and by extension, transparency that will result as less physical information is added to the document. The conversion of this data to a digital and more easily analyzable format also allows for more rigorous, but intrusive assessments. Coupled, these two factors could be viewed as adversely infringing on the privacy rights of holders and must be carefully managed. Accordingly, States would need to ensure that passenger processing techniques making use of LDS 2 technology are applied consistently and in line with the mandate of border control. The optional adoption of LDS 2 also presents limits. It should be recognized that not all States have the resources or the need to invest in an LDS 2-enabled ePassport. Accordingly, States must ensure that their border systems are equipped to manually process passengers and documents that are not LDS 2-enabled. This accommodation may prevent some of the benefits afforded by LDS 2 from being realized.Finally, the read-write limitations imposed by ICAO and its sub-groups should be considered. With the current ICAO policy, only States will be able to write to the LDS 2 portion of the chip. LDs 2 suMMARyLDs 2 would retain the “locked” section, while providing optional additional chip space that could be used by sending and receiving states to add other travel information not included in the current LDs.10 ICAO MRTD RepORT – Issue 2 2015This limitation is important to consider, since other valuable stakeholders (like airlines) could leverage LDS 2 functionality to facilitate travel. This limitation also restricts the flexibility of certain travel programmes, as document holders cannot add data to their documents themselves under current policy. An additional, but related consideration pertaining to writing limitations that deserves attention, involves the conditions that States will be able to impose when restricting selected States from being able to insert data on their chip. While this feature could protect the document from malicious attacks, the result could be gaps in digital content and fragmentation in the system. Determining when and how these writing limitations can be deployed will require further consideration and discussion by the NTWG.WHY lDS 2?Despite speculation that travel documents may take a less tangible form, it is anticipated that the passport will remain the travel document of choice. The extended functions of LDS 2-enabled ePassports make the document significantly more secure and facilitative, which, in turn, makes travel more seamless and less disruptive for travellers. The benefits outlined also ensure that States are more securely, systematically and intelligently managing traffic at their borders. The greater reliance on data stored directly and securely in the travel document not only enhances the transition of document holders through controlled checkpoints, but can also enhance privacy and national security.As noted, at this point, LDS 2 is only a concept and is still several years out from adoption. Over the coming years, ICAO, through the NTWG, will continue to develop the policy and technical foundation for this technology, ensuring that both components are complementary.In the short-term, the NTWG plans to undertake extensive outreach with key stakeholders including travel document issuing authorities, border control and industry to understand the interest in and the benefits of this new technology. As an emerging technology, it is critical that these perspectives are taken into account before the concept moves forward. Readers are invited to signal their interest in joining the exploratory efforts of the ICAO NTWG. If you are interested in participating in LDS 2 Sub-Group work, or would like to share your views, please contact the authors (Justin.Ikura@cic.gc.ca or Jasper.Mutsaers@rvig.nl). LDs 2 suMMARyPUBPUBThe ICAO Machine Readable Travel Document (MRTD) Programme, which is today encompassed in the ICAO Traveller Identification Programme (TRIP) Strategy, is supported by the Technical Advisory Group (TAG/MRTD) that was appointed by the ICAO Secretary General. TAG/MRTD is an ICAO advisory group that consists of government and private sector experts who establish policy recommendations and proposals, and who are responsible for developing, establishing and maintaining MRTD/MRTD standards and specifications.TAG/MRTD is supported by the Implementation and Capacity Building Working Group (ICBWG) and the New Technologies Working Group (NTWG). The NTWG is responsible for researching, analyzing and reporting on the new MRTD technologies that are either available today, or will be in the future. The Group is also responsible for developing the MRTD specifications contained in Document 9303. One important aspect of international border security involves the need for ensuring that a traveller presenting a passport and/or visa is the person to whom the document was legitimately issued. Creating standards for printing the machine readable zone (MRZ) was an important first step in this direction and, in the late 1990s, the NTWG began examining various technologies that would more effectively accomplish this objective. As a result of its efforts, the NTWG developed specifications for an enhanced MRTD – one that includes an embedded integrated circuit (IC) chip that is encoded with biometric information.The ePassport includes advanced security features (further reducing the possibilities of counterfeiting or alteration) and, because it contains biometric data from the rightful holder, it allows the document examiner to verify this data against biometric information collected from the person presenting the document.THe neW TeCHnOLOgIes WORK gROup nTWg upDATe14 ICAO MRTD RepORT – Issue 2 2015AbOuT R. MICHAel HOllY He joined the U.S. State Department as a Passport Specialist in 1985. He has worked as the Special Assistant to the Assistant Secretary in the Bureau of Intelligence and Research, as a Department of State liaison to the Coalition Provisional Authority in Baghdad, Iraq and as Director, International Affairs Staff, Passport Services. In March 2013, Mr. Holly was promoted to the position of Senior Advisor for International Affairs, Passport Services, Bureau of Consular Affairs. Mr. Holly has been active with ICAO Technical Advisory Group on Machine Readable Travel Documents (TAG/MRTD) and the New Technologies Work Group (NTWG) since 2001 and currently serves as the Chair, NTWG and as a member on the ICAO Public Key Directory (PKD) Board.Figure 1: New Technologies Working Group Members, Kuala Lumpur, Malaysia, 11-13 November 2014In recent years, the NTWG has been primarily focused on issues related to the development, use and promotion of electronic travel documents and has undertaken a programme focused on machine-assisted identity confirmation of persons, both at the time of issuance of travel documents, and in border control verification.The persons examining these chip-enabled passports can be assured that the biometric data stored on the passport was placed there by the Issuing State through the use of special electronic “document signing” information that can be validated and associated only with that Issuing State. The real payoff of these highly secure, functionally agile and worldwide interoperable documents is that they may be read, inspected and authenticated in real time. The Group sees ePassport validation as an essential element that capitalizes on the investments made by States in developing ePassports, which contributes to improved border security and safer air travel globally. Public Key Infrastructure (PKI) validation requires the regular exchange of the public key certificates that enable ePassport validation to occur at border control. The exchange of PKI certificates (and the exchange of the certificate revocation lists) must be reliable and timely. This exchange can only be achieved by electronic means and the system of ePassport validation must operate on an open-ended, indefinite basis. A central broker minimizes the volume of exchange of certificates, and a global agency like ICAO represents the best vehicle for achieving a sustainable global scheme.nTWg upDATe ICAO MRTD RepORT – Issue 2 2015 15neW TeCHnOLOgIes WORKIng gROup (nTWg) Terms of reference▪ Develop strategy, policy, specifications and guidance material in relation to the manufacture, security, testing, issuance, deployment and globally interoperable use of MRTDs in both physical and electronic form.▪ Develop strategy, policy, specifications and guidance material in relation to a global data sharing/exchange for the purpose of holder identification, document validation and secure border control.▪ Conduct ongoing research into technology suitable for deployment in MRTDs, issuance and border control environments, and information sharing initiatives.▪ Support the Secretariat in ensuring ICAO Doc 9303 is current and relevant in a changing environment.▪ Provide communications and outreach support to the ICAO Secretariat. Through a Communications sub-group, the NTWG will support the Secretariat by:- providing support to the ICAO PKD Board; and - assisting in other initiatives as directed by the ICAO Secretariat or TAG/MRTD.nTWg InFORMATIOn sHARIngThe NTWG routinely conducts ongoing research into technology suitable for deployment in MRTDs, issuance and border control environments, and information sharing initiatives. There are four important categories that travel document issuing authorities are interested in:▪ live Capture of Images - in order to make it easy for people to apply for travel documents, online application or kiosk systems are being used more frequently. NTWG seeks the applications and/or systems for live capturing that can provide biometric images with appropriate quality to recognize applicants and verify their travel documents while they are captured under unconstrained harsh conditions. ▪ Facial Matching Algorithms - the NTWG seeks new algorithms that can improve the accuracy of facial matching systems. NTWG is interested in algorithms that consider the following FR inhibitors:- ageing - glasses- hair style, beard - non-facial artifacts or expressions ▪ photo Quality Assessment Systems - when facial photos are submitted digitally by online means, they should undergo an assessment before the image is accepted by travel document issuance authorities. ▪ Image Manipulation Detection Systems - in order to identify attacks like morphing, image manipulation detection systems must be used for inspecting submitted images by travel document applicants. The systems should detect any trace of manipulation. The rapid growth of identity fraud raises global concerns for an individual’s security and safety. Much work has been done in the area of travel documents to increase passport security and the associated systems for the personalization and issuance of these documents. Border authorities have upgraded their document inspection systems and passenger checks to improve the security of inspection processes. International data sharing has also increased significantly as a The ePassport is a valuable and secure tool for confirming the identity of the individual presenting the document, and it allows for rapid biometric comparisons, such as those used in automated passenger gates. This travel document reinforces travel security and facilitates passenger control. The introduction of ePassports offers a host of benefits for facilitating the passage of travellers and securing the data contained in the document. Other travel data added to the ePassport (travel stamps, visas and observations) must be physically added to the document or stored in a parallel database at, or prior to, arrival at the border.Recognizing the vulnerabilities presented by the addition of this supplemental travel data, the ICAO New Technologies Working Group is exploring possible optional security and functionality enhancements to the ePassport, which would contribute to the mandate of the ICAO Traveller Identification Program (TRIP) Strategy. The NTWG is developing a Supplemental Logical Data Structure (LDS 2). While the current LDS focuses on the digitization of the elements of the data page, LDS Version 2.0 (known as LDS 2) will allow for the digitization of visas and travel stamps and provide for additional biometrics. Moving forward, the use of LDS 2 will require provisions for allowing writing to the chip after personalization. LDS 2, which would be optional for States to use, will allow receiving States to add data to eMRTDs, further facilitating lawful, efficient, and secure travel. The NTWG has been very successful in raising the level of passport security and detecting fraud through counterfeiting, data alteration and other misuse by imposters. However, these advancements have had an unwelcome side effect, by shifting the focus of fraud away from the travel document itself and towards the opportunities for obtaining a genuine passport with assumed identities.Targeting the issuance process will diminish the effectiveness of the security advances that have been made with travel documents. Criminals will consistently seek the path of least resistance. In many States, this path is the issuance process. If there are gaps in the process that make it easier to secure a falsely obtained genuine document, fraudsters will exploit this vulnerability, rather than resort to forgery. The cornerstones of the issuance process are the breeder documents, civil registry records, databases, and other media that are used to validate an applicant’s identity. Identity management involves the gathering, verification, storage, use and disposal of this identity information, and robust identity management is one of the keys to producing a secure travel document. Issuing Authorities need effective strategies and frameworks for managing and evaluating identity information in both the travel document issuance and border contexts. ICAO TRIP Strategy has five components, including the longstanding ICAO MRTD programme, with a broader and more comprehensive approach to travel documents and identity management. The TRIP vision will allow for “all Member States to uniquely identify individuals”.In the future, the NTWG will further advance the concepts of machine-readable travel documents, broadening the use of these documents and enhancing the documents themselves through sound identity management to better serve the goals of travel facilitation and security. Our aim is to enable States to achieve increased use of standardized document formats and content that facilitate international travel and enhanced national security. nTWg upDATe16 ICAO MRTD RepORT – Issue 2 2015NTWG Chairman, Mr. R. Michael Holly attending the 10th MRTD Symposium & Exhibition (October 2014)FuTuRe WORK OF THe nTWg▪ Update NTWG Terms of Reference;▪ Photo Tables;▪ TF5 Study on Skimming Passports;▪ RSA vs Elliptical Curve Encryption – Pros and Cons;▪ Signatures in MRPs;▪ Survey of Dates Used in MRTDs;▪ Emergency Travel Documents – Next Steps;▪ Business Case for LDS 2;▪ Guidance for SLTD Access and Interface;▪ Codes in the MRZ – Standardization;▪ Challenges of MRZs on Visa Stickers;▪ eGate Passport Chip Performance Data Standardization; and▪ Detection of Photo Alteration/MorphingNext >