Presentation is loading. Please wait.

Presentation is loading. Please wait.

Time To Reflect: Where Have we BeenWhere Do We Go Barry J. Kefauver Best Practices Workshop Bogota, Colombia November 10-12, 2008.

Published byAlexandra Rowe Modified over 10 years ago

Similar presentations

Presentation on theme: "Time To Reflect: Where Have we BeenWhere Do We Go Barry J. Kefauver Best Practices Workshop Bogota, Colombia November 10-12, 2008."— Presentation transcript:

1 Time To Reflect: Where Have we BeenWhere Do We Go Barry J. Kefauver Best Practices Workshop Bogota, Colombia November 10-12, 2008

2 Current Status There are over 50 countries issuing chip-based passports There are over 50 countries issuing chip-based passports More than 50% of the worlds passport issuance are now chip-based More than 50% of the worlds passport issuance are now chip-based There remain a number of countries that need to develop machine-readable passport programs before the April 2010 deadline There remain a number of countries that need to develop machine-readable passport programs before the April 2010 deadline Work continues to refine and enhance, but implementations go quite well Work continues to refine and enhance, but implementations go quite well The inspection of these documents lags far behind the issuance programs The inspection of these documents lags far behind the issuance programs The ICAO TAG met in May and decided on a work program for the coming several years The ICAO TAG met in May and decided on a work program for the coming several years

3 Document 9303 Development London November 2000Contactless chips London November 2000Contactless chips Biometrics Selection TR 2001 Biometrics Selection TR 2001 New Orleans Resolution February 2003face, finger, iris, chips New Orleans Resolution February 2003face, finger, iris, chips London July 2003--Joint ICAO/ISO meeting London July 2003--Joint ICAO/ISO meeting LDS TR 2003 LDS TR 2003 PKI TR 2003 PKI TR 2003 Biometrics Deployment TR 2003 Biometrics Deployment TR 2003 Canberra testing, February 2004 Canberra testing, February 2004 Berlin, February 2005the Guide Berlin, February 2005the Guide Montreal, 2005--TAG acceptance of Edition Six Part 1 Montreal, 2005--TAG acceptance of Edition Six Part 1 Berlin, May-June 2006many rounds of testing leading to this Berlin, May-June 2006many rounds of testing leading to this Supplement Edition Seven in preparation for posting Supplement Edition Seven in preparation for posting Prague Conformity and Interoperability TestingSeptember Prague Conformity and Interoperability TestingSeptember Part 3 drafted and approved, publication underway now Part 3 drafted and approved, publication underway now

4 Fundamental Truth vs Urban Myth 14443 and 180006c/Gen 2 14443 and 180006c/Gen 2 Skimming Skimming - Reading the electronic data in an IC chip surreptitiously with a reader in the vicinity of the travel document. - Reading the electronic data in an IC chip surreptitiously with a reader in the vicinity of the travel document. Eavesdropping Eavesdropping - When data from an IC chip are intercepted by an intruder while it is being read from an authorized reader. - When data from an IC chip are intercepted by an intruder while it is being read from an authorized reader. Cloning Cloning - Copying the data that has been placed on a chip - Copying the data that has been placed on a chip - Although he can clone the tag, (the hacker) says it's not possible, as far as he can tell, to change data on the chip, such as the name or birth date, without being detected. That's because the passport uses cryptographic hashes to authenticate the data. - Although he can clone the tag, (the hacker) says it's not possible, as far as he can tell, to change data on the chip, such as the name or birth date, without being detected. That's because the passport uses cryptographic hashes to authenticate the data. Shielding and the Faraday cage Shielding and the Faraday cage

5 The Wave of the Present: Travel Document Enhancements Widespread Document security technologies are very mature and broadly used Document security technologies are very mature and broadly used Contactless chips-ISO 14443 Contactless chips-ISO 14443 Biometrics-face, finger, iris Biometrics-face, finger, iris Cryptography-data security and integrity Cryptography-data security and integrity Data Sharing-bilateral, multilateral, special-purpose, commercial and government Data Sharing-bilateral, multilateral, special-purpose, commercial and government The document itself has never been stronger The document itself has never been stronger

6 Testing History Canberra, Australia Morgantown, West Virginia, USA - A very significant event - Participants Sydney, Australia - Improved, but much work to be done Laboratory testing at US NIST Several other operational tests, e.g. BWI, Tsukuba, Berlin - Each one reflected improved interoperability Conformity testing in Prague

7 The So-What Test Pragmatics of mischief Pragmatics of mischief - Distance - Distance - Power - Power - Visibility - Visibility At what price? At what price? And then what do you have? And then what do you have?

8 Factors to Keep in Mind Biometrics--the only reason why we have a chip Biometrics--the only reason why we have a chip The early days post 9/11 The early days post 9/11 Evolution to the present Evolution to the present Germany has launched fingerprint, others underway now or soon to be Germany has launched fingerprint, others underway now or soon to be The so-what testmake SURE you ask this The so-what testmake SURE you ask this Not just a chip Not just a chip - -The e-passport is everything that non-e passports are, but in addition, with a chip - Inks -OVDs of many hues and flavors -Paper and accompanying measures to protect - Watermarks of various technologies - Security printing - Many other physical features

9 But Still A Risky Business The beatings will continue until morale improves The beatings will continue until morale improves The challenges and the opportunities The challenges and the opportunities I will keep bleating on this topic until the issues are addressed I will keep bleating on this topic until the issues are addressed

10 Issues Facing Border Control Today Profiling Profiling Biometrics Biometrics Data and information sharing Data and information sharing Privacy and data integrity Privacy and data integrity New visions of next generation technologies New visions of next generation technologies Enrollment and other systems Enrollment and other systems

11 New Initiatives Information and data sharing, real time communications capability Information and data sharing, real time communications capability Centralized civil registry databases Centralized civil registry databases Shift from counterfeits to fraudulent genuines Shift from counterfeits to fraudulent genuines Numerous online enrollment and other-services programs are being deployed Numerous online enrollment and other-services programs are being deployed A need for standards to smooth information A need for standards to smooth information gathering and sharing prior to departure gathering and sharing prior to departure Identity theft has captured worldwide attention and concern Identity theft has captured worldwide attention and concern - The average fraud amount per case has increased from $5,249 to $6,383, over two years in the US alone - The average fraud amount per case has increased from $5,249 to $6,383, over two years in the US alone - The total one-year cost of identity fraud increased from $53.2 billion to $56.6 billion over those two years in the US alone - The total one-year cost of identity fraud increased from $53.2 billion to $56.6 billion over those two years in the US alone - The vast majority of identity fraud victims (68%) incur no out-of-pocket expenses. (This points out that businesses are victims of fraud as well.) - The vast majority of identity fraud victims (68%) incur no out-of-pocket expenses. (This points out that businesses are victims of fraud as well.) - Victims are spending more time to resolve identity fraud - Victims are spending more time to resolve identity fraud

12 So---Now What The story needs to be toldinform the traveling public of measures being taken and why The story needs to be toldinform the traveling public of measures being taken and why What identity management and biometrics do FOR you rather than TO you What identity management and biometrics do FOR you rather than TO you Adopt a planning and risk management process that fits YOUR programs needs Adopt a planning and risk management process that fits YOUR programs needs

13 Best Practices A fundamental first step is to conduct a comprehensive risk analysis and THEN a risk management profile A fundamental first step is to conduct a comprehensive risk analysis and THEN a risk management profile Incorporate risk management measures into program planning, e.g., Frontex in EU Incorporate risk management measures into program planning, e.g., Frontex in EU Standards are needed-requirements that must be addressed as minimum specifications Standards are needed-requirements that must be addressed as minimum specifications Fraud prevention programs-detection, deterrence, follow-up, information sharing Fraud prevention programs-detection, deterrence, follow-up, information sharing Monitoring and auditing document inspection processes as well as document issuance and entitlement authorizations Monitoring and auditing document inspection processes as well as document issuance and entitlement authorizations Implement security techniques, such as mutual authentication, cryptography and verification of message integrity, to protect identity information throughout the application Ensure protection of all user and credential information stored in central identity system databases, allowing access to specific information only according to designated access rights Notify the user as to the nature and purpose of the personally identifiable information (PII) collected - its usage and length of retention Notify the user about what information is used, how and when it is accessed and by whom and provide a redress mechanism to correct information and to resolve disputes

14 Thank you for your attention… Barry J. Kefauver Jetlag10@earthlink.net

Download ppt "Time To Reflect: Where Have we BeenWhere Do We Go Barry J. Kefauver Best Practices Workshop Bogota, Colombia November 10-12, 2008."

Similar presentations

Integrating the Healthcare Enterprise IHE Overview Keith W. Boone Interoperability Architect, GE Healthcare Co-chair, IHE Patient Care Coordination PC.

Integrating the Healthcare Enterprise IHE Overview Keith W. Boone Interoperability Architect, GE Healthcare Co-chair, IHE Patient Care Coordination PC.
PUBLISH NOTIFY / TAKE COMMENTS ANSWER ENQUIRIES Notification Obligations 1.Statement on Implementation 2.Notification of Technical Regulations or Conformity.

PUBLISH NOTIFY / TAKE COMMENTS ANSWER ENQUIRIES Notification Obligations 1.Statement on Implementation 2.Notification of Technical Regulations or Conformity.
Identity Theft and Online Identity Solutions Heidi Inman May 29, 2008.

Identity Theft and Online Identity Solutions Heidi Inman May 29, 2008.
CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE. CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE 2 Digital Watermarking Alliance Charter The Digital Watermarking.

CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE. CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE 2 Digital Watermarking Alliance Charter The Digital Watermarking.
What do Immigration Officers look for in a travel document?

What do Immigration Officers look for in a travel document?
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging.

Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, Tom Kinneging.
WASHINGTON STATE PROVIDER APPLICATION 2010-2011 Supplemental Educational Services.

WASHINGTON STATE PROVIDER APPLICATION Supplemental Educational Services.
The Mobile Channel, TCPA and Privacy NCHELP New Orleans January 19, 2012 Mercedes Kelley Tunstall Of Counsel 202.661.2221 ballardspahr.com Jerod.

The Mobile Channel, TCPA and Privacy NCHELP New Orleans January 19, 2012 Mercedes Kelley Tunstall Of Counsel ballardspahr.com Jerod.
© Daon Confidential Strategies for Implementing National Identity Systems Nov 28 th 2007 Leo Ring Vice President, Daon.

© Daon Confidential Strategies for Implementing National Identity Systems Nov 28 th 2007 Leo Ring Vice President, Daon.
Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
European Electronic Identity Practices Country Update of Finland Speaker: Päivi Pösö Date: 26.5.2005.

European Electronic Identity Practices Country Update of Finland Speaker: Päivi Pösö Date:
12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone: 077 8683 6764.

12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone:
Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova.

Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova.
1 Budapest, June 14, 2010. 2 Cross border communication among registers - Practical aspects - Yves Gonner Managing director - Trade and Companies Register.

1 Budapest, June 14, Cross border communication among registers - Practical aspects - Yves Gonner Managing director - Trade and Companies Register.
E- passports Erik Poll Digital Security Group Radboud University Nijmegen.

E- passports Erik Poll Digital Security Group Radboud University Nijmegen.
AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
Alicia Albright, Spencer Ruch, Jim Knapp, Brian Holkeboer, Anthony Santilli.

Alicia Albright, Spencer Ruch, Jim Knapp, Brian Holkeboer, Anthony Santilli.
Review of Patents Agenda Item 3: Report of the New Technologies Working Group.

Review of Patents Agenda Item 3: Report of the New Technologies Working Group.

Similar presentations

Ads by Google