.

Making Secure Electronic Documents Cyber Resilient

Imagine being denied entry to a foreign country because the electronic chip in your travel document is considered vulnerable and you would have to request a visa before traveling there? Because travel documents usually have a 10-year validity, this is a valid concern and is the reason why we consider micro-controllers (often called chips) in secure documents to be high value components.

 

As one of the most basic instances of the advanced IT solutions available in the industry, secure software embedded in ePassports and keeping them safe from their Cyberattacks are the object of deep concern and attention, especially with the increased adoption of digital ID, often derived from a secure electronic document such as a passport.

 

Cybersecurity is an ever-evolving concern. Setting up a secure identity document project relying on highly certified products is a necessary practice but not sufficient for protecting identities from future Cyberattacks. Active monitoring and anticipation of Cyber threats is critical to protect sensitive assets. Such threats include eavesdropping, cloning, or extracting highly confidential fingerprints from the electronic chip.

 

Decades of security progress have been framing an always-improving environment focused on a single objective: defining and maintaining a Cybersecurity framework to deploy secure embedded solutions in electronic ID documents.

 

The next step is to look beyond Cybersecurity and focus on Cyber resilience, which refers to an entity's ability to continuously deliver protection, despite adverse events. This combines information security, business continuity, and organizational resilience. This is particularly relevant for governmental programs, who should continue to issue secure identity documents to their citizens at any point in time.

 

Concretely, the future Cybersecurity of ID documents like ePassports depends on the ability to update, in the field, the secure embedded software (for example algorithms used for the various security mechanisms) protecting the data stored in the chip – with no need to issue a new document.

 

How does Cybersecurity work in an ePassport scheme?

Continue reading

Seamless Borders - from Vision to Reality - Chapter 2 - The Technology

 

 

Post pandemic, international traveller numbers are ramping up and are expected to continue to surge. Meanwhile, staff shortages, stricter travel processes and additional document checks and pre-travel enrolment requirements have all had an impact on how quickly travellers are processed at air and sea ports as well as land borders and crossing points. Combined, these can result in long queues at points of departure/arrival as travellers wait to be processed and undergo entry and exit checks.

 

For border control agencies, admitting genuine travellers as quickly and efficiently as possible while identifying travellers who may not be welcome is a top priority. Meanwhile, port authorities need to optimise passenger flows in order to boost throughput and minimise congestion and passenger wait times. Creating the additional capacity needed to support the anticipated future growth in passenger numbers.


The good news is that in recent years, advances in digital connectivity have spurred governments and private sector organisations on to introduce technology-based and secure-by-design solutions that both boost the efficiency and security of border control processes while elevating the traveller experience.


Let’s take a look at some of the technology advances already making an impact when it comes to enabling a frictionless journey experience for passengers, while reducing the cost and complexity associated with capturing accurate and verifiable data before a visitor arrives at a border – and ideally before they even leave their country of origin.

Continue reading

Seamless Borders: From Vision to Reality - Chapter 1

 

 

 

Long term shifts in traveller numbers are driving governments around the globe to rethink how to manage the smooth and compliant movement of a growing number of travellers through ports and across international borders. According to the World Tourism Organisation, more than 900 million tourists travelled internationally last year – a figure that is predicted to hit 1.8 billion by 2030 and 8.2 billion by 2037.

 


Facilitating the seamless movement of vast numbers of people in the most efficient way possible is just the start of the challenge. Ensuring the security of national borders and citizens is another top imperative—seamless borders aims to deliver an easier passenger journey and improved security, benefiting all stakeholders. This can be a challenge given constraints on space, time and resources. Efficient, seamless borders will be more able to handle high passenger volumes to avoid overloading capacity at ports which can quickly become apparent in long queues inconvenience for everyone.

 


This is driving industry bodies and governments to press ahead with digitalisation initiatives. Because, as IATA, the trade association for the world’s airlines, notes: “Passenger traffic is projected to double by 2037. We will not be able to handle this growth or satisfy evolving customer expectations with existing airport capacity, current processes, facilities and ways of doing business.”

Continue reading

Unlocking the full power of Identity to enable people, economy and society to thrive - A year in review - February 2023

 

Continue reading

Modernising Digital-ID Systems: What Open Standards and Open-Source Software Really Mean

Debora Comparin, Chair of OSIA Initiative, SIA and Standardisation Expert, Thales

Thanks to co-author Yiannis Theodorou, Head of Digital ID, Tony Blair Institute for Global Change for his contribution to this commentary.

 

 

As governments continue to build inclusive digital-ID ecosystems to unlock the value of digital transformation for their people, many are facing the challenge of which related technology solutions to adopt.

 

In markets that encourage competition and innovation, it is common to see the creation of proprietary, closed and non-interoperable systems when a new industry is formed; remember the days when the phone you bought in Europe could not be used to make or receive calls in the United States? Eventually, though, the forces of supply and demand drive the industry towards harmonised, optimal solutions and common standards.

 

Today’s identity market is an environment of siloed foundational and functional ID systems, partly built on proprietary technologies. But, as the market matures, new tech solutions are drastically redefining the landscape. Mobile-ID solutions, sophisticated biometrics, cloud computing and other technologies have made it possible to develop integrated national ID ecosystems that are efficient, cost-effective and secure, without necessarily involving centralised databases.

 

Yet many countries still have a long way to go before they can realise this vision, and their ability to easily switch to new technology partners or providers is severely hampered by the complexity of existing systems or contractual arrangements. For example, if a newly procured digital-ID provider must deal with encrypted biometric templates in an existing database, it would need to access the raw biometric images captured and stored by the previous provider’s systems. If the unencrypted raw images are not available or reliable, the government will likely be forced to re-register the entire population.

 

Vendor lock-in constrains development because any change is subject to considerable costs and the risk of operational failures. At the same time, to benefit from the latest technologies, governments need to update, adapt and upgrade their legacy systems while having the freedom to choose the most appropriate solutions to meet their needs.

 

Two main approaches have emerged that offer governments the flexibility and freedom they need: open standards and open-source software.

 

Continue reading

Privacy by Design - Research Project - SIA & NTNU - Take part in our survey!

Continue reading

Understanding Public Key Infrastructure (PKI) in Passport Management

 

 

Secure ePassport chips result in trust and efficiency


What is ‘PKI’? An introduction

 

This article can be downloaded   default HERE (2.26 MB)

 

Trust in passports is essential. PKI technology gives strong evidence that information on a secure passport chip can be trusted. This helps authorities issue more secure passports, increase security and throughput at the border, increase automation and catch identity cheats. It can help airports, airlines and commercial parties to check documents and carry out KYC (Know Your Citizen or Know Your Customer). Genuine passengers are more able to demonstrate their true identity quickly. Conversely, identity cheats stand more chance of being discovered.

 

Threats of passport fraud are real! A genuine document can be lost, stolen or borrowed and used by someone who is not the holder (an imposter or lookalike). A criminal might try to change the photograph or other data about the holder, to turn a passport into his own travel document (a forgery). A false passport might be manufactured (a counterfeit). Someone may make a false application to obtain a passport (a Falsely Obtained Genuine (FOG)). Or someone may steal blank passports which have not yet been personalised (had the holder’s details applied).

 

Great care is taken to defend passports from such attacks. This includes strong security on the manufacture, storage and delivery of documents; rigorous testing of new passport applications; and advanced security features in passports so that false documents are difficult to produce or use. See Passport Fraud Trends and Ways to Combat Them (Secure Identity Alliance (SIA), 2021); and ICAO 9303 Part 2: Specifications for the Security of the Design, Manufacture and Issuance of MRTDs (see references).

 

Secure chips improve security and convenience

 

Many passports and ID cards contain a chip, holding key data about the document and the holder, including the holder’s facial photograph. All of this data is protected by the issuer who includes a cryptographic digital signature on the chip. This signature, when verified, shows that data on the chip comes from the right source and has not been changed. Only the issuer can produce this signature, but everyone who needs to can verify that the signature and the data match. If so, it can be trusted; if not, it can’t. The complete picture is called a Public Key Infrastructure (PKI).

Continue reading

Defining and building the ID ecosystems of the future. January 2022 Newsletter

 

Continue reading

Facing up to the identity authentication challenge – The growing role of Optical Machine Authentication (OMA) and especially Optical Phone Authentication (OPA)

 

 By Joachim Caillosse - Chair of the SIA Document Security Working Group, Frank Smith, Advisory Observer to the SIA and Thomas Poreaux - Member of the SIA Document Security Working Group. 

 

 

 

The use of false identities is a problem that goes far beyond the area of border control. Though fraudulent identification documents are commonly associated with issues like immigration, they can also be used to aid serious organised crime, terrorism, fraud, and a range of other threats. As a result, accurate verification of identity documents is now a major concern in additional contexts including areas such as financial services and digital retail.

 

 

'Authentication: Are You Who You Claim to Be?'is a new guide from the SIA that addresses the challenge of identity authentication. Discussing the inherent difficulty in validating someone’s identity, as well as some of the solutions that are currently available, the report also provides detailed use cases and recommendations for anyone who may be looking to improve their understanding of this critical practice.

 

 

It is very useful and highly informative report providing answers to questions concerning the Optical Machine Authentication (OMA) and in turn highlighting its increasing role in document authentication. The report will help practitioners expand their understanding of benefits and challenges linked to the increased use of optical authentication technologies.


Malik Alibegovic, INTERPOL CCSD

 

 

In this blog, we provide a summarised view of some of the key themes covered in the guide.

Continue reading

Facial Recognition Technologies: What’s at Stake and Why

Facial Recognition (FR) has evolved considerably in recent years and has many important potential benefits such as ease and security of use, privacy protection, and the detection and deterrence of crime. However, it can also be used excessively and intrusively and needs to be used appropriately, in circumstances that are justified and in accordance with good privacy laws and principles.

 

 

The SIA believes that recent moves to ban facial recognition technologies in a number of US states are premature. Similarly, in the EU, recent proposals regarding the development and use of artificial intelligence (AI) systems classify those intended to be used for remote biometric identification as ‘high risk’. If adopted, these systems would require a stringent ex-ante conformance assessment.

 

 

Pressing the pause button without a reasoned debate on privacy and civil rights, or on the potential IP and sovereignty issues of greater regulation, represents a potentially backward step for public safety that also limits the abilities of companies to transact securely with consumers in the digital world. See our blog on artificial intelligence here.

 

 

Facial recognition technologies have proved invaluable during the COVID-19 pandemic, making it possible for citizens to enrol remotely for services and verify their identity.

 

The SIA believes it is up to the authorities to play their role as regulators and to define the limits and conditions of use of facial recognition technologies, working with the industry to put in place governance frameworks that address the concerns of all stakeholders.

Continue reading

Re-use and interoperability: making health certificates a workable reality

 

 sia eu green pass health small

 

As governments and NGOs look to health certificates as a response to the challenge of safely reopening borders and reinstating freedom of movement for citizens, there is now a very real urgency in consolidating approaches, agreeing standards and achieving interoperability. Failure to do so will reduce international acceptance and threaten to derail these important initiatives. Here, we take a look at the key issues.

 

Health certificates schemes promise to streamline how people demonstrate they are unlikely to either catch or spread a particular disease, or diseases. While not a new concept, the COVID-19 pandemic has brought discussions of wider adoption and standardized adoption into sharp refrain.

 

In today’s context, these schemes use physical and/or digital certificates to make it easier for airlines, airports, border control agencies and others to verify whether a certificate holder has been vaccinated against COVID-19, has tested negative for the virus, or has recovered from it.

 

The increasingly widespread introduction of these certificates has allowed governments to lift a number of pandemic-related restrictions – from cross-border travel to attending large public gatherings such as sporting events.

 

Continue reading

Artificial Intelligence (IA) Technologies: What’s at Stake and Why

 
 
 
 sia artificial intelligence small
 
 
 

On April 21, 2021, the European Commission proposed new rules and actions on the development and use of artificial intelligence (AI) systems with the stated objective to “turn Europe into the global hub for trustworthy artificial intelligence”.

 

Following a risk-based approach, the proposals will ban those AI systems considered a clear threat to the safety, livelihoods and rights of people. Others will be rated on a risk scale from high to minimal. In particular, all remote biometric identification systems are considered high risk and subject to strict requirements.

 

Secure Identity Alliance (SIA), whose members are European and global leaders in this fast-emerging space, are supportive of the principles to ensure excellence and trust in AI systems, and believe a fit-for-purpose framework has the potential to become an adopted standard around the world – as has been the case with the General Data Protection Regulation.

 

However, SIA believes that the rules governing the development and provision of AI systems should be proportionate.

 

As the proposals stand today, there is a concern that some rules threaten to stifle innovation and therefore undermine the stated goals of the Commission and the position of Europe as a leader in this critical field of technology.

 

Continue reading

Passport Fraud Trends and Ways to Combat Them

 

 

 

 

 

By Joachim Caillosse, Chair of the Secure Document Working Group of the Secure Identity Alliance

 

An in-depth new guide to help tackle passport booklet fraud

 

Document fraud is a serious crime, one that has implications that stretch from personal identity theft all the way through to national security. Moreover, document fraud often serves as the foundation upon which other threats are built – human trafficking, drug smuggling, and terrorism amongst them.

 

Passport fraud is a key part of this landscape, and a growing problem. While Covid-19’s debilitating affect on international travel has helped to slow the rise of passport fraud over the past 12 months, the longer-term picture tells a different story altogether Some 100m travel documents were reported lost or stolen in 20201 and according to Frontex Risk Analysis, passports represented 47% of the fraudulent documents detected at European Union external borders in 2019, leading some commentators to decry a growing passport fraud “epidemic2”.

 

Ever keen to raise awareness of identity-related threats and provide guidance on the latest defences and countermeasures, the Secure Identity Alliance (SIA) has this week launched its “Passport Fraud Trends and Ways to Combat Them” report – a comprehensive overview of the current travel document security landscape.

Continue reading

The changing face of identity

MBrandau

By Michael Brandau, Chair of the Secure Identity Alliance's Border Working Group.

 

With technology, Covid-19, and a number of other factors driving major change at the border, the Secure Identity Alliance has updated Strong Identity Strong Borders, a guide designed to help anyone who wants to understand the subject more, but who is not an expert.

Strong Identity, Strong Borders introduces the key concepts and explores the evolution of border control, and how those responsible for safeguarding their territory can embrace new approaches around identity in order to create secure, seamless, and streamlined passenger experiences.

 

Continue reading

10 Principles for Good ID: A 2021 Refresh

ID4D Principles web 2021

 

Today the refreshed Principles on Identification for Sustainable development were published. Secure Identity Alliance is proud to have once again been asked to contribute to this important body of work to ensure that these updated Principles reflect today’s changing world and its own vision of supporting the provision of legal, trusted identity for all.

 

Five years ago the Secure Identity Alliance, along with other organisations committed to the development of ID systems that are inclusive, trusted, and accountable and supported the development of a set of shared ‘Principles for Good Identification’.

Continue reading

Giving Voice to Digital Identities Worldwide: Lessons and Insights from Around the Globe

 
 

 

 

 

 

by Kristel Teyras, Chair of the Digital ID Working Group of the Secure Identity Alliance

 

With governments poised to accelerate national digital ID programs, the SIA commissioned a study to uncover lessons learned from innovative, real-life digital ID deployments around the world.

 

Providing unprecedented ‘on the ground’ insights and perspectives, the study produced in partnership with onepoint gives a unique voice to stakeholders from 25 innovative sovereign digital ID schemes. Their shared learnings highlight the guiding principles and good practices that are critical for driving usage, adoption, and success – regardless of the digital ID model adopted.

Continue reading

Secure Physical ID Matters – even in a virtual world

Secure document web

 

In the modern world it’s easy to characterize physical ID documents as outdated and irrelevant. But to do so would be to overlook the practical realities, and ubiquitous adoption, of these durable physical credentials.

 

We live in a world where the movement towards mobile and digital formats for a wide variety of identity documents – such as national IDs and driver licenses – is already underway. Indeed, the COVID-19 public health crisis has served to propel Governments to accelerate digital (mobile) ID adoption so locked-down citizens could still securely access a range of digital public and private services. Everything from registering a child’s birth to collecting pension payments, and using their digital ID to prove their ‘key worker’ status and permission to travel.

 

But that doesn’t mean that the physical ID document is no longer needed. Rather than simply being replaced by new digital formats, they continue to be the pre-requisite for the overall success of many schemes.

Continue reading

Digital Travel Credentials (DTC) – the story so far

digital travel credential sia web

While domestic and international restrictions imposed to combat the spread of the COVID-19 virus have a tremendous impact on cross-border passenger volumes, and the longer-term picture remains unclear, it is no less important to continue to leverage the latest technologies to both strengthen borders and improve traveller experiences.

 

Over recent years, the technology has radically evolved in fields such as identity, security, biometrics and mobile applications to do exactly this. Technology has already transformed the world of border security and efficient processing of passengers, for example through secure ePassports (also known as electronic Machine Readable Travel Documents or eMRTD), automated eGates, biometrics used to assure visa regimes, and mobile boarding passes.

 

However, the story is far from complete. A newer generation of secure and efficient solutions are just beginning with the development of the Digital Travel Credential (DTC).

Continue reading

Digital Identity – learning from a crisis

mobileid covid sia web

An immediate analysis of the coronavirus crisis highlights, among other things, the significant and growing role of technology in general, and digital identity in particular, in helping citizens, businesses and government agencies adapt and respond.

 

With citizens in many countries forced into homeworking and home-schooling, most at incredibly short notice, many millions turned to digital tools to communicate, collaborate, work and transact online. While these proved helpful for knowledge workers and those businesses with flexible (and often cloud-based) IT infrastructures, the crisis uncovered huge areas for improvement.

 

This was particularly clear when it came to access to the provision of public services – many of which lacked a cohesive digital alternative to face to face interactions. At the heart of the issue was the lack of a digital identity that would allow citizens to securely access services remotely.

 

For those citizens unable to access basic public services and social protections in a digital context, this lack of a digital identity and a connected ecosystem of digital service caused considerable problems.

 

This, Secure Identity Alliance (SIA) believes, is one of the key learnings to take away from the crisis. A secure and universally trusted digital identity, based on a government root and sourced from civil registries, is fundamental to the development of a wider ecosystem of both public and private services.

Continue reading

Digital Identity and the Rise of Mobile ID

mobile id sia w 1

How to address the challenge of enabling the delivery of trusted mobile ID that’s secure, convenient, and easy for citizens to use

 

Digital identity sits at the heart of economic and social transformation. Around the globe, governments are busy fast-tracking the delivery of streamlined e-services that touch every aspect of people’s lives – from paying tax to accessing healthcare and education.

Continue reading

Open Source API for National ID Ecosystems: Assuring Interoperability and Harmonization for Sovereign ID Programs

The SIA’s pioneering new Open Source API will bring interoperability among civil registration and civil identification registries – independent of technology, solution architecture or vendor.

 

Citizens around the world depend on government issued identities to prove they are who they say they are and to undertake commonplace transactions – from opening bank accounts or registering for school, to obtaining formal employment or receiving social transfers.

 

It is crucial, therefore, that governments are able to ensure citizens are the same person across all these various registries and issuing agencies, and that an individual’s data – or attributes – are up-to-date. Doing so protects the individual against the risk of identity theft and state agencies against fraud.

 

To achieve this objective these different registries need to ‘talk’ to one another.

 

It is this imperative that is currently driving governments around the globe to rollout national ID ecosystems in which multiple identity registries and systems, serving different functions, operate together as a cohesive whole.

Continue reading

Identity in Healthcare - A key Enabler to Integrated Care

Efficient and reliable patient identify management will be an essential element in making the benefits of integrated care a reality. This was the core message at the launch of a joint new publication from COCIR and the SIA entitled ‘Identity in Healthcare’ at the HIMSS Europe and Health 2.0 conference in Barcelona. The publication brings much-needed clarity and key recommendations to the ID challenge facing the health sector.

Continue reading

Points de repère pour l’identité numérique en Afrique

BannerID4D

Ouverte par le Premier ministre de Namibie, la troisième conférence bilingue (français-anglais) du mouvement ID4Africa (1) a réuni près de 1000 des acteurs de l’identité numérique à Windhoek en Namibie, de plus de 30 pays.

Continue reading

Digital Channels and the Evolution of ID

shutterstock 543148363

While the concept of identity (ID) remains unchanged, the rapid evolution of digital technology has dramatically extended both its application and form factor.

Continue reading

Ten Principles on Identification for Sustainable Development

Principles on Identification With collage Blue EXT

Today, the Secure Identity Alliance has joined the global partnership network on identification and endorsed the Principles on Identification for Sustainable Development: Toward the Digital Age which aims to provide a set of guidance in establishing and utilizing legal identification systems for sustainable development.

Continue reading

Public-private cooperation to build digital identity systems

build digital identity

 

Today, the World Bank, Secure Identity Alliance, and GSMA have launched a joint white paper, “Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation”.

Continue reading

Disponible en français! 'Civil Registry Consolidation through Digital Identity Management’ report in support of the UN 2030 Agenda for Sustainable Development

Ce rapport devrait être d' un intérêt particulier pour les organisations internationales et les organismes gouvernementaux qui sont impliqués dans la création ou la réorganisation de l'état civil et des systèmes d'identité

Continue reading

'Civil Registry Consolidation through Digital Identity Management’ report in support of the UN 2030 Agenda for Sustainable Development

This report should be of particular interest to international organizations and government agencies that are involved in the establishment or reorganization of civil registration and identity systems.

Continue reading

Identity Management in 2030

By courtesy of our Government Observer Member, the National Office for Identity Data, Dutch Ministry of Interior and Kingdom relations.

Continue reading

The interoperability challenges at the heart of cross-border ID discussions - Published at SDW in London - June 2015

As the appetite for developing identity-based e-government services grows, Jacques van Zijp, Board Member from Secure Identity Alliance discusses the interoperability challenges now at the heart of cross-border ID discussions.

Continue reading

Identity in a Hyper Connected Mobile World - Published at Connect:ID - March 2015

Identity is going digital, and moving to the mobile. For most, this is a positive step. Identity is proliferating at an incredible rate. From the low level ‘sign-in through Facebook’ variants to high security access to, and usage of, a new range of central government and smart city services, the ability to prove who we say we are (when we’re mobile) is a strategic imperative. And It’s not just about convenience or security.

Continue reading

eID - Helping secure efficient social protection programs for communities around the globe

Presentation given by Jacques van Zijp on eID and Social Protection Programs in the Developing Countries at SDW2014 in London

Continue reading

eIDAS: A Major Step Towards Digital Europe!

We have asked Guy de Felcourt, Digital Identity Strategy Advisor and Published Author, who animated the BMI-Secure Identity Alliance eIDAS Workshop to tell us why EU Regulation No.910/2014 represents a major step forward in enabling digital identity in Europe and examines the value this will deliver for member states, companies and citizens.

Continue reading

How eID is helping secure social protection and unlocking a sustainable, empowered future for communities around the globe

This quarter, Jacques Van Zijp, Board Member of the Secure Identity Alliance looks at how eID is helping secure social protection and unlocking a sustainable, empowered future for communities around the globe.

Continue reading

Accelerating the creation and deployment of e-Government services by ensuring Citizen’s Privacy, Security, Convenience and Trust

Opening keynote speech at Secure Document World 2013 by Frédéric Trojani, Chairman, Secure Identity Alliance

Continue reading

eGovernment will save the public purse in excess of $50 bn per year by 2020, according to new global research from the Secure Identity Alliance.

Highlighting the continued importance of cost and citizen experience drivers, the report highlights the role of trusted digital identity in enabling effective and secure eService deployment.

And with this change come some serious issues.

Continue reading