By S de Labriolle on Wednesday, 22 September 2021
Category: Blog

Facing up to the identity authentication challenge – The growing role of Optical Machine Authentication (OMA) and especially Optical Phone Authentication (OPA)

 By Joachim Caillosse - Chair of the SIA Document Security Working Group, Frank Smith, Advisory Observer to the SIA and Thomas Poreaux - Member of the SIA Document Security Working Group. 

The use of false identities is a problem that goes far beyond the area of border control. Though fraudulent identification documents are commonly associated with issues like immigration, they can also be used to aid serious organised crime, terrorism, fraud, and a range of other threats. As a result, accurate verification of identity documents is now a major concern in additional contexts including areas such as financial services and digital retail.

'Authentication: Are You Who You Claim to Be?'is a new guide from the SIA that addresses the challenge of identity authentication. Discussing the inherent difficulty in validating someone’s identity, as well as some of the solutions that are currently available, the report also provides detailed use cases and recommendations for anyone who may be looking to improve their understanding of this critical practice.

It is very useful and highly informative report providing answers to questions concerning the Optical Machine Authentication (OMA) and in turn highlighting its increasing role in document authentication. The report will help practitioners expand their understanding of benefits and challenges linked to the increased use of optical authentication technologies.


Malik Alibegovic, INTERPOL CCSD

In this blog, we provide a summarised view of some of the key themes covered in the guide.

 

 

The challenge of authenticating identity

Verifying someone’s identity relies on there being a clear connection between three specific things: the person themself; the identity document they present; and the underlying identity that the person is asserting is theirs.

As detailed in the full Authentication guide, the challenge with this is that even when all three of these pieces seem to fit, they can actually be masking a sophisticated deception that enables a person to pass as someone else. The exact nature of the deception can vary, but generally tends to take two forms.

• Deception about the identity document or other credentials


This can take many forms, including counterfeiting or the modification of a genuine document to change the information presented – i.e. switching the holder’s photo for a new one.


• Deception by the person claiming the identity


This can be done without altering the identity document. For example, trying to enter a country by presenting a genuine – but stolen – passport at border control.

Both of these tactics, of course, can be used in tandem.

Finding the balance between human and machine

For every deception, there is a countermeasure. False documents can be detected through observation, interview, or via a reference system; chip attacks addressed via thorough examination, or verification through the Public Key Directory, for instance.

Many of these techniques rely on a combination of human intervention and machine-driven authentication. One of the major issues addressed in the Authentication report is the need for controllers to understand which countermeasures should be used under which circumstances. Achieving the correct balance can help to achieve the requisite level of trust in the authentication – and each approach offers different advantages.

• Human authentication


A trained individual will be able to combine examination of the document with a more holistic assessment: the behaviour of the person presenting it, knowledge of current forgery trends, and significant experience.


• Machine authentication


Machine authentication can help commercial and government organisations validate documents they do not often see, and automate authentication where a company agent is not present. For border control personnel, machine authentication provides more active support, especially for less experienced operators.

New techniques to meet new challenges

The application of technology to the identity authentication challenge – particularly as a form of support to human operatives – is becoming increasingly viable thanks to the advent of techniques such as Optical Phone Authentication (OPA).

OPA is part of a wider catalogue of verification technologies that sit under the umbrella of Optical Machine Authentication (OMA). OPA takes advantage of the increase in smartphone capabilities and the explosion in mobile broadband performance to provide controllers with an additional authentication method that fits in the palm of their hand.

Like any verification technique, OPA has its advantages and disadvantages. While it provides a quick and easy way to check for optically variable features, not all security features can be tested automatically since most smartphones cannot check UV and IR features. The full pros and cons of OPA – and many other verification techniques – are explained in the full report.

Verification in the field: real world examples

Multiple authentication use cases are detailed in the report, as well as the additive potential of technologies such as OPA. From front-line policing – where smartphones can be used to conduct checks on people, documents, and vehicles – through to the use of OMA in support of Know Your Customer checks, the full report explores the growing need to augment human capabilities with technology-driven services where it is appropriate to do so.

"Authentication: Are You Who You Claim to Be?" closes with a set of recommendations designed to help anyone, in any field, focus on improving their own authentication standards.

The guide can be downloaded free of charge here.