Thursday, October 27, 2005

U.S. to require RFID chips in passports

"They" really are planning to implant chips in everything so that "they" can track our every move. "They" will know where we go, what we buy, etc, and who knows how they'll control us through this knowledge.

This unfortunately is slowly becoming reality.

The current step is about improving the reliability of passports through using biometric and RFID technologies. Clearly it is important for passports to reliably identify that the person holding the passport is indeed the person identified by that passport. And no matter how much effort you put into making the passport hard to construct, it's really just a book, with some writing and a picture, and they can be faked.

Rules for RFID chips in US passports (By OUT-LAW.COM, Published on register.co.uk Thursday 27th October 2005 08:46 GMT) from here: out-law.com

The article claims the U.S. State Department has sent out some new rules saying that after October 2006 all newly issued passports will contain an RFID chip to which biometric information can be added "later".

Unfortunately the article doesn't link to the rules announcement. A scan of the State Department website turned up the document at the end of this posting.

Doubts over biometric passports (By Jane Wakefield, BBC News technology reporter, October 27, 2005)

This article discusses statements by Barry Kefauver of the International Civil Aviation Organisation (ICAO) that biometric additions to the passports will not be enough. If that's as far as the system went, then the biometrics in the chip could be forged as well. Instead the data has to be crosschecked with an official database.

ICAO, New Technologies Working Group, REQUEST FOR INFORMATION

The International Civil Aviation Organization (ICAO) New Technologies Working Group (NTWG) continues its work in the development of standards for use by Member States to facilitate automated identity verification and document authentication. In addition, the NTWG seeks to advise ICAO on technology issues related to the issuance and use of machine-readable travel documents. As a result, NTWG issues a Request for Information (RFI) every three years in order to keep abreast of new and improving technologies.

Notice: Information regarding new technologies is now sought for consideration for use in and with machine-readable passports, visas and card-based travel documents. The technologies sought fall into the following categories.

CategoryRequirement
BiometricsFacial, finger and iris biometric technologies and new concepts that may be used in the travel document issuance process or to link travel documents to their rightful owners
Data Storage MediaData storage media that can be utilized in conjunction with biometric and machine verification technologies and concepts.
E-CommerceTurnkey electronic on-line systems that may be applied to secure internet based passport and visa application processes.
RF TechnologiesThe application of radio frequency technologies in travel documents.
Self-Service FacilitationTechnologies and processes that are suitable for automated self-identification at international borders and/or entitlement facilities that will enable either unattended border crossing or program enrolment (Kiosk).
Travel Document PrintersSecure printers that are suitable for operation in both a low and high transaction volume environment with limited technical support. Cost is a critical factor.
Travel Document ReadersTravel Document readers that enable the full data page to be read and specific information and images to be captured, displayed and transmitted. Machine verification concepts and devices that may facilitate automated document authentication. Readers that are able of simultaneous verification of the data page and chip data.
Travel Document Security ConceptsDocument security concepts, which either at the point of document personalization or at the point of document manufacture, may be used to protect on-board data from alteration or simulation.

Information is sought for consideration of use in machine-readable passports, visas and card-based travel documents. The technologies sought for consideration are those for use in the assessment of applicant eligibility and document production. Additionally, those technologies that link documents to document bearers, provide reliable authentication of genuine documents, and that will facilitate the secure and reliable transit of travelers through international border control points and can facilitate the movement of passengers through airports, seaports and other international transportation facilities.

Relevant information gathered during the RFI process will be summarized and shared among the ICAO Member States. This information may be considered by ICAO for use in establishing international standards and for use by ICAO Member States in their border control, passenger processing and travel facilitation systems.

Proposals will be reviewed for several qualitative and quantitative factors dependent on the technologies submitted, but will generally be assessed against dynamics such as:

  • accuracy;
  • associated costs for the technology;
  • compatibility with current document personalization or reading systems;
  • consistency of measurement;
  • durability;
  • false accept and false reject rates
  • intrinsic safeguards and protection against technological compromise;
  • intrusiveness;
  • public acceptability;
  • reliability and stability over time;
  • security provided by the concept;
  • simplicity and ease of incorporation and detection;
  • speed of measurement;
  • type and required size of on-board storage medium; as well as,
  • uniqueness.

Interested parties must present their technologies in the context of ICAO Document 9303, which prescribes international format and on-board data standards for machine-readable passports, visas, and other official machine-readable travel documents. Interested parties should recognize that it is the intention of ICAO to consider all technologies that may be applied on a global basis by the ICAO Member States. Thus, in the application of these technologies, global interoperability at borders, global acceptance by citizens of Member States, conduciveness to open international standards and multiple sources of supply, and affordability by all Member States will be particularly considered.

Written response to the RFI must be provided by November 20, 2004 to hollyrm@state.gov -R. Michael Holly, RFI Coordinator, ICAO New Technologies Working Group, c/o U.S., Department of State, 2100 Pennsylvania Ave, NW, Washington, DC 20524, USA (Phone 202-663-2472). Supporting information and descriptive literature may be provided as part of the response. However, a succinctly written information summary paper is required for all responses. The purpose of the summary paper is to help facilitate the compilation of summary information on each technology into a summary report that can be provided to each ICAO Member State. The format and simple instructions for completion of the summary paper can be downloaded via the Internet at the following address: http://travel.state.gov/ TBD.html.

Following receipt of summary sheets and descriptive literature and information, firms may be invited to make oral presentations to the New Technologies Working Group and representatives of ICAO Member States. Oral presentations are planned for May 23-27, 2005, in Geneva, Switzerland.

Interested parties are advised that ICAO is under no obligation to designate any standard or take any further action with any party as a result of this Request for Information. Summary sheets supplied in response to the RFI will be made available to Member States. Accompanying information and descriptive literature may be made available to Member States. With the exception of the summary sheets, any other information that is considered non-disclosable to all ICAO Member States should be identified as such. Non-disclosable information will be retained exclusively for the use of the Members of the ICAO New Technology Working Group.

Request for copies of ICAO standards documents (ICAO Document 9303, Parts 1 to 3) should be directed to sales_unit@icao.org.

This Request for Information is placed by the U.S. Department of State in furtherance of its participation in ICAO, a United Nations international organization. The United States Government and its employees accept no responsibility for the actions or undertakings of ICAO, ICAO participants, or ICAO staff.

INSTRUCTIONS FOR PREPARATION
OF SUMMARY PAPER FOR
ICAO REQUEST FOR PROPOSAL

Overview:

Interested parties must present their technologies in the context of ICAO Document 9303, which prescribes international format and on-board data standards for machine-readable passports, visas, and other official machine-readable travel documents.

The requested summary paper must be submitted with all responses to the Request for Information (RFI). A separate summary paper should be submitted with each technology concept introduced. Summary papers will be included in a comprehensive Summary Report and will be presented to the ICAO Member States. The Summary Report may be categorized by the following categories.

  • Biometrics
  • Data storage media
  • E-Commerce
  • RF technologies
  • Self-service facilitation
  • Travel document printers
  • Travel document readers
  • Travel document security concepts

Purpose:

The summary paper is not a marketing tool. It is an information tool that will be used by the ICAO New Technologies Working Group (NTWG) in their quest for considering standards for new technologies with possible application to machine-readable travel documents, and to familiarize ICAO Member States with the new technologies in a summary form.

The information on the summary paper should be accurate, succinct, complete and descriptive of the technology being introduced. The summary paper reflects how interested parties would like their technology presented in summary form to the NTWG and the ICAO Member States. It should highlight all information, which interested parties would like to convey to ICAO.

Categories and Requirements:

Biometrics

Requirement: Facial, finger and iris biometric technologies and new concepts that may be used in the travel document issuance process or to link travel documents to their rightful owners.

ICAO Member States have a variety of methodologies and requirements for the submission of travel document applications. This ranges from personal appearance at an acceptance facility or issuing authority to mail in applications with the expectation of Internet based applications being accepted in the short to medium term. Additionally, Member States have a wide range of travel document record database sizes and storage media. Issuing authorities may check each new applicant biometric with all existing applicant biometrics (one to many) and or check each renewal against the existing biometric held for that applicant (one to one). For successful implementation in an issuance environment, the biometric technologies and systems will need to demonstrate the following key attributes:

  • Biometric enrollment and subsequent renewal in person (live capture)
  • Biometric enrollment and subsequent renewal via a variety of media (mail and Internet)
  • Ability to accurately and rapidly undertake 1 to 1 and 1 to many verifications and searches in biometric databases containing up to 100 million records.
  • Ability to match biometric records for individuals over time.
  • Ability to use image data currently stored in legacy systems.

ICAO Member states may use biometric systems in a self-service environment at their ports of entry. For successful implementation in a border control environment, the biometric technologies and systems will need to demonstrate the following key attributes:

  • Ability to rapidly and accurately collect stored biometric data from a travel document and verify it with that of the holder.
  • Ability to rapidly and accurately capture a biometric from the data-page of a travel document and encode it to enable immediate and automated verification with the holder.
  • Ability to rapidly and accurately undertake a 1 to 1 and 1 to few verifications and searches in biometric databases.
  • Ability to match biometric records for individuals over time.

Data Storage Media

Requirement: Data storage media that can be utilized in conjunction with biometric and machine verification technologies and concepts.

Border Authorities have a strong desire for contactless mode of operation and high capacity data storage. A common electronic storage medium is necessary to enable States to conduct border deployment in a cohesive manner. Non-proprietary technology is required. Flexibility is required. ICAO/NTWG continues with its strong support and efforts to make the storage medium for globally interoperable biometrics a contactless IC chip that is a minimum size of 32 Kilobytes and in ISO 14443 Type A or B compliance. Additionally, information is sought on other storage media in order to assess their relative benefits.

E-Commerce

Requirement: Turnkey electronic on-line systems that may be applied to secure Internet based passport and visa application processes.

Vendors are invited to propose applications or solutions they have developed which would readily support the implementation of Internet based E-Commerce or E-government style travel document issuance channels. Issues relating to privacy and the ability to satisfy stringent identity authentication requirements are critical to the successful implementation of on line travel document application and issuance systems. Such solutions would be expected to include the following functionality:

  • Secure online customer or citizen application for a variety of travel documents.
  • Secure receipt of required bio data, most typically but not exclusively photo and signature.
  • Secure business-to-business style ability to merge data from a variety of sources to assist in validating applications including payment functionality.
  • Ability to support customer-centric reporting on processing status without agency intervention.
  • Ability of solution proposed to enable electronic sharing of validated data to facilitate travel movements.

RF Technologies

Requirements: The application of radio frequency technologies in travel documents.

ICAO/NTWG is seeking radio frequency identification technologies that enable broad-based application growth. ICAO/NTWG is seeking RFID equipment that can be used interchangeably with equipment from different manufactures. The amount of data storage to be communicated should not be less than 32K. The data should be protected against unauthorized access by appropriate encryption, microprocessor, or other means. Any item of data stored should be accessible within 10 seconds. The transponder may interface with the document either by physical contact or separated from the document by a distance of 10 centimeters. In addition, ICAO/NTWG seeks information on other specific approaches to RF solutions.

Self-Service Facilitation

Requirements: Technologies and processes that are suitable for automated self-identification at international borders and/or entitlement facilities that will enable either unattended border crossing or program enrolment (Kiosk).

Systems and technologies that enable border control agencies to reduce personnel costs for lower risk high volume transactions through the use of automation in accomplishing secure unassisted clearance processing at international ports of entry/or departure. These systems may be used for unassisted enrolment in travel document application or issuance processes. Key attributes of these systems are:

  • Simplicity of uses for applicants and travelers.
  • Rapid transaction processing.
  • Secure systems that facilitate the link between the document and holder or application and applicant.
  • Secure systems that facilitate the link between the holder or applicant to existing database records.

Submissions should detail connectivity with existing infrastructure, explain methods by which enrolment can be accomplished with or without assistance and explore costs and impact of system deployment in various live environments. Where available, performance data from previous or existing system test should be included for the purpose of detailed evaluation.

Travel document printers

Requirements: Secure printers that are suitable for operation in both a low and high transaction volume environment with limited technical support. Cost is a critical factor.

Secure machine-readable travel documents personalization systems suitable for operation at high volume locations and at remote issuance sites where transactions may be as low as 100 per annum and where technology support may be very limited. The systems should:

  • Apply high quality digital images and text to the travel document.
  • Be user friendly and require minimal low-cost maintenance.
  • Be able to print to the end page and inside data pages of the travel document.
  • Incorporate effective security features (overt, device–assist and forensic).

It is highly desirable that the printers:

  • Have integrated systems that will allow for the seamless writing of data to travel document data storage devices (i.e. contact-less IC's) during personalization processes.

Submissions should include details of the test procedures and results used to prove the performance of the system.

Travel document readers

Requirements: Travel Document readers that enable the full data page to be read and specific information and images to be captured, displayed and transmitted. Machine verification concepts and devices that may facilitate automated document authentication. Readers that are capable of simultaneous verification of the data page and chip data.

Travel document readers are used in both the issuance and border control environments. During the issuance processes, readers are most commonly utilized as a quality assurance tool. In addition to ensure that the machine readable zone printed in OCR B accurately reflects the bio-data recorded on the document and in issuance databases and that it is appropriately positioned on the document, the full page readers should have the ability to:

  • Read, display and verify physical features including the holder's image, overt and covert security features as well as the data stored in the travel documents storage media.
  • Read, display and verify data held in a variety of storage media on the travel document bio-data page.
  • Read, display and verify electronic security features embedded in the travel document bio-data page.
  • Analyze, display and record reading results in a quality assurance function.
  • Portability while retaining full functionality.
  • Ability to read, capture and interface with software to facilitate the transmission of selected data elements from the physical features and storage media of travel document.
  • Initialization of readers in < 2 seconds.
  • Retrieval of data from chip in < 5 seconds for 32k of data.
  • Recycle time: < 3 seconds.
  • Polling/Interaction response < 3 seconds from placement of chip on reader.
  • Position independence: Document should not have to be adjusted on reader.
  • Must read within 2 cm from reader surface wherever passport is placed. (Includes thickness of passport even when placed upside down on reader).
  • Must have power-on light.
  • Buffer size will be appropriate for retrieval of large amounts of data.
  • Must accommodate full range of power levels stated in ISO 14443.
  • Must auto detect chip type (A or B) and go.
  • Must have USB connection.
  • Read rate is minimum of 424 kbs.
  • Must support anti-collision to prevent reading of chips other passports.
  • Read Binary: must support reading entire data group in one step.

Travel document security concepts

Requirements: Document security concepts, which either at the point of document personalization or at the point of document manufacture, may be used to protect on-board data from alteration or simulation. Security feature and machine verification concepts that facilitate automated document authentication.

Embedded security features that will, through the application of an appropriate technologies and/or hardware solutions, verify the authenticity of the travel documents when presented by travelers at various points throughout an international journey. These security features may be of a visible physical nature and/or electronically embedded in the document. Ideally security features should not only verify the authenticity of the actual travel document but also protect bio-data elements such as the holder's portrait so that there is confidence that these key elements have not been altered after the document has been issued.

Submissions should provide in reasonable detail a description of how the system can be implemented in a range of applications, including government enrolment schemes, airline check-in operations and assisted or unassisted border clearance processes. Submissions relating to electronically embedded security features must also describe the intended method and cost (if any) of distribution of software to border control agencies, and/or airline check-in operations that will insure that these security features embedded by issuance agencies can be widely and routinely verified.

Method of Submission:

The summary paper for each technology should be submitted in electronic form. Electronic copies should be submitted in Microsoft Word or compatible versions. PDF format is acceptable. Interested parties should use Times New Roman or compatible print font (12 point) in order to make all summary papers easy to read and similar in appearance for compilation into the Summary Report. Additional information, e.g. brochures must also be submitted in electronic form to ensure easy transmission to an international review panel of government representatives.

Each summary paper should be limited to no more than three (3) pages.

Summary papers must follow the format prescribed in the attachment following this instruction, identified as “Summary Paper Format