You are on page 1of 100

1 w w w . g l o b a l s m a r t .

c o m | I D C R E D E N T I A L S
ID Reviews
Stealing our miracles? Disruptive innovation and personal identity
By Ralph Adam, Freelance Editor, Communications & IT
The case for strong initial authentication
By John Zurawski, Vice President, Authentify
Plotting a course for secure identity credentials
By Anthony Ball, Senior Vice President with HID Global
Get set for biometrics in everyday life
By Isabelle Moeller, Chief Executive, Biometrics Institute reports
Beating the biometric fraudsters
By Alastair Partington and Mark Crego of Accenture
Intelligence and efficiency through on-demand media analysis using face recognition
By Carl Gohringer, Allevate Ltd.
Combating financial services fraud with voice biometric identity verification
By Melinda Ziemer, Marketing manager, VoiceVault
Virtually insecure
By Greg Sarrail, Vice President, Solutions Business, Lumidigm
A photo is worth more than a thousand words
By Magnus Lfgren, CEO, Speed Identity
ABC gates All problems solved?
By Roberto Wolfer and Michael Weisbach, Cross Match Technologies GmbH
Certifying security
By Georg Hasse, Senior Product Manager, Electronic Identities, Public Sector and Michael Schlueter,
Head of Software Development, Electronic Identities, Public Sector, secunet Security Networks AG
Are immigration security priorities just competing, or conflicting?
By Andrew Gilbert, Business Development Director, Ingenia Technology
Innovation drives hologram ID document protection
By Ian Lancaster, General Secretary, International Hologram Manufacturers Association (IHMA)
Enabling secure use of mobile devices at the enterprise level
By Dr Raoul-Thomas Herborg and Patrik Lindeberg, CEO, Virtual Solutions and Patrik Lindeberg,
COO, Precise Biometrics
Secure mobile credentialing & identification The evolution of Privilege Entitlement & Access Control
systems toward a single user profile for multiple services across multiple devices
By Jay Meier, Vice President, Corporate Development, BIO-key
Secure mobile transactions Fact or fiction?
By Guillaume Forget, VP Sales EMEA, Cryptomathic
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 2
SDW 2014
Wendy Atkins
Liz Harrison
Tim Courtney
Jo OConnor
Henry Ling Ltd.
Mobile Technology International
134 Lots Road, Chelsea,
London SW10 ORJ, UK
Tel: +44 (0)20 7385 8811
While every care has been taken to ensure that the
data in this publication is accurate, the publisher
cannot accept, and hereby disclaims, any liability to
any party to loss or damage caused by errors or
omission. All rights reserved. No part of the
publication may be reproduced, stored in any
retrieval system or transmitted in any form electronic,
mechanical, photocopying, recording or otherwise
without prior permission of the publisher.
Image sources: Wikipedia
Issue year 2014
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 4
ID forecasts
In 2012, 7.95 billion smart cards and 7.99 billion ICs were
shipped, representing a year-on-year increase of 9.4% and
12%, respectively, according to ABI Researchs Smart Card &
Secure ICs Research Service. The research firm says IC revenues
hit a new high, with NFC RF and secure elements providing a
more established proportion of IC revenues, which totalled
U$2.69bn in 2012.
The top four smart card vendors remain unchanged with
Gemalto, Oberthur, G&D, and Morpho maintaining their
leading market share positions, based on units. Of these
vendors, Oberthur was the only one to maintain its overall
percentage share of the market with the others declining
slightly. The biggest vendor movement was within the
government ID vertical.
ABI Research says Morpho was the highest climber in the
government ID market, gaining an extra 3% share compared to
2011. Oberthur dipped slightly and dropped one position,
while Gemalto lost a little of its share but still maintained its
number one position. G&D also posted slightly lower shipments
than 2011.
Smart card shipments are expected to hit 8.6 billion this year,
according to ABI Research.
Of total shipments, 16% are forecasted to use a contactless
interface, rising to 30% in 2018. The research firm says
Government ID will continue strong double-digit growth in
contactless adoption. Other sectors to see similar strong growth
are transportation and ticketing, and payment cards.
Over the next three years ABI says it expects to see a shift in the
penetration ratio of pure contactless and dual interface
shipments. In 2013, it forecasts 59% of all contactless
deployments will use a pure contactless interface, reducing to
38% in 2018. The increase in dual interface adoption is
apparent across multiple markets. It says that IC vendors NXP,
Infineon, and STMicroelectronics are positioned to offer the best
combination of convenience and high-end security over multiple
applications. Additionally, the increase in dual interface
adoption will deliver greater margins benefiting IC and smart
card vendors alike.
ABI Research has forecast in its Smart Cards in Latin America
report that total smart card shipments within the Latin America
region will increase from 752 million in 2013 to 1.15 billion
in 2018.
According to the research firm, Latin Americas smart card
market is rising from the ranks of an emerging region to one
where large-scale deployments are now being seen. This is
particularly true within the government ID and payment cards
market. The government ID market is being driven by high-end
national ID card deployments and continual migration
to ePassports.
Brazil and Mexico are the two stand-out countries in terms of
shipment volumes driven by SIM deployments; Brazils dual
interface national ID card, alongside EMV and ePassport
migration in both Brazil and Mexico. Brazils smart card
adoption is being driven by its hosting of the 2014 FIFA World
cup and 2016 Olympic Games.
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Revi ews
Increasing awareness of biometrics across industries will spur
the global commercial biometrics market, according to new
analysis from Frost & Sullivan. While historically the adoption of
biometrics has been concentrated in the government sector,
recent years have witnessed considerable demand for
applications such as ATMs, retail points of sale, and finance.
Iris and face recognition algorithms have undergone substantial
advancements and are gaining prominence, while fingerprint
technologies remain the most popular, says Frost.
The research group says that the commercial biometrics market
earned revenues of $1.48 billion in 2012 and estimates this to
reach $6.15 billion in 2019. In addition to fingerprint, facial
and iris biometrics, the study covers hand geometry, voice, and
signature technologies.
"Better end-user recognition of the unique capabilities of
biometric technologies, including enhanced security as well as
physical and logical access control in applications, has helped
vendors win a number of projects and contracts," said Frost &
Sullivan Senior Research Analyst Ram Ravi.
"Focus on building robust, error-free and efficient solutions will
create added revenue-generating opportunities for biometric
Although improvements in technology augur well for the
market, any large-scale biometric project in enterprises takes a
long to implement and cover every employee. The high cost
and extended duration of deploying biometrics can restrict
installation rates.
Moreover, the lack of knowledge among customers, fear over
loss of privacy, and uncertainty over the reliability and security
of stored data also dampen adoption of biometrics. With
awareness at an early stage, solution providers, system
integrators, and value-added resellers are the accepted channel
for distribution and therefore, their decisions will decide future
uptake levels.
"Business strategies with customised ROI models and reduced
opportunity costs are expected to help biometrics sustain
momentum in emerging markets," said Ravi. "Regulatory
mandates and procedures in compliance with medical
standards are necessary to favour biometrics market expansion."
Apples latest iPhone - the iPhone 5s has been launched and
houses a fingerprint sensor within the home button. It's second
phone offering the iPhone 5c - a colourful lower cost alternative
- does not have a fingerprint sensor.
The technology - which Apple calls TouchID - begins with a
laser-cut sapphire crystal on the surface of the home button.
According to Apple, this directs the image of a person's finger
to a capacitive touch sensor, which, as AuthenTec always
pointed out before it was bought by Apple, reads beneath the
outer layers of your skin to get a detailed print.
Surrounding the button is a stainless steel ring that detects the
finger, wakes the sensor, and improves the signal-to-noise ratio.
Touch ID is reportedly capable of 360-degree readability
meaning that no matter what its orientation portrait,
landscape, or anything in between the iPhone will be
capable of reading a fingerprint. The Touch ID software
interface will let a phone owner enrol multiple fingerprints -
including the people they trust, such as family members.
In a bid to appease privacy concerns the encrypted fingerprint
data will never leave the confines of the phone.
Experts from Bundesdruckerei, Infineon and the Fraunhofer
Institute for Reliability and Microintegration IZM have teamed
up to examine the requirements for eID documents to provide
reliable functionality.
The project known as the Secure and long-life eID
applications for human-technology cooperation (SeManTik)
has been established for the partners to investigate reliable and
new integration technologies as well as realistic models to test
and predict the life span of identity documents.
As the partners point out: Identity and travel documents are
valid for a long period of time and must often withstand harsh
conditions of daily usage. Therefore they have to be extremely
robust and at the same time secure and reliable.
Our goal is to develop multifunctional technologies for identity
documents that will work without failure over a long period of
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 6
Revi ews
time. In order to test the reliability of these technologies under
realistic conditions we need new standardised testing
procedures and simulation models which are investigated within
the scope of the research project, says Joachim Kloeser of
Bundesdruckerei and overall head of the research project.
SeManTiK provides us with new approaches to the qualitative
evaluation and selection of existing, long-life electronic high
security documents. We are now taking a major step toward
reaching our common goal of being able to predict the
required durability of these documents reliably in the laboratory.
In doing so, we extend our competitive edge in Germany, says
Peter Stampka, initiator and project manager of SeManTiK at
Infineon Technologies.
The project is being supported by the German Federal Ministry
for Education and Research (BMBF). As an associated partner,
the Bundeskriminalamt (German Federal Criminal Police Office)
is contributing its expertise in forensic and methodical analysis.
Bayer Material Science is contributing its expertise in supporting
materials to the project.
Secure eDocuments companies 3M, Gemalto, Morpho (Safran)
and Oberthur Technologies announced the formation of the
Secure Identity Alliance earlier in 2013 and have now also
welcomed HID Global, ABnote and Trb to its ranks.
The new group aims to develop the use of government-issued
eDocuments in particular, identity, health, driving licences
and ePassports for increased security, and to encourage
deployment of secure, convenient, online services to strengthen
end user privacy.
The Secure Identity Alliances major objectives are to accelerate
the transition to smart eDocuments and enable an open,
interoperable and efficient rollout of trusted eGovernment
online services by:
Describing and promoting use cases of convenient value-
added eGovernment services;
Sharing experiences and best practices between industry
and governments modernising their services, in particular
ensuring the privacy of end - users personal information;
Promoting standardisation of relevant and appropriate
industry specifications;
Making recommendations on the most up-to-date ways of
addressing government identity and privacy challenges,
including eDocument hardware, software and secure
printing technologies, materials and physical security
expertise, to deliver the level of confidence and assurance
needed for the rapid adoption of eServices that can be
trusted by citizens;
Providing consistent and transparent reference information
on security, identity and privacy challenges.
The Secure Identity Alliance says it is positioning itself as a
trusted partner for governmental agencies and public entities
defining their eDocument approach and implementing
associated eGovernment services. Alliance members will be
involved in focused workgroups with the aim of establishing
interoperable systems, and defining and promoting best
practices that can be adopted across the world.
Frdric Trojani, chairman of the Board of the Secure Identity
Alliance, said: I am delighted to welcome HID Global, ABnote
and Trb to the Secure Identity Alliance. With eGovernment
initiatives on the rise, electronic identification has become a real
catalyst for the rapid adoption of online services. Convenience,
privacy protection and security are the three pillars of trust in
modern, efficient electronic government services. The need for
an independent forum able to address common areas of
interest for all public and private stakeholders is clear to build
todays generation of online services.
Mobile ID healthcare
Orange, through its healthcare services subsidiary Almerys, and
Morpho say they have jointly created the worlds first mobile
identity management system for the healthcare sector.
According to the companies, the solution represents a
significant breakthrough for healthcare data mobility, enabling
secure access to patient data anytime, anywhere and on any
7 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Revi ews
This healthcare data mobility solution enables doctors to
securely access patient files via a tablet or mobile device. The
system uses strong SIM authentication to establish a link
between the devices SIM card and the doctors unique
identification number via the identity management platform.
Once the SIM card is registered, an applet is directly loaded
onto the mobile device or tablet that contains the SIM card. The
doctor can then access patient files via a secure web site by
entering his or her phone number. A pop-up message
requesting the doctors unique identification number then
appears to complete the authentication process.
Morpho is providing the solutions identity management
platform, which is based on Morpho Trusted Identity Services.
Orange provides the solutions SIM-based authentication
functionality and is leading the integration of the entire solution.
Orange is also operating the service by monitoring it through
a highly secured platform and network.
Passports and Access control
Zetes has been awarded a 15-year contract to implement
ePassports for the Gambia. It is estimated that 40,000 passports
will be produced each year as part of the subcontracting
contract, in which the primary contractor is Africard. Implement
ation has commenced and the first passports are expected to be
delivered in December 2013.
The Build, Operate and Transfer (BOT) project covers biometric
enrolment and document personalisation. It also includes the
delivery and installation of 10 permanent enrolment posts, to be
placed at various locations including embassy buildings.
Additionally, Zetes will deliver an automated identity control post
(eGate) at the airport border.
As part of the project implementation, Zetes employees are
based in the capital, Banjul, to complete AFIS duplicate removal
services, centralise data, create a passport register and
personalise secure documents.
Giesecke & Devrient (G&D) has been contracted by the
Republic of Iraq to produce and deliver the new Iraqi passports.
These passports will be machine-readable and meet the
requirements laid down by the International Civil Aviation
Organisation (ICAO) for international travel.
The first batch of identification documents will be handed over
to the Republic of Iraqs Ministry of the Interior before the end
of this year. The order also includes the delivery of printers and
printer accessories to personalise the passports.
Security measures incorporated into the printing mean that the
Iraqi passports are highly resistant to forgery. The documents
are printed in an offset and intaglio printing process and come
with security features such as G&Ds Printed and Embossed
Anti-Copy Key (PEAK).
The International Organization for Migration (IOM) has
formally handed over a Central Passport Office complete with
Afghanistans first-ever machine-readable passport and visa-
issuing system to the countrys Ministry of Interior.
Funded by the Australian Department of Immigration and
Citizenship (DIAC), IOMs assistance to the Government of
Afghanistan has included the construction and refurbishment of
the Ministry of Interior premises, the purchase of the passport
and visa-issuing equipment, and the hiring and training of the
Central Passport Office staff across the country.
Some 1,200 machine-readable ordinary passports and 500
machine-readable visas have been printed in this pilot phase,
said General Sayed Naser Hashimi, head of the Passport Office
at the Ministry of Interior. We hope to be able to print 500
passports daily.
The project will bring Afghanistan in line with international
standards in travel document security, making the new Afghan
travel document a reliable source of identity, thus facilitating
international travel for Afghan citizens.
Prior to the full-scale rollout of ordinary passports at the Ministry
of Interior, IOM first established a similar system aimed at
printing diplomatic and service passports exclusively at the
Ministry of Foreign Affairs. The office has been fully operational
since August 2011 and has so far issued 1,500 diplomatic
passports and 25,000 service passports.
Gemalto is set to provide the Royal Oman Police with an end-
to-end ePassport solution for the Sultanate. Applicants will be
issued with secure travel documents in line with Omans goal to
provide enhanced services and protection to its citizens, using
the latest digital security technologies.
The solution encompasses Gemaltos ICAO compliant Sealys
ePassport documents, and a full Coesys solution suite to enrol
citizens, personalise and issue secure documents. The multi-
year contract also covers training, support and maintenance
Major Royal Oman Police offices will be equipped with fixed
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 8
Revi ews
and mobile stations to register ePassport applicants with
personal information and biometric data. According to
Gemalto, each ePassport will feature secure eTravel embedded
software and a contactless microprocessor which will contain
the holders digital fingerprints and photograph. The solution
will facilitate Omani travellers immigration control, and speed
up the passport application and document issuance process.
Gemalto says it is contributing to more than 80 government
programs worldwide, supporting ePassport initiatives in Cte
dIvoire, Denmark, Estonia, France, Korea, Norway, Malta,
Morocco, Portugal, Singapore, Sweden and the US.
Oberthur Technologies has been selected by the Mexican
Ministry of Foreign Relations (Secretaria de Relaciones
Exteriories) to supply a high-tech identity solution for Mexicos
new passport.
The company is supporting the Mexican government in the
implementation of a secure passport for all citizens, through a
complete solution for state-of-the-art personalisation,
combining a high-level secure component and dedicated
technical equipment.
Gemalto is set to supply Belgium with its Sealys ePassport, due
to be introduced in May 2014. Gemalto will provide the
Belgian Federal Public Service for Foreign Affairs with more than
400,000 ePassports every year and Zetes will serve as the
system integrator.
Under a five-year contract, Gemalto will supply the Belgian
ePassport programme with its Sealys range of ePassport
booklets, and its latest ICAO secure embedded software. Zetes
is responsible for the personalisation and delivery of the
ePassports. According to Gemalto the combined expertise of
Gemalto and Zetes was proven in a series of rigorous audits
conducted by the Belgian Federal Public Service for Foreign
Affairs at both Gemalto and Zetes sites.
Thales, in partnership with Orange Business Services, has been
awarded a contract to provide through-life support for the
biometric data acquisition system for French passports.
According to Thales, Frances biometric acquisition system
currently comprises around 4,000 biometric data acquisition
devices, located at local and regional government offices in
metropolitan France and the countrys overseas departments
and collection points. These devices are used to capture digital
fingerprints, take photographs and record the personal details
of applicants for French passports. Through-life support of the
system must take account the dual imperatives of availability
and quality of service.
Thales will also develop a modular, scalable biometric data
acquisition solution for ANTS. The new system will be device-
agnostic to ensure interoperability with any equipment provided
by any supplier, making it possible to deploy the highest-
performance biometric, digitisation and security solutions
available at any given time without needing to redesign or
upgrade the overall data acquisition solution. ANTS and Thales
are also developing a highly intuitive interface for the new
solution to make it quick and easy for users to familiarise
themselves with the local processing application.
Infineon Technologies is supplying the security chips for the
worlds first ePassports incorporating the Supplemental Access
Control (SAC) protocol, which enhances protection against
unauthorised access and possible abuse of personal data.
The passports, issued by the Republic of Kosovo, contain
Infineon security chips of the SLE 78 product family with Integrity
Guard, which Infineon says offers the highest level of data
security over the long term and are ideally suited for sovereign
documents with a long period of validity. Germany-based
Giesecke & Devrient manufactures the ePassport solution for
the Republic of Kosovo.
To fulfil continually increasing security requirements for
contactless access to data stored on the passport, the
International Civil Aviation Organization (ICAO) now
recommends use of the SAC protocol. In contrast to the earlier
generation Basic Access Control (BAC) protocol, SAC is based
on asymmetric encryption. Within the EU, SAC will be
mandatory for ePassports issued from December 2014. As the
first European country to comply with the new requirement,
Kosovo will issue 800,000 ePassports. According to current
estimates from market research firm IHS, roughly 192 million
ePassports are in circulation in Europe. In this region, more than
30 million new ePassports are issued each year.
Germany announced the winners of a major Euro 30 million
tender that will see biometric-based eGates rolled out across
the country on a scale yet to be seen in Europe.
Some 90 eGates will be implemented across Germanys major
airports, including, Frankfurt, Munich, Dusseldorf and
9 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Revi ews
Hamburg. The contract is valid for 10
years and includes an option for 180
more eGates.
The Bundespolizei (Federal Police)
awarded the EasyPASS eGate contract to
Bundesdruckerei and secunet Security
Networks. Adding to the Made in
Germany feel, Cognitec Systems will
provide the face capturing and matching
solution, while Magnetic Autocontrol
Group is the provider of the physical
gate. Bundesdruckerei will provide
document readers (VISOTEC Expert 600
readers) and the document database.
These will be integrated into the secunet
easygate solution, which takes
advantage of secunets biomiddle
middleware and software backbone.
When rolled out the ambitious solution
will be usable by holders of 1st and 2nd
generation EU/EER/CH ePassports, as
well as German eID card holders.
The new eGates are expected to process
travellers in less than 18 seconds,
including a validity check of the holder's
identity document.
Identive Group has expanded the
implementation of its HIRSCH access
control system at San Diego International
Airport to provide integrated physical
access and security for the airports
newly redesigned Terminal 2, known as
the Green Build.
Identives access control system secures
more than 200 key entry points and
restricted areas at the new terminal,
which is used by 10,000 airline and
airport employees and contractors.
Identives access control system for San
Diegos Green Build terminal includes
DIGI*TRAC controllers as well as RUU
and ScrambleSmartProx door readers
that enable a range of authentication
methods including ID cards, smart cards,
PIN codes and biometrics.
Countries ID
As the EU continues with its plans to
introduce more secure driving licences,
French state printer Imprimerie Nationale
is getting set to produce electronic
permits that use Gemalto and Infineon
Gemalto is delivering its Sealys eDriving
licence and Coesys Issuance system,
while Infineon says it is supplying the
security chips. The new polycarbonate
smart card, which replaces the
traditional paper document, contains an
embedded SLE78 microprocessor with
Integrity Guard. The microprocessor
stores the licence holders biometric and
other personal data.
Secure authentication of the eDriving
licence will also help the police to
increase road safety: a major issue in
France, where up to 10% of driving
permits in circulation are believed to be
counterfeit, according to Lusurpation
dIdentit, Guy de Felcourt, CNRS
ditions July 2011.
By 2033, standardised credit card-sized
driving licences will be mandatory across
Europe. They will replace the
approximately 110 different formats and
security levels currently in use, as part of
the European Commissions Digital
Agenda, which aims to introduce
harmonised, eID documents throughout
the EU.
Morpho has been awarded a contract by
the Swedish Transport Agency
(Transportstyrelsen) to produce highly
secure driver licenses and digital
tachograph cards. Sweden began
issuing the new driver licenses in January
Swedens redesigned driver licenses and
digital tachograph cards will integrate
Morphos latest security features to
comply with new European Union
standards and provide enhanced
protection against document fraud.
Morpho has also equipped Sweden with
a criminal identification system, which is
being upgraded with Morphos latest
biometric recognition technology.
Infineon has confirmed that the
electronic identity card (eID) issued by
the South African government will
contain its embedded security chips.
According to the company, the SLE78
microcontroller based on Integrity
Guard technology embedded into a
polycarbonate smart card securely stores
the citizens personal data including a
digital photograph and fingerprints.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 10
Revi ews
Besides preventing identity fraud and
further strengthening citizens confidence
in electronic identification documents,
the South African eID also paves the way
for fast and convenient eGovernment
The roll out of the new eID card to South
African citizens, which was launched on
Mandela Day on 18 July 2013, is
expected to take about eight years.
The eID, which is valid for 10 years,
replaces South Africas traditional,
paper-based green book identity
documentation. Its issuance marks the
second and final stage of South Africas
Home Affairs National Identification
System (HANIS) programme to
modernise government systems and
administration services with numerous
advantages for both citizens and
government administration.
Infineon said citizens can rely on the eID
as a single card for multiple applications:
firstly for secure identification and
registration in the National Population
Register for voting as well as other civic
interactions such as online government
services; secondly it can serve for banking
services, for example by using fingerprint
authentication to confirm identity when
visiting a bank.
Datacard Group announced that the
Government Printing Works in South
Africa will be using the Datacard MX
series card issuance and delivery systems
for its new smart ID card programme.
The new ID cards replace existing green
bar-coded paper ID books. Initially
South Africans will be able to receive a
smart ID card replacement in 27
locations throughout the country. This
will eventually ramp up to more sites in
order to issue 38 million smart ID cards
over several years.
The smart ID cards offer many more
security features than the previous paper
documents, and will feature a dual-
interface chip, as well as fingerprint
biometrics and biographic data
making it difficult for any forgery. South
African citizens will also receive their new
card in five to 10 days, compared to the
47 days it took for the paper documents
to be produced and delivered.
The microchip in the smart ID card will
also enable the card to be used to
access other government services such
as electronic health records.
The Nigerian National Identity Manage
ment Commission (NIMC) and Master
Card have announced the rollout of a
pilot programme involving 13 million
MasterCard-branded National Identity
Smart Cards with electronic payment
capability. The National Identity Smart
Card scheme is part of the recently
deployed National Identity Management
System (NIMS). This programme is the
largest rollout of a formal electronic
payment solution in the country and the
widest-scale financial inclusion initiative
in Africa.
In its first phase, Nigerians aged 16 and
older, and all residents in the country for
more than two years, will receive the new
multipurpose identity card which has 13
applications including MasterCards
prepaid payment technology.
Access Bank is the card issuer bank for
the pilot and Unified Payment Services
(Unified Payments) is the payment
processor. Other issuing banks will
include United Bank for Africa, Union
Bank, Zenith, Skye Bank, Unity Bank,
Stanbic and First Bank.
The new National Identity Smart Card
will incorporate the unique National
Identification Numbers (NINs) of
registered citizens in the country. The
enrolment process involves the recording
of an individuals demographic and
biometric data that are used to
authenticate the cardholder and
eliminate fraud and embezzlement. The
resultant National Identity Database will
provide the platform for several other
NIMC value propositions including
identity authentication and verification.
Other identification schemes, such as
driving licence, voter registration, health
insurance, tax, SIM and National
Pension Commission (PENCOM) can all
be integrated, using the NIN, into the
NIMS multi-function Card Scheme.
When using the card as a prepaid
payment tool, the cardholder can also
deposit funds on the card, receive social
benefits, pay for goods and services at
MasterCard acceptance locations
globally, withdraw cash from all ATMs
that accept MasterCard, and carry out
other financial transactions that are
facilitated by electronic payments.
Once the National ID registration
process is completed, NIMC aims to
introduce more than 100 million cards
to Nigerias 167 million citizens.
Kosovo has chosen Giesecke & Devrient
(G&D) to manufacture and deliver its
11 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Revi ews
multifunctional, electronic and contactless smart ID cards. As
prime contractor, G&D is assuming responsibility for all aspects
of project management as well as for system development and
cards manufacture.
Bundesdruckerei is sub-contractor for the Automated Fingerprint
Inspection System (AFIS) and for the smartcard personalisation
equipment. G&D is also in charge of implementing and
structuring all system components to support the whole ID
documentation process, from applying for a card to delivering
it. The new ID cards, which Kosovo will begin issuing by the end
of this year (2013), are among the most advanced smart ID
cards in use anywhere in the world.
By introducing these modern ID cards, the Kosovar
government is achieving yet another milestone in modernising
its national, official ID documents. Kosovo will be first country
in Europe to comply with the EU requirement that all travel
documents issued from December 2014 feature the new
Supplemental Access Control (SAC) digital protocol, says
Bajram Rexhepi, Kosovar Minister of Internal Affairs.
A host of applications are stored on the cards chip, including
a travel application containing biometric data that conforms to
both ICAO and EU standards, and the well-known eID function
that is also found on Germanys ID cards. When dealing with
public authorities, banks or retailers online, card holders now
have a secure way of providing proof of identity. What is more,
this new form of ID supports the creation of legally binding
electronic signatures.
The multifunctional ID card can still be used as conventional ID
and offers an array of new security features. Personal data and
biometric features such as the ID card holders photo and
fingerprints are stored securely on the chip in digital form.
Identive Group received an order for more than 300,000
SCR3310v2 smart card readers to support a national eID card
programme in the Middle East. Identives smart card readers
will be used by citizens to enable secure access to eGovernment
and eAdministration applications, as well as to digitally sign
Around the world many countries are in the process of
implementing electronic identity card programmes to decrease
identity fraud, manage access to public services online and at
the same time reduce administrative costs. We are pleased that
Identive smart card readers have been selected to support this
customers national eID programme and to help both the
government and its citizens experience the full benefits of eIDs.
In addition to providing secure online authentication, eID
programmes enable delivery of government services in less time
and with more convenience, as online forms can be filed from
home and processed more quickly, said Dr M Mueller, executive
vice president and COO Identification Products for Identive.
Mongolias Ministry of Justice and Home Affairs has selected
Gemaltos Sealys secure multi-service eID cards for its national
ID programme.
According to Gemalto, this new eID programme will secure
Mongolian citizens identities as well as pave the way for new
eGovernment services.
Mongolia has approximately 3 million inhabitants and all
citizens aged over 18 years are set to carry these advanced
smart cards as their national ID document. In addition, the
national eID card will allow for more efficient updating of the
national registry. It will also enhance both the process and
security level of verifying identities. Gemalto worked with Bodi
International, the programmes prime contractor and a leading
IT company in Mongolia on this project.
Gemalto says Mongolia is using its Sealys MultiApp ID. This is
the size of a credit card, and is fitted with a microprocessor and
the Gemalto software that securely manages the citizens
personal data, including the holders digital photograph and
fingerprints, while respecting the holders privacy. The Mongolia
national eID card also features Gemaltos latest innovation in
secure printing: the Sealys Clear Window, a transparent section
created in the pure polycarbonate card body structure for
enhanced protection against forgery.
ImageWare Systems has received an order from the city of
Fredericton, New Brunswick, Canada for a complete identity
management and booking system, which includes mug photo,
signature and fingerprint capture.
ImageWare's LE Web thin client will allow officers and
administrative employees' access to record details and the full
suite of investigative tools from various locations. The City of
Fredericton will also be utilizing ImageWare's EPI Designer for
LE reporting software. This allows users to create unique reports,
agency-defined lineups, wristbands and employee/inmate
badges for an unlimited number of full-colour, dual-sided report
and card designs, complete with barcoding or encoded
magnetic strips. One of the features of the basic identity
management and booking system products is that it will be
provided in both French and English.
The system will be connected to the city's record management
system and will allow for submission of criminal fingerprints to
the Royal Canadian Mounted Police as well as fingerprint
processing for civilian applications.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 12
Revi ews
Under the terms of the agreement, ImageWare will receive
approximately US$125,000 in revenue.
Bell ID has been selected by the King Fahd University for
Petroleum and Minerals (KFUPM), Saudi Arabia, to advance its
smart card identity management system. In addition to a
software upgrade, the solution has been extended to include
time and attendance functionality for staff and contractors.
The company says its Identity Token Manager is a vendor
independent web-based software solution that enables issuers
of chip-based identity cards, such as universities, governments
and enterprises, to effectively and securely deploy and manage
single and multi-application identity schemes. In addition to
managing credentials on cards, the solution offers the possibility
to load and manage these on mobile devices containing a near
field communication (NFC) chip.
The KFUPM existing solution provided by Bell ID provisions and
manages student identification smart cards. It has been
upgraded to support the universitys strategy to extend the
integration and usage of multi-application smart cards
throughout the campus. This includes the capability to
electronically monitor staff and contractor attendance on
campus, which will improve workforce management processes,
as well as achieve more accurate and streamlined invoice and
accounting procedures.
Dr Sami A Khaiyat, general supervisor, Services at KFUPM,
comments: The Bell ID solution provides us with the latest
innovative identity management software to increase the physical
security of the campus and its data network. We are also looking
at future requirements and are keen to establish an infrastructure
now that will be scalable to future advancements. For example,
the use of the identity card as a university payment card within
campus restaurants or to pay outstanding library fines.
US ID solutions and schemes
Datacard Group and AAMSCO Identification Products have
partnered to offer the Arkansas Secretary of States Office
services, support, software and hardware solutions for a new
voter ID programme that will be rolling out in 2014.
The new voter ID card scheme will require citizens to show
photo identification to vote at the polls which will be
mandated via a new state law that was recently passed. After
consulting with AAMSCO to determine specific needs for the
scheme, voter ID card requirements and design preferences,
the state purchased 98 Datacard SP25 Plus card printers as well
as Datacard ID Works identification software, and cameras for
photo capture. AAMSCO will also be providing local services
and support to the state.
Each county clerk office will personalise their own voter ID cards
for citizens living within the designated county. Individuals will
have their cardholder information and photo captured by the
county offices, and then the voter ID cards will be personalised
immediately on the Datacard SP25 printers.
Identive Group has been selected by a US federal agency within
the Department of Homeland Security to implement its Hirsch-
branded access control and security management systems at
the agencys more than 200 locations nationwide. Identives
systems will secure entry and exit points at the agencys facilities
and provide secure work environments for agency employees.
The DHS agency selected Identive based on the companys
reputation as a provider of security solutions to the US
government and the fact that Identives access control systems
support simultaneous use of the wide variety of federally-issued
access credentials currently in use. This includes Personal
Identity Verification (PIV) cards used by federal employees,
Common Access Cards (CAC) used by military personnel, as
well as other, agency-specific credentials. Support for the array
of federal ID credentials allows the agency to become
compliant with federal standards and mandates governing
secure authentication and access, such as FIPS-201 and OMB
M 11-11. In addition, the Identive solution is designed to allow
updates and integration to additional agency and federal
systems and databases as future standards and requirements
Accenture Federal Services has received a five-year contract
from the US Transportation Security Administration (TSA) to
create identity management and credentialing system processes
to verify and manage millions of identities for those working at
sensitive, secure areas throughout the US transportation system.
The contract has a ceiling of US$250 million.
Accenture will work with the TSA to build a system to consolidate
credentialing platforms to include case management and
customer relations management.
Multiple programmes exist to issue credentials and manage
identities today for transportation workers, including workers at
airports, drivers licenses to transport hazardous materials and
separate identifications for maritime workers. According to
Accenture, this new process will consolidate these programmes
into one system over time, improve credentialing for new and
existing transportation sector workers, increase consistency of
13 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Revi ews
information across multiple programmes
and provide improved customer service
to applicants.
The first programme to be transitioned
will be the Transportation Worker
Identification Credential (TWIC). TWIC is
used to secure the US maritime
transportation system by providing
biographic and biometric identification
credentials, such as fingerprints, for
personnel requiring unescorted access to
secure areas of regulated facilities and
The National Institute of Standards and
Technology (NIST) has issued a new
publication that broadens agency
security options for Personal Identity
Verification (PIV) cards. Biometric Data
Specifications for Personal Identity
Verification adds iris images as biometric
identifiers and on-card fingerprint
comparison as options for the cards.
A PIV card is a government-issued smart
card used by federal employees and
contractors to access government
facilities and computer networks. The PIV
card carries a photo, fingerprint
information, personal identification
number (PIN) and a cryptographic
credentialrandom computer-generated
data that are recognized only by the
PIV card.
To assist agencies seeking stronger
security and greater operational
flexibility, NIST made several modific
ations to the previous version of
Biometric Data Specification for Personal
Identity Verification. Major additions
On-card comparison of fingerprints for
improved privacy. The specifications
describe how to place one or two
compact fingerprint templates and a
recognition algorithm on the card. When
the user wants to sign a document
digitally or open a secure file, for
example, she can place her finger on a
reader attached to the keyboard to verify
her identity. Currently, employees have to
type in a PIN for matching, which is
subject to error and misuse.
Iris recognition capability for increased
security. Standardized compact images
of one or both irises (the images are no
more than 3 kilobytes each) can be
loaded on the PIV card for compact on-
card storage and fast reading times. The
document provides performance specific
ations for iris biometrics to assure high
accuracy and provides specifications for
iris cameras to guide implementers on
camera selection. These standards-
based elements support interoperability
within and across agencies using iris
recognition technology.
Agencies may choose to add iris images
as an alternate biometric over finger
prints, because, for some users, finger
print collection can be difficult. At times,
the fingerprints are too dry to yield a
good image, and lotions, wounds or
illness also can make for poor images.
Agencies now have the option of using
two biometric sources to avoid such
Giesecke & Devrient (G&D) has received
a contract award to provide the U.S.
Department of Defenses (DoD) Defense
Manpower Data Center (DMDC) with
FIPS 201 PIV certified identification and
physical/logical access cards. FIPS 201
is a U.S. Federal Government standard
that specifies Personal Identity
Verification (PIV) requirements for
Federal employees and contractors.
For many years, the DMDC has been
providing smart card technology as a
DoD-wide Common Access Card/
Personal Identity Verification (CAC/PIV).
The CAC is the standard ID card for
active duty members of the Uniformed
Services, Selected Reserve, DoD civilian
employees, and eligible contractor
personnel. It is the DoDs Homeland
Security Presidential Directive 12
authorized personal identity verification
cards. The CAC/PIV is also the principal
card used to enable physical access to
buildings and controlled spaces and for
logical access to the DoDs computer
networks and systems.
Axel Deininger, Group Senior Vice
President at G&D, said, G&D StarSign
FIPS 201 cards are very robust. They are
designed to withstand the field conditions
that have led to high card failure rates
often seen in the PIV market today."
The US Department of Homeland
Security (DHS) certified in early 2013
that 19 states were compliant with the
REAL ID Acts rules. Alabama, Florida,
Kansas, Nebraska, Utah, and Vermont
were the latest states to join Colorado,
Connecticut, Delaware, Georgia,
Indiana, Iowa, Maryland, Ohio, South
Dakota, Tennessee, West Virginia,
Wisconsin, and Wyoming as meeting the
Acts requirements. REAL ID compliant
drivers licenses and identification cards
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 14
Revi ews
are part of a multi-layered national security strategy that aids
law enforcement to distinguish reliable state credentials from
states with lax identity authentication.
The REAL ID Act, passed by Congress in 2005, enacts the 9/11
Commissions recommendation that the Federal Government
set standards for the issuance of sources of identification, such
as drivers licenses. The Act prohibits the Federal Government
from accepting drivers licenses and ID cards that do not meet
a minimum security standard. The minimum standard includes
processes to protect the card against counterfeiting and requires
reliable documentation from an applicant to prove they are who
they claim to be.
PARTICIPATE IN NSTIC's Troop ID solution, a digital authentication engine for
verifying military and veteran affiliation online, was selected for
a US$1.2 million grant as part of the Presidents National
Strategy for Trusted Identities in Cyberspace (NSTIC), with
another US$1.6 million anticipated in the second year of the
Troop ID, a part of the identity network, currently powers
military discount programs for retailers. The grant funding will
be used for product development in order to empower military
families to access sensitive information online from government
agencies, financial institutions and health care organizations in
a more privacy-enhancing, secure and efficient manner.
Managed by the National Institute of Standards and Technology
(NIST), NSTIC is a White House initiative that works collabora
tively with the private sector, advocacy groups, public sector
agencies and other organizations to improve the privacy,
security and convenience of sensitive online transactions. The
NSTIC program envisions a set of interoperable technology
standards, policies, and identity solutions an "Identity
Ecosystem" where individuals and organizations can be
authoritatively authenticated to increase the level of trust online
Troop ID enables Americas service members, veterans, and
their family members to verify their military affiliation online
across a network of organizations that provides discounts and
benefits in recognition of their service. More than 200,000
veterans and service members use Troop ID to access benefits
HP Enterprise Services has been selected by SecureKey
Technologies as a subcontractor to provide enterprise cloud
services to host the United States Postal Service's (USPS) new
authentication infrastructure.
The US government's Federal Cloud Credential Exchange
(FCCX), which enables online access to multiple federal
agencies, will offer individuals and organizations secure access
to federal websites and online services through existing,
approved digital identification credentials.
Under the contract, HP will deliver HP Enterprise Cloud Services
- Virtual Private Cloud for US Public Sector, a Federal Risk and
Authorization Management Program (FedRAMP) authorized
service, to host SecureKey's Exchange application
for the implementation of FCCX. Part of the HP Converged
Cloud portfolio, HP Enterprise Cloud Services deliver the
benefits of a cloud-based approach without sacrificing the
security required for mission-critical workloads.
The National Strategy for Trusted Identities in Cyberspace
(NSTIC) and the Federal Identity, Credential and Access
Management (FICAM) initiative call on all agencies to establish
FCCX in an effort to broaden government acceptance of
approved third-party credentials of varying strengths and types.
.... For more news items on ID Credentials please visit
ruhlamat covers the complete range of passport manufacturing and personalisation. Proven solutions for booklet and eCover manufacturing (PA 2000).
Pre-personalisation (LP 2000) including the patented security features PERFLEX (perforation with different character sizes using holes in different geometric
shapes like squares and triangles). Personalisation ( LP2100, either laser or color injekt based the fastest equipment available). Test equipment (Bending,
Torsion, Impact).
ruhlamats Pearl ID convinces with features like high speed laser engraving, very fast high definition drop on demand industrial colour printing (HD
DOD) as well as a compact multiple chip personalisation tower (contact, contactless, hybrid or dual SIM with variable amount of loading stations).
LP 2100
(e-)passport personalisation
Pearl ID
card personalisation
HD DOD industrial
Laser engraving
grey scale, DMS
Optical inspection,
Encoding tower,
Laser engraving
grey scale, MLI/CLI,
Clear laser
HD DOD industrial
Encoding tower-
contact, contactless,
dual interface,
dual SIM
Magnetic stripe
Optical inspection,
ruhlamat your reliable partner
for high speed personalisation
of (e-)passports and ID cards
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 16
Di srupt i ve ID
What is innovation?
Look up innovation in a dictionary and you will find a variety
of definitions. They will have several things in common: the
implication of novelty based on the use of existing resources,
financial viability and evidence of meeting specified needs.
Innovation also involves risk-taking and the creation of new
markets. Imitation, on the other hand, requires less risk because
it involves the use of existing products and developing them in
the hope of achieving better results. Some highly successful
imitation will, of course, turn out to be innovative. Any
innovation is likely to lead to change within the adopting
organisation and, therefore, require appropriately novel
management skills.
Disruptive innovation is the introduction of new technologies,
products or services in an effort to promote change and gain
advantage over the competition. Here, disruption does not
imply disorder or chaos but, ratherreplacement'. It can be
contrasted with continuous development while raising quality
and efficiency. The emphasis is on the achievement of small,
incremental changes in the way things are done.
When innovation becomes disruptive
The term disruptive technology was initially coined by Clayton
Christensen of the Harvard Business School. He used it to
describe an invention or new development that unexpectedly
displaces an established form of technology. Christensen
divided new technology into two categories: sustaining (i.e.
reliant on incremental improvements to established techniques)
and disruptive which may have teething troubles and,
because it is new, initially appeals only to a limited market. In
addition, it may not yet have immediately obvious practical
applications (an oft-quoted example is Alexander Graham Bell's
"electrical speech machine" - now called the telephone - for
which hardly anyone could see serious potential uses!).
Stealing our miracles?
Disruptive innovation and personal identity
By Ralph Adam, Freelance Editor, Communications & IT
17 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Di srupt i ve ID
We can all recall innovative products that have gone on sale
without having identifiable markets. Christensen emphasised
that one of the most consistent patterns in business is the failure
of leading companies to stay at the top of their industries when
technologies or markets change. Big companies are frequently
structured in such a way that they work best with sustaining
technologies: such firmsstrong points are knowing the market,
staying close to customers (who may not see the benefits of new
products) and having mechanisms in place to further develop
existing technology. Conversely, they may encounter problems
capitalising on the potential efficiencies, cost-savings, or new
marketing opportunities created by low-margin disruptive
technologies. It is really important that companies develop
strategies to create frameworks and supporting processes
permitting them to understand how disruptive technology or
innovation emerges. Such knowledge (really an aspect of
information management) can then be used to control the
impact and harness disruption positively by managing it and
creating positive management responses.
It is not unusual for a large organisation to dismiss the value of
a disruptive technology because it does not reinforce current
goals, only to look foolish as the technology matures, gains a
larger audience and market share while threatening to radically
change how things are done. Christensen quotes as his
examples some of the many big companies to have pooh-
poohed disruptive inventions including Xeroxs rejection of
table-top copiers, IBMs refusal to produce microcomputers and
Goodyear and Firestones lack of interest in radial tyres. These
major players did not, at the time, see how important such
innovations would be for the market; by the time they did, it was
already too late and (an often smaller) competitor had taken
the initiative, profiting from their lack of foresight.
Disappearing favourites
Disruptive innovation can be risky. Not only does it require
people to embrace radically different approaches to product
development or marketing, but it may also appear out-of-step
with the normal or accepted ways of doing things. At first,
the creators of new products may appear quirky or as oddballs.
On the other hand, successful disruptive innovations create new
market opportunities where none existed before. Recent
everyday examples include mobile phones, CDs (which almost
eliminated vinyl records) and digital cameras. In thepersonal
identity sphere there have been many such innovations. Some
obvious ones are smart cards, e-wallets, downloadable applic
ations (apps) and near-field communication.
Here is an interesting test: glance at a few trade magazines and
conference proceedings from just a few years ago to see how
rapidly what, at the time, were seen to be disruptive innovations
have disappeared from sight! A product that is flavour of the
show at one years professional security event, may have
completely disappeared by the next. As an example, who now
is still using WAP (Wireless Application Protocol), the widely-
hyped secure specification allowing users to access information
instantly via handheld wireless devices such as mobile phones,
pagers, two-way radios, smart phones and other communic
ations media? The technology fell far short of users (very high)
expectations in terms of speed, practicality, appearance and
interoperability once the special handsets became available.
Take-up was minimal.
What has all this to do with the identification market? The
identity world has come a long way in recent years. Changes in
biometric technology, border-control credentials and tokens,
identity cards, social security and healthcare documents have all
had a dramatic impact on how the industry operates as well as
on our everyday lives and in the way issues are debated in the
media. Is it possible that further innovation can lead to yet more
big developments in security technologies? We are in a
constantly changing world. Fresh ideas will, undoubtedly,
emerge in the near future; how best they can be applied will be
influenced by several things. The likely increase in public
awareness of, and concern with, privacy issues will have an
important influence on future developments while new forms of
information technology and further internet developments are
sure to appear as disruptive technologies in the world of
personal identity.
Where next?
The indications are that the next growth areas will come from
that most-popular of devices the mobile phone. We have no
idea, as yet, of the role that the 'cloud' will play; there will,
doubtless, be many future needs for cloud-based mobile
applications. 2D bar codes represent another relatively cheap
form of technology that has great potential as has its cousin,
the QR code. The two can surely be combined with both
personal data and less-visible features leading to new forms of
encryption. We can go further: mini-videos and voice samples
are well suited to incorporation into bar codes as sample
signatures already are.
Other research is also becoming important. New forms of
biometrics are very likely to appear as will innovations
developing out of the current range of biometric features. The
massive governmental investment from many parts of the world
in nanotechnology and neuroscience will, undoubtedly, also be
important. The increasing concern over privacy and identity is
another source of new ideas and, as technology becomes more
sophisticated, so will new forms of fraud and deception create
further needs for the industry. It is also very likely that we have
not, yet, imagined all the aspects of life for which personal
identification will become necessary with the result that, as new
needs appear, so will further developments in personal identity
credentials be required.
Mention of credentials implies highly sophisticated technology
to combat fraud. However, in the current (and, for the near
future) economic situation, expensive solutions may not be the
answer. Cheaper, tamper-resistant tools (using new types of
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 18
Di srupt i ve ID
security thread and digital watermarks, for example) are more
likely to be the route to combatting document fraud (combined,
for example, with aspects of personal data to create innovative
forms of security format) while future mobile technology may
mean that there will no longer be a need for the escalation in
sophisticated electronic authentication and identity verification
tools to which we are becoming used.
None of this takes into account what might, a few years ago,
have been considered near-science fiction, but which is now
becoming reality. For example, we have already seen the odd
brave innovator experiment with chips implanted in his (and, so
far, it has always been ahe!) own body in the hope of
demonstrating where the future of credentials lies. While such
developments, if they became standard, would be certain to
have a major impact we have not, so far, been able to evaluate
the extent to which the general public might accept them.
Even if nothing comes of such ideas, it is important to remember
that, while we may not yet have body implants, those who, for
instance, store passwords on their mobiles can easily be
monitored by any of the three companies with access to them.
That shows just how low is the value of passwords and how high
the need for other features to replace them. As mobile
technology (and tablets or whatever replaces them) become
increasingly important they will be carried by everyone and
arguments on the role of data security (from both sides of the
divide producers and users) can only increase in number.
Perhaps we can get a clue as to the future from the everyday
world where facial recognition, the coming fashion, is intriguing
the media. If such technology becomes commonplace, it too,
will be considered disruptive and change how we behave.
Here are a few examples:
Wheres your Eye-D?
Iris detection devices are used worldwide by border control
services (iris recognition is not new - itwas first conceived as a
means of identification in 1936 by an ophthalmologist, Frank
Burch,and has been widely used by James Bond). They have
been tried at many locations including, for example,
Manchester (Ringway) and Birmingham (Elmdon) airports.
Facial recognition technology has also become a feature of
both security and more general applications. For instance, it
has been introduced to some of San Franciscos bars to give an
idea of the sort of people frequenting them while an app with
similar features monitors drinkers in Chicago. This type of
technology is also used in cinemas to observe audiences.
Steven Spielbergs film Minortiy report features a pre-crime
police force (which can detect murders before they have
happened) using surprisingly realistic facial recognition software
verified by biometric authentication devices. It is a world in
which eye-scanners and tracking are commonplace (not just for
surveillance - the police can stop your car remotely, and arrest
you for merely thinking of committing a crime), but for tracking
attitudes to advertising, too.
The film highlights a key issue with this type of software: an
unpleasant person may be able to get round Eye-D checks
by removing an offending eye (or amputating a head) to
by-pass the device! This raises the question of whether or not
any such devices would be able to tell if the eye (or any other
part of the anatomy) is actually attached to a living body. This
is a problem that has rarely been discussed in the biometric
literature but, nevertheless, reveals serious problems for high-
security environments.
Up in the clouds
A New York company has created digital bill-boards that use
cameras for monitoring passers-by and their attention to
advertisements: the software can also select ads that are
appropriate for the age, gender and attention level of individual
pedestrians. Similarly, Facebook uses facial recognition software
to identify users friends when they upload photos and suggest
names for captions.
The cloud may well become another form of disruptive
technology. Its possibilities seem infinite - a Finnish company,
for example, is developing a payment system that makes the
transaction almost instantaneous: customers scan their
purchases while point-of-sale cameras photograph the items,
simultaneously accessing the customers cloud-based wallet.
The press of a button finalises the transaction.
Danny Witwer, Colin Farrells characterin Minority report, says:
Science has stolen most of our miracles. An excellent motto
for the ID-world.
Technological developments are merging science fiction with
reality. Both manufacturers and users will require sophisticated
knowledge and information skills. Not only are we discovering
new ways of doing old things, but fraud and counterfeit
detection will be enhanced through the appearance of new
personalisation techniques. The way credentials are used will
change: we shall be used to seeing self-authenticating biometric
devices with their details stored, for example, in 2D bar codes
containing document serial numbers linked to remote
databases which can be accessed from smart phones. There is
no doubt that science will provide the electronic identity world
with yet more exciting inventions. But how many will disrupt our
technology. Watch this space!
For more information please email:
19 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Securi t y
n the physical world, bartenders, bankers or airport security
personnel who rely on a drivers license or passport trust that
the issuing authority behind that license or passport has
exercised some diligence in authenticating the person to whom
that credential was issued. There are no drivers licenses or
passports in cyberspace. Efforts aimed at producing that type
of federated identity credential for online use are still in their
infancy. There is no cyber department of motor vehicles today
to issue an identity credential. Therefore, care must be taken
when digital security credentials are issued to ensure they
have been issued to the legitimate user of the associated
digital identity. It matters very little if the credentials are a
username and password combination, a security token, a smart
card or any of the above in any combination. You are often
both the issuing authority and the relying party. It has become
a business imperative to know with certainty to whom you are
issuing access credentials for your physical and digital
properties. The strong authentication of a user to whom a
credential will be issued is a critical success factor for most
global businesses today.
Authentication for the future
Once upon a time, authentication and credential issuance was
an easy task. You would have an employee escorted to the
personnel office. The employee would sign for their building
access card and network login credential, and, while they were
at it, they would sign the company security and network access
policy documents as well. Global commerce and global
employment have dramatically changed those processes. In
the modern from anywhere at any time business environment,
the in-person proofing and issuance or replacement of access
credentials used by customers, partners or employees is just not
possible in many instances at least not in a timely fashion.
Still, the need for certainty of who is accessing your wired
properties has never been more important. The resulting
challenge is how to get your authorised users connected and do
it quickly while still thoroughly authenticating them.
Some of the time-honoured practices for rapidly activating
digital security credentials remotely do not scale well on a
global basis. The use of separate postal mailers, one for a
credential and one for a PIN, lacks the speed required in an
always on eBusiness environment. Overnight courier requiring
a signature is faster but expensive. An activation PIN delivered
via email is fast but susceptible to interception as it is delivered
in band and often in the clear. Delivering a credential and
an activation code via email to the same device on which it will
be used might also be a security policy violation as the safety of
delivery via a separate communication channel has been lost.
Timely and effective
Those who issue credentials to remote users and need a timely
but effective way to authenticate the end user receiving a
credential should consider workflows that incorporate
telephone-based, out-of-band and telephone-based, two-factor
authentication schemas. The term out-of-band refers to the use
of two separate communication channels to communicate and
interact with a remote user. The term two-factor refers to the
form factors used to authenticate an end user. Form factors are
typically something you know (a password, perhaps), something
over which you have possession and control (a telephone, a
smart card, an RFID card) or something you are a biometric.
Use of the telephone with its voice communication channel is a
solid choice for a something an end user controls. The use of
a telephone as an authentication tool dates back to the early
days of the Internet when dial up connections were common.
An end user would dial into a remote server via modem and
provide a username and password. The server would
disconnect and redial the telephone number corresponding to
that username retrieved from a directory. This kept
unauthorised users from connecting to the service, even if they
had compromised someones username and password. The
server would dial back to the legitimate account holders phone
shutting the imposter out. Confirming the connection between
the user and their telephone is a second authentication step, or
second authentication factor, via an out-of-band channel. This
is sometimes called 2FA or two-step verification. This is a very
useful process for activating a secure credential such as a smart
card or token for a remote user.
The use of telephony in modern two-factor authentication
workflows has come a long way since those early days. The use
of speech recognition and voice biometrics via the telephone
voice channel offers ways to reliably link specific users to specific
A digital credential is only as strong as the workflow employed to issue
it to the legitimate end user. Strong initial authentication is the key.
Relying on smart cards or other digital credentials means relying on the process used to issue and activate them.
If the end user is remote, strong authentication during the activation process must be achieved, but doing so in a
timely fashion takes careful consideration. John Zurawski, vice president, Authentify, reports.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 20
Securi t y
telephones. In addition, telephone-based, two-factor, out-of-
band authentication can also be achieved via secure messaging
apps on smart devices employing their data channels. One-
time passwords (OTPs) delivered via the SMS channel are also
considered a form of out-of-band delivery mechanism, but SMS
OTPs have the challenge of being primarily a push-style
message. The store and forward structure of the SMS network
can significantly delay the delivery of a message, although,
there may be use cases when time is not an issue. That said,
the voice channel offers interactivity and is bi-directional in real
time. Among the advantages this offers, voice can be used to
explicitly collect the end users consent to terms and conditions
attached to the use of a credential.
By way of example, a Global 1000 manufacturer of information
technology, medical instruments and other high tech lines of
business requires the use of smart cards and soft tokens for
accessing their global VAR and dealer network portal. The
information within this portal is sensitive and includes data on
orders placed by various partners, distributors as well as some
of the companys own sales representatives. Information can
include pricing and delivery schedules. This could sound
familiar to your own environment.
Obviously, access to this portal and the information it contains
is tightly controlled. Legacy security policies require hand
delivery by the sales or marketing sponsor and a signature for
the new credential. It seems a little time consuming when your
global sponsor might be in London, but the VARs operations
are in Hong Kong. Plus, making a VAR wait for the next time
their sponsor visits them in person takes some of the lustre off
the new relationship. The goal is to put the channel partner to
work as quickly as possible.
Credential provisional portal
In this instance, the manufacturer developed a credential
provisioning portal that relied on voice telephony as part of the
authentication process. A VARs sponsor within the
manufacturing organisation would access the provisioning
portal and create a user profile for the VAR they wished to
enroll. The profile included a telephone number at which the
sponsor trusted the authorised representative at the VAR could
reliably be contacted. In a sense, this was an in-person vetting
of the telephone number.
Once the sponsors provisioning portion of the enrolment was
completed, an email would be sent to the VARs authorised
representative.Opening the email, the authorised representative
was instructed to click on a link for further instructions. Clicking
on the link resulted in a telephone call being placed to the VAR
representatives phone as provisioned by their sponsor. The
phone call delivered a temporary passcode to access the portal
and download a soft token but the soft token was not fully
Once the token was downloaded, the VAR representative was
directed to an activation step. During the activation step, a
second phone call would deliver an activation code and PIN
for the token after the VARs representative was instructed to
speak a phrase agreeing to the terms of use for the credential
and portal. This workflow provided strong two-factor security
for the token delivery and the token activation and automatically
collected an electronic signature, via voice and speech
recognition, of the VARs agreement to terms of use. The time
stamp and log files from the telephone network also become a
part of the audit trail. The activation process for a VAR 10,000
miles away that used to take weeks could now be completed in
less than three minutes.
21 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Securi t y
Audit trail
A few words about the audit trail mentioned above may be in
order. The legal precedent for the use of telephone records as
proof of contact and exchange between parties dates back to
the 1930s. For those with stringent compliance requirements
and a possible need to demonstrate that a particular individual
received a specific credential and that agreed to specific terms,
there is no equal.
A first time encounter with a remote user who is not an
employee but will be registering to use an online account
always carries the highest risk. In addition, direct knowledge or
trust in the end users telephone number is absent in this new
relationship, but this does not preclude the use of the telephone
as a second authentication factor. It can still be used as a
second factor for account access or as part of a credential
activation schema. There are a number of mechanisms for
gleaning some level of trust relative to a phone number. Today,
a number of public facing online portals and eCommerce
properties use out-of-band telephony to place outbound calls to
users registering for new accounts.
Typically, a second layer of services that offer reverse look-up for
telephone billing information, location services for mobile
phones and trust scoring services are employed to help
determine if the telephone can be trusted as part of the account
activation. There are variations by vendor, but these trust
scoring services can be based on the appearance of that
telephone number across their network of services or other
behavioural monitoring associated with the device. For
instance, has the phone been used for authentication purposes
over time within the existing customer base? Potentially, the
characteristics of the phone itself are used. These might include
whether it is a mobile device or a landline, if it is provisioned by
a reputable carrier, if it is a verifiable billing contract available
and so forth.
Smart devices and BYOD
Some readers may be thinking that the explosion of smart
devices and BYOD mobility has eroded the trust of two-factor
authentication or multi-factor authentication schemas that
employ telephones. The telephone and computer have become
one. That may be true, but not all smart devices are telephones.
Many tablets do not have telephony voice channels. There are
still hundreds of millions of laptops in use, and I daresay that
workstations have not totally gone the way of the dinosaur.
Purely vanilla feature mobile phones have not gone away, and,
in some countries, still represent the majority of mobile devices.
Employing telephone-based two-factor authentication as a part
of a security credential activation process can ensure that no
user is left behind or made to wait in the credentialing process,
no matter what their technology ecosystem contains. It does
require flexibility, and the careful consideration cited earlier in
this article.
In additional workflow examples, consider an end user for
whom smart card access is required for access to a high limit
financial securities trading account. Suppose they have the
ability to initiate trades from their mobile device. That user can
still be asked to accept a phone call at an office number known
to be theirs. An end user in need of a credential for their laptop
can take a call on their feature mobile phone as part of the
authentication process.
There is considerable value in employing telephony in credential
issuance authentication schemes. Devices can be mixed and
matched, voices recorded, biometrics employed, PINs delivered
via secure encrypted channels and more. There is a
combination of workflows that can meet the most stringent
security requirements. The biggest authentication advantage -
no user need be left behind.
For more information please Tel: +1 773 243 0328 or email:
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 22
Securi t y
he identity credential is evolving along two paths. First,
ID cards continue to become more secure and useful, and
second, identity is no longer confined exclusively to a
plastic card, but can also be carried on Near Field
Communications (NFC)-enabled smartphones. Planning for
the future is critical as physical credentials evolve, digital
credentials emerge, physical and IT security credentials
converge, and new printing technologies simplify how cards are
produced and distributed while making them more secure.
The traditional physical credential has transitioned from
magstripe to prox cards and on to smart cards that, over time,
will coexist with digital credentials on NFC smartphones. Smart
cards are also incorporating more layers of visual and digital
security. Additionally, smart cards are combining physical access
control for facility security and logical access control for IT
security, so they can be used to enter buildings, log onto the
networks, and gain access to applications and other systems.
Smart cards are also migrating into new market segments, with
one of the most visible examples being solutions that implement
the Europay Mastercard Visa (EMV) global credit and debit
payment standard based on chip card technology.
Organizations must be aware of these and other developments
as they implement more secure and useful smart cards or
mobile devices, or both, within their physical access control
system (PACS). The broadest opportunity is to empower
customers with a single solution for securing everything from
the cloud to data to doors, so they can trust one source for
authenticating a range of applications.
Empowering Users Today and Tomorrow
Increasingly, users want a more streamlined experience that
doesnt slow them down in a new era of on-line and cloud-
hosted data, apps and services. This environment requires a
secure identity management approach that mitigates escalating
and evolving risks, both internally and externally. Organizations
must meet todays needs while also preparing for the future.
The first step is to base the access control system on an open
architecture so it can support new capabilities over time. For
optimum security, the system should use contactless high
frequency smart card technology that features mutual
authentication and cryptographic protection mechanisms with
secret keys. With a highly secure smart card foundation in
place, organizations are also well positioned to improve risk
manage ment and comply with new legislation or regulatory
Cards should also employ a secure messaging protocol that is
delivered on a trust-based communication platform within a
secure ecosystem of interoperable products. Also essential to
interoperability is a generic, universal card edge, also known
as the card command interface. This ensures that solutions will
work with a broad ecosystem of products within a trusted
boundary. With these capabilities, organizations can ensure the
highest level of security, convenience, and flexibility, along with
the adaptability to meet future requirements.
One future requirement might be the ability to combine
multipleapplications onto a single card. In addition to
centralizing management, this eliminates the need for
employees to carry separate cards for applications including
opening doors, accessing computers, using time-and-
attendance and secure-print-management systems, and making
cashless vending purchases. Other applications that can be
added include biometrics, which requires the cards to have
expanded digital storage capacity for the templates. Ideally,
cards should also include visual and other elements that
improve overall security.
It also is becoming more important to implement multi-layered
security in applications ranging from building access to data
protection both in the cloud and on devices. Among the most
important best practices is authentication beyond simple
passwords, to ensure that individuals are who they say they are.
Enterprises have typically focused on securing the network
perimeter, and relied on static passwords to authenticate users
inside the firewall. This is insufficient given todays multifarious
Advanced Persistent Threats (APTs), ad hoc hacking, and internal
risks associated with Bring Your Own Device (BYOD) adoption.
Static passwords must be extended with other authentication
factors; however, while this is a primary strategic security pillar,
users increasingly resist the idea of carrying around a separate,
dedicated security token. Todays contactless OTP login
solutions remedy this problem by giving users a single card with
which they can easily tap in and tap out for computer login
and logout with strong authentication.
Other components of a multi-layered security strategy include
device authentication (including personal devices, to an
application on a corporate network or in the cloud), browser
protection, transaction authentication/pattern-based intelli
gence, and application security. This requires the use of an
integrated multi-layered authentication and real-time threat
detection platform. Fraud detection technology has been used
in online banking and eCommerce for some time. Now, this
technology is expected to cross over into the corporate sector as
By Anthony Ball, Senior Vice President,
Identity and Access Management (IAM), HID Global
The Nagra ID e-Service Display Card is the last
generation of Secure Identity Documents that
provides Governments, citizens, corporations
and e-Consumers with a higher visible security,
greater user-friendliness and the best privacy
Citizen e-IDs
eSer.|oe l0 Card
|a||oa| l0
E|eo|ro|o Passpor|s
|ea||h Card
0r|.|g ||oese
Res|de| Perm||
Weapo Reg|s|ra||o...
e-Online Card
|o,a||, .
Key Card
E|eo|ro|o S|ga|ure
S|ga|ure Trasao||o
S|rog /u|he||oa||o.
Identity & Access
|og|oa| aooess
Ph,s|oa| aooess
v|r|ua| Pr|.a|e |e|wor| lvP|
Any Device"
Ensuring Security,
& Convenience.
We reinvented the SmartCard
This is the most
remarkable Smart-
Card platform that
we have ever come
up with.

We supply secure Display Cards,
Smartcards, Inlays, Prelaminates,
polycarbonate data pages and
e-Covers for e-Passports and


e "Anywher

& Convenience.
Ensuring Security
Any Device"

& Convenience.
e "Anywher

& Convenience.
up with.
we have ever come
d platform Card
emarkable Smart r
This is the most

& Convenience.
we have ever come
d platform that
- emarkable Smart
This is the most

d Authentication Number : Car CAN
d Authenticate Connection Establishment : Passwor ACE PPA *

d Authenticate Connection Establishment

Identity & Access
a r | s | g e R o p a e W
| | m r e P | e d | s e R
e s e o | | g | . | r 0
d r a C h | | a e |
o p s s a P o | o r | o e | E
0 l | a o | | a |
d r a C 0 l e o | . r e S e
Citizen e-IDs

Identity & Access
. . . o | |
s | r o
Citizen e-IDs

otection. pr
-friendliness and the best privacy eater user gr
and e-Consumers with a higher visible security
nments, citizens, corporations ovides Gover pr
e Identity Documents that generation of Secur
The Nagra ID e-Service Display Car
e Key : Dynamic Signatur DSK
d Authentication Number : Car CAN

-friendliness and the best privacy
, a higher visible security y,
nments, citizens, corporations
e Identity Documents that
d is the last The Nagra ID e-Service Display Car

e | e | a . | r P | a u | r | v
s s e o o a | a o | s , h P
s s e o o a | a o | g o |
a o | | e h | u / g o r | S
o a s a r TTr e r u | a g | S
u | a g | S o | o r | o e | E
d Key Car
d e-Online Car

| P v l | r o w | e
. o | | a
o | | o
e r u
2301 La Chaux-de-Fonds
Crt-du-Locle 10
a Kudelski group company
Nagra ID
e-Covers for e-Passports and
polycarbonate data pages and
e supply secur W

2301 La Chaux-de-Fonds
Crt-du-Locle 10
a Kudelski group company
Nagra ID
e-Covers for e-Passports and
polycarbonate data pages and
elaminates, Inlays, Pr ds, Smartcar
ds, e Display Car e supply secur

ecision, quality methodologies and Swiss high pr
patents and engineering pr
e contactless technologies, multiple 20 years in secur
oduct development, including onic pr o-electr micr
esults of 35 years of experience in e the r families ar
s advanced technologies and pr NagraID
nancial and e-Consumers ID
technologies for citizens ID
solutions, value-added and
fers tailor made pr NagraID (Switzerland), of
e-Covers for e-Passports and
polycarbonate data pages and

ecision, quality methodologies and
owned by ocesses cr patents and engineering pr
e contactless technologies, multiple
oduct development, including
esults of 35 years of experience in
oduct s advanced technologies and pr
s markets. rs IDs
s, s, corporate ID ns IDs
and transfer services solutions,
oducts fers tailor made pr

. , | | a , o |
e o r e m m o C
g | m a 0
g | | a B
d e-Online Car

el: TTe

el: +41 (32) 924 04 04
ID@ id

e business and gr e futur o ensur
ease their added value incr
Customers the best technologies & solutions to
ovide to our Partners and Our goal is to pr

owth e business and gr
oposition and to help ease their added value pr
Customers the best technologies & solutions to
ovide to our Partners and

I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 24
Securi t y
a way to provide an additional layer of security for remote
access use cases such as VPNs or Virtual Desktops. Meanwhile,
two-factor authentication measures, which have typically been
confined to OTP tokens, display cards and other physical
devices, are now also being delivered through soft tokens that
can be held on such user devices as mobile phones, tablets,
and browser-based tokens. A phone app generates an OTP, or
OTPs are sent to the phone via SMS.
Many organizations will be content with a soft token credential,
but the more security-conscious organizations will store the
authentication credential on a secure element inside the mobile
device, which can be a subscriber identity module (SIM) or
Universal Integrated Circuit Card (UICC)-based secure element,
or an add-on device such as a microSD card that incorporates a
secure element. This approach on NFC-enabled mobile
smartphones will increase convenience while also ensuring simple
and secure user login across multiple cloud-based applications.
Identity management in the cloud will also become increasingly
important, especially as organizations increasingly leverage the
Software as a Service (SaaS) model and mobile identity
solutions. The most effective approach for addressing data
moving to the cloud not only with SaaS applications, but also
with internal apps stored elsewhere will likely be federated
identity management, which allows users to access multiple
applications by authenticating to a central portal. Federated ID
management supports many authentication methods, it meets
compliance requirements through centralized audit records, and
it doesnt require end-user device changes. Federated identity
management also protects against APTs, ad hoc hacking,
malicious acts from ex-employees, and internal threats such as
employee fraud, and will ensure that identity can be managed
on both plastic cards and smartphones.
Moving to Mobile Credentials
Partnerships are underway with Mobile Network Operators
(MNOs), Trusted Service Managers (TSMs) and other Service
Providers (SPs), so that users can securely issue, revoke and
manage their identities anytime, anywhere, on any device, and
monitor and modify security parameters.
NFC smartphones will be able to receive many different digital
credentials using convenient, secure and trusted cloud-based
provisioning. This will change how we create, use and manage
identities. The industry will also need to define best practices for
managing and supporting todays influx of personal mobile
phones in the BYOD environment, while simultaneously
ensuring user privacy and protecting enterprise data and
resources. Creating separate sections in the phone is a potential
solution: all applications and other ID credentials are separated
from each other inside the phone between personal and
enterprise use. This is already being done with NFC-enabled
smartphones that are used to open doors. All associated
encrypted keys, credentials and the companys organizational
data are stored in the phones encrypted, remotely-managed
secure element. Interaction between this secure element and
the rest of the device can be limited, according to policy, and
strong authentication can be required to access the applications
and data residing there.
Smartphones may also need to support derived credentials and
Public Key Infrastructure (PKI), including personal identity
verification (PIV) credentials carried by U.S. Federal workers.
The combination of derived credentials with the use of separate
sections for corporate/agency and personal information will
create the additional need for hierarchical lifecycle manage
ment, so that organizations and agencies can only revoke a
users work credentials if, for instance, a phone carrying PIV
credentials is lost.
Despite the high security and many clear benefits of mobile
credentials, it is unlikely in the coming years that smartphones
will replace smart cards altogether for access control. After all,
cards are also still preferred as a means of photo identification.
For this reason, mobile access credentials carried inside NFC-
enabled smartphones are expected to co-exist with cards and
badges. There are important developments on the card
issuance side as well.
Advances in Secure Credential Issuance
There have been many advances aimed at increasing the
security of cards, cardholders and issuance systems. The
industry is rapidly moving to a multi-layered approach both for
card validation and overall system security.
In the past, a person requesting access was typically compared
with a photo or other identifying data on the credential. Todays
credentials can include elements that enable more trustworthy
visual authentication while helping deter tampering and forgery.
These visual elements may include higher-resolution images
and holographic card over-laminates, as well as permanent
laser-engraved personalization attributes that are difficult, if not
impossible, to forge or alter.
Another validation dimension is the use of digital components
such as smart card chips or magnetic stripes. Multi-factor
authentication can be implemented by adding card data
storage. These additional authentication factors can include
something the cardholder has (the card), something the
cardholder knows (a password) and something the cardholder
is (biometric data). Todays smart cards also leverage
cryptography and keys to ensure that the user possesses the
correct keys at that specific moment.
The overall issuance system also requires multiple protective
layers. The first includes mechanical locks that control access to
the systems physical components, including the card input and
output hoppers as well as the rejected cards. Physical locks
should also be placed on all access points to protect ribbon,
film and other consumables. Additionally, personal identification
numbers (PINs) should be used to control operator access to
each printer. Organizations should also ensure that print job
data packets meet or exceed advanced encryption standards to
optimize system privacy, integrity and authentication all the way
to the final issuance endpoint. Finally, personal data on used
The industry is rapidly moving to a
multi-layered approach both for card
validation and overall system security.
25 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Securi t y
print ribbon panels should be automatically eliminated, and
printers should feature integrated sensors so custom print
ribbons and holographic card over-laminates can only be used
in authorized units.
Personalization is also important. The best approach for mid-
sized and larger organizations is an ID card printer that supports
multiple types of electronic personalization, for multiple types
of cards including magnetic stripe as well as increasingly
popular contactless and contact encoding solutions. This
simplifies migration to new technology and new encoding
options as security requirements increase. Large organizations
also may need different ways to control access throughout the
facility depending on area-specific security needs. This can be
accomplished if printer/encoder solutions include modules for
adding secure visual personalization elements such as
holographic over-laminates. Additionally, large organizations
may need an integrated card personalization software solution
that has the flexibility to link disparate databases from around
the world.
Ease of personalization must also be considered. Proper identity
validation management requires routine synchronization of the
pre-programmed data on the cards electronics with personal
data printed on the outside of the card. This was previously
achieved by first using a desktop card printer to add colour and
text to a cards exterior. Then the card was extracted from the
printers output bin, and the pre-printed/pre-programmed IC
number was transferred to a computer database. The latter
step was generally carried out either through manual data entry
or by tapping the card to an external desktop reader. Todays
inline smart card personalization processes reduce this to a
single step, enabling users to submit a card into a desktop
printer equipped with an internal smart card encoder that
personalizes the card inside and out.
Nearly all major card printer manufacturers offer the option to
build card readers/encoders into their machines, and they also
offer card issuance software that is compatible with the
integrated system. If an organization already owns a card
printer, it can usually be field-upgraded with an encoder. By
integrating readers/encoders into card printer hardware,
organizations can leverage the benefits of smart card
applications well into the future.
The latest ID credential technology enables organizations
to meet difficult security challenges, both today and to
morrow, while creating a frictionless end-user experience.The
technology also supports Identity managements move to the
cloud, using federated identity management and proven fraud-
detection technology to mitigate both internal and external
threats. Additionally, todays solutions solve the problems of
ensuring secure identity and privacy across interoperable
products in a world of growing threats, and they make
credentials portable to new mobile platforms that deliver a more
convenient user experience, while still coexisting with plastic
credentials that continue to grow in security while becoming
easier to print and distribute.
For more information please email:,
visit:, or tel: +1 800 237 7769
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 26
Bi omet ri cs
he Biometrics Institute Industry Survey is now in its fourth
year, and provides members with an insight into different
trends and important developments in the biometrics
industry that have taken place in the last 12 months as well as
looking to the future.
The survey was circulated by email to all members of the
Biometrics Institute and other key stakeholders as well as media
contacts, a total of about 4,000 contacts, in June 2013.
The facts
276 individuals responded to the survey of which 42% are
members of the Biometrics Institute. The largest proportion of
respondents are based in Australia but in comparison to last
year there is greater participation from other parts of the world:
20% of respondents are from continental Europe, 20% from the
UK, 11% from the US, 10% from Asia and 7% from New
Zealand. In line with the continuing expansion of the Biometrics
Institute into the UK/Europe the biggest change in the
respondent profile is the marked increase in the percentage
based in Europe.
49% of respondents are representatives from user organisations
(including universities) such as government agencies or financial
Reversing previous years surveys, fingerprint recognition
followed by facial recognition are the areas most respondents
are involved in. This year this is again followed by iris
recognition (especially as a secondary business area) and by
multimodal and voice/speech recognition.
Not surprisingly given the increase in Europeans within the
sample, the highest proportion of projects are now located in
Europe (49%), principally the UK.
Significant development
When asked what they thought the single most significant
development had been in the last 12 months, respondents were
most likely to cite biometrics at the border (16%) and the
adoption of biometrics in everyday activities (15%) - the latter
having been anticipated in last years survey.
Technology advances and large-scale national ID deployments
were the next most highly mentioned, albeit the latter was
notably down from last year.
While those in Australia/New Zealand (ANZ) and Europe held
similar views overall, users felt particularly strongly that
biometrics at the border had been the most significant
Most significant
development in past
2012 -2013 2011-2012 2010-2011 2009-2010
All respondents* (247 in
Biometrics at the
border/adoption of
biometrics in everyday
Large-scale national
ID deployments/
biometrics at the
Biometrics at the
Increased user
Get set for biometrics in everyday life
Adoption of biometrics in everyday life is again seen as the most significant likely development in
the next few years, according to a new survey from the Biometrics Institute. Isabelle Moeller, Chief
Executive, Biometrics Institute reports.
27 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
The adoption of biometrics in everyday life remained the
development expected to be of greatest significance over the
next five years, both overall and among the key analysed
subgroups. When the data was combined from the top three
expected developments, this aspect was followed by technology
advances, improved interoperability and increased user
To gain further insight respondents were asked an additional
question about their understanding of the term biometrics in
everyday activities. The diagram below shows this visually for
the top 50 mentions the larger the word the more mentions
(actual number of mentions in brackets).
Key findings
The key areas related to any kind of access in its broadest sense
- whether relating to a mobile or ATM or to physical access to
a building, car or country for example. Financial words such as
banking, transactions and payments were all mentioned highly.
Most significant
development in future
All respondents* (247 in
Adoption of biometrics in
everyday life
Adoption of
biometrics in everyday
Biometrics at the
Increased user
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 28
Bi omet ri cs
Going mobile?
In previous years, expected future implementations mainly
focused on border security with smartphones and mobile
devices attracting the second highest mention last year. This
year smartphones/mobile devices gained the highest level of
mention followed by border security. Fingerprint followed by
Facial (the reverse of 2012) are the biometrics expected to be
most likely to feature but there was notable mention of
multimodal and, to a lesser extent, iris and voice recognition.
Iris and voice attracted high levels of mention in terms of other
biometrics which may be in contention.
Growing familiarity
Why are biometrics in every-day life possibly seen as the most
significant development? Biometrics have become more
commonplace. For example, consumers are used to biometric
passports and Automated Border Gates, which have been
introduced in many countries across the world.
Heathrow, Gatwick and several other major UK airports have
introduced ePassport gates using facial recognition technology
and the first gate went live in the UK at Manchester airport
in 2008.
When the UK prepared for the London Olympics, biometrics
were used to secure the Olympic Park.
Following the London riots, questions were asked about the use
of facial recognition technology to identify those involved in the
riots and the intrusion of privacy.
There are also an increasing number of stories about the
introduction of biometrics in schools or pubs and clubs to
provide access to services or entry to a building.
It seems people trust social networks and are quite willing to
upload their personal information and photos for sharing with
others. We are seeing an increased consumerisation of IT, which
makes it even more important to understand the opportunities
but also the risks of using new technologies in order to making
the right decision about when biometrics are proportionate.
Smartphones and tablets
Over the last year, we have been hearing more and more about
the use of biometrics on smartphones and tablets. Apples
purchase of the fingerprint sensor company AuthenTec resulted
in numerous headlines about the technology and raised
questions about the role of biometrics in the mobile world. So,
one question people are now asking is will the mobile phone
become the latest killer app for biometrics?
As last year, survey respondents were asked to select what they
viewed as the main future use of biometrics rather than listing
several. Financial transactions were added to the list and some
options were slightly altered for clarity.
Smartphone/mobile devices stood out as a response to this
question (selected by a fifth of the sample) and attracting higher
mention than border security, which had been the main
envisaged implementation/use of biometrics in previous
surveys. Border security was next at 11% followed by password
replacement and identity documents (both at 9%, as was the
position last year).
As in the previous survey, the two main market restraints are
thought to be data sharing and cost with the poor knowledge
of biometrics among decision makers (especially mentioned by
suppliers) and concerns over reliability (especially among users)
also mentioned again this year. There were some interesting
differences between those in ANZ and European respondents.
The main areas felt to be in need of more research were
spoofing/presentation attack and accuracy both of which
featured highly last year. Many other aspects were mentioned by
a third or more of the sample.
As in the last two years, suppliers indicated that they mostly sold
fingerprint closely followed by facial biometrics systems during
2012- 2013. Iris and multimodal were next. The on-going
dominance of fingerprint and facial recognition systems was
confirmed by the user respondents who also mainly claimed to
have bought/upgraded such systems during the last year.
Echoing last year, just over a third of users claim not to have
bought or upgraded any biometric systems in the last 12 months.
The largest proportion of the customers remain Government
agencies/public sector (44% cf 51% in 2012) but law
29 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
enforcement and financial services gained slightly higher
mention than previously. The systems purchased/upgraded were
principally used for identity management and border security
but law enforcement, access control and improved customer
service were also mentioned.
Again, as for the last couple of years, it is expected that facial
and fingerprint biometrics will remain the main purchases
during the next year followed by iris and voice with fewer (just
over a third) saying they wouldnt be buying or upgrading any.
Similar uses are envisaged. Interestingly customer service and
identity management were the two areas gaining more mention
than last year.
Finally 57% of users expected their budget to be the same as this
year with 15% expecting it to be higher and just under a third
lower. This was a very similar response to last year.
The survey results will be further discussed at the Biometrics
Institute events including the Showcase Europe 2014 to be held
in London on the 26 June 2014 hosted at Australia House.
The mission of the Biometrics Institute is to promote the
responsible use of biometrics as an independent and
impartial international forum for biometric users and
other interested parties.
The Biometrics Institute has more than 130 member
organisations represented by more than 500 individuals. The
membership is split into user organisations such as government
departments, financial institutions and universities and suppliers.
50% of the organisations are based in Australia, 32% in Europe,
9% in New Zealand, 5% in the USA and 4% in Asia-Pacific/the
Middle East.
The full 42-page report, including detailed analysis in the form
of charts, tables and text is available to all members of the
Biometrics Institute. To find out about becoming a member, visit:
Looking ahead, the MOST significant development will be:
Adoption of biometrics in everyday activities
Biometrics at the Border
Consolidation of the market
Improved formal education and training in
Growth in existing and new markets
Improved interoperability
Improved reliability and performance of systems
Improved understanding of human factors
Increased awareness of spoofing/presentation
Increased collaboration across government
Increased public awareness
Increased user acceptance
Large scale national ID deployments
Securing biometric data (to prevent concerns over
Standards development
Technology advances (i.e. contactless biometrics,
Dont know
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 30
Bi omet ri cs
n recent years, the use of biometric technologies is being viewed less in the
realm of forensics or science fiction and more in terms of a default option to
validate identities and combat fraud. As one of the three classic
authentication factors,
biometrics represents something you areeffectively
tying a person to an identity claim and enabling secure identity recognition.
Technology convergence affects us allfrom our businesses running services in
the cloud or using analytics to better target services, to our rapid adoption of
smart phones and tablets as fundamental to our personal and working lives. As
companies and consumers alike embrace the digital world, the proliferation of
biometric technologies increasesand so, too, grows the inducement to attack
those biometric-enabled systems. With biometric technologies now being
deployed in international travel, by bank automated teller machines, and even
for school lunch payments, how can we be sure that todays biometric systems
can be trusted? And what happens if that trust turns out to be misplaced?
Fast forward to fraud
The first biometric systems to be adopted at scale were those used by the law enforcement
community to capture and compare fingerprints from criminals, crime scenes, and suspects.
These systems were closely supervised in use, giving little opportunity for fraud. More
recently, biometric technology has matured to provide a flexible and cost-effective answer
to a whole range of business scenarios and implementations; in airports, on the high street,
in offices, and embedded in mobile devices. With biometric identification offering business
benefits such as improved facilitation, enablement, and automation, the world is seeing
tremendous uptake of this technology, and, along with that adoption, a tendency toward
lighter scrutiny of where and how it is usedincreasing the vulnerability to fraud.
Beating the Biometric Fraudsters
By Alastair Partington and Mark Crego, Accenture
31 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
With limited emphasis on biometric fraud detection capabilities
to date, serious criminals and petty opportunists are taking
advantage. Specifically, biometric fraudsters attempt two kinds
of attacks:
Impersonation: an imposter seeks to be incorrectly
recognised as a different, legitimate user
Obfuscation: a user manipulates his or her own biometric
traits to avoid recognition.
Fraud is a serious businessespecially when it involves personal
identities. In practice, attacks can include coercing legitimate
users, creating fake samples, or making use of mutilated body
parts. The most desperate biometric fraudsters resort to surgery,
risking permanent scarring (face or fingerprints), blindness
(iris)or worse.
Biometric systems are far from invulnerable. For instance, in
January 2012, a journalist from the Mingpao Daily successfully
spoofed a biometrics device at the self-service immigration
clearance e-channel system at the Hong Kong-China border
using a US$14 fingerprint cast bought on a popular retail
website. At the same time, the barrier to entry for this type of
criminality is lowering. Benefitting from the same technology
advances (and cost reductions) that have enabled cyber-
criminals to crack systems on the other side of the world, and
the proverbial teenage hackers to perform denial-of-service
attacks from their bedrooms, biometric fraudsters can now
readily access the technology to tamper with biometric
documents, create biometric spoofs, and test their resultsall
from the comfort of their own homes.
Are any modalities immune?
Fingerprint casts aside, it would seem that even some of the
newer biometric modalities are vulnerable to spoofing attacks.
In an assessment undertaken by Accenture we found that
fingerprint, face, and voice recognition systems appear to be
the most commonly affected by biometric fraud, due to their
wide deployment; however, iris, vein, and even DNA-based
systems are also potentially vulnerable to attacks.
For those looking to create systems resistant to biometric fraud,
the situation is complex. A typical approach to deter the
fraudster is to opt for a multi-modal biometric system; while this
is an excellent first step toward reducing vulnerability, recent
have shown that even multi-modal biometric systems
can be breached. Often, successfully spoofing the single
modality that is considered the most reliable (and often has the
highest weighting in the matching calculation) can be sufficient
to fool a simple multi-modal system. System vendors are alert
to this possibility, and have incorporated analytical features,
additional data (for example, soft biometrics such as gender,
age, height) and more sophisticated biometric fusion algorithms
into their more advanced products to reduce this risk; yet it is
apparent that multi-modality alone is not a panacea to
safeguarding identity. Organisations need to look further if they
are to successfully combat biometric fraud.
Turning the tables on fraudsters
In evaluating which countermeasures system architects can
deploy to make their systems resilient to attack, let us first take
a step back and consider the system to be protected.
Depending on the business purpose of the system, and the
exposure it has to the outside world, it will be at more or less
risk, and may or not require significant fraud detection
capabilities. There is often a correlation between a systems
biometric accuracy requirements and the anti-spoofing
capabilities required, due to the relative aversion of highly
secure systems to the risk of false acceptances which could be
generated either by matching errors or through biometric fraud.
It is also worth bearing in mind that anti-spoofing measures can
decrease user convenience, as they can generate false alerts
on genuine users and thus, these techniques should only be
applied when high levels of security are genuinely required.
Second, it is important to recognise that there is no silver bullet
solution to the challenges presented by biometric fraud. No
single biometric fraud detection technique is sufficient, as each
fraud countermeasure can be surmounted with the appropriate
knowledge. Defence in depth is keyattackers must be
presented with a series of varied barriers making their work
not only considerably more challenging, but also impossible to
With these considerations in mind, it is important to choose your
countermeasures wisely. The specific defences that can be used
to strengthen a biometric systems resistance to fraud attacks
can be selected from the following three groups:
Functional decisions, usually made at the design stage,
such as the use of multi-modal biometrics, or the
combination of biometrics with behavioural characteristics
or additional authentication factors such as PIN codes or
Technical capabilities such as biometric anti-spoofing
and liveness-detection algorithms, advanced analytics
capabilities, cancellable biometrics, template-protection
algorithms, etc.
Operational decisions, such as the approach to be taken
to deter fraud attempts before they are conceived, the level
of supervision that should be applied to the system, the
strategy to be adopted to stay ahead of the threat
(analogous to anti-virus management today), the security
upgrade/patching plan, etc.
When designing the biometric fraud detection approach, there
are many factors to take into account, such as the increased
cost and complexity of the solution; a possible dependency on
specific hardware or software components, some of which are
likely to be proprietary, and might limit future evolutions; the
anticipated impact on system performance (potentially both
speed, and accuracy) on user convenience and so on. Finally,
a cost/benefit analysis is a necessary step, to balance the
As biometric systems adopt a
fundamental role in modern life, fraud
resilience becomes a more urgent need.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 32
Bi omet ri cs
anticipated costs of implementing the proposed biometric fraud
countermeasures with the expected benefits to be gained from
reduced biometric fraud, and justify the effort to the business
stakeholders. Many of these benefits are intangible, such as
maintaining user trust and organisational reputation, so
inevitably, much of this cost/benefit analysis may be qualitative
as well as quantitative. In short, the path to reduced biometric
fraud is a delicate balancing act between the complexities of
security and facilitation; getting this balance right, consistently,
is possible through the use of smart solutions that improve the
way society works and lives.
Fraud detectiona shared responsibility
All the stakeholders in a biometric solutionbusiness owners,
biometric system vendors, system integrators, and indeed, the
end-usershave a vested interest in the system being resistant
to fraud. As biometric systems adopt a fundamental role in
modern life, fraud resilience becomes a more urgent need.
Effective biometric fraud detection requires a diverse set of
capabilitiesorganisational, business-focused, and technical
as well as a broad range of third-party vendor, academic, and
standards-body relationships. If a secure identity solution is to
be achieved, organisations need to adopt a holistic approach;
one that integrates not only robust biometric fraud detection,
but also more traditional IT security techniques and processes.
Where is biometrics having an impact today?
Governments are using unique identity to protect privacy.
The Unique Identification Authority of Indias (UIDAI) Aadhaar
program is providing a unique identification number for the
nations 1.2 billion citizens. The aim is to use the programme
as an identification framework for various government schemes
and provide financial inclusion for socially disadvantaged
citizens. The Aadhaar program is being rolled out over the next
decade and aims to process hundreds of thousands of identity
validation requests each second against the worlds largest
database of individuals. The unique identification uses multiple
types of biometric data, including retina scans, fingerprints for
all 10 fingers, and multiple facial images. Since 2011, around
400 million citizens have been enrolled, making it the worlds
largest biometrics-based database, processing around 1 million
enrolments every day at its peak.
Public Safety agencies are combining biometrics with
analytics to improve public safety
Sophisticated analytics techniques can quickly process a wide
variety and volume of data sourcesfrom video cameras,
sensors, and biometricsto dramatically transform policing.
The Safe City pilot programme in Singapore, for example,
integrates advanced analytic capabilities into the existing video
monitoring system used in the city by applying computer vision
and predictive analytics to video feeds to detect public safety
concerns. The solution can increase situational awareness,
streamline operations and offer alerts that can enhance the
response times to public safety incidents. What is more,
successful intelligence sharing and proactive crime fighting
supported by interoperable systems and crime databases, and
improved data standards and managementcan be advanced
by the use of technologies such as biometrics and automatic
facial recognition while respecting individual privacy and
adhering to data protection laws
Biometrics to identify security threats
Usable and accurate, face-matching technologies are now
highly versatile, not only enabling the automation of what were
previously manual tasks but also allowing governments and
businesses to introduce new sources of value to citizens and
customers, while reducing costs and driving efficiencies.
Whether applied to the screening of people entering the country,
upgrading the functionality of high-street security cameras,
supporting efforts to locate criminals or augmenting police
efforts in the line of duty, by using biometrics technologies as an
enabler, organisations can introduce a speed and level of
automation which enhances decision making. Versatile ways
that public service organisations are using biometrics to benefit
citizens include:
Schiphol, Amsterdam's International Airport, is using video
analytics to prevent accidental or malicious intrusion onto
runway and hangar areas,
while the airports automated
system uses a technical platform that enables consultation
with the databases of other agencies to highlight passenger
anomalies and help prevent fraud and immigration
The Metropolitan Police in London has announced it hopes
to capitalise on the advances in vehicle number plate
recognition, DNA detection and face recognition software
in a bid to reduce crime rates.
The United States Federal Bureau of Investigation (FBI) is
activating a nationwide facial recognition service in select
states that will allow local police to identify unknown
subjects in photographs.
Today, in an always on and always connected world each of us
has a role to play to help biometric technologies remain a
positive force in society, managing our digital demands and
protecting us from the efforts of disruptive fraudsters.
This article was provided by Mark Crego, managing director,
Accenture Border and Identity Services (mark.crego@ and Alastair Partington, senior manager within
Accentures Emerging Technologies & Innovation team
2 Examples include: Akhtar, Kale, Alfarid. Spoof Attacks on
Multimodal Biometric Systems ICINT 2011
33 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
estern governments are implementing the most
severe budget cuts of recent times. Against this
backdrop, threats from terrorism, organised
crime and public disorder continue to rise. Yet recent
statistics in the UK demonstrate that authorities can remain
resilient and still ensure law-and-order. The targeted
application of technology can further increase resilience
and the readiness to respond to major events. The
relentless advance in the accuracy of face recognition
technology, increase in the availability of digital media
and mass availability of cheap computing power now
provide unique opportunities to meet challenging budgets
by drastically enhancing the operational efficiency of
forensic investigators while even further enhancing public
safety. Digital media can be bulk-ingested in an
automated fashion to be processed in a cloud computing
environment to identify and extract potential actionable
intelligence. Processing is continuous, consistent and
predictable. Multiple identification technologies can be
deployed and the most suitable algorithms integrated to
meeting evolving requirements. Analysts can now focus
on investigating and confirming suggested results rather
than having to manually watch countless hours of media
in the hope of stumbling across the required information.
Expanding beyond traditional sources of media is
increasingly being accomplished by engaging the public
and crowd-sourcing intelligence in response to incidents.
Having previously written on the subject of the application of
face recognition in airports
and privacy concerns of face
recognition when used by retail
, this article focusses on the
application of face recognition to support bulk processing of
media by what has traditionally been the first and thus far most
proliferate user of biometric technologies: law enforcement. The
convergence of multiple advancements now provides a whole
new set of opportunities to use identification technologies in
manners that provide benefits that are only now being realised.
1 A Need for Enhanced Safety and Operational
Governments across Europe are in fiscal crisis. Austerity is the
order of the day and public budgets are being slashed. Against
this backdrop, security risks are continuously increasing. The
threat from terrorism, organised crime and public disorder is
not abating. Indeed, as reported by the BBC News on the 17th
July 2013
, the threat landscape is substantial and becoming
ever more fragmented, consisting of a greater number of
smaller and less sophisticated plots.
However, the UKs police forces have demonstrated that it is
possible to maintain and even improve upon public safety
despite the relentless pressure of austerity. Recent reports
indicate that crime in the UK is at an historic low, being at its
lowest level since 1981 iv. As always, it appears that necessity
is the mother of invention and it is likely that technology is
playing an innovative role in improving police efficiency.
What is not apparent from these recent reports, however, is the
current level of readiness to respond to a major event. Indeed,
the UKs Police Federation, the body representing rank and file
police officers, warns that the police could not handle more
after the budget cuts and Her Majestys Inspectorate of
Constabulary (HMIC) warns that neighbourhood policing risks
being eroded.
There is a need to enhance public safety whilst reducing public
operational budgets.
2 A Relentless Increase in Digital Media
The increase in the creation of digital media is relentless. Law
enforcement and intelligence agencies have amassed large
collections of biographical, video and photographic information
from multiple sources such as:
Computer hard drives.
Mobile phones and portable cameras.
Intelligence and Efficiency through
On-Demand Media Analysis using Face Recognition
By Carl Gohringer, Allevate Ltd.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 34
Bi omet ri cs
Flash memory devices.
Online sources on the Internet such as Facebook and
Additionally, when tragic events or social disorder occur,
investigators have a long and arduous task of reviewing
countless hours of CCTV footage, generally with a varying
degree of concentration and scrutiny.
A solution that minimises manual effort in the extraction of
actionable intelligence from amassed media by automating this
process with a consistent and repeatable level of scrutiny will
deliver concise and consistent information in a fraction of the
time taken by operators undertaking the task completely
3 An Automated Media Processing and Exploitation
Police, intelligence and other public order agencies would
benefit from the application of a powerful media processing
solution designed to process, ingest, analyse and index in an
automated fashion very large quantities of photographs and
videos to transform them into usable assets.
Such an automated solution ingests and processes media from
multiple sources. Once processed, law enforcement agencies
can analyse and make use of the extracted assets and manage
them in a centralised repository of information. Data links,
associations and metadata inferences can be managed across
the whole dataset by multiple users from a single common user
interface. Backend processing services are run in a cloud-
computing environment, the capacity of which can be
configured and incrementally scaled up and down to meet an
organisations changing demands; peaks arising from specific
events can be easily accommodated.
Features include:
Automatically find, extract and index faces to enable
biometric and biographic searching of media.
Create and manage watchlists of people of interest via a
web-based interface.
Find and cross-reference all media instances in which a
person of interest has been seen.
Identify, locate, and track persons of interest, their assoc
iates and their activities across all media.
Discover, document and view links between people of
interest, their activities and networks.
Use of metadata (including geo data) in the media to
enhance investigations and association of data.
Integration into existing system environments, databases
and components via a flexible API.
3.1 Incorporating Other Detection Capabilities
In addition to face detection and recognition, other detection
engines can be incorporated, such as:
Automatic Number Plate Recognition. (ANPR)
Voice Biometrics.
Object / Logo Recognition.
(Other identifying features can be used to track individuals
through other processed media.)
Scene Recognition
(Identify similarities in the entire frame, often used in child
exploitation investigations)
Vendor independence allows the use best-of-breed
3.2 Biographic Filtering and Fuzzy Match Capability
Forensic investigations are complex and require a holistic view
of all available data. This involves not only analysing media,
but making full use of all textual and biographic data available
as well. This can include text from files recovered from hard
drives and other storage devices, online sources, metadata
associated with photo or video files and data entered by
investigators during the investigation.
Traditional Boolean search techniques only work within a black
and white, true and false paradigm. More applicable within a
complicated forensic analysis are techniques that use advanced
fuzzy algorithms that to calculate similarities and aggregate
match scores using multiple criteria to enable a shades of
grey analysis.
Such an approach can fuse match scores across multiple
disparate search criteria and even allows for fusion and
aggregation of search results across multiple biometric and
biographic criteria.
The use of media metadata and other biographic data
further refines biometric matching.
3.3 Working with Geo-Location Data
An ever-increasing amount of media available to investigators
is captured on mobile devices and cameras affixed with location
determining technology. This includes media obtained from
CCTV, confiscated hardware and devices, online sources and
voluntarily made available by members of the public. The
majority of the time, this geo-location data is incorporated into
the media metadata, thereby providing significant potential to
further enhance the analysis of the media. For example, geo-
location can be used to:
Compartmentalise and refine analysis by location of where
the media was created.
Overlay location of proposed matches onto maps.
35 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
Chart movements of individuals of interest by location and
time of sightings.
Link individuals at the same location and time even if they
do not appear together in media.
3.4 Architecture and Integration with Existing Systems
There are significant similarities in organisation and methods
of operation in many western law enforcement agencies
facilitating increased levels of co-operation. Operational
systems should support full control of information and data as
well as have sufficient in-built flexibility to enable authorised
data exchanges.
In addition to utilising COTS components, adhering to common
standards and being cloud-architected to enable massive
scalability, a well delineated scope of functionality and open
API enables:
Flexibility in customisation and integration with existing
systems and workflows.
Well-defined mechanisms of loading data and automating
ingestion of media for processing.
Dynamic alteration and sharing of watchlists, media,
system-generated results and operator analysis.
3.5 Hosting, Cloud and Virtualisation Options
Full architectural flexibility enables flexibility of hosting options.
Organisations can elect to:
Take advantage of IaaS and SaaS options on cloud
(UK accreditation of IL0 to IL3 is available via
hosting partners)
Fully host the solution on their own private and secure
premises and datacentres.
Deploy in a hybrid manner.
(Thereby taking advantage of external processing power
whilst retaining the most secret data)
3.6 Working Hand-in-Glove with Trained Forensic
The human operator will always remain the critical and
essential part of intelligence analysis; media analysis solutions
are not designed to replace the intricate skills and knowledge of
trained investigators. Rather, the operator is enabled to intelli
gently direct and apply their extensive training at suggested
results, eliminating the necessity of rote viewing of countless
hours of media either in a sequential our random fashion.
Integration of enhanced verification, charting and mapping
tools enables operators to conduct detailed analysis of
suggested matches and identifications to confirm or deny them.
4 Potential Use Cases
There are myriad different applications of a solution architecture
as described herein within military, law enforcement, intelligence
and public site security agencies. These are summarised into
three broad categories:
4.1 Time Critical Investigations, Media of Critical Importance
In certain major incidents, timeliness of response is of the
essence. Authorities need to quickly process evidence to identify
and apprehend individuals. The scale of the investigation is
often huge and the amount of media that needs to be processed
massive. Examples include terrorist events such as the recent
Boston bombing and the Woolwich attack in South London.
Often, the media acquired in these instances is of such critical
importance that the authorities may choose to review it all in its
entirety, frame-by-frame. However, in the early stages after the
incident, decisive and immediate action is critical. Rather than
having to sift through the media in a random or sequential
fashion, a media analysis solution can quickly direct the
investigators to the portions of the media that are most likely to
deliver immediate results. Full review of the media can be
conducted during subsequent stages of the investigation.
4.2 Bulk Ingestion of Media Arising from Criminal
During routine operations or specific criminal investigations,
authorities may recover significant quantities of media on
confiscated hard drives, mobile phones, flash / thumb drives
and other sources that need to be processed to either further the
investigation or to assist in building an evidence base for
criminal prosecution. Examples include:
Military or counter-terror officers raiding terrorist training
Specialist organised crime investigators raiding the offices
of organised crime syndicates.
Child protection officers raiding premises of individuals or
organisations involved in child exploitation.
This media can be bulk ingested in an automated fashion to
provide the investigating officers an overall summary of the
contents including focus areas for further investigation.
4.3 Continuous Background Processing of Media Sources
Authorities may as a matter of routine have access to masses of
media which may contain actionable intelligence, but typically
would never be viewed or processed due to a lack of resource
and the time consuming nature doing so. Examples include:
Media from specific cameras installed at high-profile or
sensitive locations.
Media from known or suspect online sources or accounts
from social media sites.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 36
Bi omet ri cs
Media made available to the authorities by the general
Intelligence in these sources may be missed entirely and never
acted upon.
This media can now be bulk ingested and processed in an
entirely automated fashion to flag any relevant intelligence,
using operator controlled criteria, to the authorities as required
for follow-up processing.
5 A Compelling Business Case
The solution and optional IaaS / SaaS components can be
made available on a monthly service-charge basis, thereby
requiring a minimal capital outlay and enabling a compelling
operating expenditure business model.
Whilst the human operator is an essential part of intelligence
analysis, an entry level solution empowers the analyst to process
up to an order of magnitude more media on a daily basis. This
enables trained operators to apply their expertise and training
by focussing on the analysis of results generated by the solution
in a more focused effort than manually watching hour upon
hour of media.
Efficiency is dramatically boosted by bulk processing
media 24x7 at a constant and predictable level of focus
and accuracy: operational staff can focus on analysing
6 Engaging the Public to Crowd-Source Media to
aid Investigations
Increasingly, especially from crowded public events, authorities
are making greater use of media captured intelligence in the
form of photographs and videos that have been recorded by
members of the public.
With the advent of smartphones, almost everybody has a
high quality camera in their pocket.
Most members of society would welcome the opportunity to
assist the authorities with their investigations, but often do not
know how or are fearful of being involved.
Allevates proposed PublicEye service is aimed at empowering
the public to take a greater collective social responsibility and
assist law enforcement in much the same manner as the
phenomenally successful CrimeWatch. It enables members of
the public to (at their discretion) upload media directly from their
mobile phone or other internet device to a public portal for
processing and dissemination to the relevant authorities.
A PublicEye portal could be used:
In response to appeals by the police to the public who were
present at an event or disturbance.
When individuals witness a crime being committed.
Upon suspected sightings of missing persons or individuals
wanted by the authorities.
A PublicEye enables the authorities to crowd-source
media to augment their own sources.
7 Summary
Security concerns are ever increasing. However, public budgets
are being slashed. Law enforcement agencies are rising to the
challenge of implementing budget cuts partly through the
focussed application of technology. The accuracy of face
recognition has increased dramatically over the past 10 years.
This, coupled with the massive increase in the creation of digital
media and the availability of cheap computing, now provides
authorities with the ability to bulk ingest and process media in
an automated fashion. Results are continuous and predictable.
Trained analysts can now focus their skills on investigating
suggested results and on intelligence extracted by automated
systems. Not only does this provide the ability to process critical
media even faster than ever before to respond time critical
investigations, but it also enables authorities to extract
intelligence from media sources that in the past may never even
have been looked at because of the significant resource this
previously would have entailed.
Additionally, the availability of smartphones means almost
everybody is carrying in their pocket a high quality camera. The
ability to process media rapidly and cheaply means the
authorities will be able to, on a continuously increasing basis,
engage with members of the public to crowd-source media in
response to major investigations.
For more information visit and follow us on
Twitter: @Allevat
i Allevate, July 2012:
ii Allevate, January 2013:
iii BBC News, 17th July 2013
iv The Telegraph, 18th July 2013
v The Telegraph, 18th July 2013
vi BBC News, 18th July
vii In cooperation with Tygart Technology
viii The UKs G-Cloud Programme is a cross government initiative led
by Andy Nelson (Ministry of Justice) supported by Denise McDonagh
(Home Office) under the direction of the Chief Information Officer
Delivery Board as part of the Government ICT Strategy.
37 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
n 2012, a new identity theft victim was generated every three
seconds in the US alone. These victims numbered 12.6
million, alarmingly up 1 million from 2011, and netted a loss
of more than US$21 Billion.
Identity theft is rising and the
expectations for high-security are very real, as embodied in
recent ISO 19092 and the Federal Financial Institutions
Examination Council (FFIEC) guidelines. By definition, identity
fraud refers to the crime of fraudulently obtaining and using a
victims data for personal economic gain; economic gain that
can be directly correlated to the advent of electrical banking
and the Financial Services model that no longer relies heavily on
face-to-face transactions. Without new and innovative
approaches to combat the increasing sophistication of
fraudsters, the rising amount of fraudulent activity and identity
theft, the upward trend is only set to continue.
As consumers have clamoured for convenience, financial
institutions have obliged by allowing transactions to take place
via telephony or web channels. These solutions are now posing
an exponential risk to the institutions systems and processes, as
the requirement to verify the legitimacy of customer identific
ations, transactions, access and communications is still a very
real issue. The need to protect customer identities and provide
audit trails of transaction activity means that new identity
verification practices and end-to-end electronic workflows are
needed. Financial institutions must meet these demands for
additional security with a solution that improves and adds value
to the customer experience while adhering to ever-tighter
industry regulations. Specifically designed to deliver strong
identity verification, while providing an intuitive user experience,
voice biometric solutions meet these needs.
By Melinda Ziemer, Marketing Manager, VoiceVault
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 38
Bi omet ri cs
Simple PIN (personal identification number) or password-based
identity verification is not secure, especially with the growth of
social engineering techniques making passwords easily
obtainable and, particularly in smart device apps, just plain
inconvenient. Yet, a key strength of biometrics in system security
is that they do not rely on external elements such as passwords
or PINs that could be used by someone other than the
authorized user. Biometrics rely on something you are (a person
with biometric characteristics) rather than something you know
(a password, PIN etc). As a result, they are considerably more
secure. In other words, only biometrics can truly verify that you
are who you claim to be.
Implementing a voice biometric enabled authentication system
is a very efficient means of providing strong multi-factor identity
verification solutions that enhance the something you know (a
PIN or password) with something you are (your unique voice).
Needing only five seconds of speech to verify a customers
identity, financial institutions benefit from a simple and secure
multi-factor authentication solution that provides a great user
experience and, on average, saves 30-45 seconds per call,
reducing call centre agent costs and improving customer
satisfaction. Voice biometrics are a flexible and versatile part of
a secure multi-factor process when used for: out of band
authentication, authentication for Android / iOS smartphones
and tablets, self-service password reset, and voice e-signatures.
The solutions enable financial institutions to: secure transactions
and application access; improve the customer experience; and
importantly, comply with increasing security and fraud
regulations. Attracting new customers, and keeping existing
ones, by providing both a great user experience and
reassurances of security and identity protection is vital to all
financial services organizations.
Out of band authentication
Out of band authentication is a 'transaction verification' process
with the primary function to confirm that the transaction details
originated with the user. It is an interactive process that conforms
to FFIEC guidance and is particularly suited to authenticating an
online transaction, whether that is a session login or a
transaction within that session. With the current prevalence of
data breaches, specifically those of user names and passwords,
adding a second factor to the authentication process
dramatically decreases the likelihood that actual account
information will be compromised. The voice biometric solution
is phone-based and uses either an out of band call to a user-
registered phone number, or uses an Android / iOS
smartphone-based app. In this instance, the phone line, or the
app, is regarded as being one of the trusted parts of the strong
multi-factor authentication process, and the voice biometric
element adds yet another factor. This solution leverages the fact
that phones and smartphones are ubiquitous and are never far
away, and that the use of them is non-invasive, intuitive and has
a low user experience impact.
Authentication for Android / iOS smartphones and
tablets: Mobile Banking and Mobile Payments
More and more business is being conducted on smart devices
while on the go and outside of the traditional office. Experts
predict that the mobile transaction market will see volumes of
more than US$605 billion a year by 2015. These devices have
become fundamental digital assistants whose owners highly
value not only their security but also their usability. Whether it is
to secure access to an online banking service, or enable
increased options and higher value transactions on mobile
banking applications, the solution must meet the requirement
for both convenience and increased protection against fraud.
Financial institutions have attempted to offset the security risks
by requiring customers to have multiple PINs or passwords, or
answer numerous knowledge based questions during agent led
verification, however, customers get frustrated with the added
requirements, especially when they want to quickly access an
app or authorize a transaction.
A multi-factor voice biometric security framework (the device,
the PIN and the voice biometric for example) can be used
seamlessly to both protect access to an app and to secure
activities initiated from within it. The five seconds of speech
needed for authentication is less than the time it takes to enter
a medium level password within an app and provides users with
high security that doesnt require them to have to remember
anything. Voice biometrics are well suited to smart device apps
and form a natural part of a multi-factor authentication system
that can be tailored to the needs of each type and value of
transaction (even within a single app). By just responding to a
short visual or audio prompt, a customer can secure any type
of transaction at any desired level of security. To match the way
customers use their phones and devices, a range of interfaces
and usage models can be used to tailor the experience and
keep the voice verification process unobtrusive and matched to
the needs for security or convenience. These include: on-screen
prompting; an out of band call; or an in-app audio interface.
39 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
Automated password reset
Even with voice biometrics as part of a financial institutions
multi-factor authentication process, the need to provide a
password reset service is still a necessary requirement for
organizations. Traditionally password reset consists of a staffed
help-desk and is a tedious experience for users and help-desk
staff alike. A typical password reset call to a help-desk costs an
organization approximately US$10 and with password reset
activities accounting for up to 35% of calls to a help-desk,
represents a significant organizational expenditure. With voice
biometrics, a self-service password reset solution delivers a fully
scalable un-manned virtual help-desk that is accessible to
the customer from anywhere, at any time and from any phone.
To provide a financial institution with rapid implementation and
deployment, the voice biometric system is fully hosted and
leverages existing organizational password reset systems
and services.
Since the process of using a phone-based system or smart
device application is so natural, users can interact with the
system in their chosen language and there is no costly user
training required. The ability for a user to reset their own
password without the need to engage with the help-desk allows
helpdesk agents can be allocated to other tasks, increasing
productivity and enabling other areas of the financial institution
to benefit from reduced queuing times. It can also reduce the
number of helpdesk agents needed to be on call 24/7 for
password resetting and completely eliminates the security risks
introduced when a helpdesk agent is present during the
resetting process. Automated systems are also popular with end-
users in that they provide customers with a sense of empower
ment and are seen as being non-intrusive.
Legally binding Voice e-Signatures
In todays Financial Services environment customer signatures
are time-consuming and expensive to obtain. Customers are
favouring companies that dont require cumbersome paper
forms to collect their authorization and in particular,
organizations that offer go green paperless programmes to
conduct business. In turn, financial institutions are looking for
process improvement through shorter calls and the elimination
of the reliance on hand-written signatures to consummate
transactions. Research shows that no matter what the industry,
there is a 30-55% falloff rate when a paper process is involved
in getting a signature from parties who are not face-to-face.
However, that dropout rate goes to under 5% when a voice e-
signature is obtained while the customer is captive on the phone
and the administrative costs associated with the typical paper
trail that accompanies hand-written signatures is reduced by up
to 80%.
Financial institutions are able to leverage voice biometrics within
any phone or smart device based process where a traditional
hand-written signature would normally be required. With no
specialized hardware, on-site software required, or changes to
existing call centre/IVR/IT infrastructure, the solution can quickly
and easily be incorporated into an existing call flow or smart
device application. Within the voice biometric transaction,
VoiceVault acts as a trusted third-party in delivering the e-
signature capability. This status extends to repudiation claims
where VoiceVault is able to provide voice biometric evidence
that the person making the claim did in fact electronically voice
sign the transaction under dispute. In the US, voice e-signatures
are recognized as legally binding under: The E-Sign Act; HIPAA;
CMS; DOI; FDA 21CFR Part 11 and in Europe, they can be
incorporated into processes that generate e-signatures with the
resulting voice e-signatures being legally binding as defined by
EU Directive 1993/93/EC.
In Financial Services where high security and fraud reduction
are major drivers in application design, identity verification
accuracy is paramount and dependent upon the systems ability
to verify a customer using only a short sample of speech that is
compared to the enrolled voiceprint. Using that small amount
of speech, voice technology solutions have raised the accuracy
bar to new levels with a verifiable equal error rate of only 0.1%.
This level of accuracy has been proven in a real-world
application where voice biometrics is used for authorizing
financial transactions on a smart device.
Results from a security conscious enterprise deployment
demonstrates that the voice biometric engine can deliver a false
accept rate of 0.01% while maintaining overall false reject rates
of less than 3%. With these levels of accuracy, financial
institutions can deploy solutions that incorporate multi-factor
identity verification processes using voice biometrics knowing
that they are achieving the very highest levels of security and
user convenience while avoiding the need for customers to have
to remember PINs or passwords.
Voice Biometrics in action within Financial Services
A milestone for the international acceptance of voice biometrics
in mobile applications was recently established with the
simultaneous deployment of an app in 40 countries by a top
three global US financial institution. Available now, the Android
and iOS smartphone and tablet application uses voice
biometrics as part of a multi-factor authentication process for
securing commercial banking ACH payments and wire transfers.
The solution provides critical high security multi-factor
authentication support for multi-million dollar financial
transactions, with billions of dollars in transfers already secured
by active users in more than 30 countries. By recognizing the
challenges with such a global rollout and how imperative it was
that the app was able to pass the regulatory authorities, legal
review, stringent privacy requirements, and required user
consent legislation in each of the locations it was available in,
the app successfully became the first voice biometric mobile
application that has obtained global regulatory acceptance.
This was achieved while maintaining very rigid accuracy levels
demanded by the financial services industry.
For more information email:, or visit
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 40
Bi omet ri cs
lectronic healthcare records are protected by a thin veil of
security, practically guaranteeing a future breach and
providing a false sense of assurance to patients. The
authentication model adopted by many healthcare institutions is
dated and vulnerable and violates the promise of trust that these
institutions provide to their patients. Access to health information
needs to be linked to the authorized individual and biometric
authentication is the best answer. Its clearly time to retire passwords
and proximity cards and secure electronic healthcare records with
authentication that is secure and convenient.
Simple security is needed in the healthcare industrys
push for adoption of electronic systems
The healthcare industry has seen more than its fair share
of change. Less than a decade ago, virtually all patient information
resided in paper charts stored in a records room. Patients (and, at
times, even their caregivers) rarely had access to these records and
records were difficult to transfer from one facility to another. Today,
thanks to regulations and the rapid advance in digital technologies,
the adoption rate of electronic health records (EHR) has risen to
nearly 72% by office-based physicians
. This dramatic shift over the
past five years has created tremendous pressure to ensure that
patient data is readily accessible anytime and from any location
within the hospital.
Unfortunately, ready access to data has outpaced secure methods to
protect access to the data. These methods, such as username/
password pairs or even proximity cards, are antiquated, overly
complex to administer and lack a sufficient security model to protect
sensitive and confidential patient data. And lets face it: these solutions
were never designed to meet todays security needs and threats.
Virtually Insecure
By Greg Sarrail, Vice President, Solutions Business, Lumidigm
41 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
Dont put up barriers and slow me down! Single
sign-on for improved workflow
The accelerated use of electronic data for health records,
prescriptions, drug interaction checks, clinical decision support
and a myriad of other systems has created a new problem: the
need to validate the identity of the person who is requesting
access with the right level of assurance at all points of access.
Enterprise single sign-on systems and EHR suite vendors have
improved clinician workflow by binding disparate username and
password systems to a single log-on event using one username
and password.
But everyone knows that the username/password model is not
secure. From Bill Gates proclamation in 2004 that the
password would soon meet its death to the constant barrage of
password-related security breaches at top companies such as
LinkedIn and Yahoo! to examples of remote breaches, such as
in the state of Utah, where the healthcare information of over
780,000 Medicare patients was accessed through the use of
hacked username and passwords, its astonishing and
frightening to think of the modern systems that still rely on this
archaic technology.
In fact, studies have shown that the healthcare market suffers
from abnormally high breaches and associated costs. The
Ponemon Institutes Third Annual Benchmark Study on Patient
Privacy & Data Security disclosed that 94% of healthcare
organizations were breached from 2010-2012 with more than
45% reporting they had more than five significant breaches
during that time
. The majority of attackers gain initial access
by exploiting guessable passwords or through brute force
dictionary attacks.
If the username/password model is insufficient for todays
threats and single sign-on systems tie multiple passwords to a
single identity, havent the risks grown exponentially?
Two-factor authentication a statistical necessity
To minimize this risk, two-factor authentication has become a
necessity and is now generally being adopted. Two-factor
authentication is the combination of two out of the three
possible methods (something you know, something you have,
something you are). One basic example is ATM access which
requires a card (something you have) and a PIN (something
you know).
Within the healthcare provider setting, the two authentication
factors most commonly used to secure data are the proximity
card that the clinician already uses to access the facility and a
PIN or password. To log on, all the clinician needs to do is tap
a card and type a PIN. The problems mentioned above seem to
be solved: the reliance on a username/password pair is
diminished, information is accessible, workflow is enhanced,
and a record is created that links the authentication request to
the access of the data.
But what sacrifices have been made to make access to data this
simple? Has security been sacrificed to ensure rapid clinician
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 42
Bi omet ri cs
Dissecting the prox card are traditional methods
good enough?
Unfortunately, using a proximity card plus a password is not as
secure as people may hope. Authentication with an RFID
proximity card and a password is better than a username and
password, but it is far from secure. Proximity cards have been in
use for over 30 years for physical access control and are now
used to authenticate to networks and single sign-on systems.
That technology was simply expanded for the new use case.
But is it really the best choice for logical access control in
healthcare settings?
Proximity cards use a static number, called a card serial number
(CSN), that is sent over the air, unencrypted, to a reader. This
number is correlated to a users identity. In other words, the
static CSN acts as a username and, with the password or PIN,
the two are used to unlock a users desktop or single sign-on
session. In combination with a static CSN, newer RFID
contactless cards offer the capability to write and store data on
a card, encrypt data at rest and in transit, and securely
exchange this data.
Yet these features are typically only used for physical access
control and are not used for desktop authentication. These
higher security features must be implemented in cooperation with
the card vendor, decrease the speed at which a user is recognized
and limit the interoperability of the system with various card
technology. For these reasons, most authentication software
utilizes the CSN irrespective of what card technology is used.
In short, the common denominator is the card serial number
which is fast and interoperable. Unfortunately, the CSN is
an unencrypted static number which can be simply copied
or cloned. Is a static card number plus a password any
more secure than the former username/password model that
it replaced?
The majority of single-sign on solutions also offers the capability
to use either a proximity card with no PIN as an authentication
method or use a grace period feature that bypasses the need
to enter a password for each logon event. At the start of the
day, a card and password is required but, for the next four-
eight hours, only the card is required for authentication.
When no password or PIN is required for user authentication,
if a card is lost or stolen, it can be used by anyone even
without a password.
To summarize, in grappling with the new demands of electronic
healthcare data, physician workflow was improved by tying
every application and transaction requiring a username/
password pair to a single authentication event. Then, the
security of this authentication event was enhanced by
replacing the username with a static card number. As a final
step, two-factor authentication was bypassed and security
was sacrificed, once again, to provide simplified access
to information.
Security vs. convenience: users should not have to
The reality is that security has taken a backseat to workflow at
every stage. Proximity cards were never designed to protect
networks, applications and sensitive patient data, yet many
healthcare organizations rely on this technology to protect their
most critical assets.
Clinicians log on to an EHR system as often as 75 times a day.
These transaction events can add up to 45 minutes if using a
username and password. The use of electronic systems is
undeniably valuable and necessary and access to those systems
must be simple and convenient or they will not be adopted.
What seems to have been forgotten in the rush to implement is
that access must also be secure to meet regulatory requirements
and to provide proper patient privacy.
If using a proximity card and PIN is not much better than the
former username/password model, what is the alternative?
It must be as or more convenient than using a card and
password and it must positively identify the person accessing
the information. Something that the clinician can share with
others such as a username and password does not identify
who without some level of doubt. Something that can be
easily duplicated such as a static card serial number also does
not absolutely identify who. Only through the use of a
biometric can the authorized individual be positively identified
to securely grant access while creating a record of the
authenticity of the transaction.
Knowing who matters!
Fingerprint biometrics is the most widely used biometric
technology in healthcare for medication dispensing, electronic
prescriptions of controlled substances and simple, secure login
to EHRs. More convenient than using a card-based system, a
fingerprint biometric authentication solution does not require
the clinician to carry some other device, card or token.
Requiring no more than the placement of a finger on a sensor,
authentication using fingerprint biometrics enhances clinician
workflow while delivering the level of security that is required to
protect sensitive health information.
However, not all fingerprint biometric solutions are created
equal. To maximize adoption, it is critical to select a fingerprint
sensor that works in real world environments and that can
deliver consistent results irrespective of race, gender, age or
physical conditions. To truly enhance workflow, the sensor needs
to work every time, and for every user.
Multispectral imaging essential for healthcare
The purpose of any biometric technology is to provide consistent
data for verification that can be used to match the data that
was captured during enrollment. Only then can the system
properly identify and quickly accept the right people while
rejecting unauthorized users. A biometric sensor needs to collect
usable data under a variety of real world conditions. Within
healthcare, these conditions are typically characterized by
43 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
a diverse user population that has minimal training on bio
metric enrollment and high use of alcohol-based hand sanitizers
and hand washing resulting in dry hands, along with a relatively
cool, bright and dry environment. These conditions have caused
traditional fingerprint biometric sensors to have difficulty
supporting the demands of both healthcare institutions
and clinicians.
To address the shortcomings of conventional fingerprint
technologies, Lumidigm has developed a fingerprint technology
that is able to work across the range of common operational
conditions. Called multispectral imaging, this technology
collects information about both the surface and subsurface
fingerprint to capture reliable data every time, regardless of
whether a users finger is dry, wet, dirty, slightly rotated, or
difficult to capture.
Multispectral imaging allows clinicians to enroll and
authenticate quickly and accurately every time, removing the
need to call the help desk or use a secondary authentication
method due to issues with the primary mode. Multispectral
imaging enhances user adoption rates because it is simple,
reliable and secure.
The time has come to replace an inadequate and archaic security
solution with one that is truly tied to the individual. The threat
landscape continues to grow along with the migration to
electronic records and increased access to systems and
information, meaning greater exposure to unauthorized access
and cyber-attacks. The healthcare industrys reliance on
technology designed over 30 years ago is not sufficient to protect
us from the current threat landscape nor will it prevent new
attacks. Its time that we implement solutions that make no
compromise and deliver both security and convenience. Its time
that authentic ation is tied to the users identity and validated at
each transaction. Its time for widespread adoption of fingerprint
biometric authentication utilizing the most reliable technology
available. Its time to adopt security that is effective AND efficient.
1 Office of the National Coordinator for Health Information
Technology, Dec. 2012, Physician Adoption of Electronic
Health Record Technology to Meet Meaningful Use
Objectives: 2009-2012. ONC Data Brief, no. 7.
2 Ponemon Institute, Dec. 2012, Third Annual Benchmark
Study on Patient Privacy & Data Security
For more please email Greg Sarrail at
1 2 3
4 5 6
7 8 9
* 0 #
Who knows
the PIN #?
Who knows
the password?
Who has
the key card?
Now we know Who!
Its Robert!
1 2 3
4 5 6
7 8 9
* 0 #
Who knows
the PIN #?
Who knows
the password?
Who has
the key card?
Now we know Who!
Its Robert!
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 44
Bi omet ri cs
The purpose of a photo is not always merely to be a
beautiful representation of a person, or a piece of
art. When it comes to identification purposes, a
photograph provides valuable biometric data that
can be used in ID documents and ID verification.
Therefore, it is important that the photo capture is
made with expertise in the field of biometric data,
not only with photographic proficiency. The process
of capturing data is vital to make the result as
homogenous as possible and there are many
aspects that need to be considered, aspects that can
easily be taken care of with todays technology.
The issue of security is more important than ever and the
widespread use of biometrics is increasing steadily. With a
growing number of travellers, governments are working hard to
ensure their border control procedures meet the growing
demand for better security and faster throughput in border
control by using ePassports and eGates/ABC (Automated
Border Control). But this is, in many cases, easier said than
done; the biometric data stored in ePassports needs to be of
high quality to enable automatic face recognition. Therefore a
standardized process that captures facial photos with a focus
on the biometric data is vital.
Poor photo quality Is costly
ePassports enable machine-assisted ID verification and can be
a very good solution for smoother throughput in border
controls. But without good photo quality, the estimated time
saved in using eGates might end up as time wasted. Denial of
access and queues at border gates in airports can be the result
of biometric data not properly representing the document
holder or not complying with the standards (eg poor biometric
photo quality). The photo and document holder may be the
same person, but if the matching algorithms used in the eGate
solution cannot make a positive verification due to insufficient
data quality, the whole idea of biometric documents is
challenged. Certain nations have chosen to implement
ePassport solutions where not enough attention is given to the
quality of the data. Thus, from time to time, the border control
world falls victim to the classic Garbage In Garbage Out
(GIGO) scenario where travellers are denied access and get
frustrated and stressed over spending more time than necessary
at border controls.
The main focus during tenders is often cost. Buying a new
biometric enrollment system is a big investment, but doing
everything correctly from the beginning can save a lot of
government money and time for a lot of travellers. Quality and
safety surely come at a price, at least initially, but going with the
higher-quality solution will result in fewer issues and problems
over long usage periods. So again, what was intended to be a
good solution to speed up the border control might result in
long lines and frustration if the documents and biometric data
arent prepared properly.
Strict standard requirements
ICAO has specified global standards for travel documents and
has decided on facial images as the primary biometric identifier
for all European countries. Photos used in ePassports should
comply with ISO/IEC 19794-5, which defines a standard for
codifying data describing human faces within a CBEFF-
compliant data structure for use in facial recognition systems.
The standard is intended to allow for computer analysis of face
images for automated 1:n matching and 1:1 authentication, as
well as manual identification of distinctive features such as
moles and scars. To enable applications to run on a range of
devices and to improve accuracy, the specification also
describes an array of other requirements such as lighting, pose,
expression, positioning, image resolution, and image size.
The full-face frontal pose must have a background without
textures, lines, or curves, as this could cause the software
algorithms to become confused in separating the face from the
background. A plain background in uniform colour (white/gray)
with no gradual change from light to dark luminosity in a single
direction is recommended. In the traditional approach, with
independent photographers creating and supplying passport
photos, such standardization is quite a challenge. Another
cause of problems is lighting. The light must be equally
distributed on the applicants face with no significant direction
of the light from the point of view of the camera. Biometric data
capture systems with integrated photo illumination synchronized
with the camera, in combination with illuminated back walls,
minimize the dependency on ambient lighting; but 500 Lumen
per square metre or more further reduces the risk of problems
handling all applicants from very light to very dark, independent
of the lighting conditions of the room.
By Magnus Lfgren, CEO, Speed Identity
A photo is worth more than a thousand words
45 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
Ideally, a country or government agency creates a database of
quality-assured facial images which are as homogenous as
possible in all aspects, from illumination to background,
contrast, and pose. A standardized biometric data capturing
system with identical photo settings, illumination conditions, and
backgrounds and zero software modifications of the photo is
best served to achieve this. Standards are the essential part of
the security document creation, ensuring that they can be easily
read and accepted anywhere in the world. The standards need
to be understood and applied by everyone in the security
document issuance chain, from the data capture/enrolment
office to the document personalization process and the
databases where the biometric data is stored for matching.
Photos for the job
A photo can have many different purposes. Photographs from
a photo studio, taken by a professional photographer are often
meant to be aesthetically appealing, while photographs from a
biometric data device have the main purpose of being
compliant with ISO/ICAO specifications to facilitate quick,
secure, and precise matching and identity verification. Border
control officials and eGates dont care about how a photo looks
from an artistic standpoint. Applicants and enrolment officers
should realize that photo touch-up jeopardizes the whole
purpose of the biometric face image, and that the aesthetical
aspects serve no purpose in the world of security and ID
documents. When specifying requirements for a biometric
system, there is no obligation to place the responsibility on the
best photographer in the team, and dont consider the
applicants desire to look beautiful on their passport photos. Try
instead to compare the biometric facial image with fingerprints
or iris images their purposes are exactly the same and are
never touched up.
Compared with a professional studio setup, an integrated
system designed for biometric purposes should offer a minimum
of manual adjustments since the solution is already tuned to
meet the standards of ICAO and ISO/IEC 19794-5. One
important aspect is the fact that the applicant cant stand too
close to the camera since the perspective of the face changes
when it gets too close (geometrical distortion). A robust
enrolment solution should have a distance sensor integrated to
make sure the distance between camera and applicant falls
within the specifications. Seventy centimeters is normally the
minimum to prevent perspective distortion. If the applicant is
too far away from the camera, there is a risk that the cropped
photo will not have a sufficient pixel ratio.
The travel document industry has been very equipment-focused
and it needs to start focusing on the outcome rather than the
technology behind it. Before, industrial digital cameras didnt
deliver enough photo quality, so there was a preference to use
digital consumer system cameras, allowing for huge variations
in photo settings and personal photographer preferences.
Technology has evolved quickly and many industrial digital
cameras meet the ISO 19794-5 requirements today. The
requirements should be based on the desired result and the
delivered data, not the equipment behind it. Training enrolment
officers to become professional photographers may be fun for
some, but the focus should be on governance and security,
rather than photographic artistry. The industry needs to
understand that they are buying quality biometric data, not
artistic photographs.
Another significant drawback of using consumer cameras is that
their life cycles tend to be short, with support for Software
Development Kits (SDKs) being withdrawn from one day to the
next without notice. Industrial cameras have longer life cycles,
in terms of both hardware and software. Imagine signing a
contract for service or system availability for a biometric
enrollment system based on consumer components for five
years with optional extension. Your supplier needs to keep an
impressive stock of spare cameras to be able to ensure service
over this long time period in order not to have to swap camera
models and make major changes to software and hardware.
Lower rejection rates with live enrolment
The process of capturing all biometric data at one time (eg face
photo, iris, fingerprint and signature) is called Live Enrolment.
This method ensures that the captured data is securely tied to
the applicant while saving the applicant time, collecting all the
data in one go. To ensure that the biometric data capture system
meets the required standards of biometric face photos it needs
to have an integrated data quality assurance. The applicant
shouldnt be the one to decide the quality of their biometrics.
The same goes for fingerprints, but out of tradition, applicants
tend to want to look good on their passport pictures. To ensure
standards compliance, we need to use a software component
to decide whether a photo is approved or not. Integrated
software applications approve photos that meet standards and
refuses photos that dont (eg hair across eyes, eyes closed, eyes
tilted, busy background, not centered, flash reflection on skin,
redeye, shadows behind head, shadows across face, glare on
glasses, shadows on face, and more).
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 46
Bi omet ri cs
Enrolment tenders should simply focus on the generation of
standardized, homogenous ISO-/ICAO compliant face photos
and leave camera specifications and possible user settings out,
as this will eventually lead to non-desired results. In cultures
where the representation of an applicants face is very sensitive
this is obviously a challenge but experience shows that this is
something people will get used to. If you show up in front of a
passport inspector at a border control, the inspector will only try
and determine whether the person pictured is the same as the
person holding the passport. The bigger the discrepancy
between photo and holder, the bigger the risk that the inspector
will want to check more thoroughly, which may cost valuable
time for the traveller, causing even longer queues and
demanding more government officials time.
Photographers cant meet all the standard requirements with
homogenous results, since equipment, illumination, techniques
and personal touch differ from studio to studio. An obvious
problem with this approach is that most quality-assurance
software products have difficulties telling whether the photo
has been modified or retouched to make the applicant more
appealing. It will then be the responsibility of the officer to
make sure that the photo is representative of the applicant.
The challenge here is to have the officer hold a sensitive
discussion with the applicant regarding the representativeness of
the photo. The officer will then need to send the applicant away
to get a new photo which will cost time, money, and frustration
for both parties.
Live Enrolment, where biometric data is captured by the
authorities with immediate quality control, is not only the best
way of ensuring high quality biometric data with the strongest
possible link between applicant and data, but also saves huge
amounts of time for all parties involved as it offers one-stop
shopping for the document enrolment process.
In countries where the applicants bring their printed photos to
the enrollment office, rejection rates can be surprisingly high. If
quality assurance is not handled properly at the enrolment
office, it will be performed by the document supplier, who
receives applicant data and returns a non-compliant
notification. Then the entire process needs to be redone, with
even greater loss of time for all involved. Or even worse, when
documents with insufficient data quality are issued and sold to
the applicants.
With Live Enrolment and integrated quality assurance, rejection
rates are brought to an absolute minimum, while saving society
huge amounts of resources. Live Enrolment is also the best way
of ensuring a strong link between applicant and biometric data.
It is difficult to imagine an authority accepting printed
fingerprints by the applicant to be scanned and used in security
documents. Facial photos should be treated the same way.
This article was provided by Speed Identity, for further
information please visit:
Live Enrolment station capturing face photo, fingerprints, and signature.
47 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
There are many challenges facing todays border control
operators as they seek to process increasing passenger volumes
while accommodating the growing need for more intelligence
about who is entering or exiting the country.
Traveler traffic at EU airports rose 4.8% in 2011 compared to
2010, and this trend is predicted to continue over the next 20
years, with global traffic growing some 6% annually.
As the
number of travelers increases, it can be expected that it will
place greater stress on the current infrastructure at border
crossing points due to the fact that todays process is a largely
manual one with limited automation. Frankfurt Airport, for
example, on an average day processes 155,000 passengers.
Given a standard number of border control personnel, this
places a heavy burden on operators to process and screen
travelers in a timely and efficient manner, while ensuring a
courteous experience and not missing those individuals that
require further processing or denial of entry or exit.
The dual objective of facilitating travel and maintaining security
requires the introduction of new approaches and innovative
solutions to border management. The notion of automating as
many administrative border control stations as possible is an
obvious solution and one that is currently being driven by
Frontex within the European Union. The implementation of
Automated Border Control (ABC) systems at a number of
European airports serves as an integral part of the effort towards
a fully automated border control process.
ABC Gates - all problems solved?
Automation is a key element to achieving a secure, rapid, and
cost effective border control inspection process in the future.
But is the current equipment for border control designed to be
used in ABC gates? Is maximum security and efficiency being
achieved with the existing solution? In taking these questions
into consideration, automation proves to be only one part of a
complex, total solution. The optimal system delivers the
maximum security level in a timely and efficient fashion.
Is current level of security sufficient?
During an inspection, the border agent or ABC gate has to
make sure that the traveler belongs to his presented credential;
this procedure has two steps. First, authenticating the credential
document itself, and second, validating the biometrics of the
traveler against the template stored on the credentials chip. In
evaluating ABC gates performance in these two steps it can be
determined that they do not conduct a thorough authentication
of the credential, thus creating security risks. This is due to
either the use of a document reader with a low resolution
optical channel, which doesnt allow a check of the documents
optical security features, or by not performing the ICAO PKI
security protocols. The first issue can be solved by simply using
document readers with a minimum resolution of 500ppi
or higher, which is recommended, and a standard set of
light sources (Vis, IR and UV). The second issue is not as
simple to resolve as having an ISO 14443 compliant
contactless smart card reader is a matter of properly
implementing the inspection system.
These security concerns
are well-known and recognized by Frontex and there are
already good, existing examples of how to do it right, such as
the EasyPass Gates at Frankfurt airport.
While properly
conducting the authentication process eliminates some security
risk, other gaps in security remain.
Almost all ABC gates currently in use support facial recognition
as part of the biometric authentication method to check if the
document belongs to the traveler who presented it. The strength
and performance of facial recognition compared to other
biometrics is weak, which is one of the reasons that most
European Union member states introduced the second
generation ePassport that includes fingerprints.
As of yet, fingerprint verification is not in use and represents a
gap between the current levels of security and what could really
be achieved. In order to read the fingerprint templates from
an ePassport requires implementing a PKI structure as well
as the protocols to exchange the necessary certificates. While
all of these required implementation tasks and protocols are
well defined by the EAC (Extended Access Control) standard
definitions, to capture the fingerprints of the traveler requires
integration of a fingerprint capture device. While simply
integrating a fingerprint device into the solution may seem like
an easy fix, the reality is that implementation and hosting a PKI
system for EAC is neither a simple nor inexpensive task. And for
this reason, fingerprints are currently not in wide-spread use in
ABC gates.
Is current technology ready for ABC gates?
For typical travelers, the current ABC gates represent a kind of
mystic technology with a high potential for a poor user
experience simply because they do not understand how to use
it. Technology needs to be intuitive, much like the user-interface
of an iPhone, otherwise the potential for confusion and
dissatisfying experience is high. It is easy to see how confused
travelers become when they attempt to place their passports on
the document reader of an ABC gate. They have little
understanding of how to do it correctly. While it is quite simple
to implement a solution for this problem by adding hardware to
guide the document into the right position or packaging
By Roberto Wolfer and Michael Weisbach, Cross Match Technologies GmbH
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 48
Bi omet ri cs
software that accommodates misaligned credentials, which are
both found in the new Cross Match Authenticator. This concept
is not only true for the document reader technology, but
becomes even more complex when capturing fingerprints.
An ABC system is, by definition, a self-service kiosk with no
explicit trained personal to advise users on how to capture their
biometrics. Therefore it will require comprehensive user
guidance, which enables even the untrained user to capture his
or her biometrics in an intuitive, efficient, and rapid manner. In
other words, the capture system must provide the best user
experience possible.
Current user guidance for fingerprint capture devices are based
on LEDs and some audible feedback but were not purposefully
designed for self-service scenarios, but rather for an attended
or supervised capture process. Therefore existing livescan
devices are not ideally suited for integration into ABC gates
without a loss of overall gate performance and negatively
impacting the travelers experience while capturing the
Figure 1: Examples of current UI Elements for FP capture devices
How to do it right?
Lets have a closer look at what usability really means to a
traveler in order to evaluate the usability of current fingerprint
capture devices as well of the next generation devices.
ISO9241 is a multi-part standard from the International
Organization for Standardization (ISO) covering ergonomics of
human-computer interaction. According to the standard,
usability can be defined as the combination of the following
major parameters:
- Effectiveness
- Efficiency
- Satisfaction
- Learnability
- Memorability
With regard to fingerprint capture devices these parameters can
be utilized as the metrics to measure the usability of not only
the fingerprint capture device, but also the system.
To achieve the best usability it is important to consider not only
technologies when designing and developing the system, but
also human parameters such as height, age, gender,
language, culture, disabilities, etc.
System Design
A technical system consists of several major design elements
with two of them essential to usability. They are Interaction
Design and the Interface Design.
The Interaction Design defines the communication between the
system and the user during operation. Figure 2 shows an
example for the necessary interaction while capturing
Figure 2: Interaction while capturing 4 flat fingerprints
49 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Bi omet ri cs
Where the Interaction Design defines the communication
between the machine and the user, the Interface Design defines
how the communication for each necessary interaction is done.
For example, Figure 1 shows the interfaces of current fingerprint
devices consist primarily of LEDs permitting limited interaction.
These findings are the result of proprietary field studies, as well
as the review of several other studies, such as NISTs Usability
testing of ten-print fingerprint capture and IEEEs Interactive
quality driven feedback for biometric systems.
Process Analyses
Lessons learned from proprietary field studies and public studies
indicate that the key element for interaction while capturing
fingerprints process is not only to provide feedback about the
current state, but also about the desired state. Implementing a
user interface which provides feedback about the desired state
requires a completely different approach and technology than
just providing a simple, current capture state.
It is helpful if the complete interaction process is segmented into
its atomic fundamental tasks and states, not only for the capture
a single fingerprint, but also for the complete fingerprint capture
workflow. Once the complete interaction process is analyzed,
the different states within the capture process need to be
analyzed. It is crucial to address not only position of fingers, but
also contrast, movement, number of fingers, and more.
The last essential step is the definition of what feedback is
required and how to provide it for both the current and the
desired state.
A new UI approach
To provide feedback for both current status and desired status
requires a break from the traditional Interface Design for
fingerprint capture devices.
As a result of our proprietary research, the decision was made
to implement a new user interface using three fundamental
1. Feedback must provide a realistic view of the capture
platen and must display the feedback in real-time;
2. No live image of the fingerprint should be displayed, as
this provides no valid feedback for an untrained user;
3. Instead of static symbols and text based feedback, anim
ated real-time interaction should display on a screen,
allowing the user to immediately visualize what they are
being requested to do.
Following those simple design principles, the risk of misinter
pretation is considerably minimized. Figure 5 shows two
examples of the real-time feedback of the current and the
desired status while capturing flat fingerprints of the left hand
and both thumbs.
Figure 3: Live Feedback while capturing 4 flat fingers and thumbs
with the new Guardian
Leveraging this new user interface approach, both the latest
Guardian ten-print livescan fingerprint capture device as well
as the new Cross Match Authenticator secure credential reader
device, are optimized for use in next generation ABC gates. This
unique approach enables maximum efficiency and security at
any high-volume border control checkpoint. This unique
approach allows for the processing of travelers in a minimum
amount of time and improving the overall experience; reducing
cycle times and costs-per-traveler; while enhancing the
travelers experience.
(1) Boeing, Current Market Outlook 2012-2031 Long Term
Market, 2012.
(2) Frontex: Best Practice Guidelines for Automated Border
(3) eId Credentials: Getting it right at the border by G. Hasse
(4) J. Garret: The elements of User Experiences, User centric
design for the web, 2003
(5) Theofanos et al: Usability testing of Ten-print fingerprint
capture NISTIR 7403, March 2007 and Wong et al:
Interactive Quality driven Feedback for biometric systems
IEEE BTAS, 2010.
For more information please visit
An ABC system is, by definition, a self-
service kiosk with no explicit trained
personal to advise users on how to
capture their biometrics. Therefore it will
require comprehensive user guidance,
which enables even the untrained user to
capture his or her biometrics in an
intuitive, efficient, and rapid manner...
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 50
ePassport s
heres no doubt that todays ePassports which make full
use of leading-edge technologies can both beef up
border control security and improve throughput at some of
the worlds busiest checkpoints. But the technology can provide
the superior levels of security needed for the 21st century only
if border control staff actually bother to check the digital
certificates stored in the electronic machine-readable travel
documents (eMRTDs).
Todays sophisticated travel documents contain a raft of
electronic and optical security features that are necessary for
countries to protect their borders. Optical techniques will always
be important because if the ePassports security chip is broken,
the document itself will remain valid. But electronic features that
can be used to detect whether or not a document is genuine
must not be overlooked. The sad truth is that many systems
integrators forget to tell border authorities about this technology,
how it works and why its so important, creating a false
impression of security.
Electronic security
ePassports store the passport holders data as data files on the
chip. Data access is protected by access control mechanisms,
while data integrity is protected by a digital signature supplied
by the passport provider. However, what many border authorities
do not realise is that if they dont perform full certificate checks
to ensure the document signing certificate is from a trusted
source, they could be letting a functioning passport that has
been falsified pass through their borders.
Whats more, some authorities do not know about passive
authentication (PA), so they havent introduced checks at the
border. PA detects if the passport chip data has been modified.
The chip holds a file that stores the hash values of all the files
it contains (such as the passport-holders picture and finger
prints) and a digital signature of these hashes. The digital
signature is made using a document-signing key, which itself is
signed by a country-signing key. If a file in the chip (for example,
the picture) is changed, this can be detected since the hash
value will be incorrect.
With an increasing trend towards automated border controls,
there is a greater need than ever to be sure that a document
isnt a fake and hasnt been altered in any way. The use of
automated systems means that with the first-line inspection you
can no longer rely on your well-trained and experienced staff to
detect a fraudulent document based on a hunch, such as
noticing that the document holder is acting suspiciously or
recognising that some of the traditional security features dont
look quite right. Instead, systems need to be put in place to
ensure that the document is properly checked the moment it
enters the destination country. This is particularly important in
Europe, where entry into one country in the Schengen area
automatically allows free movement between other states that
are part of the scheme; just one weak border post could
ultimately put the whole continent at risk.
Evolution of PKI
Many people are familiar with the general concept of public key
infrastructure (PKI) technology. It has traditionally been used in
internet transactions, where keys need to be trusted across a
broad range of users and organisational entities. This has
resulted in elaborate key certificate systems, where public keys
are issued in certificates which are digitally signed by trusted
issuing organisations called Certificate Authorities (CAs). This
trust is further reinforced by higher level CAs as part of a trust
hierarchy. It is also necessary to have Certificate Revocation Lists
(CRLs), which indicate if a key (certificate) has lost its validity. By
revoking a certificate and publishing this revocation in a CRL,
the certificates issuer informs receiving parties that the contents
can no longer be trusted.
The International Civil Aviation Organization (ICAO) points out
that its operating environment is different from these commercial
ones. As a consequence, the ICAO has specified a customised
approach, known as the ICAO PKI scheme. This specifies a two-
layer certificate chain, enabling an inspection system to verify
the authenticity and integrity of the data stored in the eMRTDs
contactless IC. The root (highest level) CA in this scheme is the
Country Signing CA (CSCA), which authorises Document
Signers (DS) to digitally sign the Document Security Object
(DSO) on the contactless IC. The CSCA certificate is distributed
between states. The DS certificate is published on the global
ICAO Public Key Directory (PKD) and/or stored on the eMRTDs
contactless IC. CRLs are published on the PKD and exchanged
between states.
The ICAO says its PKD acts as a central broker managing the
exchange of certificates and CRLs. This central role is critical to
minimise the number of certificates being exchanged, to ensure
timely uploads and to make sure technical standards are
adhered to, to ensure interoperability is maintained.
By Georg Hasse, Senior Product Manager and Michael Schlueter, Head of Software
Development, Electronic Identities, Public Sector, secunet Security Networks AG.
Certifying security
51 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
ePassport s
The nuts and bolts
The introduction of eMRTDs normally means including
biometric data as well. Just like traditional optical data, this
electronic data has to be secured against manipulation and
unauthorised access. Usually, this protection is achieved by
means of PKI mechanisms. The backbone of the security
structure for eMRTDs consists of two comprehensive PKIs. While
the ICAO-PKI ensures the authenticity and integrity of the
documents, a second PKI, the Extended Access Control (EAC)-
PKI, is needed for enhanced access security for more sensitive
data such as fingerprints. The exchange of the required
certificates makes modern border control highly complex.
When ICAO Doc 9303 which contains the organisations
specifications for MRTDs was initially published, it specified
that CSCA certificates had to be exchanged between states
without providing detailed specifications of how to achieve this.
But during the first few years of states issuing ePassports, it
became clear that the lack of such specifications produced a
wide range of interpretations and inefficient processes.
To address this, the ICAO has published a technical report on
CSCA countersigning and Master List issuance. This highlights
an approach where countries create a list of received and
validated foreign CSCA certificates. This so-called Master List is
countersigned by each country and published via the ICAO
PKD, to support the distribution of self-signed certificates
between nations.
Only authorised organisations have access to the sensitive
biometric data (such as fingerprints) stored in eMRTDs.
Therefore, the requirements for access control and communic
ation confidentiality have been specified within the EAC-PKI.
The EAC-PKI describes the security mechanisms which allow an
eMRTD to verify an access request by itself. To access eMRTDs
from other countries, you have to be equipped with the
corresponding rights. To obtain those rights, EU countries have
agreed to accept the Czech Standard CSN 369791:2009 as
the common communication protocol.
When looking for a PKI solution, you need to choose a supplier
that can meet all the requirements for issuance, infrastructure
and control. This includes the international exchange of
certificates and other relevant information.
Whose responsibility?
The security of identity documents is the responsibility of
everyone in the chain from the organisation that issued them
to the border control official who checks them and allows
travellers to enter a country. The chain is only as good as
everyone involved in it and any weaknesses can be easily
exploited by criminals.
Modern ID documents which digitally store personal data on
an integrated RF chip make the prospect of automated border
controls establishing mobile controls quite feasible. But before
these new processes can be implemented, 194 states worldwide
must exchange information such as certificates with each
other and details of an estimated one billion flights per year, as
well as land and sea travel. Each nation keeps a list of these
certificates. For example, Germanys 15 August 2013 Master
List contains 141 CSCA certificates and CSCA link certificates
from 54 countries, and is also used by other countries.
ePassport PKI in a nutshell
Understanding how the various components of PKI technology
work in ePassports is essential to understanding how and why it
should be adopted.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 52
ePassport s
The general access protection for the data stored inside
the eMRTD is implemented by the BAC or PACE mechanism.
Using these protocols, a secure communication channel is
established and the data printed on the document is needed to
access the data.
Extended Access Control (EAC) provides additional security
mechanisms to ensure that only authorised organisations can
grant access rights to Inspection System (IS) for specific sensitive
eID data, such as fingerprints.
These access rights are granted by card-verifiable certificates
(CVCs). Their three-layered infrastructure consists of a national
trust anchor (Country Verifying Certificate Authority/CVCA) that
is connected to authorized Document Verifying Certificate
Authorities (DVCAs). DVCAs issue short-term IS certificates to
the actual inspection system.
For international EAC certificate exchange, a centralized
interface called the Single Point Of Contact (SPOC) has been
defined. The SPOC receives certification requests from foreign
countries and connects the DVCA to the corresponding CVCA.
The authenticity and integrity of an eID can be checked by
verifying its datas electronic signature. The ICAO has
introduced the mechanism used for this validation: passive
authentication (PA). A complete PKI with the CSCA as the
national trust anchor and the DS as the document manufacturer
has to be provided. The exchange of certificate data can be
processed via the ICAO-PKD.
Choosing a partner to provide software products for PKI means
selecting a company that fully understands all those issues. This
means finding a partner that can supply ICAO-PKI-related
products such as CSCA and DS services, as well as components
which fulfil the requirements of the EAC-PKI, such as CVCA and
DVCA services.
Checking certificate validity is a quick process. According to the
results of Germanys EasyPASS automated border control
scheme, the average time taken to read and check ePassport
data using both optical and electronic checks is just five six
seconds. Whats more, electronic document checks proved
reliable, with less than 0.1% of travellers rejected due to the
failure of the checking system. The availability of CSCA
certificates is central to this. As those involved in the pilot point
out, it is necessary to have a combination of different checks
to ensure the border control process is secure, and fully
Name Purpose
Country Verifying Certification
Authority (CVCA)
The base of the EAC infrastructure. It issues the CVCA root certificates as well any DV-
Single Point Of Contact (SPOC) As a centralised interface, the SPOC allows certificate exchange within the EAC PKI.
The international level is defined by the CSN 369791:2009 standard, while the
technical guideline BSI-TR-03129 handles the national communication level.
Document Verifying Certification
Authority (DVCA)
The EAC infrastructure requires at least one instance of a DVCA. The DVCA issues IS
certificates to any associated document-reading system. The DVCA supports all
cryptographic algorithms to ensure full interoperability with foreign and national
Inspection System (IS) The actual reading system that performs the document verification procedure. The IS is
responsible for performing all security mechanisms (especially passive authentication).
Terminal Control Centre (TCC) The TCC is a specialized variation of an IS. The centralized TCC implements the
primary security mechanisms such as passive authentication and EAC terminal
authentication to reduce the complexity of the verification process. The actual reading
terminals are connected to this centralized system.
Country Signing Certification
Authority (CSCA)
The CSCA serves as the trust anchor for the ICAO-PKI. It issues a country root
certificate as well as the DS certificate for organizations issuing eIDs.
Document Signer (DS) The DS is responsible for the creation of digital signatures which ensure the
authenticity and integrity of the electronic data stored in the eID. Its main purpose is
the creation of a digital signature to ensure the documents data integrity and
PKI glossary
ePassport s
checking eMRTD electronic security features ensures a high level
of reliability.
The technology in action
The Latvian Ministry of Interior is renewing its existing PKI for
ePassports and issuing new national ID documents. As part of
this project, the PKI is being extended with a central
infrastructure for checking the validity of these documents. As a
result, the new system enables eID documents to be issued, and
to be verified at border controls and Latvian consulates
worldwide. The integrator is using a solution that provides the
complete range of functions required for the Latvian national
PKI: it includes the systems needed for issuing national identity
documents that conform with international ICAO regulations as
well as the EAC-PKI components used to verify international
eIDs. The products flexible design means it fully meets the
specific requirements of the Latvian government, while at the
same time providing a secure and reliable system.
The current document verification process shows the importance
of comprehensive use of the security mechanisms provided by
modern travel documents. In particular, its essential to properly
use the certificate infrastructure, which is vital for reliable and
secure verification procedures (especially for passive
As recently stated by Dr. Uwe Seidel (German Federal Criminal
Police Office): A modern document verification process needs
to comprise state of the art electronic and optical security
mechanisms. Especially the proper implementation of Passive
Authentication for proofing integrity and authenticity of
electronic data is indispensable for a secure border control.
The main challenge to establishing a document verification
infrastructure is still the international distribution of CSCA
certificates. The Master List concept plays an important role
in this process. It is still a time-consuming process for each
country to collect and validate the different CSCA certificates.
Even after the initial certificate exchange, it is important that
countries are notified when a new CSCA certificate is used by a
country before the corresponding travel documents are
presented at the border.
A new approach could be the provision of an independent
Master List by, for example, the ICAO or other international
bodies such as the European Commission.
For more information email: or
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 54
Border Cont rol
recently took a business trip to New York and my experiences
of immigration security at London Heathrow and New York
JFK airport could not have been less similar. Any regular flyer
knows to expect that no experience will be exactly the same.
If you arrive on a Saturday morning, youre going to get a
longer and less efficient queue than Wednesday lunchtime.
However, what struck me was the extreme difference between
how immigration security was implemented on either side of
the pond.
Passengers arriving at Heathrow are given a clear choice. If you
have an e-passport compatible with the automated gates and
feel confident using them, you can do that. The machines scan
your passport for authenticity and use facial recognition
technology to verify your identity against your passport photo.
If you dont want to use the machines or have an older,
incompatible passport, you have to be seen by an immigration
officer who will scan your passport and verify your identity
manually. Similarly, if you try to use the machine and cannot
be verified, you are ushered towards an immigration officer who
carries out this standard check. Its a relatively fast experience
on the whole, and is only really made more time consuming by
low staffing levels and unmanned booths or technical issues
with the automated gates.
The scenario at JFK was in almost the complete opposite. Firstly,
there is no choice regardless of your passport type the same
system is used for everybody. Each passenger has his/her
fingerprints (thumb and forefinger) scanned and stored in a
database. They then have their photograph taken and are
assessed by a facial recognition system. Once this is complete,
their passport is checked thoroughly by an immigration officer
and scanned. Lastly the immigration officer asks some
unobtrusive questions about the passengers reason for visiting
the US. For example, I was asked why I was visiting and where
I was headed when I left the airport.
This approach can fairly be considered best practice as it carries
all the benefits of using the latest approved authentication
technologies as well as allowing the professionally trained
immigration officers to study the body language of the
passenger and conduct a more thorough check of the
passengers personal details and history. Despite this, it can be
By Andrew Gilbert, Business Development Director, Ingenia Technology
....... a multi-layered approach is essential to national security ....... a multi-layered approach is essential to national security
enforcement and people must be nurtured into accepting the enforcement and people must be nurtured into accepting the
process they are expected to endure for the sake of their own process they are expected to endure for the sake of their own
safety. However, the technologies within this multi-layered safety. However, the technologies within this multi-layered
approach must add value to the process as well as speed it up. approach must add value to the process as well as speed it up.
55 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Border Cont rol
extremely time consuming depending on the volume of
passengers arriving at one time.
So, the question I would like to pose, having waited one hour
and forty-five minutes to pass through immigration at JFK (a
particularly extreme experience) is whether there is a middle
Modern technology should make the process faster
Most people know deep down that security has to be the priority
and as someone who has worked within the security industry for
some time, my personal view is that a multi-layered approach
must be taken to any kind of authentication whether its
people at immigration security or products in a supply chain.
However, for business people being kept from important
engagements and holiday makers that want to get through the
airport as quickly as possible after a long flight, the allure of
feeling secure is eroded by what can be an extremely long and
arduous process.
When it comes to speed, the model used at Heathrow is rather
painless and certainly more extensive use of modern techn
ologies can bring significant benefits to the immigration security
arena. It can decrease the possibility of human error and
provide a more accurate way of tracking the history of people
travelling regularly or those suspected of criminal activity.
However, while new technologies can increase the speed of
the process we should be clear that there are potentially
some flaws in a system where passengers are barely exposed
to interaction with human law enforcers. The electronic pass
port scanners check the photo page of the passport for
legitimacy and verify that the person using the document is who
it says they are. What they do not do is provide additional
information on that person, or indeed the secure document,
such as whether the person is supposed to or allowed to be
where they are and indeed whether the rest of the passport is a
legitimate piece of documentation.
Actually, its important for immigration officers to be involved
in the process too. It is not simply a case of making sure the
person looks like the photo on their passport. These are trained
professionals who can tell from a persons body language and
mannerism whether they should be questioned further. This is
one of the reasons for the seemingly innocuous questioning at
JFK. Officers can also authenticate the entire document for
legitimacy and highlight any discrepancies within it, as well as
scan it against an electronic passport reader. Furthermore, the
human officers can use any intelligence that has been passed
onto them of whether any passengers on the flight are suspected
of criminal activity or whether they should be watching out for
any particular people.
There is no getting away from the fact that, time consuming
as it is, the JFK model covers all the bases that we can
currently cover and that security processes that do not
combine both technology and human intelligence do not
adhere to best practice.
The problems with a fully integrated approach
However, while such a fully integrated approach may be best
practice, it is important to recognise that there are other factors
that need to be considered when attempting to find the best
balance between providing the highest possible security and
speed and convenience for passengers. In particular it is not
just the people waiting in line who know full well that they have
nothing to hide who are likely to be annoyed by excessive
waiting times at immigration.
Airport operators ideally dont want people to be held up so
severely for a number of reasons. A security process as stringent
as the one used in New York slows down throughput massively,
which has a knock-on effect on flight operators, airport based
businesses and the local tourism economy.
For flight operators, although the immigration security experi
ence is nothing to do with them, from a customer service
perspective, customers may naturally associate them with a poor
experience. So, even if they dont put a foot wrong, the pass
enger may well leave the airport on the other side feeling that
they have not had the flight experience they were hoping for.
Increasing the amount of time passengers spend in immigration,
cut off from the rest of the airport, is also an issue for airport-
based shops looking to entice the high footfall of potential
customers with duty-free prices and convenience items. If it only
takes 10-15 minutes to pass through immigration, passengers
are far more likely to allow themselves to be distracted by a
shop they pass by. The longer they spend at immigration, the
more they are likely to want to get out of the airport as soon as
possible, especially if they have been made late for an
engagement or have pre-booked travel arranged. If stores
begin to see the value of locating at certain airports because of
these issues, the airport operators stand to lose out.
Similarly, the airport itself has a customer service commitment
to uphold. Whether people see that strict security measures are
for the greater good or not, a bad experience is a bad
experience and it will soon show financially if people avoid
travelling to certain airports for fear of standing in the
immigration area for what seems like an eternity. Again, flight
operators can be selective about what airports they base
themselves in, and they are likely to opt for the most popular
locations for their own financial gains.
Potentially the most important reason is that airport operators
have their own budgets to work to and may not be able to
justify the expense of a fully integrated approach. Investing in
modern technologies may have to come at the expense of
Using cutting-edge track and trace technology to
complement the current facial recognition or
biometric systems can not only provide a more
secure way of authenticating a secure document,
but also speed the process up.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 56
Border Cont rol
immigration officers, the same as airports already employing a
large, competent team of professionals may not see the benefits
of embracing new authentication technologies. Both systems
also come with their own pitfalls in terms of cost. Employing
human beings means booths will be unmanned while members
of staff take breaks and that resources may be stretched when
staff take holidays or sick leave. On the other hand, electronic
systems need constant maintenance and must perform reliably
in order to achieve a return on investment in terms of time
saving and competency.
Addressing the need for speed and security
Despite the potential costs associated with a fully integrated
multi-layered approach in terms of passengers time and airport
operators budgets, the issues of security, counter-terrorism and
border control are not to be taken lightly. Its easy to forget when
youre standing in line for an hour that actually these processes
are in place for a very good reason. Counter-terrorism and
immigration control are sensitive issues and international border
controllers are under pressure from national governing bodies
to provide the greatest level of protection against external and
internal security threats. Its not about adhering to a process full
of red tape, but the safety of a nations citizens and indeed those
who are travelling. Ultimately, it should be recognised that the
effectiveness of national security is in the best interests of a great
deal more people than the speed of which it is enforced.
Perhaps a greater deal of transparency is required from the
bodies enforcing these security measures as to why they are
necessary to educate the general public about the issues being
addressed by security processes. If more people actively bought
into the checks being made and lobbied for security processes
to follow best practice, exceptionally arduous experiences may
be accepted more willingly. It is also important that universal
standards are agreed on so that travellers know exactly what to
expect everywhere they fly.
However, the issues with the approach taken at JFK and similar
outlined above are legitimate ones and there is also a public
duty to ensure security measures are carried out efficiently
enough to ensure people are not being unnecessarily delayed
or deterred from flying to certain airports or indeed at all.
Existing technology systems, in my opinion, are not yet
sophisticated enough to completely replace the role of a highly
trained immigration officer. In fact, that point is still probably
quite some time away. It is important that immigration security
measures consider as much information as they have available
to make an informed decision on who is coming in or going
out of a country. The facial recognition systems being used right
now do not assess enough. It is important that secure document
ation is authenticated and tracked as completely as the human
being it is assigned to.
Using cutting-edge track and trace technology to complement
the current facial recognition or biometric systems can not only
provide a more secure way of authenticating a secure docu
ment, but also speed the process up.
For example, there are already technologies available
that can identify whether a secure document is legitimate
or not and exactly which document it is based on a
unique digital signature developed by its surface structure
at a micro level. By tracing documents in this way at an
individual level, combined with biometric authentication
techniques such as facial recognition and fingerprinting,
it is possible to determine not only whether a document
is authentic, but also that a specific document belongs to
a specific person and whether the entire document has
been previously passed as legitimate.
As databases grow more sophisticated and searchable,
further information attached to these secure documents
can be stored and assessed more efficiently and securely.
This provides immigration officers with more information
on which to base their judgement or a persons legitimacy
and ultimately help them do their job faster and more
effectively. While stripping away immigration officers
completely is actually subtracting a vital layer of security,
it is possible to add layers that help them carry out their
part of the process far more quickly and assuredly.
To conclude, a multi-layered approach is essential to national
security enforcement and people must be nurtured into
accepting the process they are expected to endure for the sake
of their own safety. However, the technologies within this multi-
layered approach must add value to the process as well as
speed it up. The authentication of secure documents should be
taken as seriously as the person itself, and new technologies
should be embraced to carry out fuller checks of documentation
and provide immigration officers with as much information as
possible for them to work with.
For more information email:,
visit or tel: + 44 207 256 9231
57 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Hol ography
The first metallised hologram to appear
on an ID document was in 1984 on
United Nations passports these were
simple authentication devices on the
cover quickly followed by passports for
Brunei and Iraq, where the hologram
appeared inside the passport, but still as
an authentication device as opposed to
protection for the personal data.
It wasnt until the 1990s that the first all-
over transparent hologram appeared on
a passport, this time on passports held
by United Arab Emirates nationals. In
this instance, the hologram was used not
only as an authentication feature but
also to protect the bio data contained
within the passport. This required the
development of new techniques for high
refraction index (HRI) coating of the
hologram. This marked a turning point
because from this time onwards the
number of passports issued with
holograms as a laminate to protect the
biodata page as a combined protection
and authentication device steadily
increased, so that now there are very few
recent issues that use a hologram only as
an authentication device.
In 1999, the European Union drafted
security standards for passports which, in
2004, were incorporated with EC
Resolution No 2252/2004 for minimum
standards. These stipulated that An
optically variable (OVD) or equivalent
device, which provides the same level of
authentication and security as currently
used in the uniform visa format, shall be
used on the biographical data page and
shall take the form of diffractive structures
which vary from different angles
incorporated into the hot-sealed or an
equivalent laminate (as thin as possible)
or applied as an OVD overlay, or stickers
on a non-laminated paper inside page
(as metallised or partially demetallised
OVD with intaglio overprinting) or
equivalent devices.
Another major driver for the inclusion of
holographic technology on ID docu
ments came in 2002 when the ICAO
(International Civil Aviation Organis
ation) specified that passports should
feature optically variable devices like
holograms to combat counterfeiters,
particularly in the wake of 9/11. MRTD
t might be more than 65 years since the invention of the hologram but today the technology remains a potent
weapon in the ongoing battle against the counterfeiters and organised criminal gangs seeking to take
control of a multi-billion dollar trade in illicit passports, driving licenses and other fake ID documents.
Ian Lancaster, general secretary of the International Hologram Manufacturers Association (IHMA),
charts the rise of ID holograms over the last three decades since the first passport applications before turning
the spotlight on some of the latest developments which will ensure holography remains a relevant and
added value solution well into the future.
Innovation drives hologram ID document protection
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 58
Hol ography
(Machine Readable Travel Documents) of ICAO Doc9303, Part
1 Passports, 6th Edition. This states that When the biographical
data page of a passport book is protected by a laminate or
overlay, an optically variable feature (preferably based on
diffractive structure) should be integrated into the page. Such a
feature should not affect the legibility of the dataThe inclusion
of a diffractive optically variable feature is recommended to
achieve an enhanced level of protection against reproduction.
So with the regulations governing passport standards within the
European Union specifying holograms, plus ICAO also
stipulating an optically variable device, more and more the
technology is appearing as one of the front line weapons in
thwarting passport counterfeiting, with the majority of these
being the diffractive version. Today an estimated 80 countries
feature holograms on their national passports, and according
to a survey conducted by Keesing Reference Systems and
presented in Dubai in last year, 55 % of passports now use an
OVF optically variable device - to protect the data on
passports, and of this 67% are DOVIDS.
The overall production of passports is estimated to be 150-300
million per year. This may fluctuate annually, but is undoubtedly
set to continue growing as populations increase, and escalating
numbers of people travel abroad. This allied to the fact that all
ICAO member countries must now issue MRPs with ICAO
recommending the use of OVDs, all but guarantees a growing
market for holograms. Local factors will also see growth in the
number of passports, such as the requirement for travellers
between the USA and Canada to have a passport, not just a
drivers licence or other ID as had been the case up until not so
long ago.
Security shield
The role of a hologram on a passport and other identity
documents is principally to shield against the forgery of the
photograph and personal data, otherwise known as the
variable information. However, the ability of the hologram to
provide effective protection lies in the continuous innovation,
invention and evolution of holographic techniques. Both optical
effects and material science techniques have created
authentication devices that are easily recognised yet difficult to
copy accurately. They can be safely integrated within the
production process and stand up to the rigorous demands of
being in use for a period of anything up to ten years.
Of course virtually anything can be copied, and the holographic
industry continues to work hard to get the message across that
even the most sophisticated holograms can be reproduced to
some extent. The real debate is just how accurately can
holograms be copied? The answer is not very accurately at all,
and this is where the real value of holograms designed for
security applications should be appreciated. The intrinsic
features of holograms mean that the techniques and visual
effects make it difficult to copy 100% accurately an authentic
security hologram. This has ensured their success the
document they protect may have been counterfeited but,
whereas it can be relatively easy to simulate the effects of other
overt features, a poorly copied hologram is more often than not
the tell tale sign that all is not what it appears.
Because a passport is probably the most important identification
document, authentication alongside the protection of personal
data (name, date of birth and photo) must be guaranteed.
59 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Hol ography
Effectively, holograms serve not only as a deterrent and secure
means of protection and authentication, but also as a warning
that it might be counterfeit. Therefore, a hologram is not solely
to prevent counterfeits but acts as an effective detection device,
making it easier for the trained eye to distinguish the legitimate
from the fake.
Passport production and critically, personalisation is exacting
and has proved technically challenging for the holographic
industry. However, it is one that manufacturers are responding
to, with recent developments including a whole new generation
of personalised photopolymer holograms which match the bio
data contained within the passport.
One example of this is an innovative new technology from
Hologram.Industries called HoloID which combines ID
security with high speed in-line holographic personalisation.
Utilising advanced photosensitive material to create unique
colour patterns and animations, the technology provides precise
control and colour modulation to create portraits, among
other features. The information is recorded in the holo
graphic laminate and the printed data on the substrate,
providing an extremely high primary level of security that is
virtually impossible to falsify. At a secondary level, data in
the electronic chip also matches with the holographic and
printed information to provide an extremely high level of security
and authentication.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 60
Also making an impact in the battle for greater ID document
security is Hologram.Industries DID visual security device.
Visually quite different from traditional holograms, this is a zero-
order optical nanostructure combined with thin films. This is
basically a 2 colors diffractive image appearing at the direct
reflection angle which permutes when the document is rotated
90. The technology has so far been adopted by around 20
countries around the world, including China last year, meet the
requirement by authorities for a very easy to use but extremely
difficult to imitate security device to date, there has been no
reported attempts to counterfeit the technology or even imitate
its colour permutation effect.
We are also seeing smart, or e-passport solutions, coming to
the fore which combine print, optical and electronics security
features to ensure authenticity and user flexibility. These comply
with the requisite standards for international travel ID
documents and have overt and covert security features such as
visa pages containing custom paper and bespoke designs to
combat counterfeiting. Optaglios OVMesh is an example of
the latest generation of metallic holographic micro system of
protection for e-passports as well as other documents such as
ID cards and driving licenses against the threat of counterfeit.
This advanced technology can be incorporated as an integral
part of the overall design. It features materials and a structure
that combine to form a level of protection that also offers
greater scope for the design of security features in accordance
with the overall document design.
We are also seeing the development of holographic technology
that provides documents with visually appealing features,
coupled with added security. Here, technology like 3Ms
transparent hologram security laminate can offer protection
against any attempts at counterfeiting or alteration. It shows a
faint holographic image that indicates tampering while also
providing protection against the wear and tear of everyday use,
ensuring that printed information is readable and usable for the
document's intended life.
The Kurz KINEGRAM is an example of how the industry
creates innovative anti-counterfeiting solutions based on
established and successful products. In particular, there are
developments to use the technology to link with and protect the
RFID chips now used on passports to improve security levels.
One approach is to use a metallised KINEGRAM/moir
image combination with a transparent window. Here, when the
data page of the document is tilted back and forth about the
horizontal axis, the projected letters OK are seen to move up
and down with adjacent columns moving in opposite directions.
Although the contour-based letters OK show strong contrast
with respect to the background, these images cover very little
surface area and therefore allow for sufficient see-through
transparency to see the chip. Any attempts to physically tamper
with the chip module would then become immediately evident
through the destruction of the KINEGRAM structures.
Another method is to use semi-transparent KINEGRAM
elements with appropriate diffractive structures both above and
below the chip module so that when the card is viewed from
the top with back-light, the chip module can be inspected for
evidence of tampering or damage. This effect relies on the
interaction of the two DOVIDs placed on either side of the chip
module. The upper foil DOVID is demetallised into a pattern
of opaque and transparent linear raster, while the lower foil
DOVID is demetallised into a pattern of opaque and
transparent areas which forms images when viewed in
transmission information layer. In the example shown, a DOVID
with a fine raster of metallisation appears opaque when lighting
comes from above, however, when back-lighting is used, a
pattern of stars is seen in transmission along with a shadow of
the chip module. Therefore, any attempt to physically access
the chip module from either side of the document will become
visually evident.
Elsewhere, OpSecs Holofuse, a previous winner of the
IHMAs Best Applied Security Product category at the
Excellence in Holography Awards, is a holographic security
laminate layer for PC ID cards. It therefore requires no
additional card manufacturing stage, and the material bonds at
the molecular level. It thwarts ID and passport counterfeiting
because the holographic layer is essential and cannot be
removed from the rest of the card. Another interesting
development comes from Centro Grafico DG whose OPS
passport protection system provides passport data page
protection. The system is constructed as super-thin polymeric
membranes, which are specially formulated for infilling by
colour laser printers: after welding these membrane on data
page, it becomes practically impossible to alter personal data
without destroying it.
Future challenges
Its clear that holography continues to demonstrate an
unquestionable ability to adapt and move with the times,
remaining a highly effective and competitive counterfeiting
deterrent, protecting not only the integrity of identity documents
but adding real value in through more scope for design,
functionality and user ease-of-use. The challenge remains, as
ever, for manufacturers to respond to changing customer
requirements and keep one-step ahead of competing
technologies through research and development and
innovation. If the evidence of the last few years is anything to go
by, then the future for holography in ID document security
remains assured.
The International Hologram Manufacturers Association (IHMA)
is made up of nearly 100 of the world's leading hologram
companies. IHMA members are the leading producers and
converters of holograms for banknote security, anti-
counterfeiting, brand protection, packaging, graphics and other
commercial applications around the world. IHMA member
companies actively cooperate to maintain the highest
professional, security and quality standards. More at
Issued on behalf of the IHMA by Mitchell Halton Watson Ltd.
For further details contact Andy Bruce on +44 (0) 191 233
1300 or email
Hol ography
61 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Mobi l es
iOS and Android devices have started a megatrend in mobile
security and the driving force is the user. Smartphone and
tablet users are fascinated by how these tools revolutionize their
personal and business lives.
But the harsh reality is that corporate data is not secure on
mobile devices. Smartphones and tablets get lost or are
targeted by hackers, and data communications often take place
in unsecured public spaces (such as airports). Moreover, existing
security measures often do not provide adequate protection.
The challenge for IT departments at the enterprise level is to
create a protected area on mobile devices to hold important
business data and reliably protect this valuable resource against
unauthorized access.
Even when employees are banned by their companies from
accessing business data with their iPhones and iPads, they still
find ways of doing so by using, for instance, private email
accounts or online services such as Dropbox. They often simply
do not understand the security risks associated with doing this.
What is needed is a controllable solution so that business data
is accessed in a secure way.
Enterprise IT executives may find themselves dreaming of a day
in the future when smart cards will provide a genuinely secure
solution that allows user-friendly access to confidential company
data and sensitive information using mobile devices with the
same level of protection afforded on the desktop. Fortunately,
thanks to the latest hardware and software developments in
authentication technology, that dream is now a reality.
Meeting mobile security challenges
What is it about mobile devices that, more than anything else,
keeps enterprise IT executives awake at night especially in
todays increasingly bring your own device (BYOD) environment?
No doubt, the biggest security worry about mobile devices for
enterprise IT executives is how to be sure that a device is in the
safe hands of the right person. Are the actions being performed
on that device authorized? Another concern is maintaining
secure communications when mobile devices are connecting
with WiFi.
These concerns translate into three main mobile security
How to authenticate who is able to access enterprise
How to ensure the security of enterprise data; and
How to keep the back-end of the system secure.
Today we are dealing with a host of BYOD devices, including
smart phones and tablets, which are not standardized and much
more difficult to integrate. In fact, with so many operating
systems and data platforms, it is no longer possible to maintain
standard integration and data profiles. There is mounting
pressure on IT enterprises to find a way to integrate and manage
this proliferation of mobile devices.
By Dr Raoul-Thomas Herborg, CEO, Virtual Solutions
and Patrik Lindeberg, COO, Precise Biometrics
Enabling secure use of
mobile devices
at the enterprise level
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 62
Mobi l es
But the shift in the mobile communications industry toward
increased convenience and personalization is hard to stop and
organizations are looking for a way to work across all platforms
and tie convenience to security.
Effective enterprise-level management of mobile devices must
do more than allow for various security levels and ensure end-
user authentication. It also needs to maintain the quality of
end-users experience by integrating work and personal digital
space on a single device and providing ease of use and
convenience. At the same time, mobile device management
may also have to handle persistent data across multiple
platforms and protect end-users private information.
Finally, managing mobile devices means being prepared to
support further expansion of BYOD initiatives in the future.
So what is the answer? Delivery of secure access and services
to mobile devices depends on application of strong multi-factor
user authentication. Proof-positive authentication should be
comprised of some combination of what you know (password
or PIN), what you have (ID card or token) and who you are
(biometrics). The more factors, the stronger the authentication.
Passwords alone are inadequate because they can be so easily
compromised. While solutions combining password/PIN and
ID card/token are often considered strong enough, only
biometrics can provide absolute proof that a person is who they
claim to be. Fingerprinting is the most common biometric,
strongly supported by standards developed by organizations
such as the National Institute of Standards and Technology
(NIST) in the US. Ultimately, only multi-factor authentication can
provide the level of anywhere, anytime identification assurance
that this person has the right to access this data from this device.
The good news is that the much-needed mobile authentication
solution at the enterprise level is based on a commonly used
security tool the smart card. The secret sauce mixed with the
smart card combines equal parts PIN/fingerprint reader and a
mobile app that brings business information securely to the
mobile device.
Making the case for anywhere, anytime
One approach now being rolled out is to use a casing, such as
the Tactivo casing for smartphones and tablets, which enables
multi-level authentication for mobile devices anywhere and
anytime based on familiar smart card technology. This is the
hardware side of the enterprise-level security solution so
urgently needed by corporate IT departments.
Tactivo is a combination of smart card and fingerprint reader for
iOS and Android devices. Connected directly to the device and
designed specifically to complement the Apple or Android
design, the case provides both a smart card and fingerprint
reader to protect against unauthorized application access.
Together with special purpose apps, Tactivo enables companies
and government agencies to maintain a high-level of enterprise
level authentication and security when employees use mobile
devices to access sensitive information.
Technologies such as this makes the end-point smartphone,
tablet or other mobile device a trusted access point. It enables
convenient security, making it easy to pick up the iPhone or
iPad, swipe a finger and authenticate the device. By using public
key infrastructure (PKI) and a smart card certificate, this
technology provides the strong front-end authentication needed
to establish secure access to the enterprise network data center.
iOS toolkit extends range
Taking the technology a step further, an iOS toolkit for Tactivo
enables developers to implement self-contained authentication
or integrate with third-party identity managers and service
providers. As a result, this can be used with a virtually unlimited
number of apps. The iOS toolkit enables iOS app developers
to integrate smart card or fingerprint authentication, or both.
Smart card and fingerprint functionality can be integrated
separately or together to replace passwords or PINs, enhancing
convenience and increasing security. App developers can also
combine these authentication methods with other iPhone and
iPad features such as GPS.
The Precise iOS Toolkit has a simple API and, to ensure short
development time, sample implementations for smart card
integration and fingerprint enrolment/verification are included.
This functionality can be directly integrated into other apps.
Taking enterprise-level mobile security to a
new level
Precise Biometrics has integrated the Tactivo smart casing for
the iPhone and iPad with SecurePIM, an enterprise iOS secure-
container app developed by Munich-based software developer
virtual solution AG. SecurePIM consists of five modules: Mail,
Calendar, Contacts, Secure Browser and Documents. The
Precise iOS toolkit is the enabler that brings Tactivo hardware
and SecurePIM software together, taking mobile security to the
enterprise level with surprising ease.
Simply put, SecurePIM is an app on the mobile iOS device that
puts all business functions at the users fingertips. They can
access business emails, contacts, calendars and documents
centrally without having to switch apps. All data is stored in
encrypted form inside the secure container. SecurePIMs
modular design means users can attach documents to emails or
add appointment details contained in emails to a secure
calendar with a tap of the finger.
SecurePIM stores all company-related information inside a
secure area on a mobile device.Business data is, therefore,
reliably isolated from personal data. This meets the stringent
requirements of the German Federal Data Protection Act by
ensuring that personal and business data are stored and
managed separately from one another. SecurePIM also includes
the Mobile Application Management Portal that lets the IT
department easily control and configure the access to data.
SecurePIM provides a secure way of accessing data in a
business environment using an iPhone or iPad without restricting
use of those devices. Employees can access their business
63 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Mobi l es
emails, contacts, calendars and documents centrally all from
the same app. This personal information manager is as
straightforward and intuitive to use as one would expect from an
app running on an Apple device.
How SecurePIM maximizes smart card security
All data inside the SecurePIM container is strongly encrypted
using soft certificates or in the high security version with smart
cards. Enabled by the Tactivo smart case, smart cards are
integrated into SecurePIM to execute decryption and encryption
commands directly on the smart card. The smart card is also
required for authentication. Hence, without the smart card it is
impossible to access the stored data on the mobile device.
The user must insert the smart card into the smart card reader
when the application starts. Only after the user has entered the
associated PIN to authorize the smart card for cryptographic
operations will it be possible to use the app. Depending on the
smart cards configuration, the card will be blocked after the
PIN is entered incorrectly a predefined number of times. If the
card is removed, it is no longer possible to use the app.
All data including emails, documents and contacts is stored in
the hermetically isolated SecurePIM security container with the
help of strong encryption algorithms based on the users
personal key. Authentication in SecurePIM is by password input
in accordance with the enterprises internal guidelines. At the
highest security level, authentication and decryption are
performed using a smart card (ISO 7816). This makes access
impossible, even in the event of theft of the device, with
immediate deactivation of the network link.
A fully integrated solution
Because SecurePIM is integrated in the enterprise infrastructure,
it offers a number of levels of security:
Email can be encrypted according to the S/MIME standard.
Personal and business contacts or calendar entries are kept
strictly separate and synchronized with enterprise-wide
systems. Not only is SecurePIM completely integrated with
Microsoft Exchange servers, but it also provides full
integration with Microsoft Sharepoint. SecurePIM also
integrates into the PKI, which operates as an authentication
channel correlating user identities with each persons secret
and unique code or password.
An integral web browser permits secure access, with strong
encryption, to web-based applications for example, an
internal customer relationship management system.
Documents can also be used off-line on the mobile device.
They are encrypted at all times and comments can be
added to them. Access to internal document management
satisfies the very highest security standards.
All of these modules require no compromises in terms of
functionality and usability in comparison with the standard apps
from Apple. Because SecurePIM is strongly oriented on Apple
standards, high usability (on a par with standard apps) as well
as outstanding user acceptance are ensured.
In addition, SecurePIM can be adapted to enterprise-specific
requirements and policies. SecurePIM does not require
proprietary hardware or complex IT infrastructure and can be
easily integrated into existing mobile device management
(MDM) systems. In addition, the app provides a framework for
security and back-end integration that permits implementation
of individualized apps.
Mobile application management
The Mobile Application Management Portal lets a companys IT
department centrally manage and configure the SecurePIM app
on all the mobile devices used by each individual user. And if
worst comes to worst, all enterprise data stored in SecurePIM
can be locked immediately. Any personal data stored on the
device, however, remains unaffected by this. Since the server
supplies all the necessary settings centrally, the task of
integrating SecurePIM in the companys IT infrastructure cannot
be simpler.
Because of the strict separation of business and personal data
on the mobile device, SecurePIM reliably respects the guidelines
pertaining to the protection of employee data. The user has full
personal use of his or her mobile device while the Mobile
Application Management Portal ensures the company retains
complete control over all enterprise-related data and can
enforce its internal security policies.
The takeaway: A triple win
At times, mobile security at the enterprise level seems like a no-
win situation for corporate IT directors. On the one hand, users
of iOS devices want access to both personal and business
information without having to change anything. On the other
hand, corporate IT departments have serious concerns about
mixing personal information with sensitive enterprise network
But now, thanks to the integration of smart card hardware and
authentication software a triple win in enterprise-level mobile
security is achievable. It is now possible to achieve enterprise
security that encompasses:
Encryption; and
Back-end protection.
Thankfully, this means enterprise IT executives can, at last, rest
easy about maintaining maximum security at the enterprise
level without creating inconvenience for iOS and Android
device users.
For more information please email Raoul.herborg@virtual- or
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 64
Mobi l es
By Jay Meier, vice president of Corporate Development, BIO-key
65 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Mobi l es
The evolution of Privilege
Entitlement & Access Control
Systems toward a single user
profile for multiple services
across multiple devices
Our passwords are failing us. said Michael Barrett, PayPals
Chief Security Officer. Hes not alone. According to the Verizon
2013 Data Breach Investigation Report, roughly 76% of all data
breaches were enabled by weak credentialing and user
authentication. Thus, we might safely say that most, if not all
of our traditional security measures do little to close
credentialing vulnerabilities. If thats safe to assume, then we
need to discuss replacing them with something that does work.
Yet, in fact, according to a May 2013 whitepaper, US Mobile
Payments Landscape-Two Years Later, which was produced
jointly by the Boston and Atlanta Federal Reserve Banks, mobile
payment services are advancing faster than expected, but
without much regard to standards and security. The paper notes
unresolved security and privacy issues. It further suggested
that as the (mobile payments) ecosystem matures, it will
challenge new entrants in their ability to achieve scale and
sustainability. It further concluded the need for interoperability,
industry guidance and standards to ensure a secure and cost-
efficient ecosystem.
Yet, the story is bigger than that. You'll hear us repeat phrases
such as Secure Credentialing or Privilege Entitlement and
Access Control. That's because it's actually the correct way to
think about things like mobile payments. After all, what are
mobile payments? Aren't they your ability to pay, crammed into
your phone? What are we cramming into that phone? A credit
card or debit card? What's that? A credit card is nothing but a
piece of plastic, with a number written on it, which represents
your PRIVILEGE to use a pre-approved bank line-of-credit. Now
just consider how many credentialed privileges we enjoy on a
daily basis. Driving a car (drivers license), boarding a train or
plane (ticket/boarding pass), entering a building (security
badge), international travel and immigration (Passport/Visa),
accessing Government services/Entitlements (Social Security
Card/ Medicare Card), network access and logon (Password/
PIN), using a cell phone (SIM card), employment (Corporate
ID), education (school ID), and healthcare (health card), Web-
services (SSL/PKI certificate)...we enjoy these privileges daily
without even thinking about them and they are all represented
Secure Mobile Credentialing & Identification
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 66
Mobi l es
by a credential of some sort. Of course, these privileges are
extremely valuable, which is why people try to steal them or
damage them. Thus, the credent ialing system is nothing but an
access control system designed to protect access to those
valuable privileges. With seemingly countless data-points and
frequent news reports of data breaches, its hard to argue, with
a straight face anyway, that what we have been using to protect
our valuable online assets, services and privileges actually works.
Biometrics seem inevitable.
Of course, the privileges are represented by a numeric value,
arent they? A card number? A user ID number? (We are all
just a number to them, arent we?). Those ID numbers are
being digitized, but still represent the same entitled privileges.
They can and are being stored in computer files within our PCs,
laptops, tablets and smart mobile devices. And so, as we step
back to account for this movement, we can see the evolutionary
migration of all our credentials into our smart devices, which
are increasingly mobile. In fact, we see major technology
providers attempting to stand up digital wallets, exactly for the
purpose of administrating those digitized privilege credentials.
For sure, one day soon, all our credentials will reside in our
smart mobile devices. Those devices will communicate and
guard those privilege credentials. Consequently, each mobile
device and credential must interoperate with the multitude of
disparate services and providers accessed by the credentials
housed in the device.
Central to any Privilege Entitlement Access Control negotiation
is the concept of risk. The level of potential risk to the asset or
service determines the required level of security, including strong
user authentication, before access is granted. Further, the binary
decision to deploy strong authentication, including biometrics,
is also risk based and, specifically economic risk-based, which
can also be viewed as economic feasibility. Stakeholders wont
deploy it if they lose money at it. The reason industry stake
holders and technology leaders have declared traditional
Credentialing & Access Control systems dead, like password/
PIN, is because the expense of the frauds and breaches has
become sufficiently large enough to offset the cost of replacing
those systems. The risk of relying on traditional access control
mechanisms is now too high. Thus, today, the question of
should we upgrade our Privilege Entitlement & Access Control
Systems? has been replaced with How should we upgrade
these systems? Further, How do we upgrade the system as
efficiently as possible without compromising trust or incurring
risk? Further yet, just how do we do that in a distributed mobile
network environment? To answer that question, we must
consider the authentication system design, in terms of economic
feasibility, liability, trust and convenience. Unfortunately, these
concepts are perceived and valued very differently by service
providers than by consumer privilege holders.
Importantly, the location of the authentication transaction affects
the risks, liability, convenience and economic feasibility for the
service provider and consumer differently. Consider that there
are effectively only two locations where the user-authentication
transaction can occur; on the device, and/or in the cloud. Lets
consider each location in terms of economic feasibility, risk,
liability and trust.
Authentication on the device implies just that, processing the
authentication of the user on the phone. Many phone
manufacturers contemplate including fingerprint sensors on the
device to authenticate the phone user, presumably the entitled
privilege holder associated with the credentials stored on the
phone or in some data repository elsewhere. On-device
authentication suggests that the fingerprint comparison occurs
or is transacted literally on the phone, with a binary result
then transmitted securely to the service provider for acceptance
or rejection. In this case, the service provider accepts higher risk
and liability, as that service provider must agree to trust any and
all authentication data transmitted from that phone. This means
the service provider has limited control of the risk and may
be unlikely to accept this authentication in higher-value
transactions. Moreover, this model may be less economically
feasible as that service provider must also support the potential
multitude of disparate and proprietary authentication data
sources that could be generated by any number of handset
manufacturers, cellular operators, fingerprint sensors or
matching algorithm template providers. This could be costly to
administrate and support. However, refusing to support various
disparate authentication systems could create inconvenience for
the potential customer, including and maybe especially the
enterprise customer, requiring the customer to use a select
phone manufacturer or forgo the benefit of the service.
Moreover, the customer owning multiple devices would be
required to enrol on each device and potentially for each
service. Further still, the enterprise customer may experience
significant friction and cost related to upgrades and end-of-life
replacement plans and is, thus, unlikely to invest in this model.
Therefore, in our opinion, this model may be used early in the
adoption cycle for strong mobile credentialing, but is less likely
to enjoy long-term or deep penetration. The system will evolve
to something different.
Authenticating in the service providers cloud implies capturing
the biometric data on the phone and securely retrieving or
transmitting it to the service providers cloud, where the
authentication transaction takes place. In this case, the service
provider could reduce risk by comparing user-authentication
data, captured during applicant enrolment, to data of existing
customers to negate dual enrolments and fraud. This is not
Mobi l es
possible when enrolling and authenticating on the phone.
Further, the service provider would enjoy reduced risk by
maintaining control of the authentication process. It seems
natural that the service provider can trust its own, in house,
systems more than those owned and operated outside the
service providers control. Deploying a hardware and operating
system agnostic authentication engine in the service providers
cloud would provide complete interoperability with handset
input devices, significantly reducing the service providers
capital investment in multiple disparate authentication engines.
This would further allow the individual and enterprise customer
the choice of handset providers, without disrupting service
availability, reducing friction and cost, while increasing
convenience of upgrade and end-of-life replacement. Both
consumer and enterprise customers are likely to prefer and
invest in this model, as a result. In our opinion, this model
reduces risk and capital outlay to the service provider, while
increasing convenience to the consumer. Further, in our opinion,
this model is viable in enterprise environments, while the on-
device model is not. Thus, we believe strong authentication in
the mobile credentialing evolution will emerge on-device,
primarily in consumer applications, but will migrate to the cloud
over time, which will facilitate enterprise adoption.
There is, however, a third design option involving a third-party
authentication service in the cloud. In this case, the on-device
sensor captures the print, converts it to a template and securely
sends it to the third-party cloud, which presumably would use
the aforementioned single hardware/operating system agnostic
and interoperable authentication engine. The service provider
must agree to trust binary authentication confirmation data from
the third-party provider, but this would eliminate the need to
trust more than one outside source. Otherwise, this design
would operate similarly to that of the service provider cloud-
based system. Assuming the third-party authentication service
provider incorporates hardware and operating system agnostic
(interoperable) systems, the consumer and enterprise customer
would enjoy open choices between handset providers, who also
would enjoy open choices between sensor providers. This would
reduce risk and cost to the service provider, the handset
manufacturer and, both, the consumer and enterprise customer.
The third-party authentication system would allow the consumer
and enterprise customer to enrol only once, but associate that
single user identity with multiple services and across multiple
devices, regardless of make or design. In effect, the third-party,
cloud-based authentication service would allow for Identity
Anywhere or Identity Everywhere.
Mobile payments are part of a larger Secure Credentialing &
Identification evolution. Our Privilege Entitlement & Access
Control systems are migrating into the emerging smart mobile
computing ecosystem and must satisfy both risk and economic
requirements, without excessive friction. In our opinion, the
migration of these strong authentication systems, including
biometrics, will emerge on devices in relatively cumbersome
consumer-facing applications. They will continue to migrate to
the cloud and ultimately will largely reside and function in the
cloud. Risk determinations, including economic feasibility, will
determine whether the authentication occurs in the service
providers cloud (highest risk assurance), or in the third-party
cloud (middle risk assurance), or on the device (light risk
assurance). End user convenience and cost will likely drive the
majority of Mobile Credentialing authentication to the cloud,
especially at the enterprise level. Thus, we encourage stake
holders to consider the evolutionary trajectory of such
capabilities and invest accordingly.
For more information email: or visit
web: tel: +1 651 789 6116
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 68
Mobi l es
ith mobile devices being used for more
credentialing based activities, the question of
mobile security is becoming increasingly
important. The mobile security landscape, however, is still
immature, so how can service providers successfully
deliver secure mobile services today?
Smart card-based technology is at the heart of mobile devices,
thanks to the SIM cards that have been installed in them for the
past 15-plus years. As mobile phones have become smarter, so
too have SIM cards. Today, the combination of phone and card
is giving businesses many opportunities to go mobile.
Banks and other organisations, including governments and
airlines are taking advantage of the ubiquity offered by
smartphone devices by developing their own applications
(apps). This means that the smartphone can also double as a
form of ID or a key card. Some of these store users credentials
and other sensitive data in the SIM card or secure element of the
phone in order to allow the smartphone owner to carry out a
variety of credentialing, payments and transactions activities.
Operating in a secure manner in the mobile space, however, is
perhaps still considered by many to be adventurous. Yet there is
more than simple optimism driving this surge: the homogeneity
of platforms affords an easy distribution channel for software,
with a low entry barrier, presenting significant savings to both
app developers and hardware manufacturers.
Today, most app developers have directed their attention
towards the user experience, but as is often the case few
have placed emphasis on security. This is partially due to the
commercial priorities of the mobile community, but also a lack
of knowledge and industry fragmentation as markets come
together for the first time to develop security standards. In other
words, despite the widespread adoption of smartphones,
operating systems (OSs) still remain relatively immature when it
comes to security.
To tackle this, technologies such as the Trusted Execution
Environment (TEE) a secure area within a mobile device that
is comprised of software and hardware to ensure that sensitive
data is stored, processed and protected in a trusted environment
are emerging. It could be some time, however, before the
average user will actually benefit from the security these
technologies offer when making a transaction with their
preferred apps.
So, should organisations that want to deploy mobile-based
credentials refrain from using mobile devices until the security
standards and frameworks are fully defined and agreed? Or, is
there a security strategy that they can adopt to mitigate the risks
and safely deliver mobile services today?
The threats
Currently malware has some presence on Android, but is much
less prevalent on iOS. Nearly all malware operates within the
bounds of requested permissions, where the user clicks and
agrees to grant the app the permission it needs to perform
malicious acts. Therefore, the primary attack channel is to
disguise the malware as a legitimate app and advertise it in the
official app store, where it is installed by consent.
For example, an attacker can reverse engineer existing apps,
thereby adding malware to the app and then resubmitting it
to the app store under a similar name. The same attacker might
submit 50-100 new apps to the marketplace, which look and
feel the same as genuine apps. Alternatively, rather than
create its own apps, a malicious attacker might steal from a
legitimate but lapsing developer to launch the attack. Typical
malware functionality includes concealed sending of SMS
messages and calling of premium rate numbers, click diversion
(for stealing advertising revenue) and a little keylogging/SMS
interception for harvesting credentials and SMS-based one-
time-passwords (OTPs).
A key challenge for the mobile community is to contain the cost
of manufacturing apps to encourage legitimate developers to
participate, yet successfully recognise the fake apps.
Companies looking to expand their anti-virus and protection
software suites to mobile platforms have been seen to
deliberately raise fears, uncertainty and point towards an
extremely fast rate of malware development. The same view,
however, is not held by other stakeholders within the industry.
Unlike anti-virus vendors that are playing catch-up on PC
malware, mobile security researchers are very active and
surging ahead of the criminal community. While there is some
evidence of adoption of research ideas by hackers, it is the
general view of the industry that malware within mobile security
is not that advanced. In reality, the malware development rate
is comparable to the growth rate of the platform itself.
By Guillaume Forget, VP Sales EMEA, Cryptomathic
Secure Mobile Transactions Fact or Fiction?
69 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Mobi l es
In addition to this, the trend towards more similar, closed and
regulated platforms such as Android and the iOS is assisting
manufacturers with security as it enables them to focus their
efforts more effectively.
It therefore appears that the OSs controls are effectively
preventing apps from exceeding their authorised permissions
today. The major problem is the persistent challenge of
educating users to make cautious decisions regarding which
apps to install. While user error is a threat for deploying
mobile authentication in general, it does mean that users
who exclusively install legitimate apps are not threatened by
general malware.
The threat model
Malicious mobile device hackers have a variety of goals.
Foremost is monetary gain, but retribution, anarchy, curiosity
and perceived public good can all be part of the motivation.
The attackers can be grouped by resource levels and goals, as
illustrated in figure 1.
Understanding the motivation of a hacker highlights that a good
mobile security strategy must not only defend both against
specific mobile threats, but also more generic threats such as
reputational or ethical attack. These could have an increased
prevalence on the dynamic mobile market as end users must
Threat Resource (R) / Goal (G) Notes
Malware attack R: large black-market economy
G: monetary gain
Malware attack remains the primary threat for
authentication mobile apps. Regardless of
installation channel (phishing, app store
poisoning, drive-by website) the result is similar
and those deploying the attack are likely from
the same criminal economy. Resistance comes
from technical phone measures, user
education and distribution channel policing.
Borrowed phone R: single layperson + commercial spyware
G: revenge, monetary gain
The attacker might obtain brief direct access to
the phone of a family member or colleague.
Here the individuals resources are very limited
but they may buy/licence quite advanced
spyware. Best security is afforded through
platform lockdown to prevent any type of
spyware being installed, and user
authentication before granting access to the
authentication token (e.g. a PIN). Commercial
spyware manufacturers can possibly be
pressured to ensure their products cannot be
used for stealing authentication credentials.
Stolen phone R: small black-market economy
G: monetary gain
Research shows that the majority of users will
notice the theft of a mobile phone within an
hour, so the challenge is to ensure that
credentials cannot be stolen, sold and abused
within this timeframe. Measures to damage
efficiency of the criminal economy will help
here. Some phones now have remote kill
switches and tracking.
Reputational attack R: large organisation, top staff, limited budget
G: perceived public good, anarchy
Researchers, pressure groups and lobbyists
may take a dislike to a particular project (for
example, related to personal data
centralisation and privacy) and attack the
authentication mechanism as a way of
highlighting risk or simply because it is there.
What is important here is that the architecture
is seen to be secure and that security claims
can be justified and defended.
Figure 1: An example of how mobile security attackers can be categorised by resources and goals.
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 70
Mobi l es
trust that their mobile services will operate securely and without
risk, personal corruption / financial loss or impact on civil rights
and privacy.
By identifying potential threats, it is clear that attacks involving
direct physical contact the theft and borrowing of a mobile
device - are limited due to lack of scalability and ease of
blocking the phone.
Understanding the ecosystem
With iOS and Android releasing updates roughly every six and
12 weeks respectively, it is important to appreciate the drivers
and rate of software and hardware platform changes within the
smartphone industry.
OS vendors release new versions to:
o Close security loopholes that allow users to install
unapproved software.
o Correct bugs or performance issues.
o Add new features to be innovative or match
Phone manufacturers advance technology to:
o Bring new handset models to market.
o Deliver more powerful CPU/GFX to the platform for
o Offer application programming interface (API) and
OS updates.
Given this natural rate of flux and unpredictability, it is perfectly
reasonable to expect app security updates several times a year.
Mobile phone app stores ensure that users are sufficiently
reminded and motivated to install updates by promoting new
features and fixing issues related to new OS versions.
Detecting and managing attacks
Once an app service is launched, the appropriate measurement
techniques need to be implemented to ensure a malware attack
is detectable, as illustrated in figure 2.
A key benefit of this industry is the digital records that are
automatically created. This means that if a malicious app is
downloaded that uses privilege escalation from an app store,
the store provider can share a list of all users who have
downloaded both the authentic app and the malicious app. This
enables a targeted security warning to be issued.
Malware infecting an OS via a browser drive-by attack (where
the user is infected automatically upon visiting a website due to
Figure 2: Techniques for monitoring mobile app attacks.
71 w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Mobi l es
a browser vulnerability) will not be as easy to contain, but should
be less frequent as it requires two exploits together: one to seize
control through the web browser, and a second to exploit root
privileges. A root exploit is a process that allows an attacker to
attain full administrative control of an OS subsystem by
circumventing the security policies set by the OS manufacturer.
Root exploits require countermeasures to be deployed to limit
the ability of the malware to steal credentials until the OS
vendor can amend the vulnerability and affected users can
recover their phones.
The solution developing a mobile security
defence strategy
The mobile and app developer community is investing resources
to advance new hardware-backed security features. For
example, the Trusted Platform Modules (TMP) developed by the
Trusted Computing Group, or GlobalPlatforms TEE
architecture, which may also comprise the use of secure
elements (SEs), a tamper-resistant platform capable of securely
hosting apps and their confidential and cryptographic data (e.g.
key management). There are also proprietary crypto processors,
such as those found in the iPhone.
While security measures take advantage of these emerging
technologies, it is important to recognise two caveats.
1. Shared risk. By adopting a security technology that is used
by other apps on the mobile platform, all parties must also
use and abide to the same security framework. There needs
to be a level of industry compromise as not everyone will
have exactly the same needs. Yet, if one element of the
mobile services framework is undermined, the whole
mobile secure services offering will come under jeopardy
including all apps that share the security infrastructure. The
overall risk of this platform is shared.
2. Negotiating access. A smartphone will have some secure
capabilities, such as an SE, but access to these areas to
load and host an app requires cooperation of both handset
manufacturers and mobile network operators. This is
particularly relevant to those creating payment or trans
action authentication apps as other access-granting
companies may demand payment in the form of a
transaction fee. For technology to be considered there
needs to be a credible route for it to become widely
available; no-one wants to get locked-in to an expensive,
proprietary agreement.
So, how can app security be effectively managed today and
in the future?
All developers need to ensure that an app offers a sufficient
level of protection against malware, borrowed phones and
reputational attacks on all supported platforms including, but
not limited to, iOS and Android, which are very different in
To achieve this they need to:
Build a secure yet convenient registration workflow.
Implement reverse engineering resistance and introduce
techniques such as anti-debugging, anti-tampering
(modifying the app to patch out protections), anti-jail
breaking and emulation detection.
Preserve multi-channel security and ensure that apps and
browsers run on different devices to mitigate risks.
Store in a secure manner user credentials and sensitive key
Be able to uniquely identify devices and implement some
device fingerprinting techniques that cannot be reverse
engineered easily.
Establish a trustworthy connection to the backend to be
able to exchange data and ultimately sign transactions.
Based on the above points, Cryptomathic assists its clients
in developing evolutionary mobile security strategies and provides
tailored solutions to enhance app security and support future
technologies, without the need to invest time and costs redevelo
ping apps to support changing requirements.This ensures that
mobile apps and their security framework remains future-proofed
and requires fewer resources to manage long-term.
For more information email:
or call +44 (0)1223 225350
GlobalPlatforms Trusted Execution Environment architecture
GlobalPlatform is a cross industry association which identifies,
develops and publishes specifications that promote the secure
and interoperable deployment and management of multiple
applications on secure chip technology. Its technical
specifications focus on the secure element (SE), trusted
execution environment (TEE) and system messaging.
GlobalPlatforms work to standardise the TEE a secure area
that resides in the main processor of a connected device which
ensures that sensitive data is stored, processed and protected
in a trusted environment supports the needs of smart device
stakeholders such as smartphone and tablet application
developers and device manufacturers.
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
ACT Canada is the internationally-rec-
ognized authority, trusted knowledge
resource and catalyst for change in
payments and secure identity. We serve
stakeholders from around the world,
working with them to shape the future
of mobile, NFC, loyalty, leveraging
EMV and secure payments. For 22
years, ACT Canada has been providing
members with insights, networking op-
portunities and visibility in this ever-
changing market.
Association for automatic
identification and mobility
AIM is the international trade association
representing automatic identification and
mobility technology solution providers.
Through the years, industry leaders con-
tinue to work within AIM to promote the
adoption of emerging technologies.
AIM actively supports the development of
AIM standards through its own Technical
Symbology Committee (TSC), Global
Standards Advisory Groups, and RFID
Experts Group (REG), as well as through
participation at the industry, national
(ANSI) and international (ISO) levels.
The Biometric Consortium
serves as a focal point for research,
development, testing, evaluation, and
application of biometric-based personal
identification / verification technology.
The Biometric Institute was
founded in 2001 and now has an inter-
national membership of biometric users,
suppliers and academics. The Biometrics
Institute has more than 130 member or-
ganisations represented by more than
500 individuals. The membership is split
into user organisations such as govern-
ment departments, financial institutions
and universities and suppliers. 50% of
the organisations are based in Australia,
32% in Europe, 9% in New Zealand, 5%
in the USA and 4% in Asia-Pacific/the
Middle East.
European Campus Card
Association ECCA is a non-profit ed-
ucational association that works to pro-
vide learning and networking
opportunities for campus ID card and
card industry professionals. The associ-
ation offers a newsletter website, an an-
nual conference, and regional work
shops on topics related to campus cards.
EUROSMART is an international non-
profit association located in Brussels
which represents the voice of the Smart
Security Industry for multi-sector applica-
tions. Since its creation, Eurosmart has
been committed to expanding the world's
smart secure devices market, developing
smart security standards and continuously
improving quality and security applica-
Intellect is the voice of the UK's
technology industry. Our business
services help companies of all sizes
compete and innovate in a dynamic
global market. We represent the
views of industry to government and
regulators and also provide opportu-
nities for government and regulators
to interact with industry on key policy
and market issues.
International Hologram
Manufacturers Association
The IHMA is made up of nearly 100 of
the world's leading hologram companies
who actively cooperate to maintain the
highest professional, security and quality
standards in support of their customers.
It was founded in 1993 to represent the
interests of hologram manufacturers and
the hologram industry worldwide. It is
dedicated to promoting the interestes of
the hologram industry worldwide and
and to helping users achieve their
commercial, aesthetic and authenti
cation objectives through the effective
use of holography.
19, 072
Vi si tors
Exhi bi tors
Countri es
Paris Nord Villepinte

19-21 NOVEMBER 2013
Register on




dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
IHMA membership confers authenticity
and credibility on companies that join -
all of which are rigourously vetted and
adhere to a strict Code of Practice
governing standards, business ethics,
customer service, respect for and
protection of customers' and each others'
intellectual property.
National Association of Cam-
pus Card Users NACCU is the only
association that specializes in the cam-
pus card transaction industry serving the
national and international community,
NACCU is the one source dedicated to
high quality educational programs, re-
sources, services, and tools. NACCU of-
fers members infinite advantages in
networking, developing partnerships,
leveraging technology, problem- solving,
insight sharing, and professional devel-
The Silicon Trust is the Industrys
Benchmark Silicon Based Security Part-
ner Program. Since the year 2000, when
the Silicon Trust was founded by Infineon
Technologies as a marketing program
for smart card solutions, the program
has developed to be a key partner plat-
form for companies aiming at promoting
the use of silicon-based security in a
broad variety of applications including
Identification, Telecom and Payment.
Smart Card Alliance is a not-for-
profit, multi-industry association working
to stimulate the understanding, adop-
tion, use and widespread application of
smart card technology. The Alliance in-
vests heavily in education on the appro-
priate uses of technology for
identification, payment and other appli-
cations and strongly advocates the use
of smart card technology in a way that
protects privacy and enhances data se-
curity and integrity.
Smart Card Alliance Identity
Council is focused on promoting the
need for technologies and usage solu-
tions regarding human identity informa-
tion to address the challenges of
securing identity information and reduc-
ing identity fraud and to help organiza-
tions realize the benefits that secure
identity information delivers.
Smart Card Forum of China
SCFC is a non-governmental and non-
profit, multi-vendor and end-user society,
supported by manufacturers, suppliers,
institutions, organizations and individu-
als as well as the corporate societies etc.
in the smart card industry, which pro-
motes the smart card industry and the
value of its products and services while
providing an independent forum to
speak for the industry.
Smart X Central Intelligence is
the only professional association for the
industry covering Southern Africa, with
members in the major business centres
of the country. Smart x membership is
represented by private and public sector
end-users, solutions providers and con-
sultants that receive real benefits from
the associations active participation in
the industry. The aim of smart x is to
make its members aware of the devel-
opments taking place in the industry both
in South Africa and internationally.
Smartex Limited serving the smart
technology community since 1993.
Smartex operates an international net-
work of professional associations con-
cerned with smart card and RFID
technologies, and applications.
Smartex also provides a range of inde-
pendent consultancy, project manage-
ment and systems integration services
relating to citizens' card schemes for
Local Authorities, and campus card
schemes for universities.
GlobalPlatform works across in-
dustries to identify, develop and publish
specifications which facilitate tand inter-
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
3M Cogent
Aceprox Identifikations
Allsafe Technologies Inc.
ATOS Worldwide SA/NV
Bayometric Inc.
Computime Systems
cv cryptovision GmbH
Diletta ID-Systems
Gemalto NV
IDpendant GmbH
Identive Group
Intercede Group plc
Iris ID Systems, Inc.
LEGIC Identsystems Ltd.
Merkatum Corp.
Mhlbauer AG
Natural Security
OmniPerception Ltd
Safran Morpho
TSSI Systems Ltd
Xerox France
W.Arnold GmbH
Witte Safemark GmbH
3M Security Systems
3M Cogent
Athena Smartcard Solutions
ATOS Worldwide SA/NV
Bayometric Inc.
BIO-key International, Inc.
Bion Biometrics Inc.
Cognitec Systems GmbH
Cross Match Technologies
ID3 Semiconductors
Jura JSP
Merkatum Corp.
Natural Security
NEC Corporation
Nidec Sankyo
OmniPerception Ltd
Precise Biometrics AB
Regula Ltd
Safran Morpho
secunet Security Networks AG
Speed Identity AB
ST Incard S.r.l
Suprema Inc.
Syx Graphics ID Solutions
TAG Systems SA
Trb AG
TSSI Systems Ltd
Vlatacom d.o.o.
W.Arnold GmbH
operable deployment and management
of multiple embedded applications on
secure chip technology. GlobalPlatform
Specifications enable trusted end-to-end
solutions which serve multiple actors and
support several business models.
Integrated Transport Smart
card Organisation ITSO is a Gov-
ernment-backed, non-profit organisation
which defines and develops the UK-wide
technical specification for smart ticketing.
Our main aim is to help make rail and
bus travel throughout the UK seamless
and hassle-free.
As originators and custodians of the UKs
defined technical standard for smart tick-
eting the ITSO Specification we help
transport and other service providers
make the technology work effectively for
them and their customers, ensuring it is
reliable and secure.
Java Card Forum. JCTs primary
purpose is to promote and develop Java
as the preferred programming language
for multiple-application smart cards.
Java, invented by Sun Microsystems in
1995, has important features that make
it the ideal choice for smart cards.
sortium is a group of globally based, in
dustry-wide companies, whose remit is to
develop, manage and promote MULTOS
and the MULTOS product specifications.
The members may be business competi-
tors, but all share the common goal of
propagating MULTOS, and so work to-
gether to this end. The MULTOS Con-
sortium is managed by MAOSCO Ltd.
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
AdvanIDe GmbH
Cryptography Research
Datang Microelectronics Tech Co., Ltd.
Infineon Technologies France S.A.S
LEGIC Identsystems Ltd.
MaskTech GmbH
Secure IC
ARE CON GmbH & Co,. KG
Austria Card
Consult Hyperion
HJP Consulting GmbH
LEGIC Identsystems Ltd.
MaskTech GmbH
Thames card technology Ltd
Trusted Labs
Aceprox Identifikations
Antheus Tecnology Inc.
AuthenTec, Inc.
Aware, Inc.
BIO-key International, Inc.
Digital Persona, Inc.
Merkatum Corp.
NEC Corporation
Precise Biometrics AB
Smart Cube Information Technology
Arjowiggins Security
Athena Smartcard Solutions
CBN ID Systems Division
EDAPS Consortium
GET Group
Giesecke & Devrient (G&D)
Hologram Industries
MaskTech GmbH
Mhlbauer AG
Prooftag SAS
Safran Morpho
Trb AG
VTT Verschleiteiltechnik GmbH
CT Lay
EDAPS Consortium
Hologram Industries
OPSEC Security Ltd.
OVD Kinegram AG
PGP Group Ltd
Radee papir, d.o.o.
Security Foiling Ltd
TAURUS SecureSolutionS Ltd.
3M Security Systems
Access IS
AdvanIDe GmbH
Athena Smartcard Solutions
ATOS Worldwide SA/NV
Austria Card
Avalon Biometrics SL
Bilcare Technologies
Cognitec Systems GmbH
Cryptomathic Ltd
cv cryptovision GmbH
Digital Identification Solution
Digital Persona, Inc.
GET Group
Giesecke & Devrient (G&D)
ID3 Semiconductors
Identita Technologies Inc.
IDpendant GmbH
Infineon Technologies France S.A.S
Ingenia Technology (UK) Ltd.
Ingenico Healthcare/e-ID
Inspectron Ltd.
Intercede Group plc
Iris ID Systems, Inc.
Keesing Reference Systems B.V.
LMC S.p.A.
LEGIC Identsystems Ltd.
MaskTech GmbH
Natural Security
Oberthur Technologies
On Track Innovations, Ltd. (OTI)
OPSEC Security Ltd.
Otto Knnecke GmbH
Payne Security
Prooftag SAS
Safe ID Solutions AG
SafeNet UK
Safran Morpho
TAG Systems SA
TAURUS SecureSolutionS Ltd.
Toppan Printing Company
Trb AG
TSSI Systems Ltd
UL Transaction Security
Vasco Data Security
Vlatacom d.o.o.
Athena Smartcard Solutions
Bell ID
BG Ingnieri
Bilcare Technologies
Cardag Deutschland GmbH
CBN ID Systems Division
Consult Hyperion
cpi card group
cv cryptovision GmbH
Datang Microelectronics Tech. Co., Ltd.
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
De La Rue Identity Systems
EDAPS Consortium
Elliott identification systems
Emperor Technology
Gemalto NV
GET Group
Giesecke & Devrient (G&D)
HJP Consulting GmbH
HOTech Hellenic Organotiki
hw-engineering GmbH & Co. KG
Identita Technologies Inc.
IDpendant GmbH
Incard SA
Infineon Technologies France S.A.S
Intercede Group plc
Iris ID Systems, Inc.
Istituto Poligrafico e Zecca dello Stato
LAB ID srl
LEGIC Identsystems Ltd.
Mhlbauer AG
NagraID - Kudelski Group
NEC Corporation
Oberthur Technologies
On Track Innovations, Ltd. (OTI)
OPSEC Security Ltd.
PGP Group Ltd
Precise Biometrics AB
Prooftag SAS
Safran Morpho
Sceencheck Europe BV
Smart Packaging Solutions (SPS)
Speed Identity AB
ST Incard S.r.l
Syx Graphics ID Solutions
TAG Systems SA
Thames card technology Ltd
Toppan Printing Company
Trb AG
TSSI Systems Ltd
Valid USA
Vlatacom d.o.o.
Vision Database Systems
VTT Verschleiteiltechnik GmbH
3M Cogent
Amgraf Inc.
AuthenTec, Inc.
Bell ID
Cognitec Systems GmbH
Collis B.V.
cv cryptovision GmbH
Giesecke & Devrient (G&D)
HOTech Hellenic Organotiki
Identita Technologies Inc.
IDpendant GmbH
ID Technology Partners, Inc.
Identive Group
Intercede Group plc
OmniPerception Ltd
Safe ID Solutions AG
secunet Security Networks AG
Speed Identity AB
TSSI Systems Ltd
GET Group
On Track Innovations, Ltd. (OTI)
Vlatacom d.o.o.
3M Security Systems
Adhesive Security Products
Advanced Card Sytems Ltd
Allsafe Technologies Inc.
Athena Smartcard Solutions
Atlantic Zeiser GmbH
Austria Card
Avalon Biometrics SL
Aware, Inc.
Bobst North America Inc.
Cancard Inc.
Cardag Deutschland GmbH
Centro Grafico DG
cpi card group
Cryptography Research
Cryptomathic Ltd
CT Lay
CTS electronics Spa
Datacard Group
Datang Microelectronics Tech. Co., Ltd.
Digital Identification Solution
EDAPS Consortium
Emperor Technology
Gemalto NV
GET Group
HJP Consulting GmbH
Hologram Industries
hw-engineering GmbH & Co. KG
Identita Technologies Inc.
Incard SA
Identive Group
ITW Covid Security Group
Jura JSP
Leonhard Kurz Stiftung & Co. KG
MaskTech GmbH
Matica System S.p.a.
Mhlbauer AG
NagraID - Kudelski Group
NBS Technologies
Oberthur Technologies
OPSEC Security Ltd.
Otto Knnecke GmbH
OVD Kinegram AG
Payne Security
ruhlamat GmbH
Security Foiling Ltd
Smart Packaging Solutions (SPS)
ST Incard S.r.l
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
Syx Graphics ID Solutions
TAG Systems SA
Team Nisca
Thames card technology Ltd
Trb AG
Valid USA
Vlatacom d.o.o.
VTT Verschleiteiltechnik GmbH
3M Security Systems
Access IS
GMX YouTransactor
Intercede Group plc
Kobil Systems GmbH
Merkatum Corp.
Xerox France
Arjowiggins Security
Athena Smartcard Solutions
Bell ID
CBN ID Systems Division
Centro Grafico DG
Collis B.V.
CTS electronics Spa
Digital Identification Solution
Diletta ID-Systems
EDAPS Consortium
Gemalto NV
GET Group
Giesecke & Devrient (G&D)
HID Global
HJP Consulting Gmbh
Hologram Industries
Infineon Technologies France S.A.S
Inspectron Ltd.
Istituto Poligrafico e Zecca dello Stato
Landqart AG
MaskTech GmbH
MELZER maschinenbau GmbH
Mhlbauer AG
NagraID - Kudelski Group
NEC Corporation
Oberthur Technologies
On Track Innovations, Ltd. (OTI)
OPSEC Security Ltd.
Prooftag SAS
ruhlamat GmbH
Safran Morpho
Smart Cube Information Technology
Smart Packaging Solutions (SPS)
Suprema Inc.
Toppan Printing Company
Trb AG
Trusted Logic
TSSI Systems Ltd
VTT Verschleiteiltechnik GmbH
Emperor Technology
UL Transaction Security
cv cryptovision GmbH
Feitian Technologies Co., Ltd.
ST Incard S.r.l
AllStar Card Systems
Atlantic Zeiser GmbH
B-Id GmbH & Co., KG
Cancard Inc.
Centro Grafico DG
cpi card group
CTS electronics Spa
Datacard Group
De La Rue Identity Systems
Digital Identification Solution
Diletta ID-Systems
Gars pasauli
Gemalto NV
GET Group
HID Global
hw-engineering GmbH & Co. KG
Inspectron Ltd.
Jura JSP
Matica System S.p.a.
NagraID - Kudelski Group
NBS Technologies
Oberthur Technologies
Radee papir, d.o.o.
Sceencheck Europe BV
Smart Cube Information Technology
Syx Graphics ID Solutions
TAURUS SecureSolutionS Ltd.
Team Nisca
VTT Verschleiteiltechnik GmbH
Witte Safemark GmbH
Zebra Technologies Corporation
3M Security Systems
3M Cogent
A.R. Hungary, Inc.
Aceprox Identifikations
Access IS
Advanced Card Sytems Ltd
AdvanIDe GmbH
ARYGON Technologies AG
Athena Smartcard Solutions
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
ATOS Worldwide SA/NV
AuthenTec, Inc.
Bayometric Inc.
B-Id GmbH & Co., KG
CBN ID Systems Division
Cross Match Technologies
Computime Systems
Digital Persona, Inc.
Diletta ID-Systems
Hologram Industries
ID3 Semiconductors
ID Tech
IDpendant GmbH
Incard SA
Identive Group
Ingenico Healthcare/e-ID
LAB ID srl
LMC S.p.A.
LEGIC Identsystems Ltd.
Natural Security
Nidec Sankyo
Precise Biometrics AB
Regula Ltd
TSSI Systems Ltd
Vasco Data Security
W.Arnold GmbH
Angstrom Technologies Inc.
Arjowiggins Security
Austria Card
Avalon Biometrics SL
Aware, Inc.
Bell ID
Bilcare Technologies
Centro Grafico DG
CT Lay
cv cryptovision GmbH
De La Rue Identity Systems
EDAPS Consortium
Gemalto NV
GET Group
HID Global
Ingenico Healthcare/e-ID
Inspectron Ltd.
Istituto Poligrafico e Zecca dello Stato
Landqart AG
NagraID - Kudelski Group
Oberthur Technologies
Prooftag SAS
Radee papir, d.o.o.
Selp Secure
tesa scribos GmbH
Teslin Substrate
Trb AG
TSSI Systems Ltd
VTT Verschleiteiltechnik GmbH
HJP Consulting GmbH
BG Ingnieri
Bion Biometrics Inc.
Collis B.V.
Cryptography Research
NBS Technologies
Riscure B.V.
Trusted Labs
UL Transaction Security
TAG Systems SA
Austria Card
Jura JSP
ATOS Worldwide SA/NV
Syx Graphics ID Solutions
Vasco Data Security
Bion Biometrics Inc.
Cancard Inc.
CBN ID Systems Division
Identita Technologies Inc.
Datang Microelectronics Tech. Co., Ltd.
Emperor Technology
Feitian Technologies Co., Ltd.
PGP Group Ltd
Aventra Oy
Arjowiggins Security
BG Ingnieri
GMX YouTransactor
Hologram Industries
ID3 Semiconductors
Infineon Technologies France S.A.S
Ingenico Healthcare/e-ID
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
Natural Security
NBS Technologies
Oberthur Technologies
Prooftag SAS
Secure IC
Selp Secure
Smart Packaging Solutions (SPS)
Trusted Labs
Trusted Logic
Xerox France
Aceprox Identifikations-Systeme
AdvanIDe GmbH
ARE CON GmbH & Co,. KG
ARYGON Technologies AG
Atlantic Zeiser GmbH
B-Id GmbH & Co., KG
Cardag Deutschland GmbH
Cognitec Systems GmbH
cv cryptovision GmbH
DERMALOG Id. Systems GmbH
Digital Identification Solution
Diletta ID-Systems
exceet Card AG Mnchen
Giesecke & Devrient (G&D)
HJP Consulting GmbH
hw-engineering GmbH & Co. KG
ID Tech
IDpendant GmbH
Kobil Systems GmbH
MaskTech GmbH
MELZER maschinenbau GmbH
Mhlbauer AG
Otto Knnecke GmbH
ruhlamat GmbH
Safe ID Solutions AG
secunet Security Networks AG
tesa scribos GmbH
VTT Verschleiteiltechnik GmbH
W.Arnold GmbH
Witte Safemark GmbH
HOTech Hellenic Organotiki
TAURUS SecureSolutionS Ltd.
Advanced Card Sytems Ltd
A.R. Hungary, Inc.
On Track Innovations, Ltd. (OTI)
Centro Grafico DG
CT Lay
CTS electronics Spa
Istituto Poligrafico e Zecca dello Stato
LMC S.p.A.
Matica System S.p.a.
Athena Smartcard Solutions
NEC Corporation
Nidec Sankyo
Smart Cube Information Technology
Suprema Inc.
Gars pasauli
Regula Ltd
Vlatacom d.o.o.
Radee papir, d.o.o.
Precise Biometrics AB
Speed Identity AB
Incard SA
Landqart AG
LEGIC Identsystems Ltd.
NagraID - Kudelski Group
OVD Kinegram AG
Trb AG
Bell ID
Collis B.V.
Gemalto NV
Keesing Reference Systems B.V.
Riscure B.V.
Safran Morpho
UL Transaction Security
Access IS
Adhesive Security Products
Bilcare Technologies
Consult Hyperion
cpi card group
Cryptomathic Ltd
Computime Systems
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Datacard Group
De La Rue Identity Systems
Foster & Freeman Ltd
HID Global
Ingenia Technology (UK) Ltd.
Inspectron Ltd.
Intercede Group plc
OmniPerception Ltd
OPSEC Security Ltd.
Payne Security
SafeNet UK
Security Foiling Ltd
Thames card technology Ltd
Toppan Printing Company
TSSI Systems Ltd.
EDAPS Consortium
3M Security Systems
3M Cogent
Allsafe Technologies Inc.
AllStar Card Systems
Amgraf Inc.
Angstrom Technologies Inc.
Antheus Tecnology Inc.
AuthenTec, Inc.
Aware, Inc.
Bayometric Inc.
BIO-key International, Inc.
Bobst North America Inc.
Cross Match Technologies
Cryptography Research
Digital Persona, Inc.
Elliott identification systems
GET Group
Graphic Security Systems Corporation
ID Technology Partners, Inc.
Identive Group
Iris ID Systems, Inc.
ITW Covid Security Group
Merkatum Corp.
Sceencheck Europe BV
Team Nisca
Teslin Substrate
Valid USA
Vision Database Systems
Zebra Technologies Corporation
3M Security Systems
St. Paul,
MN 55144-1000
Tel: +1 800 328 0067
Manufacturing & Personalisation,
Identification and Authentication,
Biometrics software, Biometric and
Document Readers, Document
Issuance, Card test tools, ID cards.
3M Cogent
639 N. Rosemead Blvd.
CA 91107
Tel: +1 626 325 9600
Biometric Identification Systems,
Readers, ID Management, Access
Control, ID Cards.
13 bis, Rue de la Cour des Noues
75020 Paris
Tel: +33 1 64 25 73 12
ID Contactless Smart Cards, Readers
and Writers, Printers.
A.R. Hungary, Inc.
Alkots utca 41,
Tel: +36 1 20 19 650
Readers & Terminals, e-Passport
Readers, Travel Documents, OCR,
ePassport, Visa and ID Card Readers.
2200 Fletcher Avenue
Fort Lee
NJ 07024
Tel: +1 201 592 3400
ID Solutions, ePassports,
Personalisation Systems & Software,
Contactless Secure Identity Cards,
Secure Printing.
Aceprox Identifikations-Systeme
Bahnhofstrasse 73
Tel: +49 5724 98360
Biometric Readers & Terminals,
Fingerprint Recognition, Access Control
1 Grand Canal Square
Grand Canal Harbour
Dublin 2
Tel: +353 1 646 2000
Consulting, Security Solutions.
Access IS
18 Suttons Business Park
Berkshire RG6 1AZ
Tel: +44 118 966 3333
ID Secure Document Readers, ID
Authentication & Verification, Readers/
Writers, Mobile Identification devices.
Capital Tower
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
Tel: +44 207 803 1070
ID systems, Card Test Tools, ID
Smartcards, e-Tickets, ePassports.
Adhesive Security Products
Levington Park,
Levington, Ipswich,
Suffolk, IP10 0JE,
Tel: +44 1473 659159
Personalisation, Security Laminating
Systems, ID Card Laminate.
Advanced Card Sytems Ltd
Units 2010-2013, 20th Floor
8 Wang Hoi Road, Kowloon Bay
Hong Kong
Tel: +852 2796 7873
Manufacturing & Personalisation,
Contactless Readers, ID smartcards.
AdvanIDe GmbH
Am Klingenweg 6A,
65396 Walluf,
Tel: +49 6123 791 400
Microcontrollers, Readers & Terminals,
Secure Smartcard ICs, ID &
Authentication Applications.
4 avenue Sbastopol
Cedex 3
Tel: +33 825 120 999
Personalisation Systems.
Allevate Ltd.
Unit G, Kingsway Business Park,
Oldfield Road,
Middlesex, TW12 2HD,
Tel: +44 20 3239 6399
Face Recognition.
Allsafe Technologies Inc.
290 Creekside Dr.
NY 14228
Tel: +1 716 691 0400
ID Contactless Card, Access Control.
AllStar Card Systems
5220 Spring Valley Rd 200
Texas 75254
Tel: +1 800 290 0463
ID Card Printers, ID Card Software.
142 Moo 1 Hi-Tech Industrial Estate
Ban Laean,
Phra Nakorn Si Ayutthaya 13160
ID Manufacturing Equipment,
ePassports Chip Implanter.
Amgraf Inc.
1501 Oak Street
Kansas City,
MO 64108-1424
Tel: +1 816 474 4797
Security Documents Management
Angstrom Technologies Inc.
Kentucky 41042
Tel: +1 859 282 0020
ID Documents.
Antheus Tecnology Inc.
22241 Larkspur Trail
Florida 33433
Tel: +1 561 459 4813
Fingerprint Identification Software.
APIS, spol. s r.o.
974 01 Bansk Bystrica
Slovak Republic
Tel: +421 48 4712 614
2 Avenue Sbastopol
57070 Metz,
Tel: +33 3 87 75 82 00
ID & Authentication Applications.
825 E Wisconsin Ave
WI 54912
Tel: +1 920 734 9841
Security Paper.
ARE CON GmbH & Co,. KG
Stau 144
Tel: +49 441 8000 676
Consultancy, ID products Solutions.
Kirlyhg tr 8-9
H-1126 Budapest
Tel: +36 1 201 9650
Document Readers, Fingerprint
Readers, Automatic Number Plate
Recognition and Automatic Container
Code Recognition.
ARYGON Technologies AG
Identive Technologies AG
Dagobertstrasse 9
D-55116 Mainz
Tel: +49 61 31 30 476 0
Email: infoary@identive-
Secure Readers for Electronic ID
Documents, eID Reader.
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Arjowiggins Security
21, boulevard Haussmann
75009 Paris
Tel: +33 1 57 75 93 21
Security Document Paper, e-Passport
2405 route des Dolines
06560 Sophia-Antipolis
Tel: +33 4 97 21 40 00
ID & Authentication, eID Solutions,
e-Passports, Identity Cards, Electronic
Drivers Licenses, eID Solutions,
Contactless Readers.
Athena Smartcard Solutions
1-14-16, Motoyokoyama-cho
Tel: +81 426 60 7555
Readers & Terminals, ID Smartcards,
Personalisation Systems, ePassports,
Drivers Licence.
Atlantic Zeiser GmbH
Bogenstr 6-8
78576 Emmingen-Liptingen
Tel: +49 7465 291 0
Personalisation Solutions, Security
ATOS Worldwide SA/NV
Chausse de Haecht 1442
1130 Brussels
Tel: +32 2 727 61 11
Identity Access Management,
Authentication Server & PKI Solutions,
Biometrics Software.
Austria Card
Lamezanstrasse 4-8
1230 Vienna
Tel: +43 1 61065 0
Email: sales@austriacard
Personalisation, Consulting, Secure
Documents, ID & Authentication
AuthenTec, Inc.
Apple Inc.,
Melbourne, FL 32901
Tel: +1 321 308 130
ID Management, Fingerprint Readers,
Authentify EMEA
Rhijngeesterstraatweg 40d
2341BV Oegstgeest
The Netherlands
Tel: +31 70 891 9001
Authentication & Verification, Identity
& Access.
Avalon Biometrics SL
Calle de Basauri 17
28023 Madrid
Tel: +34 91 70 80 5 80
Personalisation Solutions, Security
Solutions, Authentication & Verification,
Document Verification, System
Aventra Oy
Lanttikatu 2
FIN-02770 Espoo
Tel: +358 9 4251 1251
Email: sales@aventra.fl
Manufacturing & Personalisation, PKI
Products and Systems, eID Cards,
Consulting, MyEID Cards.
Aware, Inc.
40 Middlesex Turnpike
MA 01730
Tel: +1 781 276 4000
Personalisation Systems, Biometric
Software, Document Authentication,
Secure Credential Applications.
ZAC de la Petite Camargue
34400 Lunel
Tel: +33 467 667 050
Manufacturing & Personalisation
Systems, Security Card Printers.
Bayometric Inc.
1743 Park Avenue,
CA 95126
Tel: +1 877 917 3287
Biometric Security Solutions, Access
Control Systems, Card Readers.
B-Id GmbH & Co., KG
Von-Seebach-Strasse 28
D-34346 Hannoversch Muenden
Tel: +49 5541 95 66 70
Manufacturer of RFID Products, Readers
& Terminals, ISO Cards, Tags & Fobs.
Bell ID
Stationsplein 45
3013 AK
The Netherlands
Tel: +31 10 885 1010
ID Token Management Solutions,
Credential Management, ID Software
Provider, ID Cards & ePassport Security
BG Ingnieri
ZAC de la Goulgatire,
35220 Chateaubourg
Tel: +33 2 99 00 89 97
Card & e-Passport Testing Equipment,
Manufacturing ID Cards, Testing.
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
Bilcare Technologies
Malvern Hills Science Park,
WR14 3SZ
Tel: +44 1684 585 257
ID & Authentication, ID Credential and
Document Security, NonClonableID.
BIO-key International, Inc.
Allaire Corporate Center
Building D Suite A
New Jersey NJ 07719
Tel: +1 732 359 1100
Biometric Identification Solution, ID
Software Provider, Finger-based
Identification Systems.
Bion Biometrics Inc.
38 Summerwind Crescent
ON K2G 6G5
Tel: +1 613 823 8928
Biometric Standards & Systems, Testing.
Oranienstrasse 91
D-10969 Berlin
Tel: +49 30 25 98 0
Verification & Authentication Solutions,
eID-Credentials, ID Management, ID
cards, Biometric Smart Cards,
Biometric Solutions, ePassports
Cancard Inc.
177 Idema Rd.,
ON L3R 1A9
Tel: +1 416 449 8111
Manufacturer & Card Personalisation
Systems, ID Card Printing.
Cardag Deutschland GmbH
An der Allee 6
D-99848 Wutha-Farnroda
Tel: +49 36921 30 70
Manufacturing & Personalisation, ID
16 Hughes, Suite 100
CA 92618
Tel: +1 949 380 1312
Manufacturing & Personalisation,
Identity Smart Cards, Card Readers,
Card Printers.
CBN ID Systems Division
Canadian Bank Note
ON. K2E 7T9
Tel: +1 613 722-6607
Secure Documents Solutions, ID
Credential Design & Issuance, Readers,
ID Cards, Passports, Visas, Drivers
C&C RFID (Shanghai) CO., Ltd.,
14/F, C&C Building,
Tai Po, N. T.,
Hong Kong
Hong Kong
Tel: +86 21 5922 6666
Security Printing, Inlays, ePassports.
Centro Grafico DG
Via Einstein, 76
20010 Marcallo
Tel: +39 02 9761301
Card Personalisation Solutions, Security
Foils, Security Printer, , Security Papers
Security Hologram, ePassports
Graphic and Documentation Services
opova 24
SI 3000 Celje
Tel: +386 3 4278 500
Secure Printed Document Systems,
Biometric Passports, ID Cards.
ZF Friedrichshafen
D-91275 Auerbach/OPF
Tel: +49 9643 18 0
Biometric Readers, Identity Access
Management, Authentication Server.
Loc. Braine, 54/A
Tel: +39 051 67 76 611
Manufacturer & Card Personalisation
Solutions, Card printers.
F17, 1703,
Economic Center Building,
Zhonghaixin Science & Technology Park
Bu Lan Road,
Shenzhen 518057,
Tel: +86 755 8611 7608
Readers, Access control & Attendance,
Mobile Identification Devices.
Integri NV
B-1932 Zaventem
Tel: +32 2 717 69 00
ePassport Test Validation Platforms.
Cognitec Systems GmbH
Grossenhainer Str. 101
Tower B
Tel: +49 351 862 920
Identity Management Systems, Face
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Recognition Software, Verification,
Biometric Solutions.
Collis B.V.
De Heyderweg 1
2314 XZ Leiden
The Netherlands
Tel: +31 71 581 36 36
IID Management, e-Identification
Testing Tools, ePassports, Health Cards,
EU Tachograph Cards.
Consult Hyperion
Tweed House
Surrey GU2 4HN
Tel: +44 1483 301 793
Consultants Secure Electronic
Transactions, Smart Identity Cards.
cpi card group
The New Mint House
Hants GU32 3AL
Tel: +44 01730 235700
Manufacturer & Personalisation, NFC &
Contactless Cards, Secure Printing.
Card Personalisation Solutions Ltd.
Gloucestershire GL51 8HE
Tel: +44 0845 130 0240
Personalisation Solutions, ID Cards.
Cross Match Technologies GmbH
Unstrutweg 4
07743 Jena
Tel: +1 561 622 1650
Email: international-sales@
Biometric Identity Management
Systems, Document Biometric Readers,
Mobile Biometrics, Biometrics Software.
Cross Match Technologies, Inc.. is a
leading innovator and provider of
biometric identity management solutions
to governments, law enforcement agen
cies, and businesses around the world.
Offerings include software, hardware,
and related services addressing multiple
biometric technologies. Solutions support
mobile or stationary applications encom
passing fingerprint, palm, and iris
scanners; facial capture systems; docu
ment readers; AFIS/ABIS systems; and,
professional services.
Learn more at
Cryptography Research
11th Floor
CA 94105
San Francisco,
Tel: +1 415 397 0123
Email: cri-information@
Semiconductor Security Technologies,
Personalisation, Testing.
Cryptomathic Ltd
327 Cambridge Science Park
Milton Road,
Cambridge, CB4 0WG
Tel: +44 1223 225350
Manufacturing, Personalisation, ID &
Authentication, PKI, ID Issuers.
Chan Wanich Security Printing
699 Silom Road, Bangrak,
Bangkok 10500
Tel: +66 2635 3355
Security Printing, Security Documents:
ID Cards, Passports.
CT Lay
Via Medicine 875
San Vito di Spilamberto
Modena 41057
Tel: +39 059 799933
Secure Documents, Personalisation,
Lamination, Holograms.
CTS electronics Spa
Corso Vercelli 332,
Tel: +39 0125 235611
Printing & Personalisation: ePassports
Computime Systems
Unit 4 Woodside Mews
Leeds LS16 6QE
West Yorkshire
Tel: +44 113 230 2002
Access Control Solution, Readers &
Terminals, Time & Attendance.
cv cryptovision GmbH
Munscheidstr 14
Tel: +49 209 167 24 50
Embedded Security & Crytography, ID
Document Issuance, eID Cards,
Authentication Server, PKI.
11955 Freedom Drive
VA 20190
Tel: +1 703 984 4000
Identity Security software, Biometric and
Identity Solutions, Verification.
Datacard Group
Datacard EMEIA
Hampshire, PO15 7FH
Tel: +44 1489 555 600
Personalisation, Secure ID Solutions,
Printers, Identity & Issuance.
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
Datang Microelectronics
Technology Co., Ltd.
6, YongJia North Road ,
Haidian District
Beijing, 100094
Tel: +86 10 58953111
Manufacturer & Personalisation, ID
Contactless Smart Card, ID Chip.
Via Cancelliera,59
00040 Ariccia
Tel: +39 06 930261
Personalisation, Passports, Drivers
Licenses and ID Cards, ePassports.
De La Rue Identity Systems
De La Rue House,
Jays Close Viables
RG22 4BS
Tel: +44 1256 605000
Email: group.communications
Secure Documents Solutions, Secure ID
Solutions, Security Printing, ePassports.
DERMALOG Identification
Systems GmbH
Mittelweg 120
20148 Hamburg
Tel: +49 40 413 227 0
Biometric Fingerprint ID Cards,
Biometric Readers, Biometric Solutions,
Mobile Identification Devices, Identity
Proofing Services.
Gottlieb-Keim-Str. 56
Tel: +49 921 79279 0
Readers, Access control, Biometric
Digital Identification Solution
Teckstrae 52
Esslingen am Neckar 73734
Tel: +49 711 341689 0
Personalisation Systems, Authentication
ID, ID Card Printing, Security
Identification Solutions, ePassport/Visa,
Security Printing
Digital Persona, Inc.
720 Bay Road
CA 94063
Tel: +1 650 474 4000
Readers & Terminals, Fingerprint
Biometrics, Authentication.
Diletta ID-Systems
Industriestrasse 25-27
64569 Nauheim
Tel: +49 6152 1804 0
Passport Printers, Access Management,
Passport Personalisation Systems.
28 Main Street East
NY 14614
Tel: +1 585 325 3610
Personalisation, Document Security
Systems, Printing, Authentication & ID.
552 Woncheon-dong,
Youngtong-gu Suwon,
Gyeonggi-do 443-380
South Korea
Tel: +82 31 213 0074
ID Card Readers, Test, E-Payment
Solutions, Secure ID Solutions.
EDAPS Consortium
64 Lenina Str.,
Kyiv 02088
Tel: +38 44 561 25 90
ID Security Documents, Manufacturing,
Personalisation, ePassports, Drivers
Licence, Security Document Printing, ID
Smart Cards
immeuble Atalis 1
Tel: +33 2 23 45 14 30
Email: development@edsi-
Personalisation & Card Test Tools,
Secure Smartcard Operating Systems,
Healthcare & Transport ID Cards,
Reader Access Control, Consulting.
Electronic Trade Solutions Ltd.
Beaux Lane House,
Mercer Street Lower
Dublin 2
Tel: +353 87 929 0768
ID Cards & Passport Readers,
Fingerprint Scanner, Biometric Readers,
ID & Authentication Application.
Elliott identification systems
TN 38134
Tel: +1 901 372 4600
Secure Identity Solutions, ID Card
Three Lincoln Centre
Dallas, Texas 75240
Tel: +44 118 953 3000
Identity-Based Security Solutions,
Access Control, Authentication & ID.
Emperor Technology
Shenzhen Emperor Technology
Development Co., Ltd.
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Tel: +86 755 83416677
Card Personalisation Systems, Secure
ID Systems, Card Payment Terminals,
ID Cards Solutions.
27 bis Bd Charrier,
Tel: +33 6 80 23 77 79
Security of Credentials, Identity Access
exceet Card AG Mnchen
Edisonstrae 3
Tel: +49 89 33034-0
ID Management Solutions, Readers,
Embedded Electronics & Security
ITW Security Group
ZAE La Biste - BP48
34671 Baillargues Cedex
Tel: +33 4 67 87 66 99
Design & Produce Security Documents,
Authentication & Verification,
Manufacturing & Personalisation.
Feitian Technologies Co., Ltd.
Floor 17th, Tower B,
Haidian District
Beijing 100085
Tel: + 86 010 62304466
ID Smart Cards, Readers, PKI,
Authentication Token.
Immeuble le Phnix 1
24 rue mile Baudot
91120 Palaiseau
Tel: +33 1 64 53 36 50
Consulting, eIdentity Testing Solutions,
Testing ePassport.
Foster & Freeman Ltd
Vale Business Park,
WR11 1TD
Tel: +44 1386 768050
Authentication & Verification,
Verification Instruments for Security
Documents i.e. Passports & ID Cards.
Gars pasauli
Salomjos Nries str. 69,
Tel: +370 5 24 999 00
Security Printing Solutions.
Gemalto NV
Barbara Strozzilaan 382
1083 HN Amsterdam,
The Netherlands
Tel: +31 20 562 06 80
ID Security Solutions, Secure Personal
Devices Software, Identity and Access
Management, ID Cards & ePassports,
Secure Documents.
Building U & V
80022 Arzano (NA)
Tel: +39 02 26599419
Embedding Security Paper, ePassports,
ID Cards.
GET Group
Global Enterprise Technologies Corp.
MA 02451,
Tel: +1 781890 6700
ID Document Systems Integrators &
Issuers, Authentication & ID, ePassports,
Visas, Drivers License & Identification
Giesecke & Devrient (G&D)
Prinzregentenstrasse 159
D81677 Munich,
Tel: +49 89 4119 0
ID Security Solutions, Passports, Visas,
National ID Cards, Drivers licences,
Health Cards, Tachograph Cards &
Residence Permits, Identity Proofing.
Giesecke & Devrient is a leading inter
national technology provider with a long
tradition. G&D develops, produces, and
markets products and solutions for
payment, secure communication, and
identity management. The company
provides innovative security technologies
in connection with banknotes, security
documents, and ID systems as well as
smartcard-based solutions for tele
communications, electronic payments,
and secure mobile applications. G&D
maintains a leading competitive and
technological position in these areas.
The groups clients most notably include
central banks and commercial banks,
wireless communications providers,
businesses, governments, and public
5, Boulevard Marie et Alexandre Oyon
72019 Le Mans Cedex 2
Tel: +33 811 709 710
Systems Integrator, ID Health Cards.
GMX YouTransactor
32, rue Brancion
75015 PARIS
Tel: +33 1 75 43 75 20
Mobile Identication Devices.
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
Tel: +7 495 363 2370
Security Printing Solution.
Graphic Security Systems Corp.
Lake Worth,
FL 33467
Tel: +1 561 966 0501
Security Printing Solution,
Authentication & Verification,
Document Security.
HID Global
Haverhill Business Park
Suffolk CB9 7AE
Tel: +44 1440 714 850
Secure Identity Solutions, Government
Document Security Solutions, e-
Passports, e-Visas, e-Health & e-Drivers
Licence, Authentication Tokens.
HJP Consulting GmbH
Hauptstrasse 35
33178 Borchen
Tel: +49 5251 41776 0
ID Systems Consultancy,
Manufacturing, Personalisation & Card
Test Tools, e-Passports, eID Cards and
eHealth Card & IT Systems.
Tel: +90 212 4672467
Manufacturing & Personalisation, ID
Cards & Health Cards..
Hologram Industries
22 Avenue De lEurope
Tel: +33 1 64 76 31 00
Manufacturing & Personalisation,
Digital Security Solutons, Identity &
Travel Documents, Drivers Licenses,
Passports, ID Cards, Visas, ID Cards &
Passport Readers.
HOTech Hellenic Organotiki
3 Alkmanos st.
Tel: +30 211 1817900
Identity Management Solutions,
ID Card Solutions.
hw-engineering GmbH & Co. KG
Im Schnblick 24
DE - 73066
Tel: +49 7163 530818
Personalisation & Authentication, ID
Card Solutions, ID Card Issuers,
Machinery-Personalisation, Printers.
Ronda Can Fatj 21
08290 Cerdanyola
Tel: +34 935942474
Authentication of ID Document
Systems, Integrators, ID-Cloud, Identity
Fraud & Document Mangement.
ID3 Semiconductors
5 rue de la Verrerie
Tel: +33 4 76 75 75 85
Readers & Terminals, ID &
Authentication, Identity Proofing
Services, Biometrics Software.
ID Tech
Rothenberg Nord 3
Tel: +49 8851 4099980
Contactless Reader.
Identita Technologies Inc.
4580 Dufferin Street
North York
Ontario, M3H 5Y2
Tel: +1 416 650 9505
Identity Authentication Solutions &
Systems, ID Smartcards, Machinery-
lamination, Identity Management
IDpendant GmbH
Edisonstr. 3
85716 Unterschleissheim
Tel: +49 89 3700 110 0
Identity & Access Security Solutions,
Readers & Terminals, Authentication, ID
Card Management Systems, ID Cards.
ID Technology Partners, Inc.
Conference and Technology Center
Suite 110
MD 20877
Tel: +1 301 990 9061
Identity Credentialing Solutions, Identity
Management, Credentialing Systems.
Donnersbergweg 1
67059 Ludwigshafen
Tel: +49 62 166900940
RFID Readers and RFID Tags, Access
Incard SA
CH - 1228 Plan Les Ouates
Tel: +41 22 929 29 29
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Manufacturing & Personalisation,
Readers & Terminals, e-ID Smartcards.
Identive Group
c/o Hirsch Electronics
Santa Ana, CA 92705
Tel: +1 949 250 8888
Identity Solutions Management,
Readers, Personalisation, Physical
IAI industrial systems
P.O. Box 200
5500 AE Veldhoven
The Netherlands
Tel: +31 40 254 24 45
Personalisation Systems, ID &
Authentication, Passports, Security
Documents, ID Card Personalisation
Infineon Technologies S.A.S
39/47, Boulevard Omano
93527 Saint-Denis CEDEX 2
Tel: +33 1 48097200
Chip Manufacturers, ePassport
Solutions, Government Identification: e-
Passport, ID cards, Health Cards,
Social Card & Driver License.
Ingenia Technology (UK) Ltd.
4-6 Throgmorton Avenue
London EC2N 2DL,
Tel: + 44 207 256 9267
Email: enquiries@ingenia
Document Authentication, Scanner.
Ingenico Healthcare/e-ID
Immeuble River Seine
92158 Suresnes Cedex
Tel: +33 1 46 25 80 80
e-ID & Authentication, Secure e-Identity
documents, Healthcare e-ID &
Transport Cards, Card Readers.
18 East 16th Street
New York,
NY 10003
Tel: +1 646 233 1454
Authentication, Security Document
19495 Biscayne Blvd.
Suite 800 Aventura,
Florida 33180
Tel: +1 305 682 9220
Manufacturing & Personalisation,
Biometric Smart Card, ID &
Authentication, Authentication Tokens.
Inspectron Ltd.
Apex House
BA11 3AS,
Tel: +44 01373 452555
Secure Document Verification Solutions,
ePassports, Secure Documents
Solutions, Security Print.
Intercede Group plc
Lutterworth Hall,
St. Marys Road
LE17 4PS
Tel: +44 1455 558 111
ID & Credential Management Systems,
Identity Verification, Physical Access,
Mobile Identity Verification.
1 North Bridge Road
Singapore 179094
Tel: +65 6338 8370
Government Secure Credentialing
Processes, Secure Printing, Identity
Iris ID Systems, Inc.
Cedar Brook Corp Center
Cranbury, NJ 08512
Tel: +1 609 819 4747
Authentication & Verification, National
ID, Access Control.
Istituto Poligrafico e Zecca dello
Stato S.p.A.
Via Salaria,
1027 00138 Roma
Tel: +39 06 85081
Secure Documents, Identity Cards,
ITW Covid Security Group
32 Commerce Dr,
NJ 08512,
Tel: +1 609 395 5600
Personalisation, Holography, Secure
Printing, Secure Documents.
GAP Laser srl, Via Ponte Chiusella, 28
10090 Romano (TO)
Tel: +39 0125719286
Card & ePassports Personalisation, ID
Cards, ID Secure Printing.
Jura JSP
Gebhardtgasse 13/8
1190 Vienna
Tel: +43 1 367 83 88
Card Personalisation, Biometrics, High
Security Features, Biometric Reader,
Secure Printing Technology.
Keesing Reference Systems B.V.
Hogehilweg 17
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
Tel: +31 20 7157 800
Email: info@keesingreference
ID Document Checker & Scanners,
Authentication & Verification.
17, avenue Jean Kuntzmann
38330 Montbonnot
Tel: +33 4 76 61 02 30
Testing & Certification, ePassport Test
Validation Platforms.
Ikaroslaan 24
B-1930 Zaventem
Tel: +32 2 346 25 23
eID Solutions, Terminals.
Kobil Systems GmbH
67547 Worms,
Tel: +49 6241 30040
Mobile Identification Devices.
Leonhard Kurz Stiftung & Co. KG
90763 Fuerth
Tel: +49 911 71 41 0
Personalisation System, Hot Foil
Stamping, Signature Foils, Security
Foils, Secure Printing Technology.
LAB ID srl
Via Corticella 11/4
Loc. Trebbo di Reno,
Tel: +39 051 70 59 41
RFID Contactless ID, Readers.
Landqart AG
Kantonsstrasse 16
Tel: +41 81 307 90 90
Secure Identity Paper, Passports & Visa
LMC S.p.A.
Laser Memory Card
00197 - Roma
Tel: +39 06 3361 6091
Authentication & Verification Systems,
Readers & Writers.
LEGIC Identsystems Ltd.
Binzackerstrasse 41
Post Box 1221
CH-8620 Wetzikon
Tel: +41 44 933 64 64
Readers & Terminals Chips, Contactless
ID Cards, ID/Access Contactless Cards,
Access Control, Consulting.
Leonhard Kurz Stiftung & Co.
Schwabacher Strasse 482
90763 Frth,
Tel: +49 911 71 41 0
Personalisation System, Hot Foil
Stamping, Signature Foils.
Sli st. 3A,
Tel: +370 5 271 59 37
Security Printing Solutions.
Lumidigm, Inc.
801 University Blvd SE, Ste 302
Albuquerque, NM 87106
Tel: +1 505 272 7084
Authentication Solutions, Fingerprint
Readers, Attendance Terminals.
Ultra Electronics Card Systems
Dorset DT4 9XD,
Tel: +44 1305 767 100
Printers, ID Smart Card Printers.
MaskTech GmbH
Nordostpark 16
90411 Nuremberg
Tel: +49 911 955149 0
Secure ID Solutions, Chip Operating
Systems, ID Chip Solutions,
Personalisation Software, ePassport,
eNational-ID, Health Cards, eDrivers
Matica System S.p.a.
Via G. Rossa 4/6
20037 Paderno Dugnano (MI)
Tel: +39 02 922 72501
Card Personalisation Systems, Card
Mailing Systems, Printers, Digital
Identification Solutions, Secure Printing
Merkatum Corp.
Suite 103
9111 Jollyville Road
Austin, Texas
Tel: +1 512 687 3157
Biometric Security & ID, Biometric
Identity Management Solutions,
Credentialing, Mobile Identification,
Access Control, Tme & Attendance.
MELZER maschinenbau GmbH
Ruhrstr. 51-55
58332 Schwelm
Tel: +49 2336 9292 0
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
ID & Security Machine Solutions, e-
passports, RFID Tickets, Tags & Labels.
JSC Mikron
Moscow 124460
Tel: +7 495 229 72 99
ID Chips, Authentication Tokens.
Postbus 5300
2000 GH Haarlem
The Netherlands
Tel: +31 23 799 5111
Manufacturing & Personalisation,
Biometric ID Documents, e-Documents,
Identity Cards, Passports, Driver
Licenses and Healthcare cards, Identity
& Access Management, Authentication
Server, ePassports.
296 Concord Road
Billerica, MA 01821
Tel: +1 978 215 2400
Document authentication, Identity
Management Solutions, Contactless
smart card.
Mhlbauer AG
Josef-Mhlbauer-Platz 1
93426 Roding
Tel: +49 9461 952 0
Manufacturing & Personalisation,
Secure ID Solutions Machinery, e-
Passports, e-Driving Licences, e-ID
Cards and RFID labels.
3370 N San Fernando Rd., Ste 202
Los Angeles, CA 90065
Tel: +1 888 383 6083
Secure ID card solutions, ID
Management, Consultancy.
NagraID - Kudelski Group
Le Crt-du-Locle 10,
P.O. Box 1161
2301 La Chaux-de-Fonds,
Tel: +41 32 924 04 04
Manufacturing & Personalisation, ID
Card Solutions, Government & Secure
ID Credentials, e-Service ID Cards:
Citizen IDs, Key Card, e-Consumers
Card, Identity & Access Management.
NagraID offers tailor-made solutions
based in multi-application smart card
solutions including high security printing
features with contact and/or secure
contactless technology, and has devel
oped a unique and patented process to
manufacture ISO Display Cards for
citizens IDs and secure IDs use
We support also Citizens ID programs
with our NagraID Bio-platform that is an
ideal solution for rapidly and safely
deploying applications such as national
e-IDs, eHealth and other ID programs.
The core software of our Bio-platform
solution are based in the latest
technologies available on the market
(COTS - Commercial-Off The-Shelf) and
has been designed and integrated
transparently with other information and
business systems. This approach insures
that the system provided has robust and
scalable foundations that comply with
current national and international
Secure Manufacturing Plant for ID
Credentials certified ISO 9001:2000
3 Avenue dAmazonie,
91952 Les Ulis cedex,
Tel: + 33 160 92 23 23
Manufacturing & Personalisation, ID &
Access Cards.
Natural Security
Parc Euratechnologies
165 Avenue de Bretagne
59000 Lille
Tel: +33 0 361 761 461
Biometric Access Control Reader, ID &
Authentication Application.
NBS Technologies
Zone Industrielle,
Avenue Villevieille
13106 Rousset Cedex
Tel: +33 4 42 53 27 72
ID Manufacturer, ID Card Printers,
Personalisation, Trusted Service
Manager (TSM).
Ple dactivits Y. Morandat
13120 Gardanne
Tel: +33 4 42 50 70 05
IDentity Solutions, Smart Card Identity
NEC Corporation
7-1, Shiba 5-chome,
TKY 108-8001
Tel: +81 3 34541111
Contactless Smartcards, Fingerprint,
ePassport, Healthcare ID, Biometrics
Identification Solutions,
Softwarepark 37
A-4232 Hagenberg
Tel: +43 7236 3351 4600
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m 92
ID & Authentication Application, Access
& Security.
Nidec Sankyo
Suwa-gun, Nagano
Tel: +81 75 922 1111
Email: sankyo-corpplan@atc.nidec-
Biometrics Reader.
Le Grand Bosquet - Bt C
A-4232 Hagenberg
ID Card Solutions, ID & Health Cards,
Contactless Card Readers, PKI.
4 rue du port aux Vins
92150 Suresnes
Tel: +33 1 40 99 52 00
Semiconductors, ID Cards IC, Reader
ICs, eGovernment.
Oberthur Technologies
50, quai Michelet
92532 Levallois-Perret
Tel: +33 1 55 46 72 00
Manufacturing & Personalisation Secure
Identity Documents, Secure Documents,
ID Smart Cards, Security Printing,
Personal ID Verification Card.
OmniPerception Ltd
20 Nugent Road,
Surrey GU2 7AF
Tel: +44 1483 688350
Identity Management Solutions,
Biometric Solutions, Access Control,
Time & Attendance, Face Recognition.
On Track Innovations, Ltd. (OTI)
ZHR Industrial Zone
Rosh Pina, 12000
Tel: +972 4 6868000
Smart ID Integrating & Issuing
Solutions, ID & Authentication, eID
Cards, ePassports, Driver Licenses,
OPSEC Security Ltd.
40 Phoenix Road
Tyne & Wear NE38 OAD
Tel: +44 191 417 5434
Personalisation & Authentication,
Passport and Travel Document
Solutions, ID Card Security, ID Cards.
11-13 rue Ren Jacques
92131 Issy-Les-Moulineaux Cedex
Tel: +33 01 55 64 22 00
Trusted Identities, IDigital Identity
Management Solutions, Citizen ID &
Corporate ID.
18, rue de Cosswiller,
67310 Wasselonne
Tel: +33 3 88 40 25 01
Access Control, Identification &
Authentication Solutions, Biometric
Contactless Cards, Readers, Fingerprint
Postbus 4
The Netherlands
Tel: +31 13 52 11 256
ID Document Solutions.
Otto Knnecke GmbH
Blte 1
Tel: +49 55 31 93 00 0
Personalisation Systems, Manufacture
Machines, Verification.
OVD Kinegram AG
Zhlerweg 12
CH-6301 Zug
Tel: +41 41 724 47 00
Security Personalisation, Security
Holographic Element.
Willoughby Road,
Berks, RG12 8FP,
Tel: +44 1344 706900
ePassport Reader, Handy Terminal/
Printer, POS System.
Hamburger Strasse 6
D-22952 Ltjensee
Tel: +49 4154 799 0
Card Personalization, Passport Inlays,
Secure Document Solutions, Card
Prelaminates, Passport Inlays.
Payne Security
Wildmere Road
OX16 3JU
Tel: +44 1295 265601
ID & Authentication, Personalisation
System, Security Overlays, Passports &
National ID Cards Print & Holography.
PGP Group Ltd
Sanlian Industrial Zone
Shenzhen 518108,
Tel: +852 8191 4158
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Manufacturing & Personalisation,
Security ID Cards, Holographic.
Precise Biometrics AB
Box 798
220 07 Lund
Tel: + 46 46 31 11 00
Biometric Solutions, Card Readers,
Fingerprint Solutions, Smart ID Cards,
Government ID Systems.
Prooftag SAS
1100, Avenue de lEurope
F-82 000 Montauban
Tel: +33 5 63 21 10 50
Secure Document Solutions, ID &
Authentication, Personalisation
Solutions, Passport, Identity Cards,
Visas, Driving Licence.
Radee papir, d.o.o.
Njivice 7
Tel: +386 3 568 03 01
Security Paper, Security Printing,
Regula Ltd
Regula Forensic science systems
Republic of Belarus
Tel: +375 17 2862825
Passport & ID Document Readers,
Biometric Reader.
Riscure B.V.
Frontier Building
2628 XJ Delft
The Netherlands
Tel: +31 15 251 4090
Security Test tools.
Floor 4
125212 Moscow,
Tel: +7 495 933 8513
Personalisation ID Cards, Access
Control, Consultancy, Biometric
Passport Software.
ruhlamat GmbH
Sonnenacker 2
99819 Marksuhl
Tel: +49 36925 929 0
Manufacturing & Personalisation,
Passport Processing Solutions,
ePassports, RFID inlays, Personalisation
Machine Solutions.
ruhlamat is an innovative German
machine manufacturer providing equip
ment for the production of:
Smart cards
RFID Inlays
Chip modules
With an extensive background as an
innovator in the industry, ruhlamats
particular areas of expertise in card
personalisation are high quality laser
engraving and HD DOD inkjet printing
unmatched in todays industry.
Safe ID Solutions AG
Willy-Messerschmitt-Strae 1
85521 Ottobrunn
Tel: +49 89 45 21 26 0
ID & Authentication, Public &
Corporate Security, Secure,
Credentials, ID Documents
Safelayer Secure Communications S.A.
C/ Basauri 17 Edif. B,
Plta. Baja Izq. Ofic. B
28023 Madrid
Tel: +34 917 080 480
ID & Authentication, eID Cards &
ePassports, PKI, Consultancy, Electronic
SafeNet UK
Blackwater, Camberley
Surrey GU17 9AB ,
Tel: +44 1276 608000
ID & Authentication, Government
Security Solutions.
Safran Morpho
NH 2031 CG
The Netherlands
Tel: +31 23 799 51 11
ID & Authentication, Identification,
Detection and eDocument, Biometrics,
ePassports and Identity Cards, Drivers
Sceencheck Europe BV
2621 Corrinado Court
Fort Wayne IN 46808
Tel: +1 866 484 0611
ID Card Software Systems and
Solutions, ID Printers.
Secure IC
37- 39, rue Dareau,
75014 Paris,
Tel: +33 1 45 81 82 34
Chips, Secure Microchips.
Security Foiling Ltd
Foxtail Road
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
Suffolk IP3 9RT,
Tel: +44 1473 707204
Security Foils, Holograms.
secunet Security Networks AG
Kronprinzenstr. 30
45128 Essen
Tel: +49 201 5454 0
Biometrics and Electronic ID Solutions,
Secure Electric Processes, Identity
Selp Secure
Rue Louis Pergaud
16000 Angoulme
Tel: +33 5 45 25 17 00
Secure Documents Solutions, Printing.
Avenue de Florissant 41
1008 Prilly,
Tel: +41 21 627 55 55
Security Ink Technology, Passports,
Government Security Solutions.
105 Piccadilly,
6th floor
London W1J 7NJ
Tel: +44 20 7629 9279
Secure Document Solutions, ID &
Authentication, Biometric Security,
Identity Management Software,
Biometric Identity Management.
Smart Cube Information Tech.
PO Box 1301 Amman
Tel: +962 6 460 2000
Passport & Visa, ePassports, Automated
Fingerprint Identification System, Secure
Printing Technology, e-Gate System.
Smart Packaging Solutions (SPS)
85 avenue de la Plaine,
ZI de Rousset
13106 Rousset Cedex
Tel: +33 4 42 53 84 40
Manufacturing, Pre-Personalisation,
Secured Contactless Products,
ePassport, Identity, Banking.
With more than 20 years, Smart
Packaging Solutions (SPS) is a provider
of high value added components for the
contactless Smart Cards market.
Ideally located in Rousset in Provence,
the French Silicon Valley, Smart
Packaging Solutions uses its skills and
unique know-how to deliver high quality,
reliable and easy to use patented
SPS is specialized in the development,
production and sale of high value added
components for secured contactless
products. SPS is therefore positioned at
the heart of the value chain as a supplier
of semi-finished products to systems
integrators and cards/passports manu
facturers or issuers.
Strawinskylaan 851
1077 XX Amsterdam
The Netherlands
Tel: +31 20 30 50 150
eID inlays, ePassports, eID Cards.
Le Carthagne
Z.A. de Courtaboeuf
91940 Les Ulis
Tel: +33 1 64 86 25 25
Readers, e-Passport & ID Card Reader,
128 Place Gambetta
13300 Salon de Provence
Tel: +33 4 90 57 30 20
Test Tools, Card & Reader Test Tools,
Speed Identity AB
Gldlampsgrnd 1
SE-120 31 Stockholm,
Tel: +46 8 702 33 50
Biometric & Security Solutions,
Biometric Data Capture System for
Travel & ID Documents.
13 voie la Cardon
Parc Gutenberg
91120 Palaiseau
Tel: +33 164 53 20 10
Readers & Writers, ID Biomeric
solutions, Access Control.
39, Chemin du Champ des Filles
CH 1228 Geneva
Tel: +41 22 929 29 29
Manufacturer Semiconductors, Readers
& Terminals, ID & Authentication.
ST Incard S.r.l
Z.I. Marcianise Sud
CE 81025
Tel: +39 0823 630 111
Manufacturers ID Cards, Biometric
Solutions, eID Cards, Biometric ID, PKI.
Suprema Inc.
16F Parkview Office Tower,
Jeongja-dong, Bundang-gu Seongnam,
Gyeonggi, 463-863
dat abase
w w w . g l o b a l s m a r t . c o m | I D C R E D E N T I A L S
Tel: +82 31 783 4502
ePassport Readers, Time & Attendance,
Biometric Reader.
13 Station Approach
TW15 2GH
Tel: +44 1784 730352
Identity Management Solutions, Identity
Authentication & Verification, ID
Readers, Biometric Security Software
Solutions, Drivers Licenses, Passport/
Visas, National ID Cards.
Syx Graphics ID Solutions
Dr. Vandeperrestraat 182
2440 Geel
Tel: +32 14 96 00 96
Manufacturing & Personalisation, ID
Card Solutions , ID Security Solutions,
Printing, Biometrics Software.
TAG Systems SA
Ctra. de la Comella, 49
Tel: +376 879 600
Manufacturing & Personalisation, Smart
ID cards, High Security ID cards,
Authentication Server, Biometrics
Taurus Secure SolutionS Ltd.
Athens 11257
Tel: +30 210 8225926
Security Printing Solution, Holographic,
Authentication & Verification.
Team Nisca
100 Randolph Road
New Jersey, 08873
Tel: +1 732 271 7367
Machinery Personalisaton, ID Card
tesa scribos GmbH
Quickbornstr. 24
20253 Hamburg
Tel: +49 40 4909 6330
Security Solutions, Document
Teslin Substrate
PPG Industries
Monroeville, PA 15146
Tel: +1 888 774 2774
Security Papers.
Security Solutions & Services Division
92526 Neuilly-sur-Seine Cedex
Tel: + 33 1 57 77 80 00
Readers & Terminals, ID &
Authentication, Manufacturing &
Personalisation, ID Management
Software Solutions, Access Control,
Biometrics Software.
Thames Card Technology Ltd
thames house
Essex SS6 7UQ
Tel: +44 1268 77 55 55
Manufacturer and Personalisation ID
cards, Consultancy.
Toppan Printing Company
Old Change House,
128 Queen Victoria Street
Tel: +44 20 7213 0500
ID & Authentication, Document
Security, Kamicard, ePassport.
Trb AG
Hintere Bahnhofstrasse 12
5001 Aarau,
Tel: +41 62 832 00 00
Manufacturing & Personalisation,
Secure document Solutions, ID &
Authentication, National Identity
Documents, ID Smartcards.
Trusted Labs
5, rue du Bailliage
78000 Versailles,
Tel: +33 1 30 97 26 20
Embedded System Security, Test Tools &
Compliance, Security Consulting.
Trusted Logic
6, rue de la Verrerie
92197 Meudon Cedex
Tel: +33 1 78467600
Security Platform Solutions, ID Smart
Cards, e-Passport and Personal
Identification Platform.
TSSI Systems Ltd
Rutland House,
Groundwell Ind. Estate,
SN25 5AZ
Tel: + 44 1793 747700
Readers, Document Security, ID Card
Management, Passport Readers,
Biometric Security, Access Control.
UL Transaction Security
De Heyderweg 2
2314 XZ Leiden
The Netherlands
Tel: +31 71 581 3636
Transaction Security, Test Tools,
eDocuments, Tachographs, Verification
& Authentication.
dat abase
I D C R E D E N T I A L S | w w w . g l o b a l s m a r t . c o m
Valid USA
220 Fencl Lane
IL 60162
Tel: +1 708 44 2800
Personalisation Solutions, ID
Smartcards, Secure Identity &
Credentialing Solutions.
Vasco Data Security
Koningin Astridlaan 164,
B-1780 Wemmel
Tel: +32 2 609 97 00
Authentication Server, Reader.
Union Community Co.Ltd
44-3, Bangi-dong,
Seoul, 138-050
Tel: +82 2 6488 3062
Biometric Readers.
Virtual Solutions
One Broadway, 14th Floor
Cambridge, MA 02142
Tel: +1 617 395 5895
Secure data platforms.
Vision Database Systems
1562 Park Lane South 500,
Jupiter, FL 33458
Tel: +1 561 748 0711
ID Card Software, ID card and Tracking
Vlatacom d.o.o.
5 Milutina Milankovica
11070 Belgrade,
Tel: + 381 11 377 11 00
Manufacturing & Personalisation,
Authentication & Verification, Biometric
ID and Travel Documents, ID Software
Solutions, .
VoiceVault Inc.
400 Continental Blvd.
6th Floor
El Segundo,
CA 90245
Tel: +1 310 426 2792
Identity Verification, Authentication,
VTT Verschleiteiltechnik GmbH
Am Pferdemarkt 16
D 30853 Langenhagen
Tel: +49 511 519350 0
Secure Document Solutions, Passports,
Personalisation Solutions, Machinery
laminating, National IDs, Driving
W.Arnold GmbH
Mrfelder Landstrasse 11
D 63225 Langen
Tel: +49 610379023
RFID Readers & Terminals, Access
Control, Biometric Systems.
Witte Safemark GmbH
Sendener Stiege 4
48163 Mnster
Tel: +49 2536 991 00
Secure Printing Technology, Access
Xerox France
Rue Claude Chappe
B.P. 345
07500 Guilherand-Granges
Tel: +33 4 75 81 44 44
Mobile Identification Devices, Identity
Access Management.
Zebra Technologies Corporation
475 Half Day Road, Suite 500
Illinois 60069
Tel: +1 847 634 6700
Secure ID Card Printers, Secure Printing
Rue de Strasbourg
1130 Brussels
Tel: +32 2 728 37 11
e-ID & Authentication, Secure ID
Documents, eID Cards, ePassports,
Visas and Driving Licences.
.... For more information please visit