The BioP@ss project, funded through the EUREKA micro-electronics cluster MEDEA+, has developed advanced chip cards and embedded software for next-generation biometrics-enhanced passports and identity cards as well as access to pan-European public services. Contactless card scanning and very high speed data interfacing will reduce queues at airports and frontier posts while boosting European security. The technology will improve passengers safety while reducing government administration costs and simplifying access to public pan-European electronic services for citizens. The elements are already being incorporated in systems to meet air travel security standards from 2014.
Some 380 million identity cards are in circulation in the EU’s 500 million population. However, security levels must be raised for electronic e-ID cards and passports while also simplifying access to electronic public services for citizens across Europe. The challenge facing the digital security industry was to meet new standards without changing the infrastructure already in use in airports. It was also necessary to speed card reading to cut waiting times and enable access to much more data.
Extended security required
E-passports and e-ID cards incorporate a microprocessor chip storing crucial private information such as biometrics as well as name, date and country of birth. The EU required extended security to ensure that the chip could not be read without physical access to the ID document and that data exchanged between contactless chip and reading device is encrypted.
New technologies and standards developed during the project, implement asymmetric cryptography reliant on a shared key between reading device and chip during authentication. The result is enhanced data confidentiality which prevents skimming or eavesdropping.
Security specialist Gemalto set out to meet the new requirements through a project bringing together 11 partners in five countries covering all elements of the smart-card platform. “Gemalto invests heavily in research to retain its leadership position and we like co-operative programmes such as EUREKA for this type of complex innovative project,” explains Patrice Plessis of Gemalto.
“Gemalto invests heavily in research to retain its leadership position and we like co-operative programmes such as EUREKA for this type of complex innovative project.”
Patrice Plessis, Gemalto, France
While the initial focus was on e-passports and e-ID cards, applications were also envisaged for health-service access, electronic voting and driving licences. “We built on the results of the previous MEDEA+ Onom@Topic project,” says Plessis. The project won two years ago the prestigious EUREKA Innovation Award, rewarding every year a research project leading to outstanding commercial results.
Facial image verification is the main use of biometrics features with e-passports and e-ID cards. The goal of BioP@ss was to develop an innovative match-on-card biometrics environment, suitable for on-card processing, and to develop an environment enabling users to interact from a biometrics e-ID personal device with a set of multiple near-field communication (NFC) enabled terminals. Concretely, airplane passengers will simply have to pass through a gate with their passport in their pocket to be immediately identified. This could replace the long waiting line at airports’ passport controls.
All this required new chip technologies which have provided several innovations such as very high bit rate contactless interfaces, able to transmit thousands of data parameters within a few seconds, advanced biometrics and NFC connectivity that will enable the delivery of innovative services to citizens by simply using a personal e-ID.
It will be possible to reuse the building blocks developed in middleware/software, biometrics and protocols in other projects and platforms to improve European security and competitiveness.”
Advances in BioP@ss included further development of security chips and encryption technologies, and security software for personal computers. Data transfer rates between cards and readers have been increased more than tenfold – from 800 kb/s to 10 Mb/s. Moreover, a new chip-card operating system makes it possible to use future e-ID documents on the Internet without any additional software components on the PC.
“We also worked on proof of security for supplemental access control for e-passports, contributing a new standard called PACE -Password Authenticated Connection Establishment-, which was adopted in mid 2011,” says Plessis. In addition, the EUREKA project contributed to a new ISO standard for contactless data transfer, currently under consideration, and to the CEN IAS standard for the European Citizen Card.
Increasing security and mobility
BioP@ss made advances in the development of a software making operations on ID related data more transparent, thus creating the necessary protocols for what are already called third-generation passport, e-ID cards and resident permits. Those are very important for the new travel regulations initiated by the International Civil Aviation Organisation, or ICAO, entering into practice from the end of 2014.
The technologies developed are being incorporated into card platforms by the BioP@ss partners. Packages including the technology are already on the market, while card specialists Gemalto and Giesecke & Devrient are working on complete contactless means of Internet authentification. Benefits include increased mobility in Europe with faster and more flexible access to e-government and better protection of personal data. “Moreover, it will be possible to reuse the building blocks developed in middleware/software, biometrics and protocols in other projects and platforms to improve European security and competitiveness,” points out Plessis.