printer friendly version

Putting the 'I' back in ID

In 2005, more than three years since the biggest terrorist attack in modern time, there still exists a reluctance to travel by air. All caused by potential terrorist threats and our disbelief in the aviation industry's ability to prevent similar attacks from happening again. So, post 9/11, what changes have actually been put into practice to make airports and aircrafts safer? Besides endless lines and delays as a result of escalated security and baggage checking procedures, has anything been done to tackle the root of the problem, ie, proper verification of a passenger's true identity? Today the answer is no. Or at least we are not seeing any changes yet. People are still using the same poor means of identification in order to get on commercial aircrafts.

Nevertheless, 9/11 has acted as a security wake-up call for governments all over the world, who are now recognising the imperative need to implement stronger travel identification procedures. As a result many countries are today employing new IT infrastructures to enable more secure and reliable identification of travellers. Only when we have a trusted security infrastructure in place, assuring us that nobody with illegitimate intents can board an aircraft, can we regain our faith in the aviation industry.

Smarter identification of travellers

As it remains a fairly simple task to fraudulently obtain or create false ID cards and passports, which is generally the first step in the security protocol, governments are forced to create a much stronger means of identification. The goal must be to have a secure authentication method in place that eliminates the risk of deceitful individuals travelling under false identities, or for that matter operating within airport facilities without proper authorisation. Something standard identification methods simply cannot offer.

Smart chip card technology has, since 9/11, become a strong focus of interest for solving identity security issues in corporations and governments. The microprocessor chip's ability to store, protect and manage personal data, such as picture ID, fingerprints, digital certificates etc, make them unrivalled devices for hosting identity credentials, offering authentication and privacy capabilities that standard identification documents are unable to match. As the most secure, versatile and portable identification and communication medium, smartcards in both contact and contactless form-factors, have emerged as the optimal solution for providing reliable identification, while at the same time securing the individual's - in this case the passenger's - privacy and integrity.

Smart microprocessor chips can be applied both to ID cards and passports. For ID cards - eg, a driver's licence - a microprocessor chip is embedded in the card body, and when inserted in a reader terminal it displays and authenticates the cardholder's identity credentials. The technology can also be used in wireless mode, ie, through a contactless chip embedded inside a passport booklet page. When presenting the e-passport to a contactless reader terminal at an immigration checkpoint, it is able to perform the very same identity checks as a contact-chip ID card.

A new generation of identity documents

So what are some of the biggest advantages of smartcard technology compared to today's identity documents? Besides the strong security advantages, it is also a highly flexible identification tool in the sense that it enables the user to dynamically manage personal information on the card. Just like a miniature PC, the smart chip, unlike an optical or magnetic stripe device, has an operating system able to utilise key technologies such as Java Card, allowing so called 'post-issuance' services. This ability to upgrade, remove and add identity data or applications in the chip allows for a much longer life-span than what is the case for standard ID cards and passports, which eventually need to be replaced due to common occurrences in life such as marriage status or change of address. Instead passengers and air travel industry employees can continue to use the ID card and/or e-passport as their identity profiles change over time, ultimately resulting in reduced costs and administrative work.

Moreover, through advanced operating systems, smartcards are able to process data and communicate with computing devices, enabling them to perform cryptographic operations based on PKI (public key infrastructure), the de-facto standard for Internet-based transactions. This capability allows an issuer to include Web-based applications on the card, in both contact and contactless mode, such as e-ticketing solutions where a cardholder can purchase tickets and even do check-ins online.

Biometrics for strongest security

Besides being compatible with PKI and Java technologies, one of the strongest forms of identity authentication is achieved by combining smartcard technology with biometrics. When speaking about biometrics we refer to technologies for measuring and analysing unique human body characteristics, such as fingerprints, eye retinas and voice patterns, especially for authentication purposes. Today biometrics represents a preferred solution for a majority of smartcard-based identity and e-passport programmes.

When used in combination with fingerprint recognition, someone's fingerprint can be stored as a template in the chip, together with other personal information including demographic data and picture ID. For example, a traveller approaching an immigration checkpoint is able to present the ID card/e-passport to a reader (contact or contactless) and have his or her fingerprint scanned. By matching the scanned fingerprint against what is stored on the smart chip, the traveller's identity is authenticated. Upon valid authentication, passage is allowed. Besides preventing unauthorised entry, it also acts to reduce immigration clearance time, something that today constitutes a big problem at many international airports.

Electronic identification becoming a reality

Up till recently, the deployment of smartcard-based ID and e-passport programmes has been limited. But today, the increasingly loud technology buzz around smartcard technology has spawned new travel security initiatives around the world, striving to implement new standards for secure identification of passengers and personnel. As a result there are numerous travel security initiatives brewing across the globe.

In the aftermath of 9/11, the US Congress introduced a roadmap for migration to smart chip-based e-passports for citizens and visa waiver countries, in order to strengthen the laws and processes of border control, and ultimately enhance homeland security. To enforce the highest level of security it was recommended that such electronic passports are to use biometric identity credentials to be stored on a contactless microchip inserted inside the page of a passport booklet. By 2005 the countries and vendors involved are expected to have met the technical requirements for a system that will eventually encompass all passport holders travelling to the US.

Moreover, in countries such as the UK, Singapore and several nations in the Middle-East, governments are currently in the process of evaluating alternatives where a smartcard-based national ID card will potentially include passport and visa functionalities. As several countries are currently deploying smart ID cards to their citizens, they are able to capitalise on existing IT infrastructure to add passport and visa applications to the same smart ID card.

Even if some of the above-mentioned initiatives are still at an early stage, mainly due to a lack of global interoperability standards, it is very clear that governments are beginning to take the necessary actions to improve travel and border control security. And one may also speculate that when implemented, these initiatives could potentially revive the trust among us travellers, giving the travel industry a much-needed boost.

Not only passengers that need to be identified

Naturally the smartcard technology can also be applied for airport and airline workers, such as cargo shippers, food service personnel, or even pilots, entering access restricted areas. It is also within these closed user groups that we can expect smartcards in combination with biometry technology to be implemented first. Mainly because deployment within closed user groups is more scalable and thus also more manageable than issuing and integrating smart ID cards and electronic passports for millions of air travellers.

Some of the more mature smart ID card deployments are already taking place within the transportation industry. In the US the TSA (Transportation Security Administration) is deploying its TWIC (Transportation Workers Identification Card) programme. The TWIC programme intends to issue secure ID badges based on high-capacity smartcards and biometrics to all TSA employees working within the US transportation industry. Thus, when fully deployed, the TWIC card will have to be carried by TSA employees at airports all over the US to control access to restricted areas.

Moving towards a safer world

There is still much work to be done between public and private organisations in the air travel industry to ensure that security risks are minimised at all airports or travel checkpoints. However, the first steps are already being taken which is very much reflected in the many ongoing travel security initiatives. Identity verification and authentication remain at the very heart of all the aviation security infrastructures that are currently being developed, and rightly so. With smartcard developments focused on securing our personal data and strengthening the verification through a combination of biometric technology, we have the ability to protect our most important asset - our identity.

As we are rapidly moving towards a more digitally secure world in the workplace as well as our everyday lives, we should expect technology advancements to have a similar impact when we travel. The ball is now in the corner of governments and technology vendors, and to get it rolling we need to prepare ourselves for the big task ahead. Electronic ID cards and passports are no longer a science fiction vision, but very much a reality that will soon concern citizens in all countries. Regardless of the costs and efforts it will take to get there, it is surely a small price to pay for making our world a safer place to live and travel.

Share this article:

Further reading: