Study on ID Documents” Author: WP3 Editors: Dr
Total Page:16
File Type:pdf, Size:1020Kb
FIDIS Future of Identity in the Information Society Title: “D3.6 Study on ID Documents” Author: WP3 Editors: Dr. Martin Meints (ICPP, Germany) Marit Hansen (ICPP, Germany) Reviewers: Jozef Vyskoc (VAF, Slovakia) Ronald Leenes (Tilburg University) Mark Gasson (Reading University) Identifier: D3.6 Type: [Deliverable] Version: 1.10 Date: Wednesday, 20 December 2006 Status: [Final] Class: [Public] File: fidis-wp3-del3.6.study_on_id_documents.doc Summary This document gives an overview of concepts, prototypes and implementations of European ID documents including machine readable travel documents (MRTDs). Although not totally comprehensive, it summarises basic technologies that are used for ID documents such as PKI, RFID, biometrics and chip card technologies. Legal grounds for European MRTDs are described and analysed. In addition to a short overview on implementations, five good practice examples are described and discussed. Security and privacy aspects of ID documents are analysed basing on current state-of-the-art in the described basic technologies and existing implementations of ID documents. Further, critical elements of cost projections for ID documents are presented and analysed from a social perspective. Copyright © 2004-06 by the FIDIS consortium - EC Contract No. 507512 The FIDIS NoE receives research funding from the Community’s Sixth Framework Program FIDIS D3.6 Future of Identity in the Information Society (No. 507512) Copyright Notice: This document may not be copied, reproduced, or modified in whole or in part for any purpose without written permission from the FIDIS Consortium. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. The circulation of this document is restricted to the staff of the FIDIS partner organisations and the European Commission. All information contained in this document is strictly confidential and may not be divulged to third parties without the express permission of the partners. All rights reserved. PLEASE NOTE: This document may change without notice – Updated versions of this document can be found at the FIDIS NoE website at www.fidis.net. [Final], Version: 1.10 Page 2 File: fidis-wp3-del3.6.study_on_id_documents.doc FIDIS D3.6 Future of Identity in the Information Society (No. 507512) Members of the FIDIS consortium 1. Goethe University Frankfurt Germany 2. Joint Research Centre (JRC) Spain 3. Vrije Universiteit Brussel Belgium 4. Unabhängiges Landeszentrum für Datenschutz Germany 5. Institut Europeen D’Administration Des Affaires (INSEAD) France 6. University of Reading United Kingdom 7. Katholieke Universiteit Leuven Belgium 8. Tilburg University Netherlands 9. Karlstads University Sweden 10. Technische Universität Berlin Germany 11. Technische Universität Dresden Germany 12. Albert-Ludwig-University Freiburg Germany 13. Masarykova universita v Brne Czech Republic 14. VaF Bratislava Slovakia 15. London School of Economics and Political Science United Kingdom 16. Budapest University of Technology and Economics (ISTRI) Hungary 17. IBM Research GmbH Switzerland 18. Institut de recherche criminelle de la Gendarmerie Nationale France 19. Netherlands Forensic Institute Netherlands 20. Virtual Identity and Privacy Research Center Switzerland 21. Europäisches Microsoft Innovations Center GmbH Germany 22. Institute of Communication and Computer Systems (ICCS) Greece 23. AXSionics AG Switzerland 24. SIRRIX AG Security Technologies Germany [Final], Version: 1.10 Page 3 File: fidis-wp3-del3.6.study_on_id_documents.doc FIDIS D3.6 Future of Identity in the Information Society (No. 507512) Versions Version Date Description (Editor) 0.1 20.09.05 • Initial structure of the draft, draft version of chapter 2 (Martin Meints, ICPP) 0.2 12.01.06 • Structure revised, abstracts and first contributions (chapters 3.1, 3.3, 3.4, 3.5, 3.6, 5.1, 5.7, 6.2 and 6.3) included (Martin Meints, ICPP) 0.3 27.02.06 • Contributions with three exceptions integrated, chapter introductions and conclusions added, integrative editing (executive summary and general conclusions still missing) (Martin Meints, ICPP) 0.4 06.03.06 • Additional input for the chapters 2.1, 3.3, 3.7, 3.8, 5.3, 5.5, 5.8.2, 6.2 and 6.4, integrated. Summaries and conclusions written, glossary integrated. (Marit Hansen, Martin Meints, ICPP) 0.5 13.03.06 • Additional input for chapter 3.2, 3.7, 3.8, 4.1, 5.8 and 7 integrated, summaries adjusted, references integrated (Martin Meints, ICPP) 0.6 17.03.06 • Chapter 4.1 integrated, summary finished, executive summary added (Martin Meints, ICPP) 1.0 30.03.06 • Remarks of the internal reviewer and replies of the corresponding authors integrated (Marit Hansen, Martin Meints, ICPP) 1.1 18.12.06 • Editorial changes throughout the document (Marit Hansen, Martin Meints, ICPP) • Recent and additional information on security of MRTDs integrated and analysed (chapters 1, 3.3, 5.3, 6.3, 6.7 and 8) (Martin Meints, ICPP) [Final], Version: 1.10 Page 4 File: fidis-wp3-del3.6.study_on_id_documents.doc FIDIS D3.6 Future of Identity in the Information Society (No. 507512) Foreword FIDIS partners from various disciplines have contributed as authors to this document. The following list names the main contributors for the chapters of this document: Chapter Contributor(s) 1 (Executive Martin Meints (ICPP), all Summary) 2 (Introduction) Stephan Alexander Freh (chapter 2.1, LSE), Martin Meints (chapter 2.2 and 2.3, ICPP) 3 (Basic Technologies Marcel Jacomet (chapter 3.2, AXSionics), Mark Gasson (chapter for ID Documents) 3.3, Reading University), Günter Karjoth (chapter 3.3, IBM ZRL), Stephan Alexander Freh (chapter 3.7, LSE), Martin Meints (chapter 3.1, 3.4, 3.5, 3.6 and 3.8 ICPP) 4 (Legal Grounds for Paul De Hert, Wim Schreurs (chapter 4.1.1 to 4.1.5, VUB) Eleni ID Documents in Kosta (chapter 4.1.6, KU Leuven), Xavier Huysmans (chapter 4.2, Europe) KU Leuven) 5 (Leading Concepts, Claudia Diaz (chapter 5.2, KU Leuven), Marit Hansen (chapter 5.2 Prototypes and and 5.8, ICPP), Danny De Cock, Christopher Wolf and Bart Preneel Implementations) (chapter 5.6, KU Leuven), Eleni Kosta (chapter 5.5, KU Leuven), Reshma Thomas (chapter 5.4 KU Leuven), Martin Meints (chapters 5.1, 5.2, 5.3, 5.5, 5.7, 5.8 and 5.9, ICPP) 6 (Security and Els Kindt (chapter 6.3.1, KU Leuven), Andreas Pfitzmann, Sandra Privacy Aspects) Steinbrecher (chapter 6.3.2, TU Dresden), Eleni Kosta (chapter 6.4.1, KU Leuven), Günter Karjoth (chapter 6.4.2, IBM ZRL) Marcel Jacomet (chapter 6.5.1, AXSionics), Marit Hansen (chapter 6.5.2, ICPP), Reshma Thomas (chapter 6.6, KU Leuven), Martin Meints (chapter 6.1, 6.2 and 6.7, ICPP) 7 (Economic Aspects) Ian O. Angell, Dionysios S. Demetis (LSE) 8 (Summary, Martin Meints (ICPP), all Conclusion and Outlook) [Final], Version: 1.10 Page 5 File: fidis-wp3-del3.6.study_on_id_documents.doc FIDIS D3.6 Future of Identity in the Information Society (No. 507512) Table of Contents 1 Executive Summary ......................................................................................................... 8 2 Introduction ....................................................................................................................12 2.1 Identity, Identity Management, and eID .................................................................. 12 2.2 Scope and Structure of the Document...................................................................... 12 2.3 Categorisation of ID Documents.............................................................................. 14 3 Basic Technologies for ID Documents.......................................................................... 15 3.1 Introduction .............................................................................................................. 15 3.2 Chip Card Technologies (Smart Cards) ................................................................... 15 3.2.1 History.............................................................................................................. 15 3.2.2 Smart Card Technology................................................................................... 16 3.2.3 International Standards..................................................................................... 17 3.3 RFID for Machine Readable Travel Documents...................................................... 18 3.3.1 Contactless Automatic Identification............................................................... 19 3.3.2 Use of Contactless Technology in MRTDs...................................................... 20 3.3.3 MRTD Data...................................................................................................... 21 3.4 Electronic Signatures................................................................................................ 22 3.5 Biometrics ................................................................................................................ 23 3.6 Back-Office Systems................................................................................................ 25 3.6.1 PKI ................................................................................................................... 25 3.6.2 Databases for Biometric Reference Data ......................................................... 27 3.6.3 Other Back-Office Systems.............................................................................. 28 3.7 Interoperability Aspects..........................................................................................