IDEMIA Travel Public Documents Security & Identity Solutions 2 IDEMIA TRAVEL DOCUMENTS SOLUTIONS

IDEMIA’s vision IDEMIA for new generation ePassports 21st century governments worldwide must meet the challenges of border security. They must guarantee high security whilst smoothing traveler flow and reducing queues. In recent ePassport years, ePassports have become increasingly popular with 138 governments adopting this innovative ID technology. In 2018, 85% of all passports issued were electronic. Solution This is a problem for the infrastructure needed to process ePassport holders securely and smoothly. Automated document inspection is the key to this but reader capacity and speed cause bottlenecks. Universally machine-readable travel documents are needed on a large scale and these need to provide the security and privacy demanded by ICAO specifications and primarily by citizens. A solution is needed now.

The answer to the Border Control Challenges

IDEMIA ePassport Solution is an The result is that 3 vital questions will be technology approach to automated electronic document that offers answered in that time: document verification and answers unique features. Incorporating data ›› Is the document authentic? to many of the challenges facing busy storage for a fully ICAO compliant travel ›› Has the document been altered? border crossings. IDEMIA ePassport document, it is the ultimate medium ›› Is the person presenting the Solution provides state-of-the-art for a truly secure, contactless, biometric document its authorized holder? electronic security documents with ePassport. ICAO PACE mechanism. IDEMIA’s ePassport Solution can be IDEMIA ePassport Solution enables verified rapidly, securely and without electronic document readers to perform compromising any personal privacy verification in less than 3 seconds. issues. It provides a modern, high

ICAO IDEMIA participates in the ICAO committee The development of IDEMIA ePassport and therefore plays a significant role in Solution has benefited greatly from this ePassport emerging standards. In short, IDEMIA experience with ICAO. The result is an security has a complete understanding of ICAO electronic document that’s ideally suited standards and is providing governments to ePassports and that adheres 100% to with the expertise to reach ICAO the internationally agreed specifications, requirements. summarized here:

BAC, PA, AA EAC specification SAC specification

Basic (BAC) Supplemental Access ›› Access control to generic data, to prevent Control (SAC) unauthorized access & eavesdropping ›› Proposes PACE as Extended Access Control Passive Authentication (PA) alternative to BAC (EAC) ›› Issuer Authentication & Data integrity ›› Chip and terminal Enhanced cryptography based on digital signature of passport data authentication ›› AA with Elliptic Curves Active Authentication (AA) ›› EAC: support of ›› Chip authentication to prevent cloning AES session keys (RSA) generation

2005 2008 2015 1st generation ePassport 2nd generation ePassport 3rd generation ePassport IDEMIA TRAVEL DOCUMENTS SOLUTIONS 3

IDEMIA’s vision Embedded for new generation ePassports OS features

Some major advances are incorporated:

Interoperability & Speed Freedom of travel demands that passports can be recognized by all states. The passport must also be compliant with the latest standards and compatible with existing infrastructure. IDEMIA ePassport Solution achieves this. It has successfully passed all the ICAO and EU interoperability tests conducted between 2005 and June 2014. Independent laboratories have tested IDEMIA ePassport Solution and published reports that give governments confidence in product efficiency and compliance. IDEMIA’s own laboratories have verified compatibility with most of the document readers on the market. This makes it possible to store mandatory personal data (biographic and portrait) as well as optional data or Optimal (, iris etc.). Reading Time The contactless reading of the document works at up Enhanced to 848 Kbits per second. This and the highly efficient Security operating system enable IDEMIA ePassport Solution to An electronic passport is usually valid from 5 to 10 years and read a typical EAC profile within 3 seconds. This industry- must be long term resistant to data hacking. The state has leading performance will be a major contribution to to guarantee that personal data and biometrics are secure smoother, faster border crossings. when stored in an ePassport. Standards IDEMIA ePassport Solution has earned the highest level of & Data Management security from independent standards laboratories and has received the Common Criteria security certificate for: New threats to our security appear all too frequently. IDEMIA ›› BAC at EAL 4+ level (PP 055), plays a very active role in this by helping set the standards. ›› EACv2 with PACE at EAL5+ level (PP 056v2). With its ePassport Solution, IDEMIA assures compliance with: IDEMIA ePassport Solution supports the largest ›› Data interoperable organization: LDS V1.7 and V1.8, cryptographic algorithm key length: ›› Secure communication: Supplemental Acces control ›› AES up to 256 bits, with comprehensive cryptography, including Integrated ›› Elliptic curve up to 521bits. Mapping and AES encryption, ›› Reinforced authentication: Biometric data access is protected by EAC (Extended Access Control). IDEMIA ePassport Solution offers storage capacities from 80KB to 180KB for personal data.

S ince January 2015, The adoption of PACE concerns security by using 3DES and AES secure communications with the encryption with longer keys. This is all EU member states have to issue eMRTD. Encryption relies on keys an excellent example of IDEMIA’s electronic machine-readable travel derived from: contribution to ICAO standards. The documents (eMRTDs) with the new ›› Document number; company’s cryptographic experts ‘SAC’ feature. SAC defines two ways of ›› Date of Birth; designed ‘Integrated Mapping’ for establishing secure communication ›› Date of Expiry. achieving quicker and more secure with eMRTDs: Both BAC and PACE use keys derived protocol which is fully adopted by ICAO. ›› BAC (Basic Access Control) from these sources but BAC has The earlier method, for backward a weakness. The PACE protocol is compatibility with early equipment more robust and further strengthens ›› The new PACE method. 4 IDEMIA TRAVEL DOCUMENTS SOLUTIONS Physical Features

A passport reflects a country’s identity. It also gives its citizens a feeling of pride and of belonging. Physical and visual appeal is important and IDEMIA’s designers are acknowledged for the excellence of their design. These tailor-made works of art combine stunning visual effects with state-of-the-art security. The result is a travel document to be proud of. It is also an that strongly resists counterfeiting and data manipulation. IDEMIA ePassport Solution is a major step towards smoother border crossing with cross-checking physical and electronic attributes that reduce processing time and increase security. IDEMIA ePassports are designed to last for 10 years, a claim that is supported by an independent durability report.

SLI® portrait cannot reproduce the 3D effect and tactile characteristics of the SLI® lenticular structure of this image. In addition to first-line security features, second and third-line features will also be applied.

IDEMIA security Binding IDEMIA’s high security binding is highly IN-HOUSE SECURITY durable and prevents substitution of PRINTING the polycarbonate data page. It is based on a flexible polymer hinge material that is locked inextricably Physical security features with the data page itself and with a for passports with polycarbonate strip. polycarbonate DataPage A passport requires strong security features that can be easily checked with the naked eye. These are known as first- line security features. Photo substitution is the main threat in counterfeiting a passport and to counter this IDEMIA has developed optical security features PATENTED BINDING such as LASINK™, Multi OVI (Optically Variable Ink), Stereo Laser Image (SLI®), Clear window, ImagePerf/TLI®, Tactile relief and 3D Photo ID™. LASINK™ technology SLI® is a security feature designed to IDEMIA’s LASINK™ technology check the authenticity of the primary leverages unique personalization photo. It does this by adding a techniques to protect a photo against small three-dimensional portrait, SECURE COLOR tampering and allows fast and PICTURES clearly visible to the naked eye. reliable verification of the authenticity It is possible to make a direct of an identity document. Citizens of comparison between the primary the principality of Andorra benefit photo and the SLI®. Any attempt from this new generation of color to change the primary picture will pictures on their passports. It is easily result in a clear mismatch with the 3D identifiable and strongly protects picture. Any attempt to change the their identity from alteration. IDEMIA TRAVEL DOCUMENTS SOLUTIONS 5

Polycarbonate data page

The IDEMIA data page is a in the selection of security features. homogeneous polycarbonate ID-3 card. Fraudulent combinations of chips with It incorporates a contactless chip with manipulated or forged data pages are antenna for storage of the document virtually impossible. holder’s information and the required If the eCover solution is preferred, data protection mechanisms (ICAO IDEMIA can offer a thin polycarbonate compliant). data page. This combination provides By embedding the chip in the data the same level of security with page an unbreakable and tamper proof an exclusive binding technology. link is created between personalized Half of the deployed polycarbonate graphical and digital information. passport programs worldwide have This also provides a greater choice chosen IDEMIA as their sole supplier.

Customer choice: a “modular” approach

IDEMIA offers great flexibility in its without full personalization. It is the houses with IDEMIA expertise and products and services. Our goal is to customer’s choice. With IDEMIA, the technology. The printing houses can provide the very best answer to the customer is free to mix and match the choose IDEMIA ePassport Solution most demanding customer needs. most appropriate and cost-effective components such as inlays, eCover or products, options and services. the binding, including the possibility for A customer might need a turnkey a technology transfer. passport solution with a Polycarbonate We also offer cooperative ventures or eCover passport, but with or where we support national printing

FORM FACTORS CHIP IDEMIA ›› Data Page/eCover Passport booklet ›› 80 KB – 180 KB ePASSPORT and resident cards or the subset ›› Double source (inlay, module) available SOLUTION DURABILITY & INTEROPERABILITY PERFORMANCE PRODUCT ICAO Technical Report: ›› Electronic data FEATURES ›› RF Protocol & Application test reading standard for ePassport - Part 3, in 3 seconds ›› Physical test methods for passport books (durability).

SECURITY CRYPTOGRAPHY ›› BAC EAL 4+ (PP 055) ›› 3DES ›› EACv2 with PACE at EAL5+ level ›› AES up to 256 bits (PP 056v2) ›› RSA up to 3072 bits (4096 bits in ›› Generic and Integrated option) Mapping ›› Elliptic curve up to 521bits

COMPLIANCE TO STANDARD ADDITIONAL COMPLIANCE ›› ICAO 9303 7th Edition ›› EU 383/12 European driving licenses ›› TR Supplemental Access Control with microchip ›› LDS v1.7 and 1.8 ›› ISO/IEC 18013 – 2 ISO Compliance ›› EAC v2.20 (TR 03110 v2.20 part 1&3) Driver’s License Machine readable ›› ISO/IEC 14443 & ISO/IEC 10373 part 6 technologies ›› ISO/IEC 18745 part 1 and part 2 ›› ISO/IEC 18013 - 3 ISO Compliant Driver’s License – Access Control, authentication and integrity validation 6 IDEMIA TRAVEL DOCUMENTS SOLUTIONS

A turnkey solution for your travel documents

From registration to usage IDEMIA is a preferred partner for IDEMIA is the only company with all government agencies, institutions, national the necessary technologies in house to printing houses and other public entities provide the required smart documents, at every stage of the work they do to: multi-biometric systems, terminals ›› Issue trusted identities and integration services so as to meet ›› Embed and integrate identities into its customers’ identity challenges. secure documents and systems Our end-to-end solutions are secure, ›› Enable use of their secure ID easy to deploy and based on global documents best practices.

REGISTRATION BACKGROUND CHECKS PERSONALIZATION OFFICE DOCUMENT USAGE

eVISA

Citizens can apply online to an eVisa using their passports. The embedded biometrics in the IDEMIA ePassport Solution is yet another example of passport enables the applicant’s identity to be IDEMIA’s commitment to smooth, safe travel. State-of-the- authenticated from home or from the office, art digital and physical features and advanced biometric using a suitable device. technology make it the market reference for ePassports. This is a major convenience, saving the applicant It is ideally suited to eVisa and border crossing applications the time and expense of visiting the embassy. (whether fully automated or with direct human verification). Biometrics makes online operations secure IDEMIA ePassport Solution complies with the most enough to allow governments to offer these advanced standards making it usable in all conditions, for critical services on-line. Via the appropriate web border crossings anywhere in the world. It is compatible portal, the applicant can use a smartphone or a with all authentication equipment on the market and with tablet for these transactions. all automated and semi-automated border control solutions. The passport holder only needs to read the In fact, IDEMIA offers a complete range of automated passport’s MRZ and/or chip to enable automated and semi-automated border control solutions, as well as face or fingerprint authentication. The entire eVisa document authentication terminals. process can be powered by IDEMIA products. IDEMIA TRAVEL DOCUMENTS SOLUTIONS 7

Tailor made financial BUILD TRANSFER models The public authority specifies its At the end of the contractual period, IDEMIA offer governments tailor expectations in terms of outputs: service IDEMIA transfers ownership to the made project financing options, level and results. A contract is signed public authority. The transfer includes including: contract supply, turn- to lay down the specifications and the property (buildings and systems) but key, lease, concessions and private framework in which outputs are to be also knowledge (system operations, ownership of assets. delivered by the contractor. IDEMIA administration and maintenance). Our worldwide customer base gives handles the design, development and The BOOT business model can be us the experience needed to create implementation of the infrastructure applied on the end-to-end identity attractive business and pricing necessary to run the operations. management framework or parts of it. models for various needs, cultures and budgets. OWN & OPERATE During the contractual period, the built IDEMIA’s BOOT BOOT Funding infrastructure is completely or partially Business Model IDEMIA frequently recommends owned by IDEMIA, depending on how much funding is desired. IDEMIA is IDEMIA invests, manages the BOOT financing model. This is a and operates the system three-step program consisting of: responsible for fully or partially operating and maintaining the infrastructure, ›› Customer and/or BUILD, the citizen pays by as well as keeping the system up document issued OWN & OPERATE, and running throughout the overall ›› IDEMIA hands back TRANSFER. contractual term. the system to the customer at the end of the contract period

Albania Chile

From the beginning of this partnership The Chilean government wished to in 2008, IDEMIA has proven its ability to reinforce the security of their existing deploy rapidly a large scale identity project identity management system and travel by providing an end-to-end solution. documents.

In five months, IDEMIA achieved In 2011, the concession was In 2012 IDEMIA was chosen During the set-up of this a lot: awarded ISO 27001 certification. as sole supplier under a 10 program IDEMIA was able to ›› Created Aleat, the This proved our ability to year build & operate project to meet different challenges in a Albanian joint venture; maintain the highest security provide latest-generation ID short period of time: ›› Hired and trained 800 standards in identity management management for the national ›› Create local subsidiary; people; business processes and citizens’ ID card and for e-Passport ›› Recruit staff locally; data handling. In 2013, the issuance. IDEMIA provides Chile ›› Created the document ›› Build local project concession was extended for with secure multi-biometric design; infrastructure; an additional period of 10 years, citizen enrollment and secure ›› Prepared the ›› Set-up registration offices including new features and ID document production and personalization center; throughout Chile (650 services. personalization. Estimated output ›› Set up over 400 offices deployed to date). during the contract is 25 Million registration offices identity cards and 4 Million throughout Albania. passports.

IDEMIA’s ePassport for Visa waiver programs their ePassport, Chilean citizens benefit from the US Government Visa Waiver program. Chile is the first country in South America to be a part of it. For Albanian ›› IDEMIA’s knowledge and experience in managing citizens, their electronic passport allows them to travel identity programs, combined with cutting edge under the Schengen Visa Waiver program. technology, have helped Chile and Albania to benefit from Visa Waiver programs. When travelling with We stand for Augmented Identity

IDEMIA 2, place Samuel de Champlain 92400 Courbevoie, France Email : [email protected] © Copyright 2019. All rights reserved. IDEMIA - 03/19 | EN | Photo: Fotolia, iStock, Adrien Deneu, Changi Airport Group, Jeremy CHMIELA, Eric Verzanobres, Sanogo Issoufou, IDEMIA

All rights reserved. Specifications and information subject to change without notice. The products described in this document are subject to continuous development and improvement. All trademarks and service marks referred to herein, whether registered or not in specific coun- tries, are the property of their respective owners.