© Keesing Reference Systems B.V. Innovation Cloud-based passport issuance system Innovative cloud-based passport issuance system A cost-effective, secure approach for small and developing states by Shelley Bryen and Steven Grant In May of 2015, the very first cloud-based, Software-as-a-Service (SaaS) passport issuance system was deployed to six British Overseas Territories in the Caribbean. Will this be a one-off orphan system, or is it the first of many in a growing trend? In this article, Shelley Bryen and Steven Grant will examine the characteristics and components of a passport issuance system and their suitability Shelley Bryen has been for cloud/SaaS deployments as a way to make state-of-the-art technologies accessible for small the Marketing Director at and developing states. WorldReach Software in Ottawa, Canada since Scattered around the Caribbean Sea and the North Major components of a passport 2009. Having worked in Atlantic Ocean are a group of six British Overseas issuance system the technology industry Territories: Anguilla, Bermuda, Cayman Islands, A passport system or any secure identification for more than 20 years, Montserrat, Turks and Caicos Islands and the British document issuance system contains the following Shelley has broad Virgin Islands (see Figure 1). These self-governing key functional components: experience in marketing Territories are under the jurisdiction and sovereignty • enrolment or data entry system communications, of the British Crown. The Governor, usually a British • entitlement or adjudication system strategic alliances, product management, Foreign Office Diplomat, exercises minimal power over • printers and print management marketing research and local affairs and is more concerned with foreign affairs, • database strategic marketing in defence and trade. The territories issue their own • server infrastructure embedded technology, variant of the British Passport to British Overseas consular systems and Territories Citizens. Enrolment or data entry system travel documents. An enrolment or data entry system can take many forms. Until very recently, these six British Overseas Territories It could be as simple as a data entry clerk or passport issued their own, British Overseas Territories Citizen officer greeting a passport applicant and then manually (BOTC), machine readable passports from local passport typing their personal details into a data entry screen. offices in each territory. Following consultations with Facial images could be live captured or scanned from the United Kingdom’s Her Majesty’s Passport Office a photo, and then checked for acceptable quality. (HMPO), it was decided that the Territories would Documentary evidence of identity, such as an expired introduce their own BOTC electronic passports in full passport, a birth certificate or proof of naturalisation, is compliance with the standards laid down in Document examined and sometimes scanned for retention. Many 9303 of the International Civil Aviation Organization countries require an interview for first-time applicants, (ICAO).[1] In the new process, the Territories continue suggesting additional data input screens are required Steven Grant, P.Eng. is to receive and process the passport applications and to capture responses to questions. Increasingly, some the Business Develop­ complete the entitlement and authorisation processes. or all of the passport application processes can be ment Director at World­ However, in a significant change from past practices, completed online. This is especially true for renewals Reach Software where the e-Passports are now being personalised by HMPO of recently expired or about-to-expire passports. he is responsible for global sales of consular in the United Kingdom for both security and cost- management software effectiveness benefits. The personalised passports are Entitlement or adjudication system and passport and visa then returned to the local passport office for delivery This describes a decision support system where issuance systems. He to the applicant. various databases might be examined for impediments has more than 15 years to issuing a passport (for example, is the applicant of experience in travel This article will look at some of the technical details of involved in a court case?) or for identity confirmation documents, biometrics the system deployed to these six Territories, and also (for example, does the applicant information match and border security, and consider if this type of solution could be deployed to the civil registry?). The adjudicator may also review the is a member of the ICAO other countries facing similar challenges, such as applicant’s passport history (for example, are there TRIP Implementation smaller volumes while wanting to issue e-Passports. multiple lost passports?) before taking a decision to and Capacity Building Working Group. issue. Many of these steps are automated, however it Keesing Journal of Documents & Identity June 2016 15 REGISTER BY 15 JULY TO SAVE ON DELEGATE RATES Building trust in biometrics DELEGATE AND VISITOR REGISTRATION NOW OPEN 3-day Conference More than 60 expert speakers will include: Plus representatives from: • Gillian Tully, UK Forensic Science Regulator • CIFAS • Richard Vorder Bruegge, Federal Bureau • Dutch Ministry of the Interior & Kingdom Relations of Investigation • Grupo Santander • Linda Champion, International Operations, • Interpol Australian Federal Police • Mastercard • Krum Garkov, Executive Director, eu-LISA • National Institute of Standards and Technology • David Ferbrache, Technical Director of Cybersecurity, KPMG • United Nations Development Programme • Pam Dixon, Executive Director, • US Department of Homeland Security World Privacy Forum • International research and innovation centres Identity Secure Biometrics and Border Liveness Research and management, transactions forensics management and detection and innovation trust, privacy and and consumer law enforcement vulnerability data protection biometrics assessments FREE EXHIBITION – 19-20 OCTOBER 2016 – FREE VISITOR REGISTRATION NOW OPEN Organised by: In partnership with: #biometrics2016 www.biometricsandidentity.com “Professionally very relevant and topical; really good speakers who know their subject” Previous delegate © Keesing Reference Systems B.V. Innovation Cloud-based passport issuance system n Maritime boundaries l Coral reef locations Figure 1: is quite common that a person is making the final Biometrics subsystem The six British Overseas decision to issue a passport. As a fraud prevention tool, many governments have Territories.[2] incorporated one-to-many facial and/or fingerprint Printers and print management matching systems into the passport issuance workflow. The personalisation and quality control of passports re- By applying deduplication techniques, it is possible to quires specialised equipment which is carefully selected determine if any person has applied for or attempted for compatibility with the passport booklet. Depending to obtain more than one passport using different on geography and passport issuance volumes, the identities. For passport renewals, the technology can print solution may be centralised in one location, or be used to determine if the applicant is in fact the same dis tributed. Many countries issue full validity and/or person to whom the previous passport was issued. emergency passports from consulates and embassies. Document signing system Database More than half of the ICAO member states are now This corporate repository retains details of all passport issuing e-Passports containing an integrated circuit applications (issued, refused, expired, cancelled, lost, chip. For those countries a Public Key Infrastructure stolen, etc.). It also contains the administrative details (PKI) with document signing capability is required in of the operation of the passport issuance system. order to make full use of the digital security features available with e-Passports. Server infrastructure The various servers and networking equipment will Overseas Territories issuance system need to be sized appropriately for the organisation and The new passport issuance system is deployed by in accordance with any business continuity guidelines WorldReach Software to the British Overseas of the government. This may entail separate application Territories.[3] It is a hybrid system, which means that it and database servers, spare equipment, and a data is a combination of different cloud models (for example management plan with off-site backup for redundancy. between public, private and community clouds). This approach was chosen to take advantage of the cost- Optional system components effectiveness of supporting the common issuance There are also two optional system components for a components between all Overseas Territories, while secure identification document issuance system: benefiting from the security of a UK-based cloud • biometrics subsystem (delivered by Skyscape Cloud Services, a specialist • document signing system provider dedicated to the provision of assured cloud Keesing Journal of Documents & Identity June 2016 17 © Keesing Reference Systems B.V. services to the UK public sector). All of the system effectiveness.[4] Public agencies do not have to spend components described above are included, with the their limited budget setting up their own cloud or IT exception of the biometrics subsystem. One unique infrastructure. In addition, costs can be saved due to characteristic of the system is that the passports