Contactless technology has become indispensable in a wide range of applications and technology; one major driver is the implementation of electronic passports. The widespread implementation and global nature of this high-security application has heightened the need for standardization and interoperability. But despite the fact that these products are based on ISO standards and are in widespread use globally, each has its own "flavor", which results in ongoing challenges for compatibility and integration. This will be an ongoing process, as technologies and programs will evolve and grow, resulting in a new set of interoperability challenges that must be addressed.
By Dr. Manfred Muller
In the last few years, contactless interface has become the technology of choice for data capture and access control. It has become indispensable in a wide range of security-sensitive applications from logical and physical access to ticketing, time-recording, e-Payments, e-Health, national ID cards and electronic passports. At the same time, many risks and challenges must be overcome to make contactless technology secure enough for widespread deployment.
According to estimates from the European Smart Card Industry Association, almost three billion smart cards were sold worldwide in 2006. That means a growth rate of about 20 percent compared to 2005 -- with highest growth rates in the government and healthcare sectors, in corporate security, and in transport. As the use of smart card credentials continues to grow, so will the market for specialized smart card readers that can manage emerging technologies, protect personal privacy and keep down program costs. One of the challenges for card and reader manufacturers alike is developing solutions that can help bridge the transition from contact to contactless technology.
Contactless technology is fast becoming the interface of choice for new programs led by credit card companies and various countries’ governments, among others. Unlike traditional smart cards, contactless cards do not require physical connectivity to a card reader -- the user simply presents a smart card close to the reader, and information is exchanged via a form of Radio Frequency (RF) technology. The cards are based on ISO 14443 and ISO 15693 standards and are intelligent read/write devices that allow storage of different kinds of data and have the ability to operate at varying ranges. One of the major proponents of contactless technology is the U.S. government, which is currently implementing a government worker ID program that will result in the issuance of up to 12 million new contactless smart cards to government employees and contractors.
A major driver of contactless technology is the need for convenience and speed, coupled with improved security and identification methods for a wide range of security and authentication applications such as electronic passports. E-Passports are designed to enhance border security by utilizing contactless smart card chips and biometrics which make the documents more difficult to forge. About 40 nations are working on e-Passports to meet two deadlines. The first, in August of 2006, was to comply with a European Union mandate that its member states adopt the new travel document. The second, in October of 2006, was for the 27 nations that wished to remain in the U.S. Visa Waiver Program that exempts their citizens from having to get a visa to enter the United States. The chip contains a digital photo in addition to the data on the data page, and can be verified electronically to ensure the travel document has not been tampered with.
The plan for global implementation of these electronic passports has heightened the need for standardization and interoperability, and accelerated the demand that specifications be agreed upon. Leading experts from industry and governments from around the world are therefore working together to define and develop interoperability standards for e-Passports and corresponding readers. But even with this broad involvement, and despite the fact that these contactless applications are based on ISO standards, there is still much work to do to ensure interoperability for all currently planned e-Passports and readers. Each country’s e-Passport has its own ‘flavor’ which results in ongoing challenges for compatibility and integration.
With all these points in mind, it is quite impressive how quickly the first universally valid specifications have become available to make the development of electronic passports possible. Already, 10 countries are providing e-Passports to their citizens and about 30 nations are projected to issue the electronic documents by the end of 2006.
In recent years, a series of interoperability tests -- organized and supported by the International Civil Aviation Organization (ICAO) -- have taken place to help ensure that cards and readers will operate effectively in a rapidly changing landscape. The trials serve as a venue for smart cards and reader manufacturers as well as governments from around the world to come together and perform ‘many to many’ cross testing of their passport and reader designs. During the tests, the participants experience first-hand any issues of compatibility or interoperability and have the opportunity to collaborate with colleagues to improve their products.
The first interoperability tests took place in 2004 in the United States and Australia. However, it was the interoperability test in Tsukuba, Japan in early 2005 where a significant breakthrough was achieved. The next test, held in November 2005 in Singapore, focused on speed of performance and size of data being used by different governments. Again, huge improvements could be seen -- especially in the performance of e-Passports and readers overall. Significantly more passport samples and readers met current standards than in previous trials. Likewise, the speed of secured reading (Basic Access Control) improved to two to four seconds, depending on data size, which was significantly better than in past sessions. The latest trial took place in June 2006 in Berlin, Germany. The focus was the testing of electronic passport samples for interoperability against readers and reading devices from multiple manufacturers. The number of participating organizations has increased with each interoperability trial. With more than 450 participants from 38 nations, representing both industry and government, the June 2006 event had the largest participation in any trial to date. Clearly, there is growing worldwide recognition of contactless technology for e-Passports and other important new smart card-based security applications. And in less than a year, interoperability between contactless e-Passports and readers has improved tremendously. This encouraging view is backed up by the results from the Berlin session that reveal real and measurable progress.
Contactless readers from SCM Microsystems were among the top performers in the Berlin trial. The SCM’s e-Passport reader read all electronic documents and smart cards. Furthermore, among the ten most successful manufacturers of e-Passport scanners at the test were also several whose readers incorporated SCM’s contactless reader technology. Both SCM readers as well as the readers from the company’s OEM customers were able to read electronic documents quickly and reliably, while complying with the strictest data security requirements. With these results, the company was one of the top reader vendors at the event.
Comparing all the results from the several tests, it is obvious that interoperability between contactless e-Passports and corresponding readers has improved tremendously. Clearly, work still needs to be done; however, the progress being made in the industry is exciting and encouraging for the future.
CURRENT STATE OF DEPLOYMENT
The rolls-out plans of electronic passports vary from nation to nation. Several countries, including Belgium, France, Germany, Thailand and the U.K., have been issuing e-Passports to their citizens for some months. As airports and borders has already required electronic passport readers to read the information on e-Passports, the deployment of reader devices is already in full swing in some countries. Other nations are just gearing up to begin the deployment of e-Passports and corresponding readers. The smart card industry and governments worldwide are committed to using contactless smart cards for global authentication programs such as e-Passports, health cards and e-Payment applications. Following the latest ICAO e-Passport trials, the industry is on track to reach its goal of putting the necessary standards in place to pave the way for widespread implementation of e-Passports. Significant progress is clearly being made to address the challenges of making many diverse and complex technologies work together. After all, this is what is required for worldwide security programs affecting dozens of countries and millions of people. And it is the card vendors, reader manufacturers, software suppliers and other organizations that are aiming to leverage the convenience and security of this technology to change the way we travel, do business and live in the twenty-first century -- by working together, learning from each other and driving improvements on a continuous basis.
Dr. Manfred Muller is Vice President Sales of SCM Microsystems (www.scmmicro.com).
For more information, please send your e-mails to firstname.lastname@example.org.
ⓒ2007 www.SecurityWorldMag.com. All rights reserved.