Delivering secure government ID credentials is a complex endeavour, subject to the integration of many processes and interdependencies. The personalisation and issuance of ID documents takes place within an increasingly elaborate and extensive ecosystem covering everything from the capture and verification of data to placing the ID document in the hand of the appropriate user. The evolution from single-application to multifunctional credentials has created even more interdependencies within the ID ecosystem. In response, the smart card industry is introducing innovations in the design, technology, integration and overall implementation of secure ID programmes.
Each secure ID programme is custom-built to address very precise customer specifications, driven by factors ranging from security to infrastructure to geography to climate challenges. Key stages of any new programme include: expert programme management, system design and development, integration, installation, secure issuance, training, support, system upgrades and post-issuance credential updates.
Laying the groundwork
Government card-based applications require a higher quality of credential than ever before, and the systems required to support such cards have become far more intricate. Systems integration and reducing the opportunity for fraud at every stage have become the overriding drivers for programme designers. In many cases designers must blend the old with the new. In such complex environments, every element is critical to the success of the whole and every element must remove the opportunity for fraud.
Holistic system design
Staying ahead of counterfeiters requires constant innovation. Cards, software and issuance systems must be designed to both work together and to allow for innovation and incremental improvement. Every programme is unique, requiring the ability to customise features, functions, databases and systems to address specific situations and requirements. There is a tightly interlinked relationship between the credential itself and the system through which it is issued, including card management systems, automated face and fingerprint identification systems, public key infrastructures (PKI), e-ID certificate authority and personalisation, and enrolment and issuance (see figure 1). Although it is tempting to save time and money by repurposing existing IT systems, it is vital to ensure they are suitable for their new purpose. Inadequate IT architecture will become a point of failure at any stage.
New ways are now being uncovered to address the evolving needs of secure personalisation as more and more governments transition their national ID programmes from traditional to e-IDs. Achieving tamper-proof issuance for this new breed of credentials requires implementing secure, integrated enrolment processes to produce the end result.
Systems integration: the Costa Rica experience
When the government of Costa Rica replaced its foreign resident card, it needed to address a situation where easily-counterfeited, paper-based foreign resident credentials had created social, economic and security problems including hundreds of thousands of illegal workers placing heavy demands on the nation’s social welfare system. The new credentials incorporated multiple counterfeit-resistant features, machine readable biometrics and secure data storage to prevent fraudulent alteration and withstand multiple years of use. An integrated, modular issuance management solution was introduced, with biometric-based checks at every stage of data capture, enrolment and issuance to prevent tampering, duplication and interference.
Applicant data for enrolment or renewal is captured at multiple local or remote locations where the process of document authentication, adjudication and vetting is undertaken. Data is then sent to a main system server database, where separate unique applicant check systems verify the authenticity of the information. The next stages involve a comprehensive card management system that ultimately leads to biometrically-verified card issuance. Each of the following steps is necessary to ensure that enrolment and issuance can be undertaken without exposing the credential to vulnerabilities. Each individual decision point and personalisation stage is activated via operator biometrics, to prevent unauthorised use of the system and to produce a permanent traceable record of operators’ interaction with the system. These steps are:
- Collection and validation of the applicant’s personal data and quality control of biometric images. This step ensures reliable future ID verification.
- Background check on applicant’s biometric information, which ensures that individuals cannot obtain credentials using false identities.
- Secure transfer of data to card personalisation processes, such as printing or lasering and data encoding onto machine readable technologies.
- Automatic linking of cardstock and machine readable technologies via unique serial numbers to the applicant’s database record, which creates an audit trail.
- Full quality assurance inspection. Each machine readable technology – barcode, machine readable text, chip and optical security media – is verified and cross-referenced against the cardholder’s database record, and the card is visually inspected.
- Issuance of the finished card only after a successful one-to-one match of the cardholder’s fingerprint against the template stored on the credential.
- Update of the database.
- The card management system records the process as complete.
Angola: tightly integrated processes
Achieving issuance security is also a matter of implementing secure, integrated enrolment processes. The goal is to reduce the opportunity for fraud at every stage of enrolment and issuance. For the government of Angola this meant designing a fraud-resistant, end-to-end workflow via a modular issuance system. Enrolment is tightly tied to the reliable verification of information and persons connected to each stage of the process. To cover the widely dispersed population, a combination of urban and mobile enrolment and issuance facilities is used. The specialised mobile units are equipped with satellite links to integrate data into the national database, and real-time secure data uploads are undertaken when the mobile units return to the urban data centre. Checks are undertaken at each stage, including:
- Collecting and validating personal data and quality control of biometric images.
- Inspecting, verifying and cross-referencing each machine readable travel document as well as the card itself.
- Linking the travel document via a unique serial number to the database record to create an audit trail.
- Carrying out background checks.
- Securely transferring data to personalisation printing, laser engraving and data encoding onto the optical security media.
- Using operator biometrics at every decision point and personalisation stage to produce a permanent, traceable record of who was responsible for the credential at what point.
- Requiring fingerprints to pick up cards; fingerprints are matched against data on the new credential – this step has already prevented attempts to duplicate enrolments and fraudulently claim final cards.
Multitasking becomes the norm
Programmes are evolving from single application to multifunctional to better contend with increased security concerns, while being more cost-effective and offering improved service delivery to cardholders. As a result, new requirements for combining physical and logical access, as well as sophisticated credentials featuring layers of visual, physical and digital security have emerged.
Central to the development of secure multifunctional programmes is the multitasking ID card, capable of performing many levels and types of authentication via an extremely secure, transactional card-based eco-system. Such cards achieve economies of scale and administrative efficiencies by leveraging common IT infrastructures, databases and data capture capabilities. Increasingly, cards issued solely for ID authentication are being designed to accommodate future functions. For instance, countries such as Italy, Saudi Arabia, Costa Rica and Angola have all built platforms for future multifunctional, e Government solutions directly into ID programmes. Germany has recently deployed one of the most advanced and highly sophisticated contactless smart card programmes, encompassing many unique features and services. By incorporating an appropriate technology or combination of identity technologies onto a single credential, government agencies are able to offer both transactional services and secure identity through physical and logical access.
Card ID evolution
The 1990s saw the evolution of IDs from paper-based documents to credit card-sized credentials that are capable of integrating a number of security features. For secure and durable ID credentials, PETG and polycarbonate (PC) are becoming the most popular materials into which security features can be incorporated. There are a number of security printing features that may be applied to ID cards, such as optically variable inks, UV inks, rainbow, microtext, guilloche and other patterns fading into the background. By the mid-1990s, government projects increasingly called for powerful multipurpose ID credentials that could maintain the highest levels of security while also fulfilling functions such as entry into secure facilities, faster border crossing, driving licence services, vehicle registration, ID for voting privileges, and health care services among others. This resulted in a more widespread use of specialised machine readable technologies. Smart cards have gradually pushed the level of security and functionality to new limits, as exemplified by Germany’s national ID card.
Today there are two principle categories of advanced technology used in secure identity credentials: secure microcontroller IC chips (smart card chips) and optical security media (OSM). While each of these secure ID technologies lends unique capabilities to an ID credential, the increasing demand for multifunctional card programmes cannot always be met by a single technology. A combination of both technologies in a single customised card delivers far greater security and value than any other multipurpose or multicard solution. This combination forms the next generation of secure ID cards (see figure 2).
Advanced ID cards carrying one or more technologies are at the heart of the new ID ecosystem. This complex construction is required to fulfil a number of interdependent objectives:
- To perform multiple levels and types of authentication.
- To leverage an extremely secure transactional framework.
- To integrate with existing IT infrastructures.
- To achieve economies of scale and administrative efficiencies.
- To enable e Government transactional services as well as secure identity through physical and logical access.
- To be future-proof to expand functions at a later stage in the programme.
Examples of multitechnology credentials can be found in major ID programmes, including several Indian state vehicle registration cards which support both ID authentication and records/payment management, and the US Green Card, which offers highly secure ID authentication along with RFID technology to facilitate border crossing. Saudi Arabia’s national ID card programme employs smart card technology and optical security media, and is envisioned as both a citizen national ID card and a token for the streamlined delivery of a variety of government services including e-Banking
Since security is one of the most critical requirements in government ID programmes, it is vital that the document is protected from counterfeiting throughout its entire lifecycle. The most important requirements and characteristics for PC and PETG are the inclusion of overt, covert and forensic characteristics, as well as layered combinations of all three.
Card construction
To ensure the effectiveness of a multipurpose ID credential, card manufacturers must take into account materials science, ISO and other international standards, durability, and a host of technical and structural considerations. A relatively small number of companies possess the requisite level of technology-inclusive expertise in the secure ID credential arena, based on years of innovation and development for agencies that depend on the highest levels of security, quality, durability, and reliability. Expertise in areas such as the lamination of complex card structures and the application of diverse materials is required to protect the structural integrity of the credential, while conforming to international standards.
Modern ID documents are required to stand up to many types of stress, ranging from attempts at physical alteration, to years of inconsiderate handling in a variety of environments and weather conditions. To deliver the most secure, durable and climate-resistant multitechnology cards, the industry is increasingly turning to polycarbonate as the material of choice.
Leaving the counterfeiters behind
Innovation is the lifeblood of the ID industry. Advances in card construction, printing production, and security technology create multiple layers of protection and expand the robustness of ecosystems and programmes. Some key innovations or operational methods increasing security include:
- Advances in the application of microimages and security patterns on ID cards.
- Images that can be resolved at more than double previous level.
- Images etched onto optical security media that far exceed the resolution available via any other copying, printing or scanning device and that cannot be replicated by forgers.
- The ability to add watermarks, ghost images, continuously variable text and background patterns.
- Watermarks that appear behind other elements in optically variable devices.
- A new breed of heavy-duty retransfer printers incorporating a greater range of security features.
- Biometrically enabled processes protecting the integrity of the card at every stage of issuance.
- High-definition printers, reverse transfer printers and holographic film.
- Cards designed specifically for maximum security programmes.
- Crack prevention technologies to extend the longevity of polycarbonate cards.
- Creating wide variations in card materials.
Beyond centralised printing
The physical creation of today’s advanced credentials requires specialised printers integrated with personalisation and systems for secure card issuance. In addition, they must be designed to accommodate specialised technologies such as holographic film and security inks, new materials, and processes such as reverse transfer printing. This has given rise to a new breed of heavy-duty retransfer printers incorporating a range of security features designed for maximum security in critical government and state ID programmes. Some of these high-capacity printers also have built-in security to limit access by unauthorised individuals. Government ID programmes in particular demand high-duty cycle, scalable card issuance systems. Government customers are increasingly turning away from large free-standing machines to clusters of high-capacity desktop-sized printers, known as printer arrays, and commonly referred to as personalisation farms (see figure 3). A centralised issuance operation is dependent on single or paired large-volume printers. As a result, card production can be interrupted during extended periods of maintenance, hampering productivity.
Conversely, a personalisation farm consisting of multiple printers rather than one large machine offers many potential advantages, from 24/7 availability and flexible use in centralised or decentralised systems to their reduced maintenance costs and downtime. The built-in redundancy of a desktop printer array results in much less downtime than with large-scale non-portable card issuance machinery. A printer array can remain at or above 90% production capacity should one printer go down. Beyond continuous production, this modular approach allows for simultaneous operations, which greatly increases the throughput of IDs that require multiple processes, such as encoding, laser engraving and lamination.
In large-scale high-performance programmes, the ability to provide secure data capture, printing and encoding as well as offer a range of performance levels and secure printing options have become basic necessities. For many government ID programmes, geographical or organisational considerations make high-duty cycle distributed card issuance preferable to centralised credential production. In some programmes, such as driving licence programmes where ‘instant’ issuance is desired to improve the cardholder experience, several printers may be deployed at a central production facility with other printers deployed at distributed sites. These instantly issued IDs exactly match the centrally produced badges. This service not only adds value by providing a better customer experience, but it creates a potential new revenue stream with an added convenience fee for the instantly issued ID.
ROI: design and delivery through secure issuance
Today’s most sophisticated ID projects are highly customised, high-volume and demanding. Secure issuance requires rugged, industrial-strength printers with high availability, high capacity and fast throughput. Much debate regarding the more advanced, and therefore more costly e-ID programmes, revolves around initial project cost versus return on investment (ROI), which is calculated not only according to the functionality but also the lifecycle of the card. Given the many variables affecting cardholders’ lives, the ability to extend the life of the card through the most secure printing and personalisation approaches, plus the ability to provide post-issuance updates to the card, are vital in programme design and budget allocation.
New developments in printing technologies are leading to greater durability by reducing card re-issuance needs and costs and ensuring that the credentials produced will withstand years of use even in harsh environments. The best innovations in this area not only result in higher quality cards, but cards that are virtually tamper-proof and highly resistant to fading and chemical exposure. Even after a card is in the citizen’s hands, government can increasingly evolve programmes through post-issuance e-ID management systems that enable secure updates after the card has been issued, or provide the ability to upgrade the on-card information with new applications and services as they become available.
What next?
Technology, materials and processes are evolving to enable more sophisticated systems capable of higher levels of security, functionality and increased return on investment for governments. At the same time, such advancements are also enabling the delivery of more efficient and convenient services for cardholders. General technology trends, including the growing use of mobile devices, software as a service, and access to the ‘cloud’ by individuals will continue to drive innovation and increasingly ‘citizen-centric’ programmes. Other technological developments that are impacting the future of ID programmes include the convergence of physical and logical access control systems, the evolution of (even) smarter cards that include multimodal portable biometrics, and ‘certified identity’ to define sure levels of ID verification. The transfer of more project knowledge from integrators to the host country through increased levels of training and support of local personnel is also becoming a more standard – and welcome – attribute of such complex programmes. Each programme presents an opportunity for members of a nation’s workforce to benefit in terms of educational and technical knowledge transfer. All of these developments are taking place against the ongoing backdrop of new standards and certifications and regulations, which will continue to propel the advancement of programmes in the areas of security, functionality and interoperability. The newest security protocols for e-Passport programmes, which for instance, originated after the 9/11 terrorist attacks in 2001 will have significant repercussions for global security. An integrated approach to issuance – from the design of the credential through its delivery – is fundamental to a successful, effective government ID programme.
Rob Haslam is currently vice president of Government ID Solutions with HID Global, where he is responsible for market penetration and strategic worldwide expansion of the company’s government ID programmes.
Mr. Haslam has over 20 years of worldwide experience in the government identity field including, managing the international business development team at
L-1 Identity Solutions (acquired by Safran/Morpho in 2011). Prior to L-1, Mr. Haslam held a variety of roles at British security printer and identity specialist
De La Rue.