The increasing need for security is driving global adoption of advanced electronic ID documents as a primary means of confirming identity and right of passage. In response to this demand, the ID industry has developed many technologies and techniques in the design and manufacture of secure identity solutions, as Robert Smith explains. However, in step with this, fraud and counterfeiting techniques are also evolving and the majority of conventional security features are routinely compromised to some extent.
The deployment of electronic reader infrastructures continues to lag behind the issuance of e-ID documents. This means that, even in controlled environments such as border entry points or airport security, the majority of document inspection or examination is still ‘visual’. Criminal elements are well aware of this reality and therefore often focus on the production of relatively credible forgeries using state-of-the-art scanning and printing techniques.
As e-ID documents gain acceptance, their use as proof of identity will inevitably expand to uncontrolled environments – for example, in places of employment, at a bank or doctor’s office – further compounding document vulnerability.
It is an incontestable fact that attempts will be made to simulate every significant ID credential and furthermore, that some of these attempts will fool some of the people who examine the document. In designing a document, the issuer must therefore determine the acceptable level of threats and risks for each program, and which levels of inspection must be prioritised.
Should the program be designed to ensure ease of inspection for the average document examiner, or should it be weighted towards the needs of expert or forensic examiners at the second or third levels of document authentication?
Levels of authentication
The requirements of embedded security features in the secure ID credential are:
- simple, immediate document authentication;
- layered security supporting levels one, two and three of authentication;
- protection of the cardholder’s personal data from alteration, counterfeiting and tampering.
Furthermore, at each level, the security features must accommodate the specific goals of the inspection agents. At level one, security features must be eye-visible – that is, easily detected by trained but not expert inspectors who will look for specific features of a card’s appearance in order to detect a forgery from a genuine card. At heavily used land border crossings, inspectors often rely on what is sometimes referred to as the ’40 footer’ characteristic of optical security media – a distinctive visual effect and an easily and immediately recognisable characteristic – the absence of which alerts inspectors to the need for closer scrutiny of the holder.
How much is too much?
Much debate centres around the point at which there are too many or too few embedded security features, and when the level of sophistication on a particular visual device in fact overwhelms the original intent of fraud prevention. There are some highly sophisticated security features which are virtually impossible to counterfeit. On the other hand, the more complex the feature, the more difficult it is for the inexpert examiner or the inspector who sees a specific document on an infrequent basis to distinguish a counterfeit from a genuine one.
A pragmatic security programme requires visual authentication components that:
- are simple and straightforward to authenticate at the first level of inspection;
- do not require a high level of training, reinforcement and updating on the part of inspectors;
- provide the ‘40 footer’ component, while adding depth and sophistication of security features that can be interrogated at subsequent levels.
Innovations in Optically Variable Devices
The Optically Variable Device (OVD) is capable of obstructing forgery attempts if it combines sophistication of design with ease of implementation. Recently this journal has highlighted several case studies on national-level ID programs that leverage optical security media because of the ease of visual authentication, counterfeit-resistance, layered security and tamper-proof properties. This technology has recently undergone a number of key innovations, which highlight the benefits of balancing complexity with usability in real world situations:
• ultra high-resolution ‘micro images’;
• the Covert Diffractive Pattern;
• personalised OVDs (POVD).
Ultra high-resolution ‘micro images’
One of the important breakthroughs in the optical security media as an OVD is a dramatic increase in resolution of security patterns and microimages. These are mastered into the photo mask from which the ID card is produced, so that the same set of patterns and images appear on every card for a particular program. The risk of credible counterfeiting has been greatly reduced by recent advances in the production of microimages and security patterns on ID cards, which can now be resolved at more than double the previous level, down to 24,000 dpi or approximately one micron.
This far exceeds the resolution available via any other copying, printing or scanning device in the printing industry, and cannot be replicated by forgers. And yet the features are visible to the naked eye, while fine detail can be viewed using hand-held magnification and forensic features can be verified with laboratory equipment (see for examples figures 1 and 2).
The Covert Diffractive Pattern
The Covert Diffractive Pattern is a low-cost, high-security feature mastered into the optical security media on a card. It provides both visual OVD security and machine verifiable authenticity. Imaged onto the media at over 20,000 dpi, it provides a strong anti-counterfeiting feature.
The mastering process involves:
• the creation of the diffractive image from simple line art;
• shaping the image via Boolean operations;
• mastering the image onto the photomask of the credential at high resolution.
The covert diffractive image provides excellent level 1 visual security features with its distinctive dark-to-bright characteristics, together with level 2 inspection features. The shape visible to the naked eye on the card surface does not reveal the image except when illuminated by a low-power laser such as that found in a standard laser pointer (for examples see figures 3 and 4).
Advances in optoelectronics have also enabled much higher resolution images to be permanently laser etched onto the optical security media. The result is a personalised OVD (POVD): a photo-like image from which the cardholder can be identified which serves to back up and confirm the holder’s image printed or laser engraved on the card’s surface.
Recent innovations include the ability to add (non-transmissive) watermarks, ghost images, dynamic (continuously variable) text and background patterns which appear behind other elements in the OVD, locking personalised images and demographics on an ID card to a specified pattern. Complex backgrounds incorporating optically variable images may be used, resulting in a unique appearance that is easily recognised on visual inspection. Combinations of certain unique qualities pertaining to the card holder can easily be made visible, for example date of birth, ID number, place of birth and facial image. This personal information is overlaid onto the card body at the final stages of personalisation by bringing together imaging software, OSM secure encoder and firmware and the database record containing the cardholder’s information (see figure 5).
Data storage and the POVD
The optical security media POVD is unique in that, unlike other OVDs, it is capable of storing digital data such as facial images, biometric images and/or templates (fingerprint, face, iris, etc.), and biographical data. The size, number and placement of optically variable images on the optical security stripe can impact the amount of data storage available. An important innovation in this area has been the ability to interlace the graphic with the digital storage capabilities. Customers can use a relatively large, tamper-proof POVD image for enhanced ease of visual inspection, without absorbing excessive amounts of storage space on the optical security stripe.
This breakthrough was achieved following the introduction of a new optical head and firmware that enables the write power of the head to be increased when producing the personalised OVD, in turn resulting in higher contrast imaging. This is the first time that it has been possible to both etch a POVD image and encode data on the same track of the optical media stripe. The security protocol governing the card encoder ensures that it cannot encode authentic data on a non-authentic card.
Balancing innovation with function
Today, a plethora of advanced, anti-counterfeit and tamper-proof features are available to the industry, from security threads to guilloche patterns, micro-images, optically variable inks, holograms and optical security media. In the search for security in an insecure world, the natural propensity of OVD designers is to incorporate more and more features into the device. Many OVDs encompass a range of increasingly sophisticated capabilities that are all but guaranteed to prevent credible imitation, but which create a different type of vulnerability.
The danger is that the OVD itself becomes so complex that it is impossible for an inspector to remember all the features that distinguish the genuine article. Many simulations look good enough to pass visual inspection even if they contain inaccuracies that would rapidly be detected upon level two or three inspection, especially outside controlled environments or where diligent inspection is only rarely undertaken. It is therefore incumbent on the supplier of the OVD to ensure that the device finds a balance between complexity and ease of authentication, counterfeit-resistance and functionality.
One of the functions of the optical security media POVD is that of specifically and deliberately separating the layered and blended security features into different visual elements on each credential. The more sophisticated and advanced features are for the most part visible, but distinct from the ‘40 footer’ elements. As a result, a less expert or rushed examiner can immediately view, recognise and confidently authenticate the first level security features without needing time to closely inspect a single, feature-packed image (see figure 6).
This level of elegant simplicity, supporting escalating levels of inspection, enables the widest possible community of official examiners to confidently inspect and authenticate the ID document. At heart, visual security is dependent on balancing the right combination of unique visual features with customised elements that inspectors are trained to recognise, all layered and blended in a single card document.
Robert Smith has more than 25 years experience in developing and implementing technology systems in the secure ID card business. This includes the design and development of data capture and card personalisation subsystems, primarily for large-scale national ID and foreign resident card programs in countries such as the US, Saudi Arabia and Angola. Smith has also been the architect of end-to-end ID card solutions, recently leading the successful implementation of the entire enrolment and issuance solution for the Costa Rica foreign resident card.