Airport eGates and best practice

by Infineon Technologies
The objectives of an automatic border control (ABC) system are to:
a) improve passenger clearance without increasing staff costs (efficiency),
b) make the process easier for passengers (convenience)
c) enhance precautions at airports (security).
An ABC-system enables automated or semi-automated border control, that can be operated with an eMRTD, RTP, National eID or other token, or without a token. This offers passengers (especially frequent flyers), governments, airports and airlines a win-win proposition and could be linked to API or PNR.

In 2010 more than 40 countries were using ABC -systems. Four different technologies are in use, three of them based on token:

– ePassport, complying with ICAO 9303, e.g. in Australia, Serbia, the UK, Germany
– electronic Registered Traveller Program (eRTP) with token, e.g. in Netherlands, France, Japan, Oman, UAE, Bahrain, the US
– eRTP without token, e.g. Germany (ABG), UK (IRIS)
– National eID-card, e.g. in Hong Kong, Spain

These four token types may use one-factor, two-factor or three-factor authentication. The preferred biometrics used for authentication are:
– face, e.g. in Germany, Australia, Serbia, UK (for ePassports)
– fingerprint, e.g. in Spain, Japan, Bahrain
– iris, e.g. in the Netherlands, the UK (for frequent flyers)
– hand geometry, e.g. in Israel

The following overview gives a recent history of travel documents and highlights the main eGate projects.
1. History of MRTD/eMRTD
1979 ICAO publishes the new MRTD standard, which includes a machine-readable zone (MRZ) for automatic optical scanning of the issuing state’s data, the document holder’s name, the document’s validity and number.

1981 The first country starts migrating to the new MRTD standard.

1989 10 countries worldwide have started issuing MRTD.
2004 ICAO defines the first standard for eMRTDs with embedded microcontroller and data set complying with the ICAO LDS (Logical Data Structure) and security framework complying with the ICAO BAC (Basic Access Control).

The first country – Belgium – starts issuing first generation eMRTD.

2006 Deadline for 27 member states on the US Visa Waiver Program (VWP) to replace MRTD with eMRTD/1G (e.g. Australia, Japan, Singapore, the UK, Germany).

Deadline for 27 member states to replace MRTD with eMRTD/1G. European Commission’s Article – 6 – Committee and its related task force, the Brussels Interoperability Group (BIG) define the second generation MRTD for EU member states, with ICAO LDS, ICAO BAC (face) and BIG EAC (two fingerprints).

2009 Deadline for 27 EU member states to replace MRTD/1G with eMRTD/2G.

162 of the world’s 189 countries are issuing MRTDs, with only 27 issuing non- MRTDs.

2010 ICAO defines the second eMRTD standard on eMRTD, with ICAO SAC (third generation for EU member states).

2012 ICAO is expected to define LDS 2.0 with extended data set and extended applications.

2014 Deadline for 27 EU member states to replace MRTD/2G with eMRTD/3G.
2. eGates based on eMRTD

This was first trialed in 1999 at Kuala Lumpur International Airport (KLIA) in Malaysia. A document validation check and a passenger identity check, monitored by border police, are the cornerstones of this implementation. The Ministry of Interior selected face recognition as the biometric. There were no standards for the biometric data set (e.g. ISO 24727) or the biometric photo in travel documents (ICAO 9303) at this time. When the new standards for travel documents were introduced in 2004, some countries started using eGates based on these new standards plus biometrics, such as Thailand (2005), Portugal (2007 – RAPID), Australia (2008 – SmartGate), Germany (2009 – easyPASS) and Serbia (2010). Serbia had one of the first implementations, which used fingerprint recognition technology alongside standard travel documents. France was expected to take a similar approach in 2011. The travelers two fingerprints are flat scanned and stored electronically in the document.

A central register of the booklet holder’s biometric data is not always needed and in some countries not implemented because of privacy requirements.

There are now three generations of travel document:
– 1G, Face, protected by ICAO BAC; in use since 2006
– 2G, Fingerprints (2x), protected by BIG EAC; in use since 2009
– 3G, Face, protected by ICAO SAC; roll out expected in 2012

Biometric data in the travel document and the related data access security framework typically takes about 10 to 20 seconds to read. This includes reading and verifying the full electronic data set including biometrics and credentials, terminal authentication and MRTD – authentication.

The facial image data set in travel documents is usually compressed using JPEG or JPEG2000 to around 12 Kbytes. Fingerprint images use a similar high resolution and are about 18 Kbytes per fingerprint.

It takes up to 10 years to replace all old-style non-biometric travel documents. This means, for example, that it will be at least 2016 before all of Europe’s citizen’s have electronic documents containing biometrics. This has implications for the current trade in fraudulent documents, but also highlights the need to start using eGates or at least manual electronic authentication, otherwise illegal travel documents will continue to be used.
3. eGates based on RTP with secure token

One of the examples of this approach was a scheme at Schipol Airport in the Netherlands in 2002, called Previum. Similar projects have been set up in Israel at Ben Gurion International Airport (2004), in the US at JFK International Airport (2005), in Japan at Narita Airport (2006), in the UK, at Heathrow Airport (2006), in France at Charles de Gaulle Airport (2006), in Oman at Muscat International Airport (2007), in Canada at Ottawa International Airport (2008) and in the UAE at Dubai International Airport (2009). Most of these are stand alone commercial schemes installed with the support of the local authorities but are not interoperable.

Three different biometric technologies and data sets were selected:

– fingerprint (templates) recognition, e.g. in the UK, the US, France, Japan and Bahrain
– iris (template) recognition, e.g. in the UK, the Netherlands
– hand geometry, e.g. in Israel

Passenger data including biometric data is held centrally to allow three-factor authentication.

Various local biometric data formats are in use, varying from image to template and ISO standard or non-ISO standard.

Registered travellers pay additional fees to participate in such schemes. This ABC technology typically takes around 5 to 10 seconds to process each traveller’s document.
3. eGates based on RTP without secure token

A key example of this approach is the ABG system at Frankfurt Airport (Fraport), in Germany, which was piloted in 2006.

This eGate system is based on a central registration database of iris template data sets. The passenger’s iris image needs to be captured pre-flight. Participation in this scheme is free of charge and voluntary for the passenger.

It takes no more than 15 seconds to process each passenger.

A similar system has been installed in airports across the UK since 2004. More than 100,000 users have been registered, mostly from the UK but from elsewhere worldwide as well. It is free to use, and has a typical cycle time of around 20 seconds. But with only a few eGates per terminal, the queue to use the system can be quite long at times, and several IT issues have affected system availability. The databases are kept by the local authorities and the schemes are not interoperable.

4. eGates based on national eID card

This concept was first used in Malaysia in 1998, based on the national eID-card and called MyKad at KLIA. It was first used in Europe when it was tested in Spain in 2010. The Spanish ID card, DNI, was used at Madrid Barajas Airport. Germany went with ID card, nPA at Fraport, Frankfurt.

Three biometric technologies are in use: facial images in Malaysia, rolled fingerprint images in Spain and flat finger in Germany.

The biometric data needs to be held centrally.

It takes no more than 5 seconds to process each passenger. As these schemes are national-ID card-based, they are for local citizens only.

 

5. Summary

Best practice guidance for ABC systems can be summed up in three points;
a) To use solutions based on standards to increase interoperability and reduce develop costs
b) Select vendors with tried and trusted solutions to reduce risks of installation delays or security issues
c) Ensure the final implementation offers the correct balance of passenger convenience, airport security, and return on investment.

ABC in addition provides an interesting opportunity to study various biometric technologies by data capture, speed, 24/7 performance in a real environment, FAR, FRR and so on.

Four biometric data sets are used with ABC, with the most common being:
– facial image
– fingerprint image/templates
– iris image/templates
– hand geometry template

ABC is a perfect arena in which to benchmark various biometrics technologies to test their technical, social, privacy, convenience and financial strengths for use in other identity authentication applications.

It is expected that more and more ID projects will jump on the eMRTD train and use these new travel documents – or specifications – frequently. For example eDriving licenses. We can expect a concentration of biometric technologies and secure tokens in line with the ICAO world standards.
Glossary

ABG  Automatische Biometrische Grenzkontrolle (automatic biometric border control)
ABC  Automatic Border Control
API  Advanced Passenger Information
BAC  Basic Access Control
BIG  Brussels Interoperability Group
DNI  Documento Nacional de Identidad (national ID card; Spain)
EAC  Extended Access Control
eMRTD  electronic Machine Readable Travel Document
eRTP  electronic Registered Traveller Program
FAR  False Acceptance Rate
FRR  False Rejection Rate
1G/2G/3G 1st generation, 2nd generation, 3rd generation
ICAO  International Civil Aviation Organization
JPEG  Joint Photographic Expert Group
KLIA  Kuala Lumpur International Airport
LDS  Logical Data Structure
MRTD  Machine Readable Travel Document
MRZ Machine Readable Zone
nPA  neuer Personalausweis (new ID-card; Germany)
PNR  Passenger Named Record
RTP  Registered Traveller Program
SAC  Supplemental Access Control
VWP  Visa Waiver Program

EU member states are: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, France, Finland, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.

 

Advertisements

Tags: , , , , , , ,

Categories: Identification, Partner News

SUBSCRIBE & CONNECT

Subscribe to our RSS feed and social profiles to receive updates.

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: