5. Memorandum submitted by
C-Cure Integrated Solutions Ltd
1. INTRODUCTION
The purpose of this document is limited to identifying
the functional elements/components and associated potential problems,
which have to be taken into account when considering the implementation
of a system as complex as is being addressed. We believe that
our knowledge and practicable experience in this subject could
be helpful, and if required, we shall be pleased to discuss any
of these items in more detail in the future.
1.1 Overview
The word "FRAUD" covers a multitude
of sins, and occurs in a variety of forms, most of which the general
public are aware and by varying degrees concerned. However it
is important to note that the majority of Fraud cases, in all
forms, occur as a result of failings on the part of the issuing
administration/officialdom, as opposed to an individual/bearer
claiming the identity of another individual/bearer. In the past
Passports and Driving Licenses have relied upon the individual/bearer's
Photo Image, in human readable form only, to verify the individual/bearer's
claimed identity. Which in the majority of cases has been adequate,
with only a minority of abuse as a result of physically changing
the Photo Image, or, of counterfeiting the original document.
As a result of world events, in particular the increase in international
terrorism and illegal immigrants, the "minority" has
become a major concern and established the need for additional,
more reliable means of verification of both the individual/bearer
and the document, which can be best achieved by the introduction
of Biometrics Verification combined with "plastic" ID
Card facilities.
2. COMPANY BACKGROUND
C-Cure Integrated Solutions Ltd. is a privately
owned company, established in 1998, to provide Development—Marketing—Consultancy
services in IT Network access security systems, based on a combination
of Smart Card, Data Encryption and Personal Biometric technologies.
During this period, in conjunction with a US
business partner, we have been involved in the development of
a range of low cost—portable devices and associated software,
for Personal Biometric Identification/ Verification in respect
to Internet Banking, Law Enforcement and Network Access Control
applications.
As outlined in the following text, we have been
actively engaged for the past five years in the integration of
various Biometrics Methods as the means of developing a Practicable,
Acceptable and Cost Effective "Smart Card" based Personal
Identification Verification system. During this period we have
been working in conjunction with and on behalf of a major UK retail
financial institution, together with an International Financial
Network supplier and a US based Smart Card Acceptor Device Development
Company. We are about to commence customer field trials of the
resulting system with the financial institution. The Smart Card
system is intended for their multi-million UK customer-base. In
addition we have in the recent past given introductory presentations
to members of both the Passport Office and Drivers Vehicle Licensing
Authority development groups.
Together with our US business partner we have
a number of UK and Worldwide Patents, both granted and pending,
covering these technologies. Our portable/hand-held Personal Biometric
Verification terminal was awarded the Bronze Medal at the 2003
Geneva International Inventions Exhibition.
3. SUMMARY
In considering a specific ID Card solution the
following critical factors must be taken into account:
(i) Public/User Acceptability.
(ii) Practicality and Implementation/Administration
Cost of the physical ID Card.
(iii) Practicality and Implementation/Administration
Cost of interrogation Terminal Devices.
(iv) Selection of a specific or combination of
Biometrics Methods.
(v) Practicality and Implementation/Administration
Cost of Enrolment facilities.
(vi) Location/s, Distribution and Implementation/Administration
Cost of Secure Central/Distributed Database facilities.
(vii) Practicality, Reliability and Implementation/Administration
Cost of a Network topology necessary to support the "worst
case" Transaction activities estimates.
4. PUBLICUSER
ACCEPTABILITY
Concern in the public domain to the ID Card
concept is largely due to the failure by the authorities and system
suppliers to explain to them the basic concepts of the technology
in non-technical terms and the benefits that can be gained by
them. The following points should be noted:
(i) The use of the title "Smart Card",
has been mistakenly interpreted as a new form of media, with "big
brother" implications. It should be made clear to the general
public that the majority of the population have been using this
media in the form of "plastic" Credit Cards for at least
three years, without any knowledge or concern of what information
was contained on the "chip". The ID Card would be better
considered as yet another form of "plastic".
(ii) All critical data is encrypted and stored
on the ID Card in machine readable form only, and comprises a
uniquely coded Biometric Template, a Directory to other restricted
personal data sources, and only summary personal data as appears
on/in existing equivalent documents.
(iii) For additional personal security only limited
data—Photo Image, Name, and Reference Identifier—are
displayed on the Card in human readable form.
5. PHYSICAL ID
CARD
Most of the Smart Cards/Integrated Chip Cards
(ICC) currently available are designed to meet agreed international
specification standards, with particular regards to the Software/Hardware
Interfaces and Protocols, providing cross platform compatibility.
There are however two basic functional concepts with regards to
the ICC resident data processing methodology, the choice of which
has a significant effect on the system implementation cost. The
options are:
(i) Utilising a programming language and method
in which the individual applications software programme modules
are resident and processed entirely on the ICC.
(ii) Utilising a programming language and method
in which the individual applications software programme modules
are distributed and processed by a combination of the Terminal,
Smart Card Acceptor and ICC.
The major benefits of (ii) are:
(iii) Typically the ICC in i) above requires Mbytes
of storage capacity, whereas the ICC in (ii) above requires only
Kbytes of storage capacity and is therefore more cost effective
in high volume applications.
(iv) Provides for overall better system security
since critical functions are distributed.
(v) Simplifies the replication in the event of
loss of, or damage to the ICC.
Note: In the National ID Card environment, due
to the volume of ICC "users" the cost per unit (ID Card)
is a critical factor in the overall system implementation cost.
6. TERMINAL DEVICES
Unlike e-Banking/e-Commerce and other similar
commercial applications, where the input terminals are "fixed"
at strategic locations, and connected via dedicated Virtual Private
Networks to individual corporate database service facilities (ie
ATM, POS providers), the ID Card application will require a mix
of both "fixed" and "mobile" terminals:
(i) Fixed. Located at points of entry or strategic
locations and connected via dedicated Virtual Private Networks
to an associated database service (ie Passport, Immigration, Driving
License)
(ii) Mobile. Portable/hand-held/pocketable devices
for random and convenient ID Card interrogation, which must be
able to operate off-line and independent of any external facilities
(ie Immigration, Driving License), with the option to communicate
via dedicated Virtual Private Networks to an associated database
service when required.
The choice of a specific Terminal configuration
will be dependent upon the Biometrics Method /s selected, and
will be a critical factor in the overall system implementation
cost.
7. BIOMETRICS
METHODS
Of the Biometrics Methods currently supported,
the following are considered the most likely to provide a practicable
working solution in the ID Card application, subject to the level
of security required for a given operational environment:
In selecting a specific or combination of Biometrics
Methods best suited for a given Application/Environment, the following
factors should be considered:
(i) Given the performance variations associated
with the alternative Biometrics methods; Accuracy, Reliability,
Flexibility, Practicality, User Acceptability and Implementation/Administration
Costs, which individual, or combination of methods is best suited
for the target environment.
(ii) Depending upon the level of security required
and independent of the Biometrics method/s selected, there are
three alternative modes of operation: Identification (one to many)—Verification
(one to one) or a Combination of both, which individual, or combination
of modes is best suited for the target environment.
(iii) Since without exception none of the Biometrics
methods mentioned can in practice guarantee 100% accuracy under
all foreseeable operational conditions, it is necessary to determine
the Error Rate Ratio/balance criteria, depending upon the nature
of the Application/Environment. The options being, minimum False
Acceptances—minimum False Rejections, or equal ratio of
False Acceptances/False Rejections.
8. ENROLMENT
The logistics of enrolment on a National basis
will be both costly and time consuming and require both the support
and co-operation of the general public. The most practicable and
cost effective solution would appear to be based on the creation
of a central/independent Biometrics Authentication Authority,
with the facility to support all of the recommended/selected Biometrics
Methods, Secure Database, Communications Wide Area Network, Operation
and Administration facilities to support the following:
(i) The Authority would be responsible for creating
and maintaining a central registry of Biometrics Templates indexed
by unique individual/bearer Identifiers without any other individual/bearer
personal data.
(ii) The Authority would be responsible for creating
and supporting a network of regional satellite Servers to minimise
transaction-servicing delays.
(iii) The Authority would be responsible for
establishing a network of Enrolment facilities, comprising both
Fixed locations and Mobile Units.
(iv) The Authority would be responsible for providing
the necessary Print File (Biometrics Template and Identifier data),
required for inclusion on the individual's/bearer's physical ID
Card, to and in the format requested by the appropriate Service
Provider (Passport, ID Card, DVLA).
9. VERIFICATION
PROCESS
There are a number of major issues, which must
be taken into account when considering the Verification process:
(i) As referred to in para. 1.1, analysis shows
that the submission of counterfeit documents, or, the illegal
claim of another individual/bearer's identity occurs in the minority
of cases, and that this fact alone justifies the introduction
of the ID Card. However, the process of Verification must take
into account the majority, to minimise delay or inconvenience.
(ii) In order to minimise delay or inconvenience
to the majority, the Verification process should be "layered"
depending upon the nature of the application and the level of
security required.
(iii) The layered structure should, where it
is technically feasible and cost effective, perform the Verification
process at the "local" Terminal, with access to a central
facility only if additional evidence is required.
(iv) The ID Card should contain individual profiles
indicating the level of security required by specific Applications.
10. CONCLUSION
We believe the National ID Card scheme is technically
achievable and could be acceptable to the Public subject to the
following:
(i) The public are aware that the ID Card concept
is based on the existing Credit Card principle.
(ii) The public are aware that the personal information
contained on the ID Card is no different to that already contained
on existing documents, with the advantage to the individual/bearer
that this information is no longer human readable in the event
of loss.
(iii) The Authority responsible for Biometrics
Templates is both independent and secure, with no knowledge of
personal detail other than a unique individual/bearer Identifier.
(iv) The implementation of the ID Card scheme
is phased, initially to support limited established and acceptable
Biometric Methods; eg Photo Image and Facial Image. Other Biometrics
Methods being adopted subsequently depending upon the specific
application.
January 2004
|
