Trends in Secure ID Cards, U.S. Driver`s License and International

Trends in Secure ID Cards, U.S. Driver`s License and International
industry standards…
By David Tushie,
Magellan Consulting,
Inc., ICMA Standards
and Technical
Representative
Trends in Secure ID Cards, U.S.
Driver’s License and International
Driver’s License Standards
In the USA, identity theft was the top complaint made
to the Federal Trade Commission (FTC) in 2010 when 8.1
million incidents were reported. Fraudulent ID’s, manufactured in countries like China and Panama, are now being
purchased online and exported throughout the world.
More troubling is the sophistication exhibited by these fake
ID’s, including digital holograms and UV sensitive inks.
Consequently, government issued identity documents, often
in the form of driver licenses, are becoming more
sophisticated and expensive. Several initiatives
are in motion that highlight this trend.
State governments issue driver licenses
in the USA, while national governments
typically issue these licenses in
Europe and Asia. The American
Association of Motor Vehicle
Administrators (AAMVA) is a
standards setting body for the
States. ISO/IEC 18013 defines the
International Driver License (IDL)
Standard. Parts 1 and 2 specify
the physical and machine-readable
features of the license while Part
3 adds the requirements for IC chip
technology. The AAMVA 2011 standard and proposed 2012 standard are
moving towards compliance with ISO/
IEC 18013 -1, 2. While long term contracts
mean that the states’ implementations always
take time, harmonization of the ISO and AAMVA
standards may eventually occur.
Real ID, the Western Hemisphere Travel Initiative (passport
card) and the Enhanced Driver License initiatives are some
additional standardization efforts ongoing in the USA. The
Real ID Act of 2005 is a federal law that imposes certain
security, document identity, authentication and issuance
procedures for state driver licenses and state ID cards in order for them to be accepted for official purposes as defined
by the Department of Homeland Security. Some examples of
such uses are boarding commercially operated airline flights
and entering federal buildings and nuclear power plants.
The licenses and ID cards must have certain data elements
and must also feature specific security features intended to
prevent tampering, counterfeiting or duplication of the
document for fraudulent purposes. These cards must also
present data in a common, machine-readable format
employing the types of technology as described for the IDL.
Enhanced driver licenses essentially combine a regular
driver’s license with the same specifications of the new U.S.
passport card. Thus, in addition to proving driving privileges,
the enhanced license also is proof of U.S. citizenship and
can therefore be used to cross the U.S.-Canadian and
U.S.-Mexican borders by road, rail or sea,
but not air (this still requires a traditional
passport book). These cards have
RFID chips so they may be used
at border crossings, to speed up
the border crossing process.
The State of Washington’s
enhanced driver’s license
was the first such license
approved. Vermont, New
York, Michigan, Minnesota, California, Texas and
Arizona are among the states
who have announced that
they are exploring the
issuance of such cards.
The Transportation Security
Administration (TSA) has
recognized the security risk
of fraudulent ID’s and boarding
documents. They recently started a
pilot program to test technologies that
provide their inspectors the ability to spot fake
documents via electronic scanning, without the use of
magnifying glasses or black lights. While speeding up the
process is desirable, it raises the question of what are the
necessary characteristics of a technology to determine the
validity of identity documents?
It would seem that the following features would need to
be present for any technology to get widespread adoption
in determining a valid ID:
• Quick, non-intrusive
• Reliable
• Low cost
• Un-clonable function
• Machine readable/free from confrontation
between the credential holder and the inspector
continued on page 29
.: 26 :.
August 2012 | ICMA Card Manufacturing
industry standards…
Industry Standards, continued from page 26
When reviewing ISO/IEC 18013 against these criteria,
it is apparent that the security elements are enhanced
from those in typically issued driver licenses. Part 1 of the
Standard, Physical Characteristics and Basic Data Sets,
describes mandatory and optional data elements, placement
of the data elements on the license, and other graphical
and card security characteristics. Part 2 of ISO/IEC 18013-2,
Machine Readable Technologies, adopts the philosophy
that human-readable and machine-readable data elements
should not conflict. Barcode, magnetic stripe, IC with
contacts, contactless IC and optical memory technologies
are all included. Stated elements of the machine-readable
data include identity verification, residence, biometric
authentication and age verification. It also includes
a specification for the storage of images. A conceptual
data structure is provided and encoding rules for barcode,
magnetic stripe, IC and optical memory are specified. Part
3 of ISO/IEC 18013-3, Access Control, Authentication and
Integrity Validation, specifies the mechanisms for how
the various data storage technologies permit access,
authenticate documents and validate data integrity.
These mechanisms consist of passive authentication
(digital signature), active authentication (challenge-response
used with a contact or contactless IC chip), an alert if
human-readable and machine-readable data elements differ,
and what are defined as Basic Access Control (BAC) and
Extended Access Control (EAC). BAC allows access to
machine-readable data only if visual access to the IDL can
be confirmed. Communication between the IDL and its
reader is required to be encrypted. EAC provides for IC chip
authentication, conditional authenticated access to data
groups and strong secure messaging.
Similarly, Real ID and EDL initiatives in the U.S. are an
advance in security over the typical drivers license in
circulation today. Other technologies, such as those utilizing
the magnetic stripe media characteristics, offer similar
protections at a very low cost of issuance. Longer term,
some of the new technologies like electronic displays on
cards with biometric features could offer additional security
functionality. The pressure to defeat the ever more sophisticated fraudulent ID cards will continue to build.
Marketplace
Ready to be an Official
Licensee of the ICMA EcoLabel
Standard Program?
The first global green card standard
We are pleased to support this
program which:
• Establishes criteria for the
environmental performance
of a manufacturer’s cards
• Is administered by the International
Card Manufacturers Association
Learn more at www.icma.com.
August 2012 | ICMA Card Manufacturing
.: 29 :.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement