Page 0

The Lebanese E-Passport

البيومتريجواز السفر اللبناني

مكتب شؤون المكننة-المديرية العامة لألمن العام

Page 1

Page 2

Overview

The project involves the deployment of acomplete biometric enrollment and electronicpassport personalization solution for Lebanon.

The project covers 6 types of E-passports: The Lebanese normal passports The Diplomatic Passports The Special Passports The Service Passports The Palestinian Refugees Travel Documents The Laissez-Passer

Page 3

Overview

The solution already deployed in:GDGS Headquarter and Production Center All Regional GDGS centers.

The Public Relations Department.

The solution will soon be deployed in: The Ministry of Foreign Affairs and Emigrants. 88 diplomatic missions abroad

Page 4

Project scope

• E-Passport booklets and laminates• Application forms. • E-Passport Application Software:

Enrollment, workflow and delivery solution. Personalization solution PKI User management Interfaces with border control system.

• E-Passport Hardware Infrastructure: Data center Production center Enrollment Sites infrastructure preparation and

equipment.

Page 5

Project Goals

• Compliance: The new passport is an electronic machine-readable ICAO, ISO, and EU standards-compliant E-passport.

• Security:

The new passport will include the latest security features.

Tailored enrollment solution.

Personalization and issuance solution to prevent skimming, eavesdropping, counterfeiting, and other fraudulent activities.

• Service enhancement: The migration to the new E-passport system was considered as an opportunity to increase the service level:

Better service and faster issuance times.

Increased flexibility and fully automated work environment.

Better control and visibility on the applications and documents life cycle.

Page 6

Project Goals

• Identity Management: By using the cutting edge biometric technology to complement current authentication methods to:

Eliminate duplications in registrations.

Prevent identity fraud or theft.

Better identify and verify individuals (Unique Personal Number UPN for each registered individual).

• Crossover use of Electronic Security Credentials (beyond passport booklets):

Border control faster processing and greater convenience .

Issued credentials could be used as the accredited basic building block to facilitate derivation into a “virtual” ID for online use.

Issued credential could be used with other public-sector or private-sector services

Page 7

Request Life-Cycle

Page 8

Booklets Life-Cycle (Before Delivery)

Page 9

Booklet Life-Cycle (After Delivery)

stm Issued documents state

Initial

DELIVERED

LOST STOLEN DAMAGED CANCELLED

Final Final Final Final

REVOKED

Final

[Moving from the

production DB]

[Marking as

damaged]

[Marrking as

lost]

[Marking

as stolen]

[Marking as

cancelled]

[Marking

as

revoked]

Page 10

New Application forms

• A4 paper

• 100 gsm paper density

• Multicolor printing

• Anti-scan/copy pattern

• Barcoded uniquely serialized (each form will have unique barcode/serial number)

Page 11

New Application forms

Page 12

The biometric Enrollment solution

• Facial Image Capture

• Ten Fingerprint Capture

• Biographic Data Capture

• Business Rules Enforcement

• Summary Display and application form printing

Page 13

Ten Fingerprints Capture

Page 14

The Enrollment Workstation

Page 15

The Enrollment Workstation

• Suitable for mass enrollment

• Rapid on-site process.

• Top quality biometric capture.

• Automatic height and lighting adjustment

• Fully automated data processing (enrollment, data transfer, authentication)

Page 16

The Portable Enrollment Workstation

Page 17

The Portable Enrollment Workstation

• Light Weight.

• Rapid on-site process.

• Biographic and high quality biometric capture.

• Fully automated data processing (enrollment, data transfer, authentication)

• Robust components

• Easy to carry, no loose components and long-lasting battery

Page 18

The New Electronic Passport

• Compliant to ICAO Doc 9303.

• Components:

Cover: including the inlay with its Integrated Contactless Chip and antenna.

Data page – Additional Info Page – Visa Pages.

• New design concept: Modern – Abstract.

• Security Features.

Page 19

The Cover

E-Passport Logo

Page 20

The Cover

Page 21

Security Features

• More than 50 security Features.• Consistent set of overt (obvious, visible) and

covert (hidden) security features.• Security features inserted during booklets

manufacturing and during the personalizationprocesses.

• Security features of four levels:Level 1: No equipment needed to check the

security feature - usually overt.Level 2: requires a simple, easily available

equipment e.g. UV light source (border controlofficer)

Level 3: requires special inspection equipmentin laboratory (forensic)

Page 22

The Cover (UV)

Page 23

The Datapage

Page 24

The Datapage (UV)

Page 25

The Visa Pages

Page 26

The Visa Pages (UV)

Page 27

The Visa Pages

Page 28

The Visa Pages (UV)

Page 29

The Personalization Machines

• Two industrial e-passports printers.

• Each machine is designed to accommodate the personalization of up to 600 epassports / hour (up to 3600 epassport / day).

• Flexible so that it can be easily extended in the future for higher volumes of personalization, and even different personalization technology.

Page 30

The Personalization Machines

• Allow for fully automated personalization operations: Automatically read the blank booklet serial

number Personalize the electronic passports optically Personalize the chip of the e-Passports Laminate the ePassport. Perform automatic quality control Update the stock management system

automatically

Page 31

Industrial e-passports Printers

Page 32

Lebanon PKI overall solution

Page 33

Country Signing CA = Root CA

• The Certification Authority for e-passports compliant with ICAO is CSCA (Country Signing CA). CSCA issues signing certificates to Document

Signer Server. Document Signer digitally signs the information

contained in the chip.

GDGS is responsible for

the operation of the CSCA

Page 34

PKI Trust Hierarchy: based on X.509 standard

Document Signer certificate

Root CSCA

CRL

CSCA

CRL

1234234749

7623469324

5612129234

7656465234

5623465283

47652

DS

Page 35

Passive Authentication

• Secure the production of passports

• Ensure the authenticity of the passport

• Ensure the data integrity (no data alteration)

Page 36

• The National Certification Authority for Terminal Authentication is called CVCA.

• CVCA issues certificates to DVCA (delegated CA)

• DVCA is delegated CA and issues authentication certificates to Inspection Systems.

GDGS is responsible for

the operation of the CVCA and DV

Root Country Verifying CA

Page 37

PKI Trust Hierarchybased on ISO 7816 standard

DVCA

IS certificate

CVCACVCA

DVCA

IS

Page 38

Extended Access Control(Chip Authentication

& Terminal Authentication)

• Protect access to traveler’s fingerprints (sensitive Data)

• Verify the travel document holder

Page 39

Certificates Validity Periods

Page 40

Interoperability : Foreign Documents verification

Page 41

Interoperability : Verify Foreign Travelers Identity

Page 42

The SPOC(Single Point of Contact)

• An European Framework EU Common Policy guides information exchange (TR-03139) Internationally standardized protocol SPOC (CSN 369791) Read Access to biometrics protected by EAC (TR-03110) All Member countries must deploy SPOC (EU Commission)

• Global Interest Initiatives to create regions, where cross border travel is

facilitated

• New application fields LDS 2.0 (ability to write Visa data into the epassport)

requires EAC protection Management of write rights on international level.

Use of Standardized Solutions

is the key to Success

Page 43

ICAO PKD

(Public Key Directory)

• ICAO has set up the ICAO Public Key Directory to facilitate the exchange of:

Document Signer Certificates

Certificate Revocation Lists (CRLs)

CSCA Master Lists

CSCA Defect Lists

• General information about PKD :

58 registered countries

Page 44

THANK YOU