Date post: | 06-Jul-2018 |
Category: |
Documents |
Upload: | arthur-miller |
View: | 219 times |
Download: | 0 times |
of 17
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
1/17
secunet Security Networks AG
London
27.02.2013
Digital Seal – Strong Protection for
Non-electronic Documents
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
2/17
2
Motivation ▀ Electronically enabled documents allow strong protection
- Cryptographic mechanisms, hardware-based security
- Verification of document authenticity & integrity
- Biometric verification of holder‘s identity
▀ Protection of non-electronic documents is challenging
- Large variety of optically verifiable features
- Detection of forgeries and manipulation requires careful examination- Non-individualized features don‘t protect against theft of blank documents
▀ Examples
- Breeder documents (e.g. birth certificates)
- Emergency passports / ID cards
- Visas
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
3/17
3
The Digital Seal ▀ Data stored in bar code, typically 2-dimensional
▀ Digital signature of issuer
- Strong cryptographic protection of document authenticity and integrity
▀ Allows verification of visible document contents
- Text, facial image, etc.
- Verification based of optical scans (visible, IR, UV)
- Error correction to compensate „noise resulting from
- Capturing
- Wear & tear
▀ Storage of other verification data
- Meta data, e.g. document type, issuer
- Option: Biometric data
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
4/17
4
The Digital Seal
▀ General mechanism developed by
- Federal Office for Information Security (BSI)
- Federal Criminal Police Office (BKA)
- secunet Security Networks
▀ Specified in Technical Guideline of BSI
▀ Prototype implementation by secunet
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
5/17
5
Example – Birth Certificate
▀ Typical reading device:
- Flatbed scanner
- Only visible light
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
6/17
6
Example – Emergency Passport
▀ Typical reading device:
- ePassport reader
- Capturing under IR light can reduce distortions,
e.g. by background
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
7/17
7
Document Issuance
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
8/17
8
Document Verification
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
9/17
9
▀ Inaccuracy of optical reading
- Noise introduced by printing and optical reading
- Distortions introduced by wear & tear, e.g. scribbling, stamps, crumpling
- OCR errors
Challenges and Solutions
▀ Error correction / tolerance
- Bar code uses error-correcting encoding
- Storage of auxiliary data for error correction of optical content
- E.g. check bits / error-correction bits
- Restriction to most robust/relevant features
- E.g. biometric face features in facial image
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
10/17
10
▀ Limited storage capacity
- E.g. 277 Bytes for a 64x64 Data Matrix bar code
- Available space and required robustness do not allow higher dimensions
Challenges and Solutions
▀ Compact storage
- Compact encoding of data container
- Short digital signatures, e.g. ECDSA
- Compact representation of feature data
- Restriction to auxiliary data for correction of scanned features
- Feature data not stored in bar code but only recovered from scan
- Recovered feature data verified by means of digital signature
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
11/17
11
▀ Privacy of biometric data
- No access control possible to barcode
- No secret keys should be needed for verification
Challenges and Solutions
▀ Biometric template protection
- Stored reference data allows verification of live sample
- But: does not reveal biometric features
- Key-less
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
12/17
12
Technical Guideline TR-03137
▀ General description (informative)
- Processes for generation and verification
- Methods for error correction / tolerance
- Approaches for feature verification
▀ Requirements for processing
- Printing, optical reading, bar code
- Digital signature and certificates
- Processing of features
- Biometric tempate protection
▀ Requirements for document profiles
- Contents of profiles
- XML syntax for profile information
▀ Encoding of the data container
▀ Examples (informative)
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
13/17
13
Prototype Application
▀ Based on secunet‘s biomiddle architekture
- BSPs and BioMiddle-Provider
▀ Generates and verifies EU visa with digital seal
- 64x64 Data Matrix bar code
- ECDSA-256 signature
- Encoding according to TR-03137
▀ Used Features
- Facial image
- MRZ with correction of up to 4 characters
- Fingerprints (optional) using biometric template protection techniques
- Face and fingerprint verification provided by GenKey
▀ Segmentation and OCR provied by Regula
▀ Verification integrated into secunet‘s Golden Reader Tool Platinum Edition
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
14/17
14
Prototype Application: Document Generation
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
15/17
15
Prototype Application: Successful Verification
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
16/17
16
Prototype Application: Failed Verification
8/17/2019 Johannes_Merkle_-_DigiSeal.pdf
17/17
Any Questions?
Dr. Johannes Merklesecunet Security Networks AG
Principal
+49 201 5454-3091