October 8th, 2015Neology © 2015 Confidential October 8th, 2015Neology © 2015 confidential

e-Breeder Documents – closing the gap in the identity management chain

NEOLOGY 

Dr. Bernhard DeufelSenior Segment Development Manager

 USA Mexico12760 Danielson Ct. Suite A Juan Escutia 21Poway, Ca 92064 Col. Hipodromo Condesa, 06140

Mobile: +49 151 4618 1380eMail: bernhard.deufel@smartrac-group.com

© Neology Inc. 2015

October 8th, 2015Neology © 2015 Confidential

Breeder documents (e.g. birth certificates) have- No common format / content- No specification of system of security or security features- No standards, no interoperability- No international foundations

Consequences: breeder documents can be counterfeited very easily

E-Breeder - Introduction

October 8th, 2015Neology © 2015 Confidential

October 8th, 2015Neology © 2015 Confidential

ICAO: TRIP Strategy

Breeder Docs, civil registries, integrity of the issuance process, etc.

Integrity of the issuance process, etc.

MRP,e-PassportsVisas, ID Cards.

PKD, forensic travel Doc examination, etc.

API/PNR, watch lists, information sharing.

October 8th, 2015Neology © 2015 Confidential

EU: Fidelity Programme / Origins Programme

«FIDELITY: Fast and trustworthy Identity

Delivery and check with e-Pasports

Leveraging Travel privacy»The focus of FIDELITY is the security and usability ofe-travel documents and more particularly ePassports.

October 8th, 2015Neology © 2015 Confidential

BREEDER DOCUMENTC O N S I D E R A T I O N S

Analogue breeder docs are: Use cases for breeder docs: Yet, the lifetime of the doc is not crucial:

W H AT ’ S T H E S O L U T I O N ?

Difficult to verify by untrained people, especially identifying the origin, authenticity and integrity of content.

Missing means of direct information, database access and digital verification.

Identity Docs for children.

Applying for /opening bank accounts.

Obtaining a driving license. Social Security card, etc.

Breeder docs are often issued and used for a specific one time purpose

Many breeder docs need to verified and often the verification is performed by untrained people.

Many important processes depend on genuine breeder docs.

October 8th, 2015Neology © 2015 Confidential

October 8th, 2015Neology © 2015 Confidential

QR Code vs. Chip Technology

-Printed during personalization- Easy to apply- Non transferable

TWO POSSIBLE APPROACHES ARE THINKABLE

October 8th, 2015Neology © 2015 Confidential

The integration of RFID transponders (is a small embedded computer system) into

physical documents has led to the evolution of machine readable documents. This

technology brings considerable advantages to breeder documents:

RFID Stickers can collect context information (e.g. images, biometrics) if

used with a chip offering sufficient memory (>2kB).

Context information can be separated into private and public data.

Stickers can exchange relevant information with other computer systems.

RFID stickers can be read with smartphones.

Enable automated document tracking.

Increase the security of the document.

Improve document handling processes.

Usage of the identical eco system as in the e-PP and e-ID world.

Why RFID?

October 8th, 2015Neology © 2015 Confidential

DOCUMENT FORMAT

Basically the existing document design can be maintained.

The blank document must have a pre-printed barcode, called Form Control Number (FCN). It is the number which is used for the inventory control of the blanks as well as for linking the personalization data to the document itself.

The blank document must offer an area where a RFID sticker can be placed (e.g. size 3cm × 3cm).

RFID STICKER

The sticker will be self-adhesive with an adhesive that firmly sticks to the birth certificate. Any attempts to remove the sticker from the birth certificate will lead to a destruction of the sticker.

The sticker has a preprinted Inventory Control Number (ICN) which is initialized during sticker production.

The sticker contains an RFID chip.

UTOPIAICN: 0012014044738821

Document and Sticker Format

FNC

October 8th, 2015Neology © 2015 Confidential

1. Forenames of child (48)2. Surname of child (48)3. Sex of the child (1)4. Date of Birth (8)5. Time of Birth (5)6. Place of Birth (32)7. Forename of the first parent (48)8. Surname of the first parent (48)9. Birth name of the first parent (48)10. Sex of the first parent (1)11. Date of birth of the first parent (8)12. Place of birth of the first parent (32)13. Citizenship of the first parent (3)14. Credential number of the first parent (16)

 

15. Forename of the second parent (48)16. Surname of the second parent (48)17. Birth name of the second parent (48)18. Sex of the second parent (1)19. Date of birth of the second parent (8)20. Place of birth of the second parent (32)21. Citizenship of the second parent (3)22. Credential number of the second parent (16)23. Name of the issuing authority (48)24. Date of issuance (8)25. Place of issuance (32)26. Name of issuing officer (48)27. Address of issuing authority (48)28. Citizen Registration Number (8)

 

Personalization Data

Data can easily be stored on chips with 2k of EEPROM memory!

October 8th, 2015Neology © 2015 confidential

All SAMs in the system are in turn issued and managed by a central entity that is responsible for the security of the system.

Components making up the system can be manufactured by multiple vendors and managed by different parties allowing maximum flexibility.

To increase the security in the system and perform an effective management, it will be only possible activate a slave SAM installed in a remote reader through an authorization from the backend system.

The backend system will have a Master HSM, which will calculate and deliver the activation keys (Master Key) for the slave SAM. In this way, only the authorized readers will be able to issuance the eBreeder certificates.

Secure Access Module (SAM)

SAM

October 8th, 2015Neology © 2015 confidential

Single sign-on authentication process.

Digital Certificate.

Authenticity of blank certificates through FCN.

Reader UID Authentication.

Secure reader SAM Authentication.

Secure sticker authentication through ICN.

Security Elements

October 8th, 2015Neology © 2015 confidential

eBreeder Personalization System

October 8th, 2015Neology © 2015 Confidential

The e-Breeder App

User taps smart-pohone to the NCF label adhered to the breeder document.Corresponding e-breeder app launches, allowing access to data provided in the «Document Information» tab for verification of document authenticity.Multi-level access rights allows authorized users to access more detailed underlying data-up to a complete population registry dataset.

October 8th, 2015Neology © 2015 Confidential

Summary of the Advantages of a digital approach

RFID Labels are attachable to any paper based document, e.g. eBirth Certificates, eVehicle registration, Weapon IDs, University Diploma, Land Titles etc.

Allows verification of authenticity and integrity through cryptographic procedures.

Allows usage of SmartPhones with NFC interface for easy verification.

Can provide additional (private) information stored on the chip which are only accessible if appropriate keys are present with SAM.

The system architecture supports offline and online functionality by default.

Can be operated in insecure (disconnected) environments (hospitals, universities).

Information travels with the people.

October 8th, 2015Neology © 2015 Confidential

Thank you for your attention!