id reader authenticators k 09iscwest_di02.pdf · 2018. 4. 30. · march 31-april 2, 2009 id reader...
TRANSCRIPT
March 31-April 2, 2009
ID Reader – AuthenticatorsA Survey of New Technologies to
Read and Validate IDs
Theodore Kuklinski, Ph.D.Director of Research
AssureTec Systems, Inc.
200 Perimeter Road, Manchester, NH USA
603-641-8443
www.assuretec.com
Topics to be Covered
March 31-April 2, 2009
• The Importance of Identity
• Types and Variety of IDs
• The Problem of Fake IDs
• Manual ID Checking
• Automatic ID Checking
• Reader Authenticator Devices
• Steps in Reading and Authenticating IDs
• Application Areas
Identity is Key!
Who am I?
How do you know who I am?
How do I prove it’s really me?
What can I provide?
March 31-April 2, 2009
Building Blocks of Identity
• What a person knows …
– password, PIN, fact (mother’s maiden name)
• What a person is or does …
– Biometrics: face, signature, fingerprint, iris, DNA, hand geometry
– Characteristics: gait, speech
• What a person has in their possession
– Social security card, birth Certificate, tax return, credit card,
diploma
– ID such as passport, drivers license, green card, military ID
March 31-April 2, 2009
March 31-April 2, 2009
• Terrorism
– 9/11 brought home the message
• Identity Theft
– Huge number of cases, $$$$ to correct
– Bank fraud, bad checks, credit card
• Underage Drinking
– Drunken driver deaths
• Employment / Hiring Fraud
– Job Qualifications, legal to hire
• … and more
IDs are important!
Where do you use an ID?
• Board a plane
• Open a bank account
• Cash a check
• Check into a hotel
• Rent a car
• Get a job
• cross a border
• Enter a secure building
• Purchase liquor
• Buy firearms
• Get some Sudafed at the drugstore
• Take a professional test
• … March 31-April 2, 2009
• Government
• Military
• Banking
• Transportation
• Hospitality
• Employment
• Casino
• Underage products
• Motor Vehicle Dept
What are Some Types of IDs?
• Passports
• Visas
• Driver’s Licenses
• ID
• Military
• Government (PIV)
• Voter ID
• Employment Authorization
• Alien Registration
• Border Crossing Cards
March 31-April 2, 2009
ID Standards
• ICAO
– ID-3 Passports Visas
– ID-2 IDs
– ID-1 Green Cards, Border Crossing, Employment Authorization,
Passport Cards, EDL
• AAMVA
– US / Canada Licenses and IDs
– Layout
– Barcode, Magnetic Stripe
• FIPS-201
– Government Programs
March 31-April 2, 2009
MRTDs - Machine Readable Travel Documents
ICAO (International Civil Aviation Organization)Document 9303
Standard has been around since mid 1980’s
….. but still not used universally!
Non-ICAO Passports
perhaps 60 countries
w/ICAO + non-ICAO
perhaps 20 countries
w non/ICAO
TypesID-1 DL sizedID-2 IntermediateID-3 Passport / Visa sized
e-Documents
Some MRTDs
March 31-April 2, 2009
• Photo
• Human Readable Information
• Machine Readable Zone (MRZ)
• Security Features
• RFID
Anatomy of a Passport
March 31-April 2, 2009
MRTD Features
Non-MRZ Zone Specifications for layout
Human readable – crosschecking possible
Security features UV, microprint, laminate, OVDs,
check digit, and others
Non compliant ICAO -standards not always followed check digit scheme
MRZ location
font variation, spacing, ink
MRZ – Machine Readable Zone
• OCR-B font human & and machine readable
• B-900 ink (IR)
• 2 line or 3 line
• Structured formatting of
• Country, name, DOB, sex
• Security –
• check digits (7-3-1)
U.S. / Canada Driver’s Licenses / IDs
AAMVA (American Association of Motor Vehicle Administrators)RMVs and DMVs, industry
Design States like to show design - sometime at odds functionality
Layout – e.g. Under 21 – vertical format
Security Features Used – state choices – cost factor per license
Data Format - Name, ID, DOB, Expiration, Face, Address, hair, etc.
Standardization? 2000, 2003, 2005 (best practice)
2009 (required compliance)
Formatting issues Standardized format but non uniform use of the format
Name format variations – JOHN SMITH vs. SMITH, JOHN
Address format variations, zip, etc
Real ID Act Some controversy re National ID, state resistance, who can get DL
Funding to Implement?
Verification Hub coming – AAMVA!
Real-ID
Section 202(b) of the Act directs that REAL ID-compliant licenses and identification cards must include the following information:
(1) The person's full legal name, date of birth, and gender;
(2) The person's driver's license or identification card number;
(3) A digital photograph of the person;
(4) The person's address of principal residence;
(5) The person's signature;
(6) Physical security features designed to prevent tampering,
counterfeiting, or duplication of the driver's licenses and
identification cards for fraudulent purposes; and
7) A common machine-readable technology, with defined minimum elements.
Driver’s License / State ID
• State Information
• License Class
• Name
• Address
• DOB
• Expiration
• Biometrics
– Photo
– Signature
– Height / Weight
– Hair / Eye Color
March 31-April 2, 2009
Possible Data Sources on ID
• Human Readable
– Text – OCR
– Image
• Machine Readable
– Magnetic Stripe
– 1 D Barcode
– 2 D barcode
– RFID
– Contact Chip
– Watermark
March 31-April 2, 2009
2D Barcode
• Machine Readable
• PDF-417 is standard for DLs
• AAMVA standard 2000-2003-2005-2009
• Data tags
• Required / Optional / State defined
• Standards not always followed
• Redundancy
March 31-April 2, 2009
Magnetic Stripe
• AAMVA standard
• 3 tracks
• Format defined
• Phasing out
• Can be demagnetized
March 31-April 2, 2009
Biometrics
• Tie the document to the person
• Picture –facial match to person or stored image
• Signature
• Height, Weight, Hair Color, Eye Color
• Fingerprint
• IRIS
March 31-April 2, 2009
Security Features
• UV Patterns
• IR Patterns
• Laminate – Coaxial lighting
• Ghost Images
• Check Digits
• OVD / Kinegram
• Microprint
• Watermark
• ….. Many more!
March 31-April 2, 2009
22
Lighting Types
UV (Ultraviolet)
Security feature
IR (Infrared) Printing
B900 Ink
IR Printing
UV Security
Laminate
Passports/Visas
Driver’s Licenses &
ID Cards
Color Image
Color Image
Coaxial Light
Security
Laminates
RFID / Contact Chip
• New generation of document with Smart Card technology tied to
biometrics.
– PIV card (HSPD-12 / FIPS-201)
– TWIC – Transportation Workers Identity Credential
– e-Passport / Passport cards
– FRAC (first responders)
– ACIS (Aviation Credential Interoperable Solution)
– … and others
• Need for Improved Credentialing
– Closer checking of breeder documents
– Capture of Biometrics
• Privacy Concerns
– How close to be able to read?
• Reader Availability
RFID+ICAO Alone is Inadequate
What About Non-Standard Documents?
Only embracing RFID/Contactless Smartcard
doesn't solve the document
authentication problem:
• 214 countries, each with unique ID
documents, most non-RFID – over 8000
in all
• Most will continue to be used for the
next 20 years
• In the U.S., over 500 drivers license
documents that will continue to be in use
for many more years
• It takes 3.5 years to train a forensic
document inspector
• Inspectors don't have enough time at
inspection points to catch good fakes
ID Variety
March 31-April 2, 2009
26
The Problem
• Significant Transaction Volume
– Over a Billion (B) U.S. Exit / Entries
– 3.2B WW Airline Passengers
– Thousands of Entry Points
• High Number of Issuing Locations
– 8.9K+ U.S. locations issuing Documents
– 20,000+ international locations issuing Documents
• Thousands of Document Types
– Passports, Visa’s, Driver Licenses, Other ID Cards
March 31-April 2, 2009
ID Variety
• New Issues from Jurisdictions – all the time
• Different Classes
– DL, CDL, Under 21, Boat, Motorcycle, ID only
• Different wording, layout, color
• Information in different locations
• Different information provided by different jurisdictions
• Difficult for human inspectors to know all the variants
• Worn and dirty documents
March 31-April 2, 2009
28
Some Varieties of Maryland ID’s
Difficulties
“There are more than 240 different types of valid driver’s
licenses issued within the United States”
“It would not be easy for CBP inspectors to have a
passing familiarity with, let alone a working knowledge
of, each of these documents.”
Asa Hutchinson,
Under Secretary for Border and Transportation Security
Testimony before U.S Senate Finance Committee
September 9, 2003
March 31-April 2, 2009
ID Fraud
March 31-April 2, 2009
Types of ID Fraud
• Counterfeit
– Examine Built in Security Features
• Altered - removal and/or addition
– Look for Age or Date Modifications
– Look for Photo Substitution
• Theft of legitimate materials
– Test for all security features
• False issuance of legitimate documents
– Corrupted officials (test for ID number)
• Use of Valid Document by Different Person
– Biometric: Facial Matching, Signature
– Database matching
March 31-April 2, 2009
Fake ID’s - Availability
e.g. PhonyID.com
Manual ID Checking
March 31-April 2, 2009
Tools for Manual Checking
March 31-April 2, 2009
ID Manuals
36
Inspector Training
Human Examination Severely Limited
Too many documents, not enough time…
• Security documents have become significantly more important in today’s world, but there are too many identity documents and only seconds to make an evaluation and approval decision.
• There are currently more than 1,500 different types of domestic and international drivers licenses and identity documents in circulation.
• 40% of passports and visas do not comply to ICAO international guidelines for travel documents and these will be in circulation for many years.
• Document inspectors and security personnel cannot be expected to memorize the features of the thousands of different identity document types
• Humans are susceptible to fatigue, distraction, intimidation, bribery, blackmail…
• Inspectors spend too much time entering data and too little time evaluating the human behavior of the document presenters.
Reader - Authenticators
March 31-April 2, 2009
Reader / Authenticators
– Remove problems of human vulnerability to:• Memory
• Fatigue
• Distraction
• Boredom
• Bribery /Blackmail
– Allow more focus on:• Human behavior
• Facial Matching
Reader/Authenticators Allow:
• Reading and identifying document type
• Collecting information from document
• Confirming presence of known features
• Reference-checking information
• Presenting biometric for comparison
• Scoring risk against established entitlement
paradigm
Evaluating ID Reader Systems
• Human Factors – Automaticity
• Types of IDs that can be evaluated
• Image Quality
• Data Extraction Capability
• Authentication
• External Database connectivity
March 31-April 2, 2009
Human Factors
• Footprint on desk / height of imaging platform
• Operational Steps
• Accommodate ID-1, ID-2, ID-3 or other documents
• Autodetect upon Insertion
• Rotate/Deskew – upside down
• Duplex (read both sides of a document
• Automatic Classification from Image?
• Auxiliary reading from BC, MS, RFID
• Cover Hood (UV Safety – external light rejection)
• One Handed operation
• Glass platen quality – scratch resistance
March 31-April 2, 2009
ID Document Library
• New types of IDs are being issued frequently
• Older issued IDs are still valid for future years
• ID Coverage
– Passports (ICAO / non ICAO)
– Visas
– Driver’s Licenses, IDs
– Non US coverage of licenses, voter cards, consular cards, etc.
– Military cards
• How to Update
• Frequency of Updates
• Trainable for new document types
• Customizable to a subset of IDs for speed
March 31-April 2, 2009
Functional Requirements
• Authenticate Accurately• Mistakes are not good
• Authentication– Wrongly accuse someone
– Let a person with fraudulent ID through
• Reading– Field accuracy needed for data input (Name, etc.)
– Accuracy for database lookup (e.g. Passport or DL Number)
• Easily Trainable for new document types• Secure Library
• Provide a Risk Analysis• Forensic Examiner in a box
• Adjunct to human inspector» Inspector can touch and feel document
• Graduated scale: 0 (low risk) to 10 (high risk)
• Can be used to refer presenter for secondary inspection
• Document Detection
• Document Sizes handled – ID-1, ID-2, ID-3 and others?
• Cropping, Deskew, Rotation (also finger rejection)
• Light Sources – Visible, UV, IR, Coaxial - how many?
• Directional lighting for OVD detect or reject
• Ambient light rejection (cover is important for ID-1 documents)
• Duplex Capture – capture both sides of a document
• Image Resolution – 200 to 600 dpi
• Image Lighting Uniformity – needed for OCR binarization
• Image Linearity – pincushion, lens quality / distortion
• Focus, depth of field
• Image Export Formats – save images to compressed files
• Image Pre-processing / Enhancement – contrast, filtering, erosion, etc
• Image Field Extraction – pull out facial, signature, etc.
• Color Depth (24 bit color) vs Gray Scale
• Color Fidelity
Reader Imaging Specifications
Data Extraction
• MRZ Reading, classification
– From ICAO documents
– From non-ICAO compliant documents
– Font support – non compliant OCR-B
• OCR from fields
– Accuracy, Speed
– Engines
– Field pre-processing
– Custom Fonts
• 1D / 2D Barcode Reading
– PDF-417
– Cross match to OCR
• RFID “SmartCard” automated read
• Magnetic Stripe supportMarch 31-April 2, 2009
Document Authentication
• Authentication Tests
– Number and types of tests
– Ability to tune tests
• Text Based Tests
– MRZ Tests – check digits, field format
– Cross Matching
– OCR, Barcode, Magnetic Stripe, RFID
– Date Checking – Birthdate, Expiration, Issue Date
• Image Based Tests
– Color / Grayscale Response – color tests
– Physical Relationship between card elements
– Pattern Matching
– Presence/Absence (for all light sources)
– Security Feature Verification (holograms patterns)
March 31-April 2, 2009
Software
• Recognition Engine
• SDK (Software Development Kit)
• Languages/Environments supported
• Application Development
• Data Structures and Interface
– XML, SQL, Image formats
• Security
March 31-April 2, 2009
Reader Authenticator
Devices
March 31-April 2, 2009
Some Types of ID Reading Devices
• Barcode / Magnetic Stripe Readers
• Contact or RFID readers
• Flatbed scanners
• Camera Units
• Card Scanners
• Intelligent Card Scanners
• Reader Authenticators (multi light source)
• Mobile Devices
March 31-April 2, 2009
Place of Usage
• Desktop
– Camera Based Reader Authenticator
– Card Scanners
• Kiosk
– Platen
– Card Reader (like ATM)
• Mobile
– Battery powered, wireless
March 31-April 2, 2009
Scanners / Mag / Barcode
March 31-April 2, 2009
Desktop Reader Hardware
March 31-April 2, 2009
54
Desktop Reader Inside
IEEE 1394
Lightin
gCCD Camera
Glass Platen
CoverHinged Do or
IndicatorLights
Controlle r
Reader / Authenticator
Desktop Reader Authenticators
March 31-April 2, 2009
CIS vs Camera
• Camera
– Lighting uniformity important
– Less resolution
– Instant capture
– Multiple light sources
• CIS (Contact Image Sensor)
– Lighting is uniform
– Better effective resolution
– Mechanical operation
– ID across CIS or CIS across ID
– Longer scanning time
– Duplex OperationMarch 31-April 2, 2009
Under the hood
March 31-April 2, 2009
Duplex CIS Readers
Kiosk Systems
Kiosk Systems (with Desktop Units)
March 31-April 2, 2009
Mobile Devices
March 31-April 2, 2009
System Components
• Hardware Components
– Scanner / Reader
– Processing Unit
– Network
• Software Components
– Engine (SDK)
– Library
– Application Software
March 31-April 2, 2009
Detect Document Insertion
Capture InitialDocument
Image
Classify the Document(Determine its type)
Extract Alphanumeric &Biometric Data
Authenticate DocumentUsing Forensic Tests
Typically 2-8 seconds elapsed time
Customer-Specific Application
Operator
Capture Additional
Document Images
Query
external alpha
numeric &biometric
databases
Processing Steps
Capture Steps
• Insert Document
• Detect Document Insertion
• AutoSense until document is stable
• Take IR Picture
• Edge Detect / Deskew
• Crop to Document only
• Take Visible Picture and Crop
Document Detection, Deskew, Rotate
STATE
STATE STATE
STATE
InsertDocument
InsertDocument
Picture LoopDetect Document
Stabilized
Take PictureEdge Detect
Deskew
CroppedImage
Classify Document
• Extract Document Signature
• Compare with Document Database Members of Same Size
• Work through list of Similar Documents and Validate
• Match Found or Classify as Unknown
67
Field Extraction
• Extract Fields
– Data
– MRZ
– Barcode
– ID Number
– Name
– Date of Birth
– Image
– Photo
– Patterns
• Using …
– Image Processing
• Light Sources
• Crop
• Spatial Filter
• Color Filter
• Contrast
• Erode/Dilate
– Engines
• OCR (multiple)
• Barcode (1D, 2D)
• Matching (Pattern, Color,
Text)
Sample Field Extractions
2D Barcode
1D Barcode
MRZ
Microtext
Perforations
Guilloche
OCR
Photo
The Process – Capture & Check Data
• All types of machine printed data
– ICAO Machine /Visual Readable Zones
– Typed or printed anywhere
– Barcodes 1-D, 2-D
– Special characters/fonts
– Regardless of background
– Any light source – white, infrared, ultraviolet
• Field validations – format, check digits, range
• Cross-field comparisons – zones, light sources
• Country/issuer specific information
70
Expiration Date
Data Crosschecking
UV Patterns
Drivers' Licenses
Passports
OVD (Optical Variable Device)
OVD Detection OVD Suppression
“GENUINE”
Micro-Text Not Present
Microprint on Driver's License
Alerts and Risk Factors
Security Risk
Score
Security Alert
Authentication
Authentication Results
Authentication Resultsshows the tests that did not pass, with their level of risk indicated with the following symbols:
Validation against
• Databases
• Watchlist
• Facial MatchOne to One
One to Many
March 31-April 2, 2009
Example
Application Areas
Secure Document Issuance
• DMV/RMV/BMV (Motor Vehicle Administrators)
• Passports and Visas (State Department)
• Special Programs - FIPS-201 / PIV / HSPD-12 (see below)
Recent GAO Report on Passport Issuance
March 31-April 2, 2009
PIV Enrollment Process
The PIV Enrollment process shall provide the following minimum steps:
1. Applicant shall appear for enrollment with supporting documentation;
2. Enrollment shall inspect and confirm all supporting documents using automated
means if available;
3. Enrollment shall establish that the individual present matches the supporting
documents;
4. Enrollment shall confirm Employer/Sponsor approval for PIV; and
5. Enrollment shall scan all supporting documents.
The PIV Binding process shall provide the following minimum steps:
1. Enrollment shall take biometric samples and photograph of the Applicant;
2. Enrollment shall manage the quality assurance process of the biometric and
photographic capture. The biometric samples shall be verified to ensure proper
performance; and
3. Enrollment shall bind the completed electronic enrollment package with a digital
signature and forward the enrollment application to the IDMS for identity
verification and validation.
HSPD-12 – PIV Card
TWICTransportation Workers Identity Credential
Airports
March 31-April 2, 2009
Border Security
“In fiscal year 2002, there were about 279
million inspections of foreign nationals at U.S.
Points of Entry. In these circumstances,
preventing the entry of persons who pose a
threat to the United States cannot be
guaranteed, and the missed entry of just one
can have severe consequences.”
HOMELAND SECURITY
Risks Facing Key Border and Transportation
Security Program Need to Be Addressed
GAO Report GAO-04-569T, March 18, 2004
Transportation
Ensuring the right
traveler is on-board
a passenger aircraft,
cruise ship or
cross-border train
has always been a
concern for the
travel industry.
Car Rental
“This system
prevents fraud and embezzlement. Only this year we
managed to prevent six cars from getting
stolen by well-organized criminals.”
Chino Klaverweide-LorteijeManaging Director, OribiThe Netherlands
Banking / Money Laundering
March 31-April 2, 2009
• Account Opening
– Government
Requirements
• Identity Theft
• Fraudulent Check Cashing
I-9 Requirements
Employment
Restricted Products
• Restricted Sales
– Alcohol – Liquor Stores
– Tobacco – Convenience Stores
– Firearms Sales
• Bars, Clubs, Restaurants, Casinos
– ID Checkers – pay bounties
– Underage
• Large Potential Penalties for owners!
www.assuretec.com
Age Verification Application
Check Cashing at Casinos
• The Department of the Treasury, the Financial Crimes
Enforcement Network (FinCEN), and the seven federal
financial regulators have issued final rules that require
certain financial institutions to establish procedures to
verify the identity of new account holders.
• No amount of training on the detection of fake IDs can
prepare the average casino worker at the cage or your
hospitality suite for the formidable task of
authenticating a customer’s ID in a few seconds. Any
mistake he or she makes in detecting a fraudulent ID
can be costly in terms of compliance with AML
regulations.
March 31-April 2, 2009
Future for ID
• Cross-jurisdictional authentication of IDs
• Standards for Licenses enforced
• Phase in of e-Documents over years
• Biometric verification systems – e.g. fingerprint
• Upgrading Source Document Security / Verification
networks
• Issuing from secure facilities
• More rigorous standardization of document security
March 31-April 2, 2009
Reader Authenticator Benefits
• Lower Life-cycle Costs
(less training costs, support costs, fewer people)
• Improved Productivity
(better results, in less time, with fewer people, lower expertise required)
• Higher Throughput (overlaps other steps, less time for examination, less exception handling)
• Ease of Use
(intuitive operation, easy installation and updates, no documents to remember)
• Reduced Risk (better security and less susceptibility to human failings)
• Increased Security
(more thorough examination, repeatable results)
• Scalability (flexible for today’s needs, scales for the needs of tomorrow)