Physical security requirements for next generation identity documents, by Dr Roland Gutmann
Modern identity documents have to meet various technical requirements in order to be considered secure and fully functional. In addition, they should enable a fast and reliable match between documents and their owners. The security requirements aside, modern documents need complex graphical background designs, ideally reflecting the national identity and lifestyle of the issuing country. There are various approaches to achieving an effective solution for states and supranational organisations. As many citizens of industrialised states are frequent travellers, their documents are used in a large number of countries, so document security should be considered an international topic.
In this article, Dr Roland Gutmann shares his forward-looking definition of highly secure identity documents. The production of secure identity documents is a very complex topic since various distinct aspects have to be considered. Before production can start, a process has to be created covering data capture, data transmission (in case of centralised personalisation) and the delivery of the document to its owner after production. When the production of a security document is planned, the production environment, the specified security level, customer requests or concerns, the durability of the document and the individual security features have to be considered. And lastly, the control, the verification and the identity match between the document and its owner have to be dealt with.
Security requirements for document production facilities
Production facilities for identity documents have to meet various security requirements. These include: a secure and CCTV-monitored building, employee access/exit control, and two or more security levels for the administration and the production area with entrance control and reporting of all incoming and
outgoing data, materials and products. Documentation of the material flow, including the registration of waste material and the destruction of invalid documents, is an additional requirement. Furthermore, all partners, subcontractors and customers have to sign a nondisclosure agreement. Finally, a highly secure data network with limited and registered access which is controlled by certification and/or customer audits is strongly recommended. For more details, please consult the security production recommendations of ICAO.
Security requirements for documents
The security requirements for the identity document itself are of highest importance, because these documents, once released, will be scrutinised for their potential to be re-engineered, manipulated or otherwise tampered with. Hence, it is of the utmost importance that identity documents are able to withstand attacks such as the change of personal details, the separation
and re-use of individual security elements or the design and production of a counterfeit document. A recommended approach for customers would be to insist on a background design with a high resolution, the use of non-CMYK colours, security printing and a combination of different printing techniques in order to prevent forgery and counterfeiting. A highly secure card set-up should also protect the background design and the personalised data and different personalisation methods and data redundancy will further enhance the protection.
Non-surface personalisation technologies such as laser engraving or an ink penetration into the substrate layer allow the data to be integrated in the printed security layer. Data and background overlaying security printing and the encapsulation of the card with a transparent overlay with a graphical structured surface also offer essential protection. The following paragraphs will cover this highly sophisticated approach in more detail and provide several examples which will give the reader more insight into the creation of secure ID documents. As not all aspects can be discussed here in detail, data handling, including data acquisition, encryption, transmission and the electronic recording on the RFID chips are not covered in this article.
Read the full article here.