2-th may 2005porvoo group workshop 71 seafarers identity a legislative & interoperable challenge...
TRANSCRIPT
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 11
Seafarers Identity Seafarers Identity A Legislative & A Legislative & Interoperable Interoperable
Challenge on a Global Challenge on a Global ScaleScale
Porvoo 7Porvoo 7Reykjavik 26th May 2005Reykjavik 26th May 2005
Alan Husselbee ISSAAlan Husselbee ISSAWith special thanks to Cleopatra Doumbia-Henry & Dr John With special thanks to Cleopatra Doumbia-Henry & Dr John
CampbellCampbell
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 22
Biometric Barcode Identity Biometric Barcode Identity SpecimenSpecimen
ILO Geneva May 2005ILO Geneva May 2005
SPECIMENSPECIMEN
SPECIMENSPECIMEN
SAMPLESAMPLE
SAMPLESAMPLE
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 33
ColombieColombie HondurasHonduras
KosovoKosovo LibanLiban
MauritanieMauritanie
NigeriaNigeria
PhilippinesPhilippines
Over 100 Over 100 Million Million
barcode barcode ID CardsID Cards
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 44
Information Systems Information Systems Security AssociationSecurity AssociationFor the Information Systems Security For the Information Systems Security
professionalprofessional
Over 13 000 members worldwideOver 13 000 members worldwide
95 Chapters in more than 22 countries95 Chapters in more than 22 countries
Supports CISSP certification (ISC)²Supports CISSP certification (ISC)²
& ISO 17799 (in Europe)& ISO 17799 (in Europe)
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 55
Saga of the International Saga of the International Labour Organisation & the Labour Organisation & the Seafer Identity DocumentSeafer Identity Document
Specialised Agency of Specialised Agency of the United Nationsthe United Nations
Created in 1919Created in 1919 Tripartite structure Tripartite structure
with representativeswith representatives– GovernmentsGovernments– Employers Employers – Workers Workers
176 member states176 member states GenevaGeneva 185 labour 185 labour
conventionsconventions
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 66
Seafarers IdentitySeafarers Identity
The need for a new Seafarers IDThe need for a new Seafarers ID ChronologyChronology Seafarers Identity Document System Seafarers Identity Document System
– LegislationLegislation– InteroperabilityInteroperability
ILO Biometrics Testing CampaignILO Biometrics Testing Campaign Outstanding ChallengesOutstanding Challenges Lessons LearnedLessons Learned
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 77
The new Seafarers IDThe new Seafarers ID
Existing seafarer IDs are paper based Existing seafarer IDs are paper based documents and lack strong security against documents and lack strong security against fraudulent use and copyingfraudulent use and copying
The new Seafarer ID is a professional identity The new Seafarer ID is a professional identity document not a travel documentdocument not a travel document– Right to shore leave for the bearerRight to shore leave for the bearer– Right to transit, transfer & repatriation without a Right to transit, transfer & repatriation without a
visavisa ILO Member States gain:- ILO Member States gain:-
– Increased security strongly linking ID to bearerIncreased security strongly linking ID to bearer– Improved Port Security Improved Port Security
Member states of the ILO Member states of the ILO – ratify the ILO convention 185ratify the ILO convention 185– Issue the Seafarer Identity Document to Issue the Seafarer Identity Document to
nationals/residentsnationals/residents
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 88
Global ScaleGlobal Scale
Over 2.3 million seafarers cards to be Over 2.3 million seafarers cards to be issued by the individual member statesissued by the individual member states
6 nations supply > 50% seafarers6 nations supply > 50% seafarers Over 64 member states changing Over 64 member states changing
national legislationnational legislation Over 64 Issuing Authorities Over 64 Issuing Authorities Numerous Verification pointsNumerous Verification points
– 2867 Maritime Ports (133 countries)2867 Maritime Ports (133 countries)– International Airports International Airports
Over 50 regional or national projectsOver 50 regional or national projects
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 99
Major Players on Major Players on LegislationLegislation
International Labour organisationInternational Labour organisation
International Maritime International Maritime OrganisationOrganisation
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1010
International Maritime International Maritime OrganisationOrganisation
Specialised Agency of the United Nations Specialised Agency of the United Nations 1959 First meeting1959 First meeting 1960 International Convention for the 1960 International Convention for the
Safety of Life at Sea (SOLAS) Safety of Life at Sea (SOLAS) Seafarer Standards on Training, Seafarer Standards on Training,
Certification & Watchkeeping STCWCertification & Watchkeeping STCW 2002 IMO ammendment to SOLAS 2002 IMO ammendment to SOLAS
Security Of Life At Sea (Security Of Life At Sea (International Ship International Ship and Port Facility Security Code)and Port Facility Security Code) ISPS code ISPS code
164 member states164 member states
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1111
ChronologyChronology The Seafarers are amongst the oldest of regulated professionsThe Seafarers are amongst the oldest of regulated professions
– France loi de Colbert 1681 (pensions, training, health)France loi de Colbert 1681 (pensions, training, health)– 1958 ILO convention 108 seafarers identity1958 ILO convention 108 seafarers identity
After September 11th 2001 concern over security of ports and After September 11th 2001 concern over security of ports and shippingshipping
March 2002 Revision of ILO Convention 108 (Seafarers March 2002 Revision of ILO Convention 108 (Seafarers Identity) on agenda by request of the IMOIdentity) on agenda by request of the IMO
June 2003 Seafarers Identity Document Convention (revised) June 2003 Seafarers Identity Document Convention (revised) 2003 (N°185) 2003 (N°185)
9th February 2005 Convention 185 entered into force with a 9th February 2005 Convention 185 entered into force with a transition arrangement for 63 countries (signatories to transition arrangement for 63 countries (signatories to convention 108 ) to issue new SIDsconvention 108 ) to issue new SIDs
France, Jordan, Nigeria, Hungary have ratified convention 185France, Jordan, Nigeria, Hungary have ratified convention 185 15th April 2005 Decision of the Council of Europe15th April 2005 Decision of the Council of Europe Korea, Philippines, Nigeria ready to roll outKorea, Philippines, Nigeria ready to roll out
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1212
Decision factorsDecision factors
Major concerns Major concerns – Nations with seafarers: export business, minimising Nations with seafarers: export business, minimising
cost & facility of implementationcost & facility of implementation– all nations : security of portsall nations : security of ports
national legislation on use of biometric national legislation on use of biometric datadata
– Seafarers unions: seafarer protection & privacySeafarers unions: seafarer protection & privacy– Shipowners: facilitating crew transits but at zero Shipowners: facilitating crew transits but at zero
costcost Choice should take into accountChoice should take into account
– Reliable, cost effective biometric with 1 to many Reliable, cost effective biometric with 1 to many searches (fingerprint selected)searches (fingerprint selected)
– Storage medium visible and unchangeableStorage medium visible and unchangeable Barcode and not IC chip selectedBarcode and not IC chip selected
– Application of international standardsApplication of international standards
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1313
ILO Convention 185ILO Convention 185 18 articles, 9 of which are substantive18 articles, 9 of which are substantive 3 annexes containing:3 annexes containing:
– Model for SIDModel for SID– Electronic databaseElectronic database– Minimum manadatory requirements & guidelines for Minimum manadatory requirements & guidelines for
issuance of SIDsissuance of SIDs Facilitated amendment procedureFacilitated amendment procedure Legal obligations for the states are:Legal obligations for the states are:
– Use of standards Use of standards – Monitoring for compliance Monitoring for compliance – Conformance to the SID specificationConformance to the SID specification– Replies to queries on suspect IDs at any timeReplies to queries on suspect IDs at any time
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1414
ILO Convention 185ILO Convention 185
Comparative analysis with Comparative analysis with February 2005 EC proposal for February 2005 EC proposal for
the VIS system (Visa system) has the VIS system (Visa system) has been carried outbeen carried out
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1515
ILO Convention 185ILO Convention 185 SID biometric SID biometric
– Fingerprint templateFingerprint template– Digital PhotographDigital Photograph– Description of specific physical characteristics Description of specific physical characteristics – signaturesignature
SID informationSID information– Full Name, sex, date of birth, place of birth, nationalityFull Name, sex, date of birth, place of birth, nationality – Issuing authority, name of authorised issuing officer, contact details, Issuing authority, name of authorised issuing officer, contact details,
date & place of issue & expiry datedate & place of issue & expiry date– Unique document number, document typeUnique document number, document type– Special mention « This document is a seafarers’…… »Special mention « This document is a seafarers’…… »
SID appearanceSID appearance– Cards or books all information visible Cards or books all information visible – ICAO 9303 layoutICAO 9303 layout
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1616
ILO Convention 185ILO Convention 185 SID storageSID storage
– ICAO 9303 compliant MRZ Machine Readable ZoneICAO 9303 compliant MRZ Machine Readable Zone– Barcode -we’re not aloneBarcode -we’re not alone
SID SecuritySID Security– Official seal or stamp of issuing authorityOfficial seal or stamp of issuing authority– Special inks, watermarks, holograms, micro-printing etcSpecial inks, watermarks, holograms, micro-printing etc
SID National Database 24h/24 7 days/weekSID National Database 24h/24 7 days/week– Unique document numberUnique document number– Issuing authority nameIssuing authority name– Full Name of SeafarerFull Name of Seafarer– Date of expiry/suspension/withdrawalDate of expiry/suspension/withdrawal– Biometric templateBiometric template– Digital photographDigital photograph– Details of all enquiries made against this IDDetails of all enquiries made against this ID
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1717
ILO Convention 185ILO Convention 185
The monitoring of the SID and the The monitoring of the SID and the issuing and verification systemsissuing and verification systems– Independent evaluationIndependent evaluation
Compliance with convention 185Compliance with convention 185 Quality control proceduresQuality control procedures Security proceduresSecurity procedures
– Physical documentPhysical document– IT systemsIT systems– PersonnelPersonnel– Physical accessPhysical access
– At least every 5 yearsAt least every 5 years– Audit report available to all membersAudit report available to all members– White list of compliant member statesWhite list of compliant member states– Right of appeal if struck offRight of appeal if struck off
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1818
Major Players on Major Players on InteroperabilityInteroperability
ISOISO
ICAOICAO
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 1919
International Organization for Standardisation (ISO)
Worldwide federation of national standards bodies from 146 countries, one from each country, e.g.,- BSI – British Standards Institute
ISO was established in 1947 (www.iso.ch) Mission– to promote the development of standardization and related activities in the world with a view to facilitating the international exchange of goods and services, and to developing cooperation in the spheres of intellectual, scientific, technological and economic activity
2.937 technical bodies– 188 technical committees (TCs)– 550 subcommittees ( SCs)– 2.175 working groups (WGs)
ISO's work results in international agreements which are published as International Standards (IS)– 13.736 standards and standards-type documents– 889 published in 2002
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2020
ChronologyChronology ILO has special liaison with ISOILO has special liaison with ISO 29th September 2003 ILO meeting on standards to 29th September 2003 ILO meeting on standards to
use ICAO with ISO representatives from SC31 use ICAO with ISO representatives from SC31 (barcodes) SC17 cards & I.Ds SC37 biometrics(barcodes) SC17 cards & I.Ds SC37 biometrics– Fingerprint minutie and not pattern was selectedFingerprint minutie and not pattern was selected– 2 D barcode chosen2 D barcode chosen
ILO actions from the meetingILO actions from the meeting– Produce technical specificationProduce technical specification– Produce functional specification for issuance and Produce functional specification for issuance and
verification systemsverification systems– Accreditation of a laboratory for system Accreditation of a laboratory for system
componentscomponents
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2121
ChronologyChronology March 2004 SID0002 technical documentMarch 2004 SID0002 technical document June 2004 Request for participation over 18 June 2004 Request for participation over 18
vendors but standards compliance & timeline vendors but standards compliance & timeline eliminated manyeliminated many
August 2004 Initial interoperability August 2004 Initial interoperability October 2004 Live Test October 2004 Live Test January 2005 Lab Test using data from the live test January 2005 Lab Test using data from the live test February 2005 3 suppliers certified interoperable February 2005 3 suppliers certified interoperable
with each otherwith each other May 2005 Live demonstrations in Geneva of card May 2005 Live demonstrations in Geneva of card
issuing with verification and interoperabilityissuing with verification and interoperability June 2005 ILO to ratify testing laboratory June 2005 ILO to ratify testing laboratory
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2222
Standards Standards SpecificationSpecification
Technical SpecificationTechnical Specification– 2D Barcode selected because of cost2D Barcode selected because of cost
ISO 15415 & 15438 PDF 417 2D ISO 15415 & 15438 PDF 417 2D
– BiometricsBiometrics ISO 19793 template specificationISO 19793 template specification ISO 19794-5 Facial capture and image storage ISO 19794-5 Facial capture and image storage ISO 19784 BioAPI Biometric Interchange RecordISO 19784 BioAPI Biometric Interchange Record ISO 19785 Common Biometric Exchange FormatsISO 19785 Common Biometric Exchange Formats All draft standards status october 2003All draft standards status october 2003
– ISO 19794-2 finger minutiaeISO 19794-2 finger minutiae– ISO 19794-4 image capture parametersISO 19794-4 image capture parameters
– SID physical layoutSID physical layout ICAO document 9303ICAO document 9303 ISO/IEC 7810:2003ISO/IEC 7810:2003
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2323
ILO Biometric Testing ILO Biometric Testing CampaignCampaign
Biometric testing is same for barcode or Biometric testing is same for barcode or IC chipIC chip
Minutiae extraction, matching Algorithm Minutiae extraction, matching Algorithm and sensor pair with seafarer user and sensor pair with seafarer user populationpopulation
ConformanceConformance– Can biometric system read and write Can biometric system read and write
Biometric Interchange Records compliant Biometric Interchange Records compliant with ISO 19784 & ISO 19794-2with ISO 19784 & ISO 19794-2
PerformancePerformance– False match must be <1% FARFalse match must be <1% FAR– False non match must be < 1%FRRFalse non match must be < 1%FRR
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2424
ILO Biometric Testing ILO Biometric Testing CampaignCampaign
MethodologyMethodology– Enrolment is 3 attempts per fingerEnrolment is 3 attempts per finger– Verification is one from 3 attempts per finger Verification is one from 3 attempts per finger
using two fingersusing two fingers Basic interoperability testingBasic interoperability testing
– Seafarer enrols two fingers on system ASeafarer enrols two fingers on system A– Can either or both be verified on system BCan either or both be verified on system B
Performance based interoperability Performance based interoperability testingtesting– Enroll system A and verify system AEnroll system A and verify system A– Enroll system A and verify system B Enroll system A and verify system B
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2525
ILO Biometric Testing ILO Biometric Testing CampaignCampaign
Phase 1 LaboratoryPhase 1 Laboratory– 10 vendors tested for conformity with SID0002 10 vendors tested for conformity with SID0002
(ISO19794-2)(ISO19794-2) Phase 2 Crystal Harmony -Phase 2 Crystal Harmony -
– 126 seafarers 7 vendors accepted126 seafarers 7 vendors accepted– FAR & FRR + interoperabilityFAR & FRR + interoperability– Only 2 products reached performance criteria of < 1% Only 2 products reached performance criteria of < 1%
FRR & < 1% FARFRR & < 1% FAR– Both products were interoperableBoth products were interoperable
Phase 3: 2nd chancePhase 3: 2nd chance– Images from live testImages from live test– Modification to algorithmsModification to algorithms– A 3rd supplier reached performance levelA 3rd supplier reached performance level
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2626
2004 On Board Test:2004 On Board Test: Dual-Finger Dual-Finger FRR at 1% FAR*FRR at 1% FAR*
A C D E F G
A 0.0% 3.6% 19.8% 52.0% 1.6% 40.6%
Enrol Product
C 0.0% 1.7% 40.2% 5.5% 59.4% 3.0%
D 9.4% 40.4% 21.1% 49.7% 22.2% 37.0%
E 1.9% 6.3% 72.7% 4.9% 1.8% 3.6%
F 0.0% 4.9% 65.0% 41.9% 0.0% 27.3%
G 4.3% 46.6% 66.6% 6.3% 17.0% 1.6%
Verify Product
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2727
Fingerprints are the flow-like features (ridges & valleys)Fingerprints are the flow-like features (ridges & valleys) found on human fingers found on human fingersMinutiae Points Minutiae Points Local ridge features that appear as either ridge endings Local ridge features that appear as either ridge endings or ridge bifurcationsor ridge bifurcationsThe minutiae are encoded by location, angle type and The minutiae are encoded by location, angle type and qualityquality
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2828
Minutia TypeMinutia Type
Ridge endingRidge ending
Ridge bifurcationRidge bifurcation
OtherOther
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 2929
Minutia LocationMinutia Location
Placement Placement is defined is defined carefully carefully for for compatibilcompatibility with ity with ANSI/NIST ANSI/NIST standardstandard
Ridge Endings Bifurcation
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 3030
Quality minutiaeQuality minutiae
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 3131
Bad quality minutiaeBad quality minutiae
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 3232
Interoperability IssuesInteroperability Issues
Three types of minutiae in standard are Three types of minutiae in standard are not encoded uniformly by suppliersnot encoded uniformly by suppliers– Ridge endingRidge ending– Ridge bifurcationRidge bifurcation– OtherOther
Minutiae angles can be computed in Minutiae angles can be computed in different ways and quantized or notdifferent ways and quantized or not
Method of truncation to limit minutiae to Method of truncation to limit minutiae to 52 (for the barcode format)is interpreted 52 (for the barcode format)is interpreted differently by nearly all vendorsdifferently by nearly all vendors
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 3333
Outstanding Outstanding challengeschallenges
Concern with quality of barcode printing and barcode Concern with quality of barcode printing and barcode readersreaders
Security of the ID needs to be enhancedSecurity of the ID needs to be enhanced Lack of a suitable Standard for issuing of Ids and Lack of a suitable Standard for issuing of Ids and
Identity management process Identity management process Guidelines for monitoring for compliance Guidelines for monitoring for compliance Virtual Project Management Office for > 50 projectsVirtual Project Management Office for > 50 projects Increasing the number of convention ratificationsIncreasing the number of convention ratifications National issues on use of biometricsNational issues on use of biometrics Security issues on infratstructureSecurity issues on infratstructure FinancingFinancing Roll-out for Korea, Phillipines, NigeriaRoll-out for Korea, Phillipines, Nigeria
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 3434
Further ChallengesFurther Challenges
ISO 24713-3 Biometric application ISO 24713-3 Biometric application profile for the ILO seafarers ID for profile for the ILO seafarers ID for 20072007
Seafarers certificates, pension plan, Seafarers certificates, pension plan, healthhealth
Certification of auditors (ISO17799 )Certification of auditors (ISO17799 ) Certification of Compliant systemsCertification of Compliant systems
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 3535
Lessons learnedLessons learned
SID is a globally interoperable biometric SID is a globally interoperable biometric based identity document for seafarers based identity document for seafarers
It exists because there is a real need backed It exists because there is a real need backed up by legislationup by legislation
Use of Standards is necessary to provide a Use of Standards is necessary to provide a basis for ensuring a globally interoperable ID basis for ensuring a globally interoperable ID systemsystem
Conformance to standards does not, on its Conformance to standards does not, on its own, guarantee interoperabilityown, guarantee interoperability
Laboratory testing of standard compliant Laboratory testing of standard compliant products reduces the riskproducts reduces the risk
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 3636
Lessons learnedLessons learned Leadership is all importantLeadership is all important Consensus means getting all parties Consensus means getting all parties
to the table & legislating effectivelyto the table & legislating effectively Lack of biometric knowledge is not a Lack of biometric knowledge is not a
barrierbarrier Ongoing monitoring for compliance Ongoing monitoring for compliance
keeps everybody vigilantkeeps everybody vigilant
2-th May 20052-th May 2005 Porvoo Group workshop 7Porvoo Group workshop 7 3737
Thank You ReykjavikThank You Reykjavik
Convention 185 availableConvention 185 available Summary laboratory report availableSummary laboratory report available
Questions?Questions?
Alan HusselbeeAlan Husselbee [email protected]@paris.com