needs for mobile identification
TRANSCRIPT
8/7/2019 Needs for Mobile identification
http://slidepdf.com/reader/full/needs-for-mobile-identification 1/6
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 1 K. Keus
Needs for Mobile Identif ication
-
The European MOBIDIG
WS on ‘Interoperable Communications for Safety and Security’,JRC IPSC, Ispra
28th June 2010, Ispra, Italy
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 2 K. Keus
The Mobile Identification Interoperability Group:MOBIDIG Framework Conditions
Scope and Applications
Objectives
Data Communication related to MOBIDIGrequirements
ArchitecturesOptions
Requirements
Agenda
8/7/2019 Needs for Mobile identification
http://slidepdf.com/reader/full/needs-for-mobile-identification 2/6
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 3 K. Keus
Mobile computing devices are improving rapidly. This has important potential as an enabling
technology for policing and immigration, particularly in identifying people, at the border and
elsewhere.
A smart new generation of mobile computing devices on their own will not solve the problems of
identification . How the technology isapplied and used is crucial to its success.
Mobile technology does not provide an ‘out of the box’ total solution - it needs to be configured and
integrated with existing systems.
MOBIDIG (TheMob ile Identification Interoperability Group): has been created so that police and
immigration services in the European Union can benefit from the sharing of expert advice andexperience from individual Member States.
Background | Some Framework Conditions
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 4 K. Keus
Needs | From stationary to mobile
Mobile ID devices may be employed for a variety of
applications, where stationary booking station type environment
is not possible, nor easily attainable (existing procedures and
technology for stationary environments are not transferable
andnot applicable for mobile requirements).
Common applications include (e.g.):
Mobile immigration and border control needs in nonstationary environments (e.g. to inspect e-passports intrains or busses)
Identification and verification in law enforcementapplications (e.g. common use and joint inspection of national eID documents)
Access control for buildings, computers and networks inflexible application environments1
1) This issue will not be addressed here
8/7/2019 Needs for Mobile identification
http://slidepdf.com/reader/full/needs-for-mobile-identification 3/6
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 5 K. Keus
MOBIDIG | Main Scope
Identification andverification of people’sidentity
Authentication of identity
enabling documents
data held in identity enabling
documents,
identity data held on local and/ or
remote databases (e.g. in those
cases where an individual cannot or
will not provide identity
documentation).
for border control and law enforcement applications:
through the use of
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 6 K. Keus
MOBIDIG | Specific uses for Police and Immigration Applications
(extract)
Authentication of travel and identity documents: usingPKI technology to give very high assurance about the integrity of the document, chip and the data
it contains
to negotiate approved access (EAC protocol) to sensitive personal data on the chip –fingerprints - for additional assurance that the holder of the document is the correct, authorised holder
Fingerprint checks against central biometric systems: to confirm identity and/or to screen against special alert watchlists, e.g. police or immigration
Biographic checks against central identity systems: to check what is known about e.g. a named individual (is he / she wanted by the police? Has a criminal
record?) or travel / identity document (lost / stolen?)
Casework operations: at remote locations requiring more conventional desktop services and access to systems, and possibly
enrolment of biometrics
Rapid deployment: E.g. to respond to a large number of arrivals at a small, remote port or even somewhere that is not
classed as a port.
Mapping applications: using GPS technology to determine current position and link this to applications: logging and reporting
position and time, displaying reference information known about nearby locations, navigation.
8/7/2019 Needs for Mobile identification
http://slidepdf.com/reader/full/needs-for-mobile-identification 4/6
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 7 K. Keus
Data Communication I | Architectures I
: Conclusion
Mobile 2 Central (M2C)
Mobile 2 Mobile (M2M)
Network / Combination of devices (NoD)
…
Data communi cations:
handset and communications network the connection to core systems
handling of incoming communications from mobile devices into the
central network (management: security issues, firewalls,
authentication, etc.).
communications and security issues in relation to local connection
of components for a mobile solution:
the device connected to a single integrated unit (master unit, keyboard,
screen, and communications module; potentially fingerprint reader
and document reader too)
separated components: in which case how are they connected together?
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 8 K. Keus
Data Communication II | Communication Architectures II
GSM/GPRS/UMTS
Satellite
Bluetooth
802.11 b/g
RRS
TETRA
WLAN
Wi Max (802.16d/e)
PMR (Professional Mobile Radio)
…
8/7/2019 Needs for Mobile identification
http://slidepdf.com/reader/full/needs-for-mobile-identification 5/6
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 9 K. Keus
Data Communication III | Primary Options
Commercial networks: 3G or forthcoming 4G networks as used for mobile phone networks.
Probably cheaper option, connectivity can be an issue2. Security? Availability?
Emergency services networks based onTetra standard -highly resilient network for use by
emergency services: national implementations and trials (e.g. Netherlands C2000, UK
Airwave, Germany (local trials), several bilateral trials). Desirable, but likely to be at a higher
cost than a conventional commercial solution and may offer less bandwith (speed of data
transmission) than 3G and certainly 4G connection2?
Others? Integration withprofessional (police) radio network? Other?
Bluetooth for ‘nearby area’?Security?
NFS for ‘near field communication’? Performance? Security?
2:
• 2G: Mobile cellular network based on GSM. First offering mobile data connection, using GPRS (known as 2.5G); later, EDGE.
• 3G: 3rd generation mobile communications technologysuperior replacement for GPRS / GSM for mobile cellular data communications.
• 4G: Forthcoming successor standard to 3G for mobile communications with data transfer rates of 1 Gbps(stationary) or 100 Mbps (mobile).
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 10 K. Keus
Data Communication IV | Special Requirements I:
Security Requirements and related Countermeasures
Security Requirements: Confidentiality, Integrity, Availability, Interception, Cloning & Replication…
Some Security Countermeasures:
Encryption of communications and of data held on the device (ensuring confidentiality)
Virtual Private Network (VPN): secure end-to-end connection incl. authentication (ensuring integrity)
Tamper-proofing: technology against eaves dropping / interception
Backup communication lines / recovery and continuity services to ensure resilience against availabilityattacks (e.g. DoS)
Hardware Security Modules (HSMs): protection against a device being attacked to prevent data being
accessed (Possible contents: encryption private keys, watchlist contents, access codes for central
systems)
Remote diagnoses and service: e.g. deletion or blocking or li mitations on f unctionality: commands
may be issued from a central control point instructing a mobile device that has been lost or stolen to
delete any sensitive data including access codes or authorisations that it is holding.
8/7/2019 Needs for Mobile identification
http://slidepdf.com/reader/full/needs-for-mobile-identification 6/6
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 11 K. Keus
Data Communication IV | Special Requirements II
Reliability of information
Privacy
Performance (incl. bandwidth (in special for biometrics data), throughput,response time, …)
Grid and sensor net (communication network)
New Sensor technologies
…
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 12 K. Keus
Questions?
Thank you for your attention !