needs for mobile identification

8/7/2019 Needs for Mobile identification

http://slidepdf.com/reader/full/needs-for-mobile-identification 1/6

28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 1 K. Keus

Needs for Mobile Identif ication

-

The European MOBIDIG

WS on ‘Interoperable Communications for Safety and Security’,JRC IPSC, Ispra

28th June 2010, Ispra, Italy


The Mobile Identification Interoperability Group:MOBIDIG Framework Conditions

Scope and Applications

Objectives

Data Communication related to MOBIDIGrequirements

ArchitecturesOptions

Requirements

Agenda




Mobile computing devices are improving rapidly. This has important potential as an enabling

technology for policing and immigration, particularly in identifying people, at the border and

elsewhere.

A smart new generation of mobile computing devices on their own will not solve the problems of

identification . How the technology isapplied and used is crucial to its success.

Mobile technology does not provide an ‘out of the box’ total solution - it needs to be configured and

integrated with existing systems.

MOBIDIG (TheMob ile Identification Interoperability Group): has been created so that police and

immigration services in the European Union can benefit from the sharing of expert advice andexperience from individual Member States.

Background | Some Framework Conditions


Needs | From stationary to mobile

Mobile ID devices may be employed for a variety of

applications, where stationary booking station type environment

is not possible, nor easily attainable (existing procedures and

technology for stationary environments are not transferable

andnot applicable for mobile requirements).

Common applications include (e.g.):

Mobile immigration and border control needs in nonstationary environments (e.g. to inspect e-passports intrains or busses)

Identification and verification in law enforcementapplications (e.g. common use and joint inspection of national eID documents)

Access control for buildings, computers and networks inflexible application environments1

1) This issue will not be addressed here




MOBIDIG | Main Scope

Identification andverification of people’sidentity

Authentication of identity

enabling documents

data held in identity enabling

documents,

identity data held on local and/ or

remote databases (e.g. in those

cases where an individual cannot or

will not provide identity

documentation).

for border control and law enforcement applications:

through the use of


MOBIDIG | Specific uses for Police and Immigration Applications

(extract)

Authentication of travel and identity documents: usingPKI technology to give very high assurance about the integrity of the document, chip and the data

it contains

to negotiate approved access (EAC protocol) to sensitive personal data on the chip –fingerprints - for additional assurance that the holder of the document is the correct, authorised holder

Fingerprint checks against central biometric systems: to confirm identity and/or to screen against special alert watchlists, e.g. police or immigration

Biographic checks against central identity systems: to check what is known about e.g. a named individual (is he / she wanted by the police? Has a criminal

record?) or travel / identity document (lost / stolen?)

Casework operations: at remote locations requiring more conventional desktop services and access to systems, and possibly

enrolment of biometrics

Rapid deployment: E.g. to respond to a large number of arrivals at a small, remote port or even somewhere that is not

classed as a port.

Mapping applications: using GPS technology to determine current position and link this to applications: logging and reporting

position and time, displaying reference information known about nearby locations, navigation.




Data Communication I | Architectures I

: Conclusion

Mobile 2 Central (M2C)

Mobile 2 Mobile (M2M)

Network / Combination of devices (NoD)

…

Data communi cations:

handset and communications network the connection to core systems

handling of incoming communications from mobile devices into the

central network (management: security issues, firewalls,

authentication, etc.).

communications and security issues in relation to local connection

of components for a mobile solution:

the device connected to a single integrated unit (master unit, keyboard,

screen, and communications module; potentially fingerprint reader

and document reader too)

separated components: in which case how are they connected together?


Data Communication II | Communication Architectures II

GSM/GPRS/UMTS

Satellite

Bluetooth

802.11 b/g

RRS

TETRA

WLAN

Wi Max (802.16d/e)

PMR (Professional Mobile Radio)

…




Data Communication III | Primary Options

Commercial networks: 3G or forthcoming 4G networks as used for mobile phone networks.

Probably cheaper option, connectivity can be an issue2. Security? Availability?

Emergency services networks based onTetra standard -highly resilient network for use by

emergency services: national implementations and trials (e.g. Netherlands C2000, UK

Airwave, Germany (local trials), several bilateral trials). Desirable, but likely to be at a higher

cost than a conventional commercial solution and may offer less bandwith (speed of data

transmission) than 3G and certainly 4G connection2?

Others? Integration withprofessional (police) radio network? Other?

Bluetooth for ‘nearby area’?Security?

NFS for ‘near field communication’? Performance? Security?

2:

• 2G: Mobile cellular network based on GSM. First offering mobile data connection, using GPRS (known as 2.5G); later, EDGE.

• 3G: 3rd generation mobile communications technologysuperior replacement for GPRS / GSM for mobile cellular data communications.

• 4G: Forthcoming successor standard to 3G for mobile communications with data transfer rates of 1 Gbps(stationary) or 100 Mbps (mobile).


Data Communication IV | Special Requirements I:

Security Requirements and related Countermeasures

Security Requirements: Confidentiality, Integrity, Availability, Interception, Cloning & Replication…

Some Security Countermeasures:

Encryption of communications and of data held on the device (ensuring confidentiality)

Virtual Private Network (VPN): secure end-to-end connection incl. authentication (ensuring integrity)

Tamper-proofing: technology against eaves dropping / interception

Backup communication lines / recovery and continuity services to ensure resilience against availabilityattacks (e.g. DoS)

Hardware Security Modules (HSMs): protection against a device being attacked to prevent data being

accessed (Possible contents: encryption private keys, watchlist contents, access codes for central

systems)

Remote diagnoses and service: e.g. deletion or blocking or li mitations on f unctionality: commands

may be issued from a central control point instructing a mobile device that has been lost or stolen to

delete any sensitive data including access codes or authorisations that it is holding.




Data Communication IV | Special Requirements II

Reliability of information

Privacy

Performance (incl. bandwidth (in special for biometrics data), throughput,response time, …)

Grid and sensor net (communication network)

New Sensor technologies

…


Questions?

Thank you for your attention !

needs for mobile identification

Documents