Page 72 - Security Today, March 2019
P. 72
modular approach to ensure the best fit with user requirements. It is also crucial to antici- pate the support and maintenance any iden- tity solution will need and ensure that local IT and integration support is available and that these resources are fully engaged in the deployment process.
As governments look to optimize their investments, new systems should enable the issuance of different types of ID documents using the same core system components. New and emerging standards and market requirements must also be addressed and incorporated into the solution in a simple and frictionless manner, and its document management system should be able to sup- port the move to mobile IDs as well as the verification infrastructure for authenticat- ing them.
Key Ingredients
The key to a successful end-to-end citizen identification solution is to fully under- stand how each aspect of the system affects the user journey. Figure 1 shows how HID Global categorizes the steps in this journey in its HID Integrale solution.
The program should enhance the user experience at every step. This of course means recognizing that there are many users of such a system, and that while program success metrics starts and ends with the citizen experience, it is critical to consider the needs of other users including front- line government staff, the team that manage the back-end software and the authorizers and verifiers who use citizen identities in the field. All user needs must be met while adhering to the highest standards of secu- rity, privacy, quality and efficiency, whether the identification system is implemented in a centralized data center or a distributed environment. All captured application data must be encrypted both at rest and in tran-
sit, ensuring the citizen’s information al- ways remains safe.
Take for example the enrollment process. It is clear that the system should support a variety of application environments and the software should integrate with multiple quality-checking tools such as International Civil Aviation Organization (ICAO) photo standard check or fingerprint quality as- sessment. The solution should perform data verification and validation as well as bio- metric identification, while also supporting integration with the citizen database/register. But what about the citizen experience? The citizen wants the process to be comfortable, convenient and efficient, so it needs to be simple to understand, easy to undertake and performed correctly each time.
It is also important to consider where enrollment will be performed and whether it will need a desktop, mobile suitcase or self-enrollment kiosk, or perhaps even a self- enrollment option using a mobile device. On the other side of the process, the front-line government officials performing the enroll- ment have different requirements. They need a process that is easily explained and effi- ciently carried out with the citizen, but they also need clear easy-to-use software with a localized graphical user interface (GUI) that reflects and supports their process and lan- guage requirements.
The next stage is application process- ing, which requires tools for performing Automated Biometric Identification System (ABIS) deduplication, watchlist and data- base checks, and exception-case handling. The system should be fully customizable so that it can adapt to any workflow require- ments, both today and as they evolve. Here, too, the focus should be on the customer ex- perience. In many cases a citizen may need to wait while this process is performed. It therefore needs to be quick and accurate
and provide clear feedback should there be any issues. From the government side there are similar requirements. Accuracy and clar- ity are paramount to enable prompt action if there is an issue, which might range from simply explaining to citizens that they will need further checks to detaining an individu- al for fraud or other offenses.
Once the application is approved the next step is secure data preparation, which requires software for handling document signing, chip script generation and docu- ment output control. The system must be capable of securely formatting and signing data with country keys as preparation for chip personalization with a chip operat- ing system. Another key component is the PKI system for managing the keys and cer- tificates used to sign personalized e-Docu- ments and enable their verification at con- trol points. The solution should be capable of handling all aspects of key and certificate creation, management, revocation and asso- ciated policies. This process should be per- formed seamlessly in a secure environment to minimize the risk of exposing citizen data or country secrets. At the same time, it also requires customized software outputs for operators, presenting information in a way which is easily understood and that batches the data in a way which suits the upcoming personalization process.
The data preparation step is followed by personalization and quality control. The software must encompass a variety of capa- bilities including pre-personalization, per- sonalization control, chip encoding, qual- ity control, and assurance and inventory management. The personalization and chip encoding section of the solution should be capable of handling all aspects of graphical personalization, secure chip encoding, print job creation and the final quality assessment of the document. It should support multi- machine configurations and integration with major personalization machine brands while also handling multiple chip operat- ing system configurations. Additionally, the software must support the operators of the process by providing clear feedback on the documents that are manufactured as well as rejects and rework plus the health and status of equipment and the maintenance schedules they must apply.
The final component of an end-to- end system is issuance. The software must handle the e-Document collection process, post-issuance control, self-service kiosk so- lutions, e-Document application upgrades and e-Document data renewal. It should simplify the management of the e-ID card lifecycles and inventory control, from the blank document through all personaliza-
70
0319 | SECURITY TODAY
IDENTIFICATION