2. Content
Objective and Project Definition
Device Used: C-One E-ID
Biometrics
◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development
◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
2
3. Objective and Project Definition
Current users are able to do many different tasks
on the go using just a small pocket device.
Implement eGovernment mechanisms for
documents.
How?
Using handheld device, we will be able to identify
a person based on their personal ID or E-
Passport.
3
A mobile android application that read an ID
document, extract the fingerprint data and
compare it to the scanned fingerprint using
the readers integrated in C-One E-ID device.
4. Content
Objective and Project Definition
Device Used: C-One E-ID
Biometrics
◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development
◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
4
9. Content
Objective and Project Definition
Device Used: C-One E-ID
Biometrics
◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development
◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
9
10. Machine Readable Passport (MRP)
Travel document specified by International
Civil Aviation Organization
E-passport and Smart cards developed by
Inkript are types of MRP.
Lebanon was forced to apply ICAO standards
on civil documents to facilitate citizen travelling
10
11. Machine Readable Zone
Mandatory zone located on the MRP’s
data page
Used to store information used for the
BAC mechanism to read
files of the MRP :
◦ Passport Number
◦ Date of Birth
◦ Expiry date
11
12. Logical Data Structure
For both IC integrated in E-passport and
in Residency permits
Structured data as files called Data
Groups.
◦ DG1 : Personal Info
◦ DG2 : Owner Photo
◦ DG3 : Fingerprint (optional)
Elementary files required to validate
integrity ( EFcom ; EFSoD )
12
14. Communication with the IC/Chip
IC or Chip will be connected to a Card
Acceptance Device (CAD)
Chip speaks to the outside world using its
own data packages:APDU
APDU contains Command or a
Response message
Master- Slave model.
The Chip always waits for a command
APDU from the terminal
14
15. E-passport Security Features
while reading the chip
Gain Access to the contactless
Authentication of the data
Authentication of the IC
Additional access control mechanism
15
16. E-passport Security Features (2)
Gain Access to the contactless
To prevent eavesdropping
Chip Access Control mechanism :
◦ Only authorized access.
◦ Using cryptographic protocol
Info are needed from the MRZ to derive the keys.
Two Chip Access Control mechanism:
◦ BAC: Basic Access control
◦ PACE: Password authenticated connection
establishment
16
17. Read the
MRZ_Information
visually from MRZ
SHA-1 Hash of
MRZ_Information
Take the most
significant 16 bytes
of SHA-1 Hash as
Key Seed
Derive KEnc and
KMAc
Setup a secure
connection with
the IC
Granted access to
non sensitive data
(Personal info and
Photo)
17
E-passport Security Features (3)
Gain Access to the contactless (2) – BAC Mechanism
18. Content of Data security object (SOD)
and LDS are authentic.
Execute the hash of the LDS and compare
it to the existing hash in SOD file.
It’s a passive authentication.
18
E-passport Security Features (4)
Authentication of Data
19. Against Chip substitution
Active Authentication mechanism
Based on challenge-response protocol
19
E-passport Security Features (5)
Authentication of the IC/Chip
20. Access fingerprint (and IRIS) file should be
more restricted.
Extended Access Control mechanism is
used.
◦ EAC = Chip Authentication + Terminal Authentication
Terminal authentication: two move
challenge response protocol
20
E-passport Security Features (6)
Additional control access mechanism
21. Used Smart Card Security Features
specifically in this project
Same structure of internal chip.
◦ LDS
◦ Apdu commands
Smart Card: another confidential info instead of the
MRZ_Information to perform BAC mechanism
21
E-passport Smart Card
Standard ICAO ICAO
Extract BAC key- and thus
accessing DG1 and DG2 -
using
MRZ Another Confidential
info
Security Features to access
DG1,DG2
ICAO Standard ICAO Standard
Security Feature to access
DG3 (Fingerprints)
EAC – Mentioned and
explained by ICAO
No security
22. Content
Objective and Project Definition
Device Used: C-One E-ID
Biometrics
◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development
◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
22
23. Project Development
Read the MRZ
• OCR Tesseract
• Regula Document Reader
Read E-Passport
or Smart Card
Scan fingerprint
Compare the
two fingerprints
23
24. Project Development (2)
MRZ Project
OCRTesseract Project:
◦ Open source project /Use online trained data.
Regula Document Reader:
◦ Proprietary project for Regula Forensic.
24
Unsuccessful trials which leads to:
Enter manually the MRZ_information
needed for BAC mechanism
25. Project Development (3)
Read the
MRZ
• OCRTesseract
• Regula Document Reader
• Enter It Manually
Read E-
Passport or
Smart Card
• JMRTD Solution
• Coppernic Solution
• The integration of two solutions
25
26. Project Development (4)
Smart Card and E-passport projects
Java Machine ReadableTravel Document
Most popular to read
E-passport.
◦ Android supported :AJMRTD
◦ Uses NFC to read E-passport.
◦ Read DG1 and DG2.
26
Incompatibility between NFC and
RFID technology
27. Project Development (5)
Smart Card and E-passport projects
Coppernic solution:
◦ Able to read DG1 and DG2 file from the E-
passport.
◦ Complexity of integrating the EAC
mechanism to read DG3. (Fingerprint DG)
◦ Unsuccessful trial to read Fingerprint from E-
passport
27
We managed to develop a similar
application that reads only Smart Card
28. Coppernic Sample E-Passport Smart Card
Power Management Power up the RFId Power Up the Smart Card Reader
Keys for BAC mechanism MRZ_Information Another Confidential Info
Reading DG1 (Personal
Information
Extracting these info using
Coppernic methodology
Implementing JMRTD to extract the response
Reading DG2(Display
Picture)
Implementing JMRTD to parse the response
Reading DG3 Not supported yet due
the need of additional
security mechanisms
I managed to read DG3 since it does not
require any additional security and I
extracted the fingerprint template using
JMRTD
28
Project Development (6)
Smart Card and E-passport projects
29. Project Development (7)
Read the
MRZ
• OCR Tesseract
• Regula Document Reader
• Enter It Manually
Read E-
Passport or
Smart Card
• JMRTD Solution
• Coppernic Solution
• The integration of 2
Scan
fingerprint
• Neurotechnology
Compare
the two
fingerprints
• Neurotechnology
29
30. Fingerprint Sample
Neurotech Solution
Features:
◦ Reading fingerprint
◦ Extracting its minutias
◦ One to One verification
One finger to another finger (Ex:Thumb toThumb)
One finger to the 2 hands (Ex: Index to a person’s finger)
◦ One to Many verification
One finger to a database of fingers (Ex:Thumb to many
Thumbs)
30
31. Content
Objective and Project Definition
Device Used: C-One E-ID
Biometrics
◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development
◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
31
37. Content
Objective and Project Definition
Device Used: C-One E-ID
Biometrics
◦ Fingerprint
Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
Project Development
◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
Document verification application
Conclusion and Recommendations
37
38. Conclusion
Importance of such a device with these
advanced capabilities lies in the increased
need to control borders and critical areas
in such a country.
Enhance catching terrorists and forgers
over borders controls.
38
39. Recommendations
More research to read E-passports using
C-One E-ID
Reading MRZ visually and using the
camera by a well trained data.
Compare the fingerprint of any person
remotely with the database available on
the server
One level of security can be added to
prevent non authorized agents to use the
device.
39