Document Verification through C-One E-Id - Copy

DocumentVerification through
C-One E-Id
Prepared by: Rima HAJOU
Supervised by: Dr. Lina OUEIDAT
Date: 13 July 2016
Hosting Company: Inkript R&D Department
(March – June 2016)

Content
 Objective and Project Definition
 Device Used: C-One E-ID
 Biometrics
◦ Fingerprint
 Machine Readable Passport
◦ Machine Readable Zone (MRZ)
◦ Logical Data Structure
◦ Communication with IC/Chip
◦ E-Passport Security features
◦ Smart Card Security features
 Project Development
◦ MRZ Project
◦ Smart Card and E-passport projects:
◦ Fingerprint project
 Document verification application
 Conclusion and Recommendations
2

Objective and Project Definition
 Current users are able to do many different tasks
on the go using just a small pocket device.
 Implement eGovernment mechanisms for
documents.
How?
 Using handheld device, we will be able to identify
a person based on their personal ID or E-
Passport.
3
A mobile android application that read an ID
document, extract the fingerprint data and
compare it to the scanned fingerprint using
the readers integrated in C-One E-ID device.

Content
 Biometrics
◦ Fingerprint
◦ MRZ Project
4

C-One E-ID
 Why a handheld
device?
 Why C-One E-ID ?
 Fingerprint sensor
 Contact and Contact less card-readers (RFID
Technology)
 Barcode Reader
 Latest technologies (4G,Wi-Fi, GPS..)
 Android 4.2.2
5

Content
 Biometrics
◦ Fingerprint
◦ MRZ Project
6

Biometrics
 Distinctive, measurable characteristics
used to label and describe individuals
 Face recognition, iris,
fingerprint, DNA,
palm print..
7

Fingerprint
 Why fingerprint?
 Uniqueness, consistency over time.
 Used for identification by automated
systems
 Minutias
8

Content
 Biometrics
◦ Fingerprint
◦ MRZ Project
9

Machine Readable Passport (MRP)
 Travel document specified by International
Civil Aviation Organization
 E-passport and Smart cards developed by
Inkript are types of MRP.
 Lebanon was forced to apply ICAO standards
on civil documents to facilitate citizen travelling
10

Machine Readable Zone
 Mandatory zone located on the MRP’s
data page
 Used to store information used for the
BAC mechanism to read
files of the MRP :
◦ Passport Number
◦ Date of Birth
◦ Expiry date
11

Logical Data Structure
 For both IC integrated in E-passport and
in Residency permits
 Structured data as files called Data
Groups.
◦ DG1 : Personal Info
◦ DG2 : Owner Photo
◦ DG3 : Fingerprint (optional)
 Elementary files required to validate
integrity ( EFcom ; EFSoD )
12

Communication with the IC/Chip
 IC or Chip will be connected to a Card
Acceptance Device (CAD)
 Chip speaks to the outside world using its
own data packages:APDU
 APDU contains Command or a
Response message
 Master- Slave model.
 The Chip always waits for a command
APDU from the terminal
14

E-passport Security Features
while reading the chip
 Gain Access to the contactless
 Authentication of the data
 Authentication of the IC
 Additional access control mechanism
15

E-passport Security Features (2)
Gain Access to the contactless
 To prevent eavesdropping
 Chip Access Control mechanism :
◦ Only authorized access.
◦ Using cryptographic protocol
 Info are needed from the MRZ to derive the keys.
 Two Chip Access Control mechanism:
◦ BAC: Basic Access control
◦ PACE: Password authenticated connection
establishment
16

Read the
MRZ_Information
visually from MRZ
SHA-1 Hash of
MRZ_Information
Take the most
significant 16 bytes
of SHA-1 Hash as
Key Seed
Derive KEnc and
KMAc
Setup a secure
connection with
the IC
Granted access to
non sensitive data
(Personal info and
Photo)
17
Gain Access to the contactless (2) – BAC Mechanism

 Content of Data security object (SOD)
and LDS are authentic.
 Execute the hash of the LDS and compare
it to the existing hash in SOD file.
 It’s a passive authentication.
18
Authentication of Data

 Against Chip substitution
 Active Authentication mechanism
 Based on challenge-response protocol
19
Authentication of the IC/Chip

 Access fingerprint (and IRIS) file should be
more restricted.
 Extended Access Control mechanism is
used.
◦ EAC = Chip Authentication + Terminal Authentication
 Terminal authentication: two move
challenge response protocol
20
Additional control access mechanism

Used Smart Card Security Features
specifically in this project
 Same structure of internal chip.
◦ LDS
◦ Apdu commands
 Smart Card: another confidential info instead of the
MRZ_Information to perform BAC mechanism
21
E-passport Smart Card
Standard ICAO ICAO
Extract BAC key- and thus
accessing DG1 and DG2 -
using
MRZ Another Confidential
info
Security Features to access
DG1,DG2
ICAO Standard ICAO Standard
Security Feature to access
DG3 (Fingerprints)
EAC – Mentioned and
explained by ICAO
No security

Content
 Biometrics
◦ Fingerprint
◦ MRZ Project
22

Project Development
Read the MRZ
• OCR Tesseract
• Regula Document Reader
Read E-Passport
or Smart Card
Scan fingerprint
Compare the
two fingerprints
23

Project Development (2)
MRZ Project
 OCRTesseract Project:
◦ Open source project /Use online trained data.
 Regula Document Reader:
◦ Proprietary project for Regula Forensic.
24
Unsuccessful trials which leads to:
Enter manually the MRZ_information
needed for BAC mechanism

Read the
MRZ
• OCRTesseract
• Enter It Manually
Read E-
Passport or
Smart Card
• JMRTD Solution
• Coppernic Solution
• The integration of two solutions
25

Smart Card and E-passport projects
 Java Machine ReadableTravel Document
 Most popular to read
E-passport.
◦ Android supported :AJMRTD
◦ Uses NFC to read E-passport.
◦ Read DG1 and DG2.
26
Incompatibility between NFC and
RFID technology

 Coppernic solution:
◦ Able to read DG1 and DG2 file from the E-
passport.
◦ Complexity of integrating the EAC
mechanism to read DG3. (Fingerprint DG)
◦ Unsuccessful trial to read Fingerprint from E-
passport
27
We managed to develop a similar
application that reads only Smart Card

Coppernic Sample E-Passport Smart Card
Power Management Power up the RFId Power Up the Smart Card Reader
Keys for BAC mechanism MRZ_Information Another Confidential Info
Reading DG1 (Personal
Information
Extracting these info using
Coppernic methodology
Implementing JMRTD to extract the response
Reading DG2(Display
Picture)
Implementing JMRTD to parse the response
Reading DG3 Not supported yet due
the need of additional
security mechanisms
I managed to read DG3 since it does not
require any additional security and I
extracted the fingerprint template using
JMRTD
28

Read the
MRZ
• OCR Tesseract
• Enter It Manually
Read E-
Passport or
Smart Card
• JMRTD Solution
• Coppernic Solution
• The integration of 2
Scan
fingerprint
• Neurotechnology
Compare
the two
fingerprints
• Neurotechnology
29

Fingerprint Sample
 Neurotech Solution
 Features:
◦ Reading fingerprint
◦ Extracting its minutias
◦ One to One verification
 One finger to another finger (Ex:Thumb toThumb)
 One finger to the 2 hands (Ex: Index to a person’s finger)
◦ One to Many verification
 One finger to a database of fingers (Ex:Thumb to many
Thumbs)
30

Content
 Biometrics
◦ Fingerprint
◦ MRZ Project
31

Document verification application
32

Real Situation (4)
36
Successful implementation of the
project

Content
 Biometrics
◦ Fingerprint
◦ MRZ Project
37

Conclusion
 Importance of such a device with these
advanced capabilities lies in the increased
need to control borders and critical areas
in such a country.
 Enhance catching terrorists and forgers
over borders controls.
38

Recommendations
 More research to read E-passports using
C-One E-ID
 Reading MRZ visually and using the
camera by a well trained data.
 Compare the fingerprint of any person
remotely with the database available on
the server
 One level of security can be added to
prevent non authorized agents to use the
device.
39

Document Verification through C-One E-Id - Copy

More Related Content

Similar to Document Verification through C-One E-Id - Copy

Document Verification through C-One E-Id - Copy