20-year Anniversary Report: Secunet

Secunet: Efficient and secure border control thanks to eIDs and biometrics

Electronic identity documents and the biometric data stored in them form the basis for automated border controls and convenient passenger processes, as we know them today. How did we actually get this far? On the occasion of the 20th anniversary of the Biometrics Institute, we take a look back at the developments of the last two decades – and congratulate the Biometrics Institute on this milestone!

The addition of the electronic component to the established optical security features made storing biometric information in chips of eIDs possible. At the same time, biometrics created a unique link between document and document holder. In addition to a significantly higher level of forgery protection, this simultaneously opened up the use of biometrics-based automated border control. Biometrics in eIDs and the associated convenience are now taken for granted worldwide. However, the path to success was certainly not always a straight line and many steps have been taken.

Real added value can only be achieved through interoperability

The addition of biometric data to eIDs alone does not add value. First, it must be ensured that eIDs will be accepted and can be processed at borders around the world. Second, the binding between eID and its holder through biometrics enables a higher level of security and, at the same time, new digital processes. Two aspects, however, highlight the importance of interoperability:

The dynamic market for biometric technologies:

  • Many devices and manufacturers, short product life cycles.

The sheer mass of eIDs:

  • 1 billion eIDs were issued from 150 states in 2019.

In numerous interoperability tests, we supported manufacturers of eIDs and inspection systems in optimizing components and making them fit for international use.

These tests have shown the importance of cooperation between states, sovereign authorities, and industry. With the growing potential for biometrics, independent organisations such as the Biometrics Institute were essential in the process – connecting all stakeholders and providing a platform to exchange innovative ideas as well as concerns.

Standardisation is the key

The essential parameters for the use of biometrics in eIDs and the quality and security requirements for their use in sovereign applications have been defined and further developed in international standards. They regulate a wide variety of aspects, one focus being the protection of biometric data over the entire lifecycle of sovereign eIDs, e.g., during document issuance, the security mechanisms and access rights during document verification as well as the responsible use, including appropriate and data protection-compliant handling.

One of the first important standards for automated border control was ICAO Doc 9303, which is still the gold standard for eIDs but also an important prerequisite leading to the widespread use of biometrics in public sector applications.

A milestone for biometric data protection in sovereign eIDs was certainly the BSI TR-03110 of the German Federal Office for Information Security, which is still valid today, and we were involved in its development. BSI TR-03110 specifies, among others, Extended Access Control (EAC) for access to biometric data stored in eIDs and can be regarded as the foundation for all security protocols for sovereign eIDs – it also had a significant influence on ICAO Doc 9303 Parts 10,11.

Standards continue to be an important tool for all stakeholders to jointly implement a consistently high level of security for handling biometric data in eIDs, on the application as well as technology side. Especially for biometric systems, standard conformity on every level assures the accuracy, thus the reliable use of the system.

Just how did these standards evolve, and what does it take to develop them?

Experience through a valid database

A prerequisite for standardisation is data and experience – this is a lasting truth. For the use of biometrics in sovereign eIDs, this initially meant collecting a lot of data – a biometrics aficionado will certainly remember the BioP I and II projects.

Together with the German Federal Criminal Police Office, we conducted a large field test at Frankfurt Airport and compared biometric verification algorithms (face, finger, iris). The results formed the basis for the selection of biometric features of the electronic passport in Germany. Both studies marked the start of many subsequent projects to investigate and evaluate biometric procedures, from which the entire market profited in form of standards and technical guidelines.

These steps – data collection, standardisation, interoperability – were essential key factors for the widespread use of biometrics today. They ensure data is reliably usable in accordance with specifications in terms of quality, security and speed.

Secure eIDs in everyday life

Standards and the worldwide spread of biometric travel documents have opened up completely new possibilities: Increasing passenger numbers could now be addressed through automated border controls (ABC). Aside from the current COVID-related slowdown, the demand for biometrics in border control and passenger identification has been increasing worldwide.

In the German EasyPASS project, for example, ABC systems have increased from 70 ABC gates in operation at four airports in 2014 to more than 250 ABC gates at eight airports today with a total of 95 million users.

For biometrics-based automated border control, protection against circumvention attempts plays a major role. Current standardisation efforts and developments focus on continuously improving procedures to detect fraud attacks through, e.g., presentation attack detection (PAD) or morphing attack detection (MAD).

Summary and outlook

There are plenty of challenges for biometrics in public sector applications such as border control. Biometric data is a sensitive asset that must be protected. A multitude of standards are binding in terms of which data may be collected, used and stored, and in which quality. Security, usability and user convenience must always be balanced for the specific applications needs. Continuous development of corresponding standards is essential in order to meet current and future requirements for secure biometric procedures and to effectively prevent attempts to overcome them. New possibilities that arise, for example, through artificial intelligence (AI), will play a decisive role here – plenty of work for the Biometrics Institute, and other important players in the biometrics community.

Secunet Security Networks AG

Secunet were a Founding Member in Europe

Applications and use cases | Privacy and policy | Research and development | Technology innovation

Lead the debate with us on the
responsible use of Biometrics