Flying is an increasingly popular way to travel in our globalised world. According to estimates, in 2018 commercial airlines carried over 4.3 billion passengers on scheduled flights. But travelling is not only about flying: millions of people every year cross borders all around the world. It is therefore of strategic importance to ensure travels are safe. Indeed, thanks to technological developments, many initiatives have been taken in recent years to improve checks in airports (and other border crossings) and reduce risks to a minimum, while making sure that travel operations are kept as smooth as possible.
One of the most recent developments on the field in Europe is CEN/TS 17262:2018 ‘Personal identification - Robustness against biometric presentation attacks - Application to European Automated Border Control’. Published in December 2018, CEN/TS 17262 is a Technical Specification , which provides an application profile to the International Standard ISO/IEC 30107 ‘Information technology - Biometric presentation attack detection - Part 1: Framework’ for Automated Border Control. More specifically, the document provides requirements and recommendations for the implementation of Automated Border Control (ABC) systems in Europe, based on the analysis of travellers’ biometric data (such as face image or fingerprints).
In order to understand what is the TS’ specific contribution, it can be useful to take a step back and look at the wider context in which it operates. It is nowadays quite common for EU Member States to issue electronic passports (ePassports) containing a smart-card chip that stores biometric data. In order to cope with increasing security needs, a number of EU Member States have deployed Automated Border Control (ABC) systems that automate border checks for EU citizens in possession of an ePassport.
In practice, an ABC system works by using the biometric data stored in the ePassport to verify a traveller’s identity. The system authenticates that the ePassport corresponds to its holder by comparing the individual’s biometric characteristics with biometric data stored in the ePassport, queries border control records (possibly involving biometric identification of the traveller in watchlists), and finally determines eligibility of border crossings, without border guards intervening. Nevertheless, border guards can still intervene whenever something is wrong or does not go according to plans.
Notwithstanding their precision, ABC systems are potentially vulnerable to biometric presentation attacks (also known as spoofing), which aim at faking biometric characteristics in order to trick the recognition process. For this reason, techniques for the automated detections presentation attacks, called Presentation Attack Detection (PAD) mechanisms, have been established. CEN/TS 17262:2018 focusses on them, providing recommendations for the implementation of PAD mechanisms in Europe – where the international requirements set by ISO need to be adapted to specific levels of security and processes.
CEN/TS 17262:2018 has been developed by CEN/TC 224 ‘Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment’. TC 224’s Secretariat is currently held by AFNOR, the French National Standardization Body.
For more information, please contact Constant Kohler