A pair of Ottawa companies Monday announced a joint digital security solution they say can protect against passport forgery and alteration helping governments ensure the integrity of their borders.
AiT, a identification issuance systems
and border control systems maker, and security hardware vendor Chrysalis-ITS began developing the cryptographic digital signature solution in the shadow of Sept 11., recognizing the increased interest on border security by governments after the terrorist attacks.
“”Right now, the drivers in this business are to verify travelers and authenticating the documents people carry,”” said Bernie Ashe, AiT president and CEO.
Fifty countries use AiT’s products, including the 20,000 AiT document readers installed around the globe. Every time you pass through Canadian customs, your passport is passed through one of those readers to ensure its authenticity. But Ashe admits there exist incredibly advanced forgery networks operating in places like Bangkok and that the current standard, which spots forgeries with the same techniques used to identify counterfeit currency, is not able to spot all alterations.
The digital signature solution makes forgery if not impossible, then terribly impractical, according to Chrysalis-ITS vice president of business development Mike Williams.
AiT’s GenIE (Generic Issuance Environment) issuance system issues a passport signed (digital signatures are actually a set of ones and zeros) by the private key of the issuing authority, for example, the Government of Canada. The digital signature, which verifies that the passport did come from the issuing country and that it has not been tampered with, is inserted into the passport through a barcode or RF smart chip.
Customs officers at checkpoints would use their public key to verify the digital signature. Chrysalis-ITS’ Luna CA3 root key management system protects the private key, Williams said. The solution can also accommodate a biometric in the barcode or smart chip, to be compared with a live biometric at a customs port for added security.
“”They cannot copy that private key,”” Williams said. “”And if you can’t get access to the private key, you can’t duplicate the private signature.
“”It’s just not crackable in this case.””
Williams concedes the private key could be hacked through repeated brute-force attempts. But because the algorithm that encodes the key is up to 2048 bits long, the passport would expire before the signature was cracked. Private keys would also be changed on a much shorter frequency than the 15-20 years it would take to crack even a standard 1024-bit key.
“”They’re very large numbers and they are very hard to guess,”” he said. “”You’re better off playing the lottery.””
“”It (digital signatures) has typically been the domain of network traffic,”” Ashe said. “”This is a pretty innovative application of digital signatures. In this case, national security has been breached. How do we improve?””
Ashe’s suggestion is a better system for verifying people and documents. Though no country has yet adopted the solution, Ashe said it has been presented to a number of governments and to the International Civil Aviation Organization with positive results.
“”Using our passport readers, the ability exists to check every traveler’s document,”” he said, adding the process would take no more than three seconds.