Title: SUMMARY AND CONCLUSIONS

Summary and Conclusions

In this chapter basic technologies currently used for ID documents have been introduced. This includes: 

• Chip card technology 

• RFID 

• Biometrics 

• Electronic signatures  

• Various back-office technologies such as PKI and databases for biometrics. 

Chip card technology has been used successfully in the context of ID documents for almost 10 years now.  

RFID has been used for access control in the past, but the use in the context of ID document is relatively new and started with the European passport in November 2005. To adopt RFID to the needs of ID documents a number of additional security functions have been developed recently. This includes (1) Basic Access Control (BAC) and passive and active authentication of the RFID chip. BAC will be further investigated in the chapters and .

Biometrics in the context of ID documents has been investigated in two studies recently. The results show that biometrics still faces a number of quality problems (FAR, FRR, EER) that limit the application of this technology at least to certain groups of citizen. Technical and procedural back-up solutions have to be implemented.  

Electronic signatures and PKI have been used in various European countries together with chip card technology for almost 10 years now though the diffusion and the use do not seem large until today. The technology seems to be mature. Remaining privacy and security issues will be analysed in chapter .

Back-office technologies, especially databases on biometric (raw) data, can be problematic. When data is stored in such data bases in general the purpose binding principles can not be enforced easily. This is especially true in cases these databases are run and controlled by foreign countries for foreign visitors. This especially raises the need for data minimisation. Concepts should be investigated, that allow control of the user of the ID document over his personal data. In any case additional information in authentication information should not be included. Concerning biometrics this means that biometric raw data such as photos of faces and fingerprints should not be used. But biometric raw data are due to the need of technical compatibility an integral part of the technical concept of the European passport, especially pictures of the face. This is a weak point of current concepts and implementations of MRTDs. Concerning fingerprints the NIST standards for minutiae and papillary pattern can and should be used. 

In addition to basic technologies aspects of interoperability of ID documents are investigated and described using a modified TFI model. Technical compatibility, homogenisation of formal procedures and privacy aspects (for example Privacy enhancing Technologies, PET) to achieve a broad social (informal) acceptance are highly relevant aspects for successful interoperability. This chapter has given an overview on the implementation of ID documents in various European and non-European countries with respect to these factors. 

It can be concluded that by looking on a global and EU level common law based countries seem to have an extremely low adoption rate of national eID strategies. In contrast the civil law based European nations seem to be among the group of early adopters of national eID solutions. Despite that maybe surprisingly clear and evident finding, by far the more challenging and pressing problem appears on a pan-European eID interoperability level, as the national individual legislation has to be harmonised in order to allow EU Member States to share, interconnect and use national versatile identities. Issues like data protection, privacy, information liability, access authority and the quality of authentication are heavily disputed issues.