The AAMVA Card Design Standard Geoff Slagle Director
- Slides: 40
The AAMVA Card Design Standard Geoff Slagle – Director, Identity Management, AAMVA Loffie Jordaan – Convenor, ISO SC 17/WG 10 - Fischer Cindy Gerber – Director, Driver Services, South Dakota AAMVA Official Use Only
Overview • • 2 DL Origins – not identification Standardization – a gradual process Technologies at play Card Design Standard ISO SC 17/WG 10 Conformity Assessment efforts Future AAMVA Official Use Only
DL Origins – not identification • Evidence of privilege… • Identification deemed • ID Management must be holistic – Fundamentals (have/know/are) – Breeder document(s)/systems – “Binding” 3 AAMVA Official Use Only
Standardization – a gradual process • Compilations – Collection of what was being done • Models – Uniform Identification Practices • Best Practices/Recommendations – DL/ID Security Framework • Standards – Voluntary until… 4 AAMVA Official Use Only
Technologies at play • Machine-readable technologies – Bar codes, magnetic stripes, RFID, OCR -B, integrated circuit • Physical Security Features • Manufacturing & Production • *Biometrics 5 * = peripheral AAMVA Official Use Only
Card Design Standard – a coin • Side 1 – standard • Side 2 – measuring conformance/compliance to standard 6 AAMVA Official Use Only
DL/ID Card Design Standard • Overseen by Committee – Jurisdictional members/DHS/Fellows/ AAMVA Support • Continuous maintenance • Supersedes AAMVA DL/ID-2011 v 1. 0 7 AAMVA Official Use Only
Conformance* • Meet mandatory requirements specified – Directly – By reference – Including • Annex A – Card Design • Annex B – Physical Security • Annex D – PDF-417 Bar Code * = AAMVA, not ISO or DHS 8 AAMVA Official Use Only
Foreword • Functional requirements • Three key concepts – Interoperability – Commonality/Uniformity – Security • Compatibility with ISO 18013 standard for International Driving License • Accommodation of REAL ID/WHTI (EDL) requirements 9 AAMVA Official Use Only
Main Standard • References • Terms & Definitions • Human Readable Data Elements – Gives details of data, format, and placement • Quality Control 10 AAMVA Official Use Only
Annex A - Card Design • Zones – Used to describe data element placement – Improves common look across jurisdictions – Preserves some individuality • New examples (AAMVA/ISO/REAL ID/EDL) 11 AAMVA Official Use Only
Annex B – Physical Security • Security Levels – Level 1 – unaided human senses – Level 2 – some type of tool needed – Level 3 – forensic 12 AAMVA Official Use Only
Annex B – Physical Security • Threat types – Type 1 – counterfeit/simulation – Type 2 – alteration – Type 3 – photo/signature substitution – Type 4 – counterfeit from cannibalized card 13 AAMVA Official Use Only
Annex B – Physical Security • Level 1 & 2 requirement – Minimum of four devices – Protect against all four threat types at both levels – Do not count the PDF-417 SIGNIFICANT UPDATE COMING 14 AAMVA Official Use Only
Annex B – Physical Security • Level 3 forensic requirement – Must have at least one – Keep out of public record – Details known only to those with “need-toknow” – Share with accredited law enforcement labs 15 AAMVA Official Use Only
Annex C – DL/ID Device Index • Lists of physical security devices – Description of the device – Threat type protected by level • This annex is informative • The actual protection will depend on how the device is used 16 AAMVA Official Use Only
Annex D – PDF-417 Bar Code • The requirement – PDF-417 must be used – Additional MRT(s) may be used • Provides mapping for the data elements • REAL ID data elements added – Type (compliance) – Revision Date – Limited Duration • Example added 17 AAMVA Official Use Only
Annex E – Test Methods* • Durability Testing • Compliance/Conformity Assessment • Integrity Testing (DSA/NASPO) * = Optional, not required 18 AAMVA Official Use Only
Annex F – Magnetic Stripe* • Unchanged from the previous standard * = Optional, not required 19 AAMVA Official Use Only
Annex G – Optical Memory* • Unchanged from the previous standard * = Optional, not required 20 AAMVA Official Use Only
Annex H – Enhanced DL* • Covers requirements for cards – MRZ/RFID – Banner/flag • Does not address coordination specifics that jurisdictions must make with CBP & CBSA * = Optional, not required 21 AAMVA Official Use Only
Annex I – Compact Encoding* • Provides alternative mapping for the data elements and achieves greater efficiencies • Example included * = Optional, not required 22 AAMVA Official Use Only
Annex J – Integrated Circuit* • Provides mapping for “chip” (contact/contactless) * = Optional, not required 23 AAMVA Official Use Only
ISO/IEC 18013 • ISO/IEC JTC 1/SC 17 WG 10 • First meeting in 1999; on average between 3 and 4 meetings per year • Participation by administrators and industry • Convenorship held by the US • Consists of 4 parts: • Part 1: Physical format and human-readable properties • Part 2: Structure of machine-readable data • Part 3: Data protection and integrity validation methods • Part 4: Test methods AAMVA Official Use Only
ISO/IEC 18013 Participating countries: • Australia • Austria • Canada • China • Finland • France • Germany • Luxembourg • Gibraltar • Malaysia • Spain • Greece • Namibia • Sweden • Ireland • Netherlands • Switzerland • Japan • Singapore • United Kingdom South Africa • United States • AAMVA Official Use Only
Past attendance AAMVA Official Use Only
ISO/IEC 18013 • United Nation Conventions on Road Traffic of 1949 Geneva and 1968 Vienna specifies an International Driving Permit (IDP) • The US is a signatory to the 1949 Convention • ISO/IEC 18013 specifies an “ISO compliant driving licence” (IDL) that can perform the function of both the IDP and a domestic driving license • ISO/IEC 18013 -1 is also synchronized with the European Union driver license Directives • ISO/IEC 18013 allows room for issuing jurisdictions to adapt (i. e. make more strict or add to) the ISO standard for domestic purposes without becoming noncompliant with ISO/IEC 18013 • The AAMVA DL/ID card design specification is based on ISO/IEC 18013 -1 • The AAMVA DL/ID card design specification allows States to issue a driving license that also serves as an IDL AAMVA Official Use Only
Card layout example ISO/IEC 18013 -1 • Mandatory and optional data elements • Placement of data elements • Other graphical characteristics • Physical card security Card layout specification AAMVA Official Use Only
AAMVA DL/ID Card Design Specification • Domestic version of ISO/IEC 18013 -1 • Adapted ISO/IEC 18013 -1 to fit local requirements, while still allowing State to issue a State driver license that can double as an IDL • Specifically expanded on among others the following: • Security requirements • Barcode content structuring • Vertical card layout • Mandatory data elements AAMVA Official Use Only
ISO/IEC 18013 -2 • Human-readable and machine-readable data should not conflict • Mandatory data elements (identified in Part 1 as necessary for international interchange) has to be present (may be protected by basic access protection) • Covered technologies: Barcodes, magnetic stripe, IC with contacts, contactless IC, optical memory • Stated functions of the machine-readable data include: • • Identity verification • Evidence of residence • Biometric authentication • Age verification Complete specification for the storage of images AAMVA Official Use Only
ISO/IEC 18013 -2 • Conceptual data structure • Encoding rules specified separately for: • Barcode , magnetic stripe (Compact encoding) • IC (Standard encoding) • Optical memory AAMVA Official Use Only
ISO/IEC 18013 -3 Specifies mechanisms (for various storage technologies, as applicable) that allow for: • Access control • • Document authentication • • Requires a “secret” to access data (or parts thereof) Verify that a document was issued by the apparent issuing authority Data integrity validation • Cloning • Exchange of machine-readable data carriers • Copied machine-readable data • Changes to human-readable data • Changes to machine-readable data AAMVA Official Use Only
ISO/IEC 18013 -3 Mechanisms: • Passive authentication • • Active authentication • • • Challenge-response protocol that uses information in a secure area of an IC to confirm that the IC and the other machine-readable data were issued together Non-match alert • • Digital signature Alerts if human-readable data and machine-readable data differ Basic access protection • Allows access to machine-readable data only if visual access to IDL can be confirmed • Protects (encrypts) communication between card and reader Extended access protection • IC authentication, strong secure messaging, and conditional authenticated access to data groups AAMVA Official Use Only
Non-match alert using existing field Non-match alert using a dedicated field Basic access protection using a barcode AAMVA Official Use Only
ISO/IEC 18013 -4 Ways to determine if a particular IDL complies with: • Machine-readable technologies in ISO/IEC 18013 -2 • Access control, authentication and integrity validation in ISO/IEC 18013 -3 Test methods: • Provides IDL implementers with requirements for conformity evaluation • Provides IDL issuing authorities with requirements for quality assurance • Provides test laboratories and test tool providers with test suite requirements AAMVA Official Use Only
AAMVA Official Use Only
Conformity Assessment • Courtesy Verification Program – Third Party testing – Accountability tool/resource – Identifies trends • Application with Samples – Typical two-week turn around – Over 50 jurisdictions through program – Benefits = “That’s what I thought – to – What? ? ? ” 37 AAMVA Official Use Only
Conformity Assessment (con’t) • Additional Tests – Card Service Life • Request for Interest/Information − Instructions on what information to provide AAMVA Official Use Only
Semi undiscovered country • Electronic Identification/Identity (e. ID) • Licensing vs. Licenses • Technology X 39 AAMVA Official Use Only
Questions? Geoff Slagle Director, Identity Management Phone: 703. 342. 7459 Email: gslagle@aamva. org 40 AAMVA Official Use Only