By Daniel Stanton
The Middle East may be lagging behind in some respects when it comes to technology, but when it comes to ID smart cards the Gulf States are years ahead of most other countries. Daniel Stanton identifies the issues.
While many Western nations, notably the UK, are still debating whether or not to introduce identity cards, several GCC countries have already implemented advanced systems that make the most of new authentication technologies.
Oman was the first country in the Middle East to implement an identity smart card. Gemalto provided its smart card-based identity solution, and has delivered 2.5 million of the cards to the Sultanate's citizens and expatriates over the age of 15. The card contains biometric information and a digital photograph of the bearer on a smart chip, as well as security features in the form of extremely fine print that is difficult to counterfeit. Data is collected in real time at regional offices, and is an integral part of Oman's future egovernment initiative. In 2004, Bahrain launched its ID card, which can be used to vote in elections.
The Saudi Arabian government is to start archiving the fingerprints of all Saudis through the civil records departments in its various administrative regions. Fingerprint data will be stored on a chip on the Kingdom's recently-issued ID card and is likely to be used in the electronic identification of citizens at airports and border points, as well as in emergencies. This is in addition to the plan to deploy a fingerprint ID system at all of Saudi Arabia's land and air outlets for all foreigners leaving or arriving.
In July this year, the UAE started distributing new identity cards among national employees of the Ministry of Defence, the Armed Forces, the Ministry of Interior, the Abu Dhabi and Dubai Police, as well as other ministries and federal departments. The card, produced by the Emirates Identity Authority (EIDA), incorporates a 32 kbyte memory chip, complete with microprocessor, which holds fingerprint data, a photograph of the holder, and digital certification. It will serve as a replacement for labour cards, health cards and driving licences, and will eventually replace passports.
Qatar is the most recent Middle East country to announce an ID card scheme. Daon, along with ProtechT and QPGI, the contract awardee, is supplying core biometric technology for the rollout of a national ID smartcard incorporating finger, face and iris biometrics. "This is a major step forward for the State of Qatar Ministry of Interior in the implementation of its e-security strategy," says Colonel Saleh El Kubaissi, head of computer systems, Ministry of Interior, Qatar.
"The National Identification Project is focused on the implementation of a national system for up to a million people, leveraging multiple biometric types for multiple biometrically-enabled applications including the National Identity Smartcard, the e-passport and e-gate programmes and Biometric Immigration Control systems."
As part of the ProtechT team, Daon is providing its core biometric infrastructure, DaonEngine, and finger, face and iris biometric snap-in interfaces to biometric algorithms.
"Because a lot of the governments in the GCC are either introducing national ID cards, such as in the UAE, or upgrading national ID cards like they are in Bahrain, they're looking for all sorts of technologies to make it more secure, and biometrics is the latest one," says William Moroney, regional manager for Daon in the Middle East.
He expects the project in Qatar to be finalised by the end of this year. The Qatari government is to introduce an e-gate system in parallel with the biometric cards, and will introduce electronic passports in 2007.
While there are facial recognition technologies available, these become less accurate if people are wearing glasses or headwear, and would be particularly impractical when identifying women wearing a niqab or veil. Moroney says iris recognition is the best form of authentication, although it is not the fastest.
"Iris is the most reliable - it's also the slowest when it comes to verification," he says. "People look for a one-second response, so your finger goes down and the identity comes up. Iris identification can take three seconds."
However, there are ways to speed up the recognition time. "What a lot of customers are looking at is to combine the two biometrics to make the response time faster, to have people putting their finger down and looking ahead at the same time," he says. "It makes it quicker because you're searching through a database and you're looking for two keys instead of one."
While there has been talk of a unified ID card that would be accepted across the GCC, Moroney can foresee obstacles ahead when it comes to integration. Daon has worked on several projects where it has had to integrate different technologies, such as scanning devices, but its own technology is designed to run on any database.
"Could you pull everything together for the GCC?" he asks. "In theory, yes. It's a very large project but you definitely could. I think the bigger challenge would be the political agreement. They would need to correlate their technologies and their different strategies: what the biometrics are going to be, whether it's going to be finger, face or iris. Most countries in the Middle East now either have a project or have a national ID with a register."
Biometric authentication also has applications in banking and in other situations where a large volume of people needs to be identified quickly, such as at airport immigration. Moroney says: "Where it starts to get interesting is when the government says: 'We want to start enrolling people on the national ID system and we want that linked to the criminal system'. Once that infrastructure is set up, it's endless what other people can use that for.”
Banks, for example, have a huge money-laundering problem, and face challenges with the upcoming 'know your customer' model. One problem is that when asking for identification documents, they do not know if they are forged.
The answer is to use biometrics stored on the national ID database as a means of authentication.
"Imagine walking into a bank and just putting your finger on the counter," he says. "We've had problems with ATM fraud in this region, so imagine sticking your card in, entering your four-digit ID and then putting your finger down to see if it really is you.
"The lengths technology can go to are only just getting started and it can help other businesses."