Canada NewsWire, Monday, March 4th, 2002.

AiT and Chrysalis-ITS announced today a technical partnership that delivers a digital security solution to enhance the security of passports. The two companies are combining their technologies to use cryptographic digital signatures on passports to protect against a variety of classical security violations, including alteration and forgery.

The joint AiT-Chrysalis endeavor offers a new level of security - digital security - to a document that has traditionally been protected by physical security features built into the materials or printing process.

“The partnership with Chrysalis-ITS enables us to take the same digital security technology that protects Internet transactions and apply it to the security of passports,” said Bernie Ashe, President and CEO of AiT. “Security of the passport book has traditionally relied on physical attributes - we are adding a technology layer for further protection. Chrysalis-ITS has established itself as a world leader in securing and validating on-line identities using encryption, and this technology can now be applied to protecting the systems used to digitally sign passports.”

“AiT is a global leader in travel document issuance and verification,” said Dave Longbottom, President and CEO of Chrysalis-ITS. “The marriage of their expertise combined with the high security of digital signature technology from Chrysalis-ITS is a very practical, and powerful step forward to add a significant level of security to passports and creates a compelling document issuance solution.”

Following the events of September 11, priority has been placed on improving the quality and security of travel documents to help immigration and law enforcement officials authenticate and identify travellers. The Enhanced Border Security and Visa Entry Reform Act of 2001, for example, currently before the U.S. Senate, will require countries wishing to remain in or join the U.S. Visa Waiver program to have tamper-resistant passports with biometric identifiers.

“Over time, it is possible for sophisticated forgers to compromise even the best physical security features,” said Alan Boate, Chief Technology Officer for AiT. “The inclusion of a cryptographic digital signature on the passport gives us the ability to predict, mathematically, that the computer power required to break the system will not be available to forgers during the lifetime of the document.”

“By combining the strength of digital signatures and state of the art key management processes developed by Chrysalis-ITS with AiT’s world class passport issuance systems and digital image encoding technology, Chrysalis-ITS and AiT are elevating the security of passport documents to a level unattainable using physical security techniques alone, ” said Bruno Couillard, Chief Technology Officer for Chrysalis-ITS. “Strengthening traditional physical identification systems with the addition of widely deployed digital signature technology marks a transition to a new era in secure identification documents.”

How the solution works: AiT’s GenIE secure document issuance system is used to issue a passport, which is “signed” with the issuing authority’s private key. When the document is personalized, the cryptographic digital signature is incorporated in the passport via a two-dimensional barcode or RF smart chip. Chrysalis-ITS’ Luna CA3 root key management system is used to protect the issuer’s private key, vital to the integrity of the overall system.

When the passport is presented at a checkpoint, the digital signature is verified using the issuing authority’s public key, and is used to authenticate the document. Forgeries are detected instantly if the issuer’s public key cannot successfully verify the digital signature. Alterations are also instantly detected, as even a very small change to the passport data included in the digital signature will invalidate the digital signature created when the document was signed.

As a further step, a biometric can optionally be included in the two-dimensional barcode or RF smart chip along with the digital signature. By comparing the stored biometric template with a live biometric presented by the traveller, authorities can authenticate the traveller as well as the document.