Identity management is a critical issue for the air transport industry and as new approaches to passenger processing are explored, including biometric-enabled single passenger tokens, it is of vital importance that airlines, airports, government agencies and other stakeholders involved in the air travel chain know with certainty that every passenger is who they claim to be.
“Although the e-passport is better than its predecessors, it’s still not the silver bullet…The industry is still vulnerable to threats,” said Matthew Finn, Managing Director of security consultants AUGMENTIQ, speaking at the recent SITA Air Transport IT Summit.
Finn explained that identity management is going to become even more complex as we move forward, partly because “not everyone is at the same level of maturity” and partly because passenger numbers are expected to rise rapidly to 7 billion by 2030.
Bob Davidson, Head, Aviation Facilitation, IATA, stated: “Our systems and processes today were not designed to handle that type of flow.” He added: “New processes must be designed, agreed and adopted”, but this will require “greater transparency, cooperation and communication”.
Single passenger tokens
One approach that has emerged over the last year or so as a possible solution to creating a more secure and seamless airport experience is the development of single passenger tokens, which use passengers’ biometric data to identify them at airport touch points, removing the need for them to present their e-passport and other travel documents at every step of the journey.
To make this possible, the travellers’ biometrics, such as a facial recognition scan, must be matched with their e-passport and boarding pass at the very start of the journey. The Aruba Happy Flow project is the best-known example of this to date, although SITA has revealed that it is working on its own single token trial at Hamad International Airport in Doha.
The role of blockchain technology
SITA has also announced that it is exploring the potential of blockchain technology as part of its single token efforts. This technology provides the opportunity to allow secure biometric authentication of passengers throughout the journey across borders, which could help eliminate the need for multiple travel documents without passengers having to share their personal data.
SITA Lab, along with blockchain start-up ShoCard, is now researching how using virtual or digital passports in the form of a single secure token on mobile and wearable devices could reduce complexity, cost and liability around document checks during the passenger journey.
This approach imagines passengers creating a verifiable token on their mobile phone, which contains biometric and other personal data. In theory, no matter where in the world you go any authority could simply scan your face and scan your device to verify you are an authorised traveller. Furthermore, this could be done without all these agencies ever controlling or storing your biometric details.
One of the attractions of blockchain technology is that it allows “privacy by design” so that passenger data can be secure, encrypted, tamper-proof and unusable for any other purpose. Once information has been entered, it cannot be changed. At the same time, it eliminates the need for a single authority to own, process or store the data.
Jim Peters, SITA’s Chief Technology Officer, explained: “Our vision is for seamless secure travel. To date, technology has provided SITA the opportunity to do that at many airports and at more than 30 of the world’s borders. But the underlying design of today’s computer systems means that there are multiple exchanges of data between various agencies and multiple verification steps, which reduces the ability to have a single global system.
“Now blockchain technology offers us the potential to provide a new way of using biometrics. It could enable biometrics to be used across borders, and at all airports, without the passenger’s details being stored by the various authorities.”
Peters explained that blockchain “fundamentally changes the way we design systems because we can now create decentralised, global, tamper-proof, distributed databases”. He added: “It is very early days yet and the issues of scalability and adoption rates need to be examined. But what our SITA Lab team is looking at today is how we in the air travel industry – airlines, airports and government agencies – can take advantage of the new era where the underlying blockchain protocols provide trust so that individuals or authorities don’t have to.”
Peters’ point that it is still early days is an important one – SITA and ShoCard are both clear on the fact that this is just a prototype for now – but if this new approach to identity management and passenger processing gains the support of the wider air transport industry and government agencies, it would make sense for the technology to be trialled as a next step. The e-passport as we know it surely still has a relatively long life ahead of it, but it is reassuring to know that a proactive approach is being taken to establish how to further secure and simplify the travel experience.