RTD info logoMagazine on European Research


In an increasingly permeable and mobile world, in which information must be transmitted as quickly as possible, the need for secure communication is not limited to financial transactions. In the field of justice in the widest sense – thus including magistrates, judicial authorities, police, etc. – there is also keen interest in the design, development and testing of innovative identification and authentication systems that guarantee maximum security against attempts at “deception” or “human error”. The European eJustice project is currently proposing operational technologies for secure co-operation between various European and national organisations and administrations – and not only in Europe. 

Prototype of a smart card that makes it possible to identify the holder on the basis of face and fingerprint recognition, developed under the eJustice project. Specific biometric algorithms were produced by Thales Security Systems (comparison of fingerprints) and Viisage (comparison of face). Encoding algorithms (Oberthur card systems) can provide the functionalities of document digital signature, remote authentication, non-repudiation of a transaction, and data integrity control.
Prototype of a smart card that makes it possible to identify the holder on the basis of face and fingerprint recognition, developed under the eJustice project. Specific biometric algorithms were produced by Thales Security Systems (comparison of fingerprints) and Viisage (comparison of face). Encoding algorithms (Oberthur card systems) can provide the functionalities of document digital signature, remote authentication, non-repudiation of a transaction, and data integrity control.
Civilian security policy is facing new needs generated by new forms of co-operation. Europol and Eurojust, for example, were set up in the fields of justice and the police to strengthen the cross-border fight against organised crime. Members of these authorities co-operate with colleagues in other countries without necessarily knowing one another – and in situations in which time is of the essence. When issuing European arrest warrants, trans-European debt-recovery notices or other international search documents it is useful to be able to speed up the exchange of information, especially in a context in which the maximum time an individual can be held without charge is often less than the time it takes to collect and dispatch documents.

Magistrate X, case Y
Electronics is a valuable tool – but is it always a reliable one? “First of all, mutual trust must be established in the virtual world between members of different administrations. This requires secure data exchange, the formal defining of the functions of all involved, and a guarantee that identities and roles will not be usurped,” explains Michel Frenkiel, project coordinator.

But how can one be sure that somebody seeking information is indeed magistrate X in charge of case Y, or that the document transmitted is not a false one? In short, how can one identify and authenticate? This is where the new technologies being developed by the 16 eJustice partners come into the picture. Launched in 2004, the project includes the development of what is known as a ‘match-on-card’ (placed on a contact card) that incorporates two biometric elements that are carefully encoded and impossible to extract: the face and fingerprint. Using a webcam and/or scanner, it is possible to check that its user is indeed the authorised holder and that there is no assumed identity.

Trial and error
"We tested this authentication system on a group of 2 200 people by combining these two biometric elements,” explains Andrew Robinson, head of project communication. “That produced an error rate of ‘false acceptance’ or ‘false rejection’ of the order of one in 10 000 – the same risk as when using a PIN code with a bank card or mobile phone. Such a card is now ready for launch and can operate using most of the Public Key Infrastructure (PKI) standards. Our survey among civil liberties groups showed that this solution was accepted by users.” 

The partners are also developing a system in which ‘workflows’ – that is, the computer descriptions that manage the work procedures, coordinating them and making it possible to perform a number of tasks in parallel – are able to integrate various control elements that guarantee security, at various moments and at different operational levels, and in particular a formal definition of the role of users. It would thus be possible to check, at the major stages in these exchanges, that the user is authorised.   

"The vital security sought is to provide access not to the databases directly but solely to the data authorised within defined legal frameworks,” stresses Michel Frenkiel. “In this context, the project is also developing tools enabling users to understand the legislation involved in an international inquiry and the procedures that will permit progress. This combined representation of the law and the way justice is done is viewed with great interest by the professionals, not only in exercising their own job but also for the purposes of legal training.” 

Institutional interest
Practical applications are beginning to take shape. The project partners are working on a support tool for the European Arrest Warrant, to be used by the European Judicial Network (EJN) in its co-operation in the field of civilian and commercial justice, and by Eurojust in its fight against organised crime. For its part, Europol is envisaging a feasibility study on how to extend its network to include newcomers. The Austrian chancellery – in one of Europe’s most advanced countries in the field of e-government – is interested in the tools developed by eJustice as regards offering applications for its ‘citizen’s card’ (Bürgerkarte) system and for improving the security of its flagship eRecht software(1). Some Belgian French and British networks would like to use biometric solutions to combat paedophilia. Other institutions have also expressed an interest, in particular in Algeria and India.  

"But we are not the only ones to be achieving progress on these matters,” explains Andrew Robinson. “The eJustice partners have many links with other participants in European projects supported by the Commission, such as Fidis or Challenge. We would also like to reinforce co-operation by setting up an e-network of judicial excellence.” 

(1) eRecht, awarded the ‘Amtsmanager 2005’ prize by the Austrian Chamber of Commerce, enabled the chancellery to dematerialise the law-making process, from the original bill to publication of the final act.

  Benefits of the match-on-card  
  Outside the sphere of justice, on-card biometric recognition technologies are being applied in many areas of society. Today, just about everybody holds at least one – and most people several – PIN-type code cards for access to financial, commercial and administrative services, and has a number of internet passwords. Yet these digital protection devices supposed to check that the user is the cardholder have major shortcomings. The card, the code or the password can continue to be used having been stolen or given voluntarily to somebody else. Biometric security implies that the card providing access to transactions and/or data can only be used by a single individual. The support material used, i.e. the contact card, is also highly protected and it is no longer possible to read it from a distance, as can happen with the RFID (Radio Frequency Identification) card.


  Body prints  
  Fingerprints - Using electronics, fingerprints are stored on a hard disk, a smart card or other medium for subsequent comparison with the fingerprints of an individual subject to verification. The individual’s fingerprint results from an almost infinite combination of elements and between 8 and 17 matching points is enough to establish an identity.

Hand - A scanner registers the shape of the hand (length and thickness of the fingers, joints, position, etc.) and reveals 90 characteristics. This method of identification is used primarily in the United States, for access control (Atlanta Olympics, prison visiting rooms, etc.). 

Face - The alignment and spacing of the eyes, size of mouth, etc. make it possible to identify an individual recorded in a database, even if that individual uses disguises such as a moustache or spectacles. But it is not possible to distinguish between identical twins and plastic surgery is also not always easy to detect. 3D images provide a much clearer representation (protrusion of the nose, depth of the eyes, etc.) and allow the subject to be pivoted for viewing at different angles. 

Eye- The coloured area between the white of the eye and the pupil, the iris, is made up of a network of coloured tubes. Photographs reveal 200 independent variables – making it almost impossible to confuse two individuals. A reading of the retina also provides a unique bio-imprint. With its numerous blood vessels, this offers a vascular map that differs between two twins and has some 400 characteristic points (ten times more than a fingerprint). 

DNA - An individual’s unique DNA is the ultimate identification tool. Seventy-six nations, including 35 European countries, already have, or are planning to set up, a genetic database. A further 60 countries have or are planning legislation in this field. The United Kingdom is a leader in this field and its NDNAD base has the largest number of profiles compared with the population – far ahead of the USA. The use of DNA is of enormous value in identifying a guilty person; in 2003-2004, 43% of crimes were solved using this method (compared with 23% previously), including 45% of burglaries (compared with 15%) and 61% of vehicle thefts (compared with 7%). 

Source: Robin Williams, University of Durham (UK) – Lancaster seminar, BITE project, January 2005.


  With EU funding of €4 million over a 24-month period, 16 partners (research centres, public and industrial organisations) from six EU countries are working on the eJustice project (Towards a global security and visibility framework for justice in Europe). This is just one of the 15 projects launched by the IST (Information Society Technologies) programme in 2004 and it meets the strategic objective of working ‘Towards a global dependability and security framework’.