Introduction

The 'Act to strengthen Security in the Passport, ID Card and Foreigners’ Law Document System' passed by the Bundestag with the consent of the Bundesrat was published in the Bundesgesetzblatt on December 11, 2020. This act contains a number of new regulations in the area of Passport, ID Card and Foreigners’ Law Document System and aims to strengthen public security and the citizen-friendliness of administrative services. Among other things, security is to be strengthened by preventing manipulation in passport applications; in particular, so-called "face morphing" is to be prevented in the area of digital image processing.

Face morphing is an image manipulation technique in which the faces of two or more people are morphed or merged into a single face in a photograph. Morphing is easy to accomplish and requires little to no technical experience, as there are numerous free or low-cost applications for image manipulation available on the Internet and mobile platforms. Should a photo manipulated in this way be used for an ID card, for example, than several people can identify themselves with it. This is possible because the biometric features of all persons involved are fused together in the photo and thus both other people and current facial recognition systems can be fooled.

To achieve this goal, the 'Act to strengthen Security in the Passport, ID Card and Foreigners’ Law Document System' will be amended on May 1, 2025, so that there will be two options for providing ID card authorities with photographs, at the applicant's choice. One is to have the photo taken electronically by the ID card authority (Live Enrolment Stations), this is regulated in TR-03121. On the other hand, the photos must be produced electronically by a service provider and then transmitted to the ID card authority using a secure procedure. This secure procedure is the subject of TR-03170.

Subject of the technical guideline

The BSI TR-03170 technical guideline regulates the digital transmission of biometric photos from service providers (e.g., photographers) to passport, ID card or immigration authorities via a secure cloud service and defines requirements for the certification of services for this special procedure. All competent authorities are thereby enabled to retrieve the photo images from service providers certified in this way.

The technical guideline BSI TR-03170 is divided into the framework document, part 1 – requirements regarding the cloud-service and part 2 – requirements regarding the software and is aimed at providers of photographic services for biometric photographs.

Certifications in accordance with Part 1 respectively Part 2 of the technical guideline TR-03170 verify the data protection-compliant and tamper-proof transmission of biometric photographs as required by law.

Main document

• Technical guideline TR-03170 Secure electronic transmission of photographs to Passport, ID Card and Foreigners' Law authorities (framework document, v1.0)

• Technical guideline TR-03170 Secure electronic transmission of photographs to Passport, ID Card and Foreigners' Law authorities (part 1 - requirements regarding the cloud-service, v1.0)

• Technical guideline TR-03170 Secure electronic transmission of photographs to Passport, ID Card and Foreigners' Law authorities (part 2 - requirements regarding the software, v1.0)
  

Interface specification

• Interface specification for technical guideline TR-03170 (v1.1.0)

Test specification

• Test specification for technical guideline TR-03170 (v1.0)

Questions regarding the technical guideline can be sent to the e-mail adress: AusschreibungLichtbild@bsi.bund.de