Ministry

LIBERIA eID project
Introduction on the issuance of

eID project essentials
Introduction on the issuance of national
identity cards

Executive Summary

Final

LIBERIA eID project essentials
Introduction on the issuance of national identity cards

Final / Liberia.ZETES.eID.MOI.docx 2 / 47

Table of Content
1 Foreword ........................................................................................................................................................... 4
2 Company profile of Zetes ............................................................................................................................ 5
3 Some of our key references ....................................................................................................................... 7
4 Introduction...................................................................................................................................................... 9
5 Overview of the Principal Applications ................................................................................................. 11
6 The electronic ID card ................................................................................................................................ 13
6.1 Introduction .............................................................................................................................................................. 13
6.2 eID Chip ..................................................................................................................................................................... 13
6.3 eID Applications ...................................................................................................................................................... 14
6.4 eID Card Body ......................................................................................................................................................... 15
7 Registration, and Card Issuance Workstations ................................................................................. 18
7.1 Enrolment solution basic principles ................................................................................................................. 18
7.2 Schematic Enrolment process representation ............................................................................................. 19
7.3 Registration Workstations Equipment ............................................................................................................. 19
7.3.1 Registration Solution Module ......................................................................................................................... 20
7.3.2 Photo Capture Module ...................................................................................................................................... 20
7.4 Special Features for the Mobile Registration Workstation ....................................................................... 21
7.4.1 The presentation of the kit ............................................................................................................................. 21
7.4.2 Exterior .................................................................................................................................................................. 21
7.4.3 Interior ................................................................................................................................................................... 22
7.5 The Enrolment and Card Issuance Application ............................................................................................ 25
8 Card Management System ....................................................................................................................... 28
8.1 The CMS Application .............................................................................................................................................. 28
8.2 The Concept of Lifecycle Management for eID Cards ............................................................................... 29
9 Electronic Document Management System (EDMS) ....................................................................... 32
9.1 Document Management ....................................................................................................................................... 32
9.2 Document Scanning ............................................................................................................................................... 32
9.3 Document Storage and Retrieval ...................................................................................................................... 33
10 Card Personalization ................................................................................................................................... 34
10.1 The Personalization Management system ..................................................................................................... 34
10.2 The Personalization Machines ............................................................................................................................ 34
10.3 PKI Infrastructure for Document Signing ...................................................................................................... 35
11 ABIS .................................................................................................................................................................. 37
12 Other components ....................................................................................................................................... 39
12.1 WAN over 3G/EDGE Solution ............................................................................................................................. 39
12.2 BIMS Solution .......................................................................................................................................................... 39



12.3 Query Management and Stakeholders Interface Solution ....................................................................... 39
12.4 CRM Solution ............................................................................................................................................................ 40
12.5 ICT Asset Management and Helpdesk Solution ........................................................................................... 40
12.6 The Cryptographic Infrastructure ..................................................................................................................... 41
13 Project Execution ......................................................................................................................................... 42
13.1 The Business Continuity Plan ............................................................................................................................. 42
13.2 Training Plan ............................................................................................................................................................. 42
13.2.1 Training methodology .................................................................................................................................. 43
13.2.2 Training programs list .................................................................................................................................. 44

Figures
Figure 1 Overview of the Infrastructure ........................................................................................................ 9
Figure 2 The principal applications ................................................................................................................ 11
Figure 4 Photo Module ....................................................................................................................................... 20
Figure 3 Integrated desktop biometric capture station ......................................................................... 20
Figure 5 Schematic Overview .......................................................................................................................... 28
Figure 6 Example of a Card Lifecycle / Workflow .................................................................................... 30
Figure 7 Datacard MPR5800 ............................................................................................................................ 35

Tables
No table of figures entries found.



1 Foreword
The Ministry of Internal Affairs has submitted an inquiry to Pitkit and Zetes to elaborate on the issuance
of electronic identity cards.
This document will provide an overview of the steps and the components that involve the issuance of
electronic identity cards (eIDs). It is a high level description and for further detailed information we
suggest to organize an informal workshop to elaborate on the subject.



2 Company profile of Zetes
ZETES, is one of the leading ID integrators with large experience in delivering turn-key registration
systems to governments in Europe and Africa.
ZETES, a Belgian company founded in 1984, has taken a leading position both in the goods identification
market (tracking and tracing of goods) as in the People Identification market in EMEA, delivering turn-
key solutions to governments.
ZETES went public in 2005 (EURONEXT stock market) and has been profitable since its very beginning.
More than 1100 employees are working for ZETES, and a revenue of 220 million euro was generated in
2011. Since 2005, ZETES has implemented several successful biometric government projects in Africa.
For this purpose two hubs have been installed locally : one in Abidjan (Ivory Coast) including an e-
passport and a visa personalization site, and one in South Africa through acquisition.
In particular ZETES is convinced to have the best competences to bring the best suitable solutions in
African countries:
- With more than 10 references of biometric population census in Africa in the last 5 years, ZETES
is certainly one of the leaders in this field and has gained a great expertise in conducting
successfully such projects and in implementing reliable, efficient and secured solutions.
- Zetes is an experimented company with an acceptable size. We still have the important
advantage of offering the flexibility needed to succeed this project whereas the bigger
companies will have to respect loads of internal procedures first before being able to act and
react.
- Through the collaboration with a local partner and/or with the local authorities in Liberia, we
will make sure that the transfer of the know-how to the local authorities will be perfectly
possible.
- Zetes has a total control of the people identification solutions and in particular of the project
management of large-scale people identification projects: biometric census, digitalization of
documents, centralization, national AFIS services, management of central databases and
national register, production of secure documents (ID cards, passport, social-security cards,
etc.).
- Zetes has a perfect mastery of most leading biometric technologies: ZETES from the beginning
of its activity in the field of people identification chose the leading providers of technologies for
the civil AFIS. All the projects led on the African continent have integrated these technologies
and know how on the subject. This long-time collaboration with the major players in this field
allowed us to build a real partnership which represents a key success factor for the
implementation of people identification projects.
In the next chapter we are glad to present some of our key references in Africa in the field of people
registration, de-duplication of civil registrations, issuances of secure cards (including biometric
technologies), etc.
These credentials show the vast experience ZETES acquired in the implementation of large scale census
projects in various environments. This knowledge of the field and inherent constraints in the latter



allowed ZETES to build strong solutions and to upgrade them by taking advantage of previous
experiences. Because of best practices developed in this field and minimal overheads, Zetes and its
partners are able to offer a competitive proposal.
The projects that we have implemented have been recognized many times by large international
organizations: the PNUD, the United Nations authorities and the European Union.



3 Some of our key references
In 2005 ZETES provided United Nations 10.000 biometric enrolment kits which allowed registering
of about 26 million citizens in Democratic Republic of Congo in less than 6 months. In order to do
that, about 25000 persons have been trained. In 2006 ZETES has undertaken, in Democratic
Republic of Congo, the registration of the armed forces with the production of an electronic ID card
(chip card).
Beginning of 2007, the government of Togo awarded ZETES as unique operator for the biometric
registration of its voters, the verification of doubles in a service bureau mode, including the
constitution of central database and the production of electoral lists.
July, 2007, ZETES was chosen by the Government of the Republic of Cap Verde to complete
successfully the population census of the population and the production, in a second stage, of an
electronic identity card.
March 2008, Republic of Burundi - Commissioned by a consortium comprising of Belgian Technical
Cooperation (CTB) and SOFOS Consultants, an international consultancy bureau, Zetes has been
selected to supply biometric enrolment and card production systems to identify the countrys
approximately 58,000 civil servants. Zetes won contract to supply equipment and specialized
services for :
the biometric and biographic enrolment of civil servants
the centralization of data and deduplication
the production of secure cards
April 2008 : Ivory Coast decided to use the technology and know-how of ZETES for its biometric
passport. The Ivory Coast State granted a 15-year concession to SNEDAI (National Publishing
Company of Administrative and Identification Documents), which selected ZETES as its exclusive
technical partner for that same period, a decision that has been ratified by the Ivorian government.
The new Ivorian electronic passport will include the latest available identification technologies and
will hold the following information: the photo, names, address, digital fingerprints and signature of
the bearer.
December 2008, Zetes, announced that it has been awarded a contract for the enrolment of social
insurees in Gabon, as technical provider for the electronic health programme piloted by Gemalto,
the manager of this project. The health card, containing essential information about the social
insurees, will make it possible to determine who is entitled to what forms of care and drugs and in
what quantity. Zetes participated in this project to furnish a solution for enrolling the beneficiaries.
The number of people to be enrolled is estimated at around one million.
January 2009, Zetes, has announced the signing of a second contract with the government of Togo.
This contract, which covers the delivery of 500 mobile biometric kits, comes further to the scheme
aimed at compiling the electoral registers for which the Togolese authorities had previously called
on the services of Zetes in March 2007.
January 2009 - Zetes, announced the signing of a contract with the United Nations for the updating
of 6000 registration kits. This made it possible for the Independent Electoral Commission of the
Democratic Republic of Congo (DRC) to update the voter registration lists of the DRC.



March 2009 Zetes, announced the signing of a new contract with the consortium composed of the
Belgian Technical Cooperation and the French firm SOFOS Consultants bearing on a census of the
Burundian military. This project was concluded in the aftermath of the civil servants census project.
August 2009 Zetes, in partnership with the company SNEDAI (The National Company for the Issue
of Administrative and Identity Documents), announced the launch of its latest projects with the
Ivorian authorities: the biometric visa and the biometric diplomatic and service passports.
August 2009 Zetes, announced the signing of a contract with the IOM (International Organisation
for Migration) for the registration of the staff of the PNC (the Congolese National Police).
2009 2010 : ZETES delivered 1250 new biometric voters kits including the supporting services,
AFIS service and voters cards for 3 million voters in Togo.
RDC 2010 2011 : ZETES delivered the application update and support service for the DRC voters
application for UNDP, and deliver more than 10.000 new biometric voters systems with
accompanying services (separate contract with DRC government) and the AFIS service contract for
deduplication of a voters database with more than 30 million voters (CENI project).
Sierra Leone 2012 : Zetes is been appointed by the UNDP for the deduplication and the production
of voter cards for the people in Sierra Leone. Zetes is working in close collaboration with a UK
partner for the successful implementation of the project.



4 Introduction
The purpose of this document is to provide a concise overview of the issuance of eID cards in Liberia.
The following schema lists the major components of our proposal:

Figure 1 Overview of the Infrastructure
Identity Card - from Zetes/Pitkit
Cards for civil servants operating system and SAM card for special card readers
PRS -Enrolment and Card Issuance Application from Zetes (BE)
CMS - Card Management System
ABIS - Automated Biometric Identification System
PMS - Personalisation Management System from Zetes
Personalisation Equipment
Cryptographic Infrastructure (HSM)
Document Signing + PKI
Billing System, Query System, CRM, NOC, Asset Management, etc.
ICT Infrastructure
Personalisation Facility and the ICT Data Center
All the main parts are from independent manufacturers to avoid vendor-lock in. We realize that it is in
the governments interest to have maximum freedom and autonomy in the execution of its mission. In



the following chapters we will briefly introduce the mentioned above items. These topics can be
discussed in greater detail in separate documents.



5 Overview of the Principal Applications
The picture below shows the principal applications that are involved in citizen enrolment, validation and
document personalization:
Card Management System (CMS)
Automated Biometric Identification System (ABIS) or Automated Fingerprint Identification
System (AFIS)
Enrolment and Issuance Application (PRS)
Personalization Management System (PMS)
Personalization Equipment

Figure 2 The principal applications

At the heart of the solution is the Card Management System (CMS). This is a central application that
manages all the data, lifecycle events and status for all citizens, passports and identity cards. The CMS
also provides the primary data flow and work flow management upon which the enrolment & issuance
cycle is built. The CMS also takes care activation and post issuance updates for the eID card.
The enrolment and issuance stations (PRS) are autonomous configurations located in registration offices
around the country. The enrolment application collects and proofs all biographic and biometric data



pertaining to a citizen and the requested card. The enrolment station stores and forwards this data to
the CMS. The CMS takes care of the validation process with internal systems (ABIS, billing) and
automated external systems (law enforcement, ) if required.
The ABIS has a supporting function for the validation process managed by the CMS. Its primary task is
to detect potential cases of multiple requests by the same person.
Once the request is approved by the ABIS and all external authorities, the CMS will prepare the
personalization data and personalization order for the Personalization Management System (PMS).
The PMS is the central application that controls the personalization process of the identity. This
application plans and schedules personalization jobs on the various machines and is responsible for the
data flow, work flow and material flow within the personalization room.
Personalization of the identity card requires support from a PKI infrastructures (the Country Signing CA
and Document Signer infrastructure).
Once a card is personalized it will be shipped to a local issuance office. The issuance workstation will do
a biometric verification of the citizen before the documents are handed over. The issuance workstation
is also responsible for activating the eID chip. The issuance stations report the status of the card back to
the CMS which will continue to monitor the cards state for years until it reaches the end of its life cycle.



6 The electronic ID card
6.1 Introduction
The ROM memory of the chip is pre-loaded with various applications that can be created when
required, during initial personalization or post-issuance. The card body is made of PolyCarbonat PC
material.
As an example for a typical eID we propose the Masktech Pro eID platform on a ST23YR80 microchip of
ST Microelectronics. This is a contactless chip, but for the Liberian project it can of course be a contact
chip. The product reference of the ST Microelectronics chip is ST23YR80-MHB.
This product consists of the following parts:
a secure microcontroller ST23YR80A
o a contact version for civil servant cards and for SAM cards
o a contactless version for the national identity card for citizens, refugees and aliens
a multi-application platform MTCOS Pro
e-government applications
built-in Match on Card for fingerprint matching
a contact module and a contactless module to hold the chip and an antenna inlay (for
contactless cards only)

6.2 eID Chip
The ST23YR80 is a dual contact/contactless smartcard MCU with 80 Kbyte EEPROM, enhanced security,
cryptoprocessor and optimized RF performance. It is based on an enhanced STMicroelectronics 8/16-bit
CPU core offering 16 Mbytes linear addressing space. It is manufactured using an advanced highly
reliable ST CMOS EEPROM technology. An RF Interface including an RF universal asynchronous receiver
transmitter (RF UART) enables contactless communication up to 848 Kbits/s compatible with the ISO
14443-B standard. Moreover, an ISO 7816-3 EMV-compliant asynchronous receiver transmitter (IART).
communication peripheral is available.
The MTCOS Professional eID platform is a traditional smartcard operating system that incorporate all
the functionality needed for use as an electronic travel document, a driving license, an ePurse, a voter
card, an electronic ID card and more.
A powerful ISO / IEC multi-application file system is included in MTCOS. Applications are activated or
added by simply creating new application directories. Application installation and update is protected by
administration keys.



Individual configuration of eMRTD security features like BAC, AA, EAC and SAC protocols are also
available to the applications on the chip.
MTCOS supports the latest version of the GlobalPlatform personalization specification. E.g. sensitive
data communication is encrypted the chips have to be unlocked by a cryptographic authentication by
means of a SAM card or an HSM. Unauthorized access before personalisation is prevented by transport
keys.
MTCOS supports a variety of cryptographic methods such as Elliptic Curves, RSA, 3DES and AES with key
lengths meeting present and future security demands. Further customer specific cryptographic
procedures can be loaded securely in any life cycle phase of the chip.
The card can be configured with travel document application only or with e-Government applications
and support of advanced signature and PKI authentication features, all combinations are possible.
The platform can be upgraded flexibly on customers request without changing the ROM-mask. The
changes are loaded completely encrypted during the OS setup using the loading mechanism that is
Common Criteria certified. The resulting product configuration is completely security tested and
certified.
Pre- and post issuance loading of additional applications and plug-ins is done by Common Criteria
certified application loading mechanism and can be done at any time in the card life cycle (definable by
the card issuer). Third party plug-ins such as match on card algorithms from different vendors or
cryptographic features can be added securely

6.3 eID Applications
The Masktech Solution MTCOS Pro 2.1 is dedicated for Government projects requiring a secure
Contactless SmartCard Platform providing multi-application support. This chip allows the government to
implement a combination of the following applications :
Electronic Passport Application (ICAO DOC9303, BSI Tr03110)
Electronic ID Card Application (CEN 15480)
eHealth Application (ISO/IEC 24727):
International Driver License Application (ISO/IEC 18013 compliant)
eVoting Application
ePurse Application
Generic ISO/IEC 7816 Compliant Applications



6.4 eID Card Body
Zetes proposes full Polycarbonate cards made of Polycarbonate sheets. The sheets are laminated at the
right combination of temperature, time and pressure to make a very durable card with a lifetime of 10
years in normal usage conditions. Card bodies made of 100% polycarbonate provide he highest security
and durability of all identification card solutions today, allowing for a lifespan sometimes comfortably in
excess of 10 years
A very unique property of polycarbonate is that it cannot be delaminated. Under the appropriate
temperature and pressure level, the polycarbonate sheets will literally fuse together, without glue,
creating a homogenous card body. During lamination, security features are entrapped into the various
sheets.
Personalization by laser engraving can be applied to polycarbonate cards and is irreversible, at the same
making counterfeiting difficult due the expertise and the very specialized equipment that is required for
personalization.
The card will be compliant with international standard ISO 7810 for ID-1 card size and ISO 14443 for
cards with a contactless chip.
On the next page we will show a draft of the layout of the Liberian eID card. Of course this graphic
design is just a proposal and can be modified by the Liberian government.



UV fluorescent Ink
Laser Engraving
Hologram
Two Colors Guilloche
IR anti stokes ink
Changeable Laser Image( CLI)
Embossed Pattern
Contact module
Two Color Micro Text Printing
Digital water mark
Tactile laser engraving
Laser Engraving
Micro Text Printing
Security Ink
2D Barcode
Optical Variable Image( OVI)
Two Color Micro Text Printing
1 Three colors offset printing
2 Iridescent color printing
3 Optical variable image
4 Guilloche patterns
5 Ultraviolet fluorescent Ink
6 Ultraviolet fluorescent Guilloche
7 Micro text printing
8 Defect text printing
9 Nano text in special hologram
10 Hologram (DOVID)
11 Digital water mark
12 2D bare
13 Laser engraving
14 Tactile laser engraving
15 IR anti stokes ink
16 Special Security ink
17 Contact module
18 Security code
19 Embossed Pattern

Security Features
The following security features were applied in the Liberian polycarbonate employee card:



Level 1 Security features:
offset printing
Guilloches
Hologram DOVID
Digital Watermark
Rainbow printing
(iridescent)
Micro Text
Embossing
Laser Engraving
Laser Engraving / Tactile
Optical Variable Ink

UV fluorescent printing
Anti-stokes
UV fluorescent guilloche
CLI
voluntary errors

Special Security Smart
Ink (Taggarts)



7 Registration, and Card Issuance Workstations
7.1 Enrolment solution basic principles
The enrolment solution to request an identity document is based both on the collection of biographic as
well as biometric information.
For the biographic information, the applicant can provide all the information using the appropriate
form. This form can be completed before the persons present themselves at the registration center.
Obviously these forms can be completed at the center itself. Based on the information recorded on the
form, the operator of the registration solution then enters that information into the software solution.
In regards to the biometric information, three sets of data will be collected, a photo, a handwritten
signature and one or more fingerprints. For the photo, ICAO compliancy is required since it will be used
to issue an identity document. This international standard provides guidelines for the capture of (facial)
photographs that will later on be used in identity documents in general (could be ID-cards, passports or
visas). The fingerprints are used to verify that a single person obtained only one identity document. Also
the fingerprint data is governed by ICAO rules and guidelines.
Besides the collection of the biometric and biographic information, the proposed software solution will
also be able to collect digital scans proof-of-identity documents used to obtain the identity document.
Each enrolment record is assigned a unique identifier before it is stored in the local database or when it
is transferred to a central system. This unique identifier is independent from any other unique personal
identifiers issued to the applicant and recorded by the enrolment solution. This mechanism is used to
assure no database conflicts can occur because of an identifier is issued to multiple citizens.
Regardless whether the software solution is installed on a fixed or a mobile system, the operational
characteristics remain identical.
Because of the underlying technology used, a translation of the user interface into virtually any language
is possible. The default language is English.
The application developed by Zetes PASS manages the whole of the resources which make the station.
The standard functionalities are listed further in this document.
The specific project requirements will be implemented by the Zetes development team.



7.2 Schematic Enrolment process representation

7.3 Registration Workstations Equipment
The fixed workstation is primarily foreseen to be installed at enrollment offices. It is not the intention to
move the configuration once installed (except for some special circumstances).
The enrolment application foreseen is a stand-alone client application that communicates the collected
enrolment data to the (central) server through available network infrastructure.
The software solution installed on these workstations is in conformance with the functional
specifications as specified in many tender documents.



7.3.1 Registration Solution Module
For a more convenient enrolment experience, Zetes has opted to integrate the different peripherals
(except for the camera) into one solution that will be placed on the desk of the official performing the
enrolment operation. The peripheral devices described above will be integrated into this solution. The
illustration below shows the integrated desktop biometric capture station.

7.3.2 Photo Capture Module
The camera solution is also an integrated solution that combines the high resolution camera with the
necessary illumination setup in order to take ICAO compliant pictures of the applicant. The camera
assembly will be mounted on a tripod that the operator can adjust in order to adapt the setting based
on the height of the person. A uniform background will be mounted on a second tripod that must be
installed behind the applicant. The illustration below show the camera assembly.

Figure 4 Photo Module

RFID reader
Stylus for the
signature pad
Fingerprint
capture
device
Signature
pad
Feedback
screen
Figure 3 Integrated desktop biometric capture station



7.4 Special Features for the Mobile Registration Workstation
This workstation is primarily meant to give citizens living in remote areas or who cannot visit one of the
enrolment sites the opportunity to also apply for the identity document. Since in those remote
locations, the network infrastructure may not always be available, a mobile enrolment station is
foreseen.
From a software solution point-of-view, the solution used on the mobile station is virtually identical to
the fixed workstation. Some functionalities may differ or may even be absent because a certain
peripheral device is not included in the configuration of the mobile installation.
One important difference between the two workstations is the communication of the collected
information to a central system. For the mobile configurations, the collected data is initially stored in a
local database. The collected information is secured using a state-of-the-art encryption algorithm from
the moment it is stored in the local database. At some given intervals, the data stored in that local
database will be exported using some offline device (USB memory card, CD/DVD). This device is then
sent to the central site for further processing.

7.4.1 The presentation of the kit
The ZETES enrolment kit can operate for at least 8 hours on its batteries. Depending on the number of
enrolments per hour this can even extend to more than 12 hours (depending also on the battery
configuration).
The batteries can be recharged in about 3 hours time from completely depleted to 100%.
There is no need to interrupt the enrolment process to change batteries. The batteries are integrated in
the printer and the laptop.
Optionally the kit can contain an additional external lithium battery for autonomy of 2 days or more.
This external lithium battery pack can be recharged independently from the laptop or the printers
internal batteries. The external battery pack can power the printer, the laptop or the USB devices via a
powered USB hub.
The kit case in se is a US Military Standard waterproof case SKB type 3I-2015-10B-E. The enrolment
station shown on the next is a mobile enrolment kit.

7.4.2 Exterior
The case is moulded of ultra high-strength polypropylene copolymer resin,
with the following characteristics:

Waterproof and dust tight design (MIL-C-4150J)
Submersible design (MIL-C-4150J) that is resistant to corrosion



and impact damage
Moulded-in hinge for added protection
Trigger release latch system
Snap-down rubber over-moulded cushion grip handle
Ambient pressure equalization valve (MIL-STD-648C)
Resistant to UV, solvents, corrosion, fungus (MIL-STD-810F)
Resistant to impact damage (MIL-STD-810F)

The case is equipped with a carry handle and an integrated trolley system with two robust wheels and a
retractable carry handle.
The exterior dimensions of this compact case are 565 x 476 x 304 mm. The case weighs 6,2kg and
approximately 8kg including the two foam interiors.

7.4.3 Interior
The interior of the case is divided into two interior compartments that are tailor made to contain all the
equipment, cables, consumables etc.

The technical drawing on the left
illustrates a very similar design as the
one that will be produced for this
project based on the same carry case
and with a similar configuration
(laptop, printer, camera and
fingerprint scanner).
The upper interior
All the peripheral equipment such as
printer, fingerprint scanner, webcam
and signature pad are integrated (with
the cables connected) in the upper
interior, ready for use.
The peripheral equipment is connected
to a USB hub inside the upper interior.
When the interior is placed on a table,
this hub allows easy connection to the
laptop using only one (!) USB cable.
The camera and its tripod or mounting foot are lifted from the interior and are placed on the table or on
top of the interior.
The upper interior also has an internal cable tray for the USB cables, the AC/DC adapter and power
cable of the printer and optionally an lithium ion battery pack. The cable tray is covered with a
removable lid.



The upper interior can be taken out of the case using two integrated loops and placed on a table. All the
operator has to do is to connect the outgoing USB cable from the upper interior to a free USB port on
the laptop. If available, the printer and the laptop can be plugged into the electricity mains.
The lower interior
The laptop is stored in the lower interior together with its AC/DC adapter, power cable and a power
surge protection device. The laptop is taken out of the case and placed close to the upper interior on the
table. A single USB cable connects the laptop to the USB-hub inside the upper interior.
This approach has two advantages:
a compact footprint of the interiors and therefore a compact carry case
choice of position for citizen and operator (opposite one another or next to one another)
Remark: The layout of the interiors can be adapted to the requirements of the customer.
The inside of the lid is covered with foam to protect the equipment in the upper interior during
transportation.
Equipment typically stored in the upper interior (pre-cabled):
an inkjet printer
a single fingerprint scanner
a webcam
a USB hub with 4 outgoing ports
If necessary, other components can be included such as a signature panel etc.
Equipment and consumables typically stored in the lower part:
a foldable background panel + tripod
a tripod or foot for the webcam
a laptop computer with its extra slice battery, AC/DC adapter and power cable
collection of small items such as ink cartridges
The following technical drawings illustrate this concept. The configuration and layout of this example
can be modified in relation to the specific requirements of the Ministry of Internal Affairs.





7.5 The Enrolment and Card Issuance Application
This solution has been used or is in use since about 3 years for several national enrolment projects in
total of over 30 million individuals and for registration of visa applications (EU/Eurodac).
The enrollment and card issuance applications of two parts:
1. Part 1 A local enrolment application on the enrolment station. For biometric data acquisition
and a absolute minimum of the biographic data acquisition we will use a pre-installed Windows
application, Zetes PRS. This application can work without network connection and because it is a
native Windows application has full control over the local peripherals like the fingerprint
scanner, the automated photo booth, signature scanner, etc. and provides a responsive GUI for
data manipulation and for image manipulation.
2. Part 2 a browser based user interface to interact with the central Card Management System.
This interface is used to perform all tasks not directly related to biographic and biometric data
acquisition.

Workflow and Dataflow Management
The application manages configurable sets of input sources, output targets and processing tasks. Input
sources can be files, databases, manual input via the keyboard, scanners, photo cameras, fingerprint
scanners, etc. Output targets can be files, databases, web services, etc. Processing tasks are automated
or interactive procedures to collect data, output data or process data. The system maintains a set of



rules that tie input, processing and output together in a pre-defined provide dataflow and workflow
management.

Data Validation
All data can be verified and validated according to rules defined by the operating organization or
according to international standards from ISO/NIST/ICAO. Data validation takes into account local
standards or local resources, like lists of postal codes, names of provinces, etc. Biometric data can be
subjected to (semi-)automated quality control, e.g. to guarantee that a facial image meets the
requirements by ICAO or that fingerprints guarantee accurate results for ABIS processing or 1:1 checks.

Biographic and Biometric Data Acquisition
The PRS application can be used to perform multi-biometric data acquisition such as facial image and
fingerprint image collection and can easily be extended for other forms of biometrics like full palm
prints, iris, etc.

Flexible Data Output
Data output can be provided for in any format and protocol. Popular output formats are XML, flat text,
SQL scripts, binary formats for images or NIST/ICAO/ISO data formats. Output protocols can be anything
from file transfer, SOAP based web services, local and remote database access, etc.

Stand-Alone Operation and Connected Operation
The PRS application is a completely autonomous application that can be operated in stand-alone mode
or in connected mode. In stand-alone mode the application can perform a complete enrolment
procedure or card handover procedure. All data is stored locally and can if required be synchronized
with a central system if and when required.
In connected mode the application can link with a central system either in classic client/server mode or
in a loosely coupled, asynchronous mode based on SOAP-based web services.

Security
Data records can be encrypted and signed. Operators need to authenticate by means of user ID and
password or fingerprint.

Modular and Extensible Architecture



The PRS application is like a framework around a set of plug-ins. These plug-ins are usually single-task
modules which are either simple single-screen or multi-screen user dialogs. Multi-screen plug-ins can be
sequential wizards or a set of separate tab pages.
Most importantly, the architecture allows third parties to add their own plug-ins to extend or modify the
application. This guarantees the government that the application can be enhanced to fulfill future needs
and that the government is not locked in by a single supplier for the maintenance of such a strategic
application.

Final / Liberia.ZETES.eID.MOI.docx
8 Card Management System
8.1 The CMS Application
The CMS is the central part of the
PMS and it manages the workflow and data flow
application that will be hosted on a cluster of Java application servers.
the central storage system in a dedicated Oracle database.

CMS takes care of:
validation all requests for
storing the history and data associated with citizens and cards
generation of daily orders for personalization of
managing the life cycle of cards and the applications
cryptographic key management for card issuance, card updates, etc.
secure activation of the eID card at handover
post issuance updates of applications and data on the eID card
The CMS manages the card
configuration data such as issuers, target groups, card types, card programs, card
personalization bureaus, chip types, operating system, card programs, application data,
application versions, etc. which are all stored in a secured Oracle database.
LIBERIA
.ZETES.eID.MOI.docx
ard Management System
The CMS Application
is the central part of the system. It integrates with the other systems such as the ABIS and the
PMS and it manages the workflow and data flow between the various systems.
application that will be hosted on a cluster of Java application servers. The data for the
the central storage system in a dedicated Oracle database.
Figure 5 Schematic Overview
all requests for cards with the ABIS and external authorities
storing the history and data associated with citizens and cards
generation of daily orders for personalization of cards
of cards and the applications and data on those card
cryptographic key management for card issuance, card updates, etc.
secure activation of the eID card at handover
post issuance updates of applications and data on the eID card
The CMS manages the cardholders, cards and applications and their lifecycles based on
tc. which are all stored in a secured Oracle database.
eID project essentials
28 / 47

. It integrates with the other systems such as the ABIS and the
between the various systems. The CMS is a J2EE
The data for the CMS is stored on

cards
holders, cards and applications and their lifecycles based on
tc. which are all stored in a secured Oracle database.



The CMS operator use a web-based GUI (see picture below) and contains the logic and
processes to perform all the required tasks in cooperation with the other elements mentioned.
The CMS creates an audit trail of all actions and it can generate a number of standard reports
for these and the entities mentioned.

Our proposal for the Card Management System is built around a specialized product called Token
Manager. Token Manager is a professional Card and Application Management System (CAMS) used by
dozens of governments and financial institutions for managing the issuance and life cycle of a few
hundred thousand to tens of millions of cards.
On one hand the bulk of the functionality has to be implemented and deployed in the very short
timeframe of only 18 months and on the other hand the system will be extended and enhanced to
handle the card management for 5 years and beyond. We decided to choose a standard product as the
centerpiece of our concept instead of building a system from the ground up.
The number one challenge is to have all of the most relevant functions up and running in less than a
years time. We feel that using a tried and tested product is the best answer to meet this challenge.
The Token Manager card management product is the sixth generation of a product line with a history of
more than 15 years. The manufacturer of this system only produces 1 product for 1 purpose: mass
volume card management.
The integrator of this project, Zetes, has over 10 years experience with managing the Belgian and Israeli
eID-card project, a project with a comparable scale and complexity as the present project. Zetes also has
a proven track record for implementing and deploying a mass registration and enrolment system for the
United Nations and national government, involving the collection and deduplication of digital
photographs and fingerprints for up to 30 million people.
The experience of Zetes is unique in the market and will be a key factor for the success of this project.

8.2 The Concept of Lifecycle Management for eID Cards
A key concept of the CMS is that of lifecycle. A life cycle defines the business logic that is applied for a
passport or card from start till finish. The life cycle defines all the states and state transitions that can
happen to a card during its lifetime. This means that a card can never be brought in an undetermined
state and that the state of all cards is known at all times.
The lifecycle concept is even more important for the eID card than for a passport or a card without chip.
An eID card is not designed to be a single purpose, static document that doesnt change during its five
year lifespan. The eID card is a state of the art, complex multi-application card. Managing the life cycle
of such a card also means managing the lifecycles of the various applications on the card and managing
the life cycle of the card holder. All these life cycles are interconnected and form a complex web of



relations. Manual interventions or automatic actions can be both the cause and result of a change of
state in an objects life cycle. Lifecycles also influence other lifecycles; a change in the state of a card
application could also cause a change in the state of the card
Lifecycles are THE core design concept of the product. Lifecycles are applied to everything: cards, card
holders, card types, applications, application programs, target groups, etc.
All objects with a lifecycle are managed from start to finish, spanning several years.
Below is an example of a typical lifecycle for a national eID card. The transitions in the card life cycle are
closely linked to the workflow of enrolment, validation of the requests with the ABIS, payment check
,police watch lists, etc. followed by acceptance of the request, data preparation, personalization,
shipment, card activation, operational use of the card (active card <-> block/unblock card) until finally
the card reaches its end of life.

Figure 6 Example of a Card Lifecycle / Workflow



For the Liberian project the CMS can be configured for the following card types:
3 types of eID cards using a contactless chip and 1 applet
o card type for citizens
o card type for refugees to be discussed
o card type for aliens to be discusssed
SAM cards used in the card readers at the registration offices
cards for civil servants for authentication, digital signature and (physical) access control
(*)

For each type a specific card life cycle will be created
* Depending on the outcome of the design phase it is possible that the cards for the civil servants will be
managed and personalized outside of the CMS, e.g. using the smartcard and certificate management
tools of the Windows Domain Controller and the Windows Certificate Server. This will depend on the
governments preferences and on practical considerations.



9 Electronic Document Management System (EDMS)
9.1 Document Management
In our proposal the EDMS consists of three parts:
1. the enrolment stations that scan the supporting document presented by applicants for an eID
2. the scan stations at the Ministry of Internal Affairs that scan the new paper forms for refugees
and aliens
3. the central document archive, which is an integral part of the CMS

9.2 Document Scanning
The documents will be scanned at a resolution of 300dpi. The documents originate from two sources:
- The enrolment stations for enrolling citizens requesting an eID card
Every enrolment station is equipped with oneA4 flatbed scanner.
- A group of scan stations with autofeed scanners at the governments data centre to scan the
registration form used by the Ministry of Internal Affairs

The scanned documents will be converted into PDF/A documents. The type and quality of the document
allowing we will apply OCR and text indexing to make the PDF/A searchable. In all cases the image(s)
contained in the PDF/A will be compressed to reduce the size of the PDF/A to an acceptable size for data
transmission and storage in the central document archive. The compression ratio and the choice
between colour, grayscale or black&white will be specific to each document in order to obtain the best
possible compromise between size and visual quality. However, at all times the compression rate must
guarantee that the size of the PDF/A documents are below a pre-defined maximum due to the
limitations in bandwidth and storage space.
We performed extensive testing using various compression rates for colour and grayscale scans of birth
certificates and 2GID cards. This resulted in the following:
Scanned Supporting Documents for Citizens when applying for an eID:
- one 2GID ID card, both sides, colour or grayscale
- one birth certificate, colour or grayscale
- one text document (2 pages), black&white
The total size of all PDF/A documents combined may not exceed 480kbyte / citizen.



9.3 Document Storage and Retrieval
The CMS is designed to store images and documents that are associated with cards and card holders,
such as facial images, fingerprint images, signature images as well as images of scanned documents. The
CMS stores these objects in their original formats and adds additional information such as document
type, dates, purpose, comments, etc. An object is always associated with a card holder or a specific card
(which is linked to a specific card holder).
We have foreseen two use cases for PDF/A archival inside the CMS database:
- citizens - supporting documents for application for an ID card
- refugees and aliens a newly designed paper form for registration of refugees and aliens

Images and documents are stored in the CMS database which is hosted on a Storage Area Network.
These objects are therefore always available, unlike when these objects are stored on a tape archive.
By including the objects in the database the CMS/EDMS can use the databases data protection
mechanisms and data backup mechanisms.
In contrast to other data in the CMS database these images and documents are archived and are not
frequently retrieved or updated. Therefore the CMS database provides a mechanism to optimize the
balance between cost and performance. The CMS puts images and documents in a part of the database
that is hosted on a part of the storage system that uses large (but slower) disks. The other data of the
CMS database is hosted on a part of the storage system that uses fast (but smaller) disks.

Documents can be retrieved from the CMS/EDMS database in three ways:
- by direct reference (card reference or card holder reference)
- by query on metadata such as document type + date range combined with any card or card
holder attribute
- by text search, for those PDF/A documents that allow text search (this requires OCR and text
indexing when the PDF/A is generated), using the Oracle Text feature of the Oracle database



10 Card Personalization
10.1 The Personalization Management system
It should be noticed that Zetes has a proven experience in setting up fully equipped personalization sites
for the governments of Belgium, Israel and Ivory Coast, either in Build & Transfer or in Build & Operate.
The primary task of the Personalization Management System is to prepare, synchronize and monitor the
material flow, data flow and workflow which will ultimately lead to the personalization of passport
booklets. The PMS manages the day to day operations in the personalization centre and is in direct
control of the personalisation machines, the quality check stations, etc.
The PMS has a modular design and consists of the following modules:
Data Preparation
Interfaces with PKI and Document Signer
Job Scheduling and Assignment of staff and resources to jobs
Generation of Production / Personalization Batches
Audit Trace, Reporting and Statistics
Inventory Management
Quality Assurance
Shipment

10.2 The Personalization Machines
Depending of the size of the project and the daily number of cards we will need to decide on the type of
machines to personalize the cards. For another eID project in another country we would require a daily
personalization capacity of 10,000 cards in 2 x 8-hour shifts.
The proposed systems are two Datacard MPR5800 machines:
1 operational line
1 standby line



Figure 7 Datacard MPR5800
These personalization lines are fully automated and can perform the personalization of an identity card
in a single, uninterrupted personalization cycle.
Each machine can provide a production rate of 1550 cards per hour and does inline quality checks
before and after laser engraving. These machines have a modular architecture and can be reconfigured
or refurbished to meet future requirements.

10.3 PKI Infrastructure for Document Signing
Our proposal includes a PKI for Document Signing. Document Signing is an essential part of the
personalization procedure. This infrastructure digitally signs the data that will be written to the chip.
This digital signature allows relying parties (police, banks, ) to verify the authenticity of the data when
they read the eID card. The Document Signing infrastructure consists of three components;
Country Signing Certificate Authority (CSCA) + Administration Client
The CSCA is used to hold the root key for validating the authenticity of the logical data structure
on the chip.
Document Signer(DS)
The DS is closely integrated within the PMS and creates and signs the Document Security Object
(SO
D
) of the logical data structure on the chip. DS certificates are renewed regularly by the CSCA.
LDAP Directory Upload Workstation
A workstation connected to upload certificates and CRLs to an LDAP directory.

All components that have to protect
private keys will use HSM from Thales.
The Document Signers and the CSCA



will share a set of nShield Connect 500.



11 ABIS
Our proposal includes a multi-modal Automated Biometric Identification System (ABIS).
he ABIS consists of the following components
the ABIS Control Application, an application front end for managing incoming requests for
verification, identification and registration of biometric data
a database for storing biometric images and templates
clusters of fast matching engines for face matching and fingerprint matching
an operator tool for manual arbitration for suspected duplicates
an expert tool for analyzing and comparing fingerprints
a scan station for scanning ink cards with (rolled) fingerprints
a set of tools for data migration from the legacy 2GID system into the new system

The scale of the project and the fact that the deduplication will combine fingerprints and face for an
entire population have prompted us to optimize the system architecture and deduplication strategy
accordingly.
We understand that the government does not want to rely on filtering or classification to reduce the
workload of the deduplication infrastructure. We also realize that the nature of the project requires an
inclusive approach whereby every citizen is included even those whose biometric features do not
meet normal quality levels.
All operations can be done using face, fingers or both. Fingerprint matching is supported for rolled
fingerings, flat fingerprints or intermixed (rolled against flat or vice versa). For best performance and
accuracy we strongly recommend that deduplication and identification are always done using fingers
and to use face optionally for special cases. The ABIS can be extended to support iris or palm print
matching in the future.
The ABIS can be used to perform face and fingerprint matching in any order and either separately or in
fused mode (a single score for face and finger).
The infrastructure has reserve capacity and provides full fault tolerance. The servers and the storage
system are high quality high performance equipment. All essential equipment is fully redundant and all
essential applications are clustered for fault tolerance and to allow future extension of the ABIS.

The central ABIS is integrated with the CMS and can be integrated with other applications by means of a
web services interface. All biometric data is stored in an accessible Oracle RDBMS database for retrieval
and use by other applications through standard SQL interfaces. The ABIS system architecture is a Java
based Web Services framework that provides input and output in XML formats consistent with Web
Services used in modern system architectures.
The ABIS Matching Engines are grouped in three clusters, two for fingerprints and one for face. Each .
cluster consists of 12 identical servers. Of these 12 servers all 12 can perform matching of which 10 are
operational nodes and 2 are configured as hot standby nodes. Of these 12 servers 3 can perform as
cluster server (i.e. manage the cluster) of which 1 is the operational cluster server and two are hot
standby cluster servers. The hardware configuration of the servers for fingerprint matching and face
matching are identical with the exception of the RAM memory.



The proposed solution includes the infrastructure for deduplication, identification and verification of up
to 35 million citizens and extensible to up to 50 million citizens. For every citizen 1 facial image and 10
fingerprints (either rolled or flat fingerprints) are stored in the ABIS.
With a full database of 35 million records the proposed solution can handle 400,000 10-print searches
and 88,000 face searches per day. In other words, the clusters for fingerprint matching and face
matching have sufficient spare capacity even for peak days of 75,000 transactions. The response times
with a full database of 35 million people is in the order of 0,4 seconds for matching 10 fingerprints and 1
second for matching 1 face.



12 Other components
12.1 WAN over 3G/EDGE Solution
The Registrations Offices will be connected to the Ministry of Internal Affairs through the existing
3G/EDGE data network of a telecom operator. Our proposal includes one 3G/EDGE USB-dongle for
every enrolment station as well the fiber connection of the data center to the operators backhaul link
by means of a fiber connection. This is the backhaul link that shall terminate at Telco Provider GPRS
gateway for data traffic to the head office. The telecommunication costs (subscription, data volumes,
etc.) will be borne by the government.

12.2 BIMS Solution
The system shall have a business information management (BIMS) tool to manage data through the
whole card issuance process, from the application submission, card delivery up to the issuance of the
card to the applicant. The main purpose of this tool is to provide information and produce reports and
statistics for Enrolment, Verification and validation, Production, Card management life cycle, Revenue
collection, ICT asset management, Application status follow ups, Anomalies and exceptions, System
activity analysis, User activity analysis and Ad-hoc reports by means of:-
Business intelligence
Trend analysis
Dashboards

12.3 Query Management and Stakeholders Interface Solution
Our proposal for the the government system includes a web service oriented interface and query
system to allow consultation of various information and services by external organizations and provide
information as described below:
Registration of Births and Deaths
e.g. for the declaration of deaths and births by a variety of stakeholders (local authorities,
hospitals, embassies, etc.)
Population Registration System (PRS)
e.g. for consultation or update of the civil status of a person
Social Security funds
for consultation of the civil status or for verification of the identity of a person claiming
social benefits



Liberian Police
e.g. for consultation of the civil status or the verification of the identity of victims or
suspects as well as the identification of people without proof of ID, for the declaration of
loss or theft of an identity card, for checking the status of an identity card, etc.
Revenue authorities
e.g. for consultation of the civil status, place of residence, composition of the household,
etc.
Financial Institutions
e.g. for the verification of a persons identity or for checking the status of an identity card
(lost, stolen, non-existent, etc.)

12.4 CRM Solution
The customer care function will provide a web based function that will be available to stakeholders and
applicants to make enquiries on the following:
Services offered by the government
Status of application
Lost and found ID cards
Verification of ID cards
The applicant will query the subsystem via the Internet or SMS giving his/her application number whilst
system security is ensured. The applicant will also be reached by automatically issuing an SMS or email
message when their card is ready for collection at the registration centre or when the application
cannot be processed properly.

12.5 ICT Asset Management and Helpdesk Solution
ServiceDesk integrates the government help desk requests and assets to help the government manage
thier IT effectively. It helps the government to implement best practices and troubleshoot IT service
requests faster. ServiceDesk Plus is a highly customizable, easy-to-implement help desk software.
The government will be responsible for:
Management of ICT equipment.
Providing Help Desk facility staff, stakeholders and citizens.



12.6 The Cryptographic Infrastructure
The technical architecture of our proposal includes cryptographic infrastructure known as Hardware
Security Modules or HSM. This infrastructure is used to protect cryptographic keys that are used to
encrypt and/or digitally sign data.
In this project HSMs are used for the following purposes:
- The card personalization infrastructure uses HSM to secure the keys that are used to apply a
digital signature to the data files on the chip (the Document Signer infrastructure).
- The Card Management System uses the HSMs to secure the keys with which cards can be
locked, unlocked and updated after issuance (activation and post-issuance card management)
- The Card Management System and the ABIS can use the HSMs for encrypting sensitive data
stored in databases (a special feature of Oracle Database Enterprise Edition option Advanced
Security).
The central infrastructure relies on HSM devices to protect important cryptographic keys from
duplication, destruction or unauthorized use.
By using network connected HSMs, multiple servers and applications can share one or more HSMs. The
HSMs are logically grouped in clusters of two or more HSMs to achieve high availability and load
balancing. Each HSM can service multiple applications and segregates the key material per application.
All communication between the applications and the HSMs are secured and applications have to
authenticate to the HSM. For additional security the HSM clusters are put in separate VLAN segments
and benefit from the access control rules and filters imposed by the network switch.



13 Project Execution
13.1 The Business Continuity Plan
In Phase 1 of this project Zetes and the government would work closely together to define and test a
backup plan, a disaster recovery plan, a contingency plan and a business continuity plan. This task is
covered by a separate work package that is clearly mentioned in the project plan in our proposal.
All plans will take into account the specific conditions for this project such as the fact that all the critical
resources are located in the same building. Zetes will formulate recommendations that stay within the
conditions and limitations imposed by the present RFP. For the governments benefit Zetes will also
make recommendations that may go beyond these limitations. For example: keep an additional (cold
standby) personalization machine and part of the stock of blank cards in a different part of town.
The government is simultaneously operator and owner of the critical business processes that are
covered by the Business Continuity Plan. The government will perform the daily tasks to keep the
organization and the infrastructure prepared in case of emergencies or disaster. Finally, government
staff will be trained and prepared so they are able to manage the recovery process (with some
assistance from Zetes if desired).
Zetes puts its knowhow on ISO27001 at the disposal of its customers worldwide regardless whether the
project takes the form of a Personalisation Service, a Build & Operate project or a Build & Transfer
project.
For Build & Transfer projects Zetes assists the customer in establishing a Business Continuity Plan based
on the ISO 27000x practices and guidelines, taking into account the specific limitations of the customer

13.2 Training Plan
The assistance of the Ministry of Internal Affairs is a fundamental element of our vision of the project
for the design, the development, the supply, the installation, the testing and the comissioning of the
smart identity cards of Liberia, allowing to guarantee not only the good progress of the project, the
goals achievement, but also to make the Ministry of Internal Affairs independent in its management and
its control of the new set up systems.
This assistance recovers several themes which seem to us fundamental:
"Coaching" and knowledge transfer beside the agents (mainly ICT). This mission will
have to guarantee the autonomy and the maintenance of the system after its
commissioning.
Training (Functional and technical) of the registration offices agents, of the central site
and personalization sites.



The participation and involvement of the MOI staff.
The assistance for the roll out
The importance of the training for the end users in regards to the effective integration of the new
systems cannot be underestimated.
Through the acquired experience during similar projects, we recommend as much as possible the
approach Train The Trainer" for the training of the users. The objective is to train agents of the MOI.
These agents will then take care the end users training.
The transfer of knowledge towards the co-workers ICT is expressly planned throughout the various
phases of the project and it more particularly through the cycles of magazine(review) and reception.
This approach will allow the Ministry of the Interior and some Decentralization to take the measure of
the functional and technical dimensions of the implemented(operated) global system.
The transfer of knowledge towards the ICT staff is expressly planned throughout the various phases of
the project and it more particularly through the review and reception sessions. This approach will allow
the MOI to take the measure of the functional and technical dimensions of the implemented global
system. The implication of the Ministry staff, wants to be respectful of time and resources, but is
essential in the project approach.
The assistance in the deployment has for objective to assist the MOI after the roll out of the system, by
the assistance to Help Desk, by the technical support in terms of control of the technical infrastructure
supporting the system in general and by the advice in the follow-up of the training initiatives of the
users.
All the aspects described above are an integral part of the methodology that we implement in all the big
projects that we lead in the field of the people identification.
13.2.1 Training methodology
Train the Trainer methodology will be employed whereby selected users will be trained and provided
with material necessary to present the training course to further users of the system. These users will be
responsible for the ongoing training of the end users of MIRP. All users, trainers, and support personnel
will need training and/or resources at different levels. Comprehensive training is a critical requirement
for all persons central to the implementation process. Training will be intense in different components
and careful planning and scheduling is necessary. ZETES will organize the training for the various users of
the system deployed throughout Liberia.
Several types of users will follow dedicated training:
The supervisors, their deputies and operators of the Enrolment Workstations will follow a proven
training cascade that has previously been successfully used in previous projects in Congo where
more than 20,000 operators were put to speed in a record time. It is recommended that 2 operators
per Enrolment Workstations be trained for the enrolment. A model of such training is provided
below in the document. Operators in registration centers that require access to the system will be



trained by specialized and experienced members of ZETES and its partners and will be organized at
the level of the woredas.
At central level, specialized training will be given for the Card and Application Management System,
ABIS, Business Information management System, Customer Relationship Management Portal, Query
System/Stakeholder information system, Billing system, ICT,
The card manufacturing and personalization center will be operated by personnel hired by the
members of ZETES and its partners. Gradually over the course of the project, government appointed
personnel will be trained, familiarized and integrated into the operations in preparation of the
transfer of the infrastructure to the Government of Liberia after the expiration of the contract.

Most training modules consist of a balance between theory and practical exercises, allowing the
trainees to get a solid theoretical foundation and hands on experience during the training sessions.
Each module is put in the context of a business case or realistic situations, allowing trainees to see the
bigger picture and to put the lessons learned in perspective.

13.2.2 Training programs list
In respects of many tender specifications and base on our experience, the following trainings will be
delivered during the project.
Managers Training
Enrolment/Issuance Training
o Enrolment - Operators training
o Enrolment - Supervisors training
o Enrolment - Technicians training
Central application training
o Card and Application Management System
Relevant operational module(s)
Introduction to Smart Card Management
Identity Card Manager operator training
User Rights Module operator training
Key Manager operator training
System Installation, Upgrade and Maintenance training
Relevant configuration module(s)



Identity Card Manager configuration training
Release 6 Data Model training
Manager training
Hands on training
Technical staff training
o ABIS Training
ABIS concepts
ABIS architecture & administration
ABIS web services
ABIS Manual Decision Tool
o Business Information Management System
o Query Management System
o CRM System
o Billing Management System
o Network Administrator training
o Systems, Networks and Telecoms tools Administrator

ICT training
o Linux Training - Fundamentals and Systems Administration
o Oracle Database 11g - Administration
o Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure
o Configuring Windows Server 2008 Active Directory Domain Services
o Configuring and Troubleshooting Identity and Access Management in Windows Server
2008 Active Directory
o Exchange 2010 Administration
o Java Programming
o Certified Ethical Hacker, Version 7
o Training of Trainers (HP Carepacks - Hardware)
o Symantec Endpoint Protection 12.1: Administration
o Network Operation Center System



o ICT Asset Management and Help desk
Back-Up training
o Training of Trainers (HP Insight Control Fundamentals Training)
o Symantec Backup Exec 2010: Administration
Data Centre and Personalisation Centre
o Training on Specialised Equipment (UPS, CCTV, Access Control, Cooling System and Fire
Supression)
o Personalization Management System
Internal Management
Products management
Stocks management
Ticketing management
Purchase orders
Production operators
Machines maintenance plans
Production management
GI - AS communication
Delivery and invoicing (optional)
GI - AS architecture
Layout customization (xml and rave)
Production customization 1
Production customization 2
Application Server
o HSM
nShield Certified Systems Developer (nCSD) courses
nShield Certified Systems Engineer (nCSE)
o PKI for Document Signing
Zetes course
Customer course
o Personalization system training



MPR5800 Operator Training
MPR5800 Administrator Training
MPR5800 Maintenance Training
As required in the technical specifications for each training program it is mentioned if the training is part
of Phase 1 or Phase 2 and if the delivery period so to say :
Pre-installation training
Installation training
Post- installation training.

----------------------- last page of this document -----------------------

Ministry

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Ministry

Transféré par

Droits d'auteur :

Formats disponibles

LIBERIA eID project

Introduction on the issuance of

Vous aimerez peut-être aussi