INTRODUCING BSI MANAGEMENT SYSTEMS
Download
Report
Transcript INTRODUCING BSI MANAGEMENT SYSTEMS
Biometric standards
An overview of biometrics and identity management
February 2010
2
The need to identify
• Every day we are required to identify ourselves
Using a bank card with a PIN at a cash machine
A password to log on to a computer
Using a key to open a door
Punching a code into a keypad to enter the workplace
Using passwords on the Internet
Providing a passport and driving licence as proof of
identity
• We need to be able to accurately IDENTIFY an
individual to minimize current issues and threats
3
Current attributes used to identify
• Name
• Mother’s maiden name
• Address
• Passport
• Postcode
• Birth certificate
• Date of Birth
• Driving licence
• Account no.
• Credit cards
• Passwords
• Utility bills
• PINs
• Membership cards
• Phone no.
• Salary slip
4
Is biometrics the answer?
• A biometric is part of the person and is not easily
compromised through:
Theft
Collusion
Loss
• Simplifies user management resulting in cost savings
• Users do not need to remember passwords
• Users do not need to remember PINs
• User accounts cannot be shared
• Easy to use
5
Biometric definition
• The automated recognition of individuals based on
their behavioural and biological characteristics
The general meaning of biometrics encompasses
counting, measuring and statistical analysis of any kind of
data in the biological sciences including the relevant
medical sciences
• The term is derived from the Greek words “bios”
meaning life and “metron” meaning measure
6
Biological and behavioural
• Biological
Fingerprint
Face (2D & 3D)
Iris
Vein pattern
Hand geometry
DNA
• Behavioural
Signature
Gait
Voice
Keystroke dynamics
7
Iris
• Captures the pattern of flecks on the iris
• Uses conventional cameras
• Average 2 seconds for identification
• No physical contact between user and reader
8
Face
• Based upon the geometric shape and position of
features of the face
• Resistant to changes in skin tone, facial hair, hair
style, and eyeglasses
• No active user involvement required in order to
perform identification/verification
• Limited success in practical applications
9
Voice
• Analyses voice patterns and characteristics of
speech e.g. pitch, tone, etc.
• High user acceptance – perceived as least
intrusive biometric technology
• Easy for end users to implement
• Ideal for telephone systems/mobile environments
10
Hand geometry
• Measures the physical characteristics of the user’s
hand and fingers
• Low level infrared light and camera used to capture an
image
• Suited to applications where there is a large user base
or users access the system infrequently
• Systems are easy to use and robust
11
Signature
• Based on analysis of the dynamics of a handwritten
signature e.g. shape, speed, stroke order, pen
pressure
• Generally use pressure sensitive tablets or wired pens
• User friendly
• Non intrusive – minimal public acceptance issues
• Captured signature can be used for digitally signing
documents
12
Keystroke dynamics
• Monitors rate of typing and intervals between letters
• Verification based on typing rhythm – intruders may
guess password but fail to key in with correct rhythm
• Neither enrolment nor verification disturbs the regular
flow of work
• Low cost – only hardware required is keyboard
13
Fingerprint
• Variety of fingerprint devices available (silicon and
optical)
• Template constructed by analysing patterns that make
the fingerprint (minutiae)
14
DNA
• Forensic genetics use deoxyribonucleic acid (DNA) profiling in a number
of important human identity applications
• 0.01% of a person's entire genome is unique to each individual
This represents 3 million base pairs of DNA
95% of the human genome are non-coding sequences (called junk DNA)
• Standard profiling systems only exploit the junk DNA to maintain the
privacy and civil rights of the donor
15
Multimodal
• Combination of one or more
biometrics
Algorithmic level
Results level
• Multimodal is the fusion of
results with logic applied
16
Key multimodal facts
Can be used to:
• Improve reliability
• Make forgery more difficult
• Make systems more flexible to
user characteristics
(decreases failure to enrol)
• Make systems more complex
Input
Device
Fusion
Input
Device
Matching
Fusion
Matching
Result
Fusion
Result
• Promote inclusivity
17
Verification versus Identification
“Who are you?”
“Are you who you say
you are?”
NOT
18
Verification and Identification
• Verification
Involves confirming or
denying a person’s claimed
identity – Are you who you
claim to be?
Biometric sample captured
and compared with the
previously stored template
for that user
One-to-one comparison
Are you who you say you
are?
“I am who I say I am”
• Identification
Means establishing a
person’s identity from an
already established list –
Who are you from this
list?
Biometric sample
presented to a system
which searches the
existing (enrolled)
subjects
One-to-many comparison
Do I know you?
“I am not known to you
already”
19
Identification before verification
• To establish a ‘clean’ database of individuals each
individual first needs to be identified
One-to-many match is performed against the central
database to ensure the individual does not already exist
under correct name or any other aliases
• Once identity is established it can be sufficient to
verify the individual as proof of identity only
One-to-one match is performed at the point of interface
without the need to check back to the central database
20
Key Consideration in a biometric system
Current &
Future
Technology
Accuracy &
Throughput
Performance
Risk &
Requirement
Analysis
Research &
Development
Strategy
User
Perception
Integration
Business
Process
21
Considerations of adding a biometric system
• Not all biometrics technologies suit all people
• In many cases additional hardware is required
• User co-operation is usually necessary
• Privacy concerns must be addressed
• Cost of personal devices in large systems can be
significant
• User education is required
• Biometric revocation must be considered as
biometric data is not secret
22
Capture the legal and political imperatives
• Ask what additional considerations are there with a
biometric application as opposed to any other IT
deliverable
Privacy?
Data access considerations (who and why)?
Sensitivity of data?
Legislative limitations?
User acceptance?
Standards compliance?
23
ISO/IEC JTC1 SC 37 Biometrics
•
Currently 25 participating countries and 7 observer countries
•
Liaisons with:
JTC 1/SC 17 Cards and Personal Identification.
JTC 1/SC 24 Computer Graphics and Imaging
JTC 1/SC 27 Information Technology Security Techniques.
JTC 1/SC 29 Coding of Audio, Picture and Multimedia and Hypermedia Information.
JTC 1/SC 31 Automatic Identification and Data Capture Techniques
JTC 1/SC 32 Data Management and Interchange
JTC 1/SC 36 Information Technology for Learning, Education and Training.
ITU-T SG17 Telecommunication Standardization Sector Study Group on Data
Networks and Telecommunications Software.
BioAPI Consortium
IBIA International Biometrics Industry Association (IBIA)
ILO International Labour Office of the UN
24
The benefits of standards for biometrics
• They foster wide spread utilization of the
technology
• They are a sign of industry maturity
• They reduce time-to-market
• They facilitate interchange and/or interoperability
• They reduce risk to integrators and end users
• They reduce vendor “lock-in” effect
25