biometrics/smartcard workshop
DESCRIPTION
Biometrics/SmartCard Workshop. 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida. Identification Technology. Verification of all three elements. X. Authentication Domains. Document- holder. Document. Data. General Principles. Document Authentication - PowerPoint PPT PresentationTRANSCRIPT
28th International Traffic Records Forum
Biometrics/SmartCard Workshop
28th International Traffic Records
ForumAugust 4, 2002
Orlando, Florida
28th International Traffic Records Forum
Document-holder
Document
Data
Identification Technology
Authentication Domains
Verification of all three elements
X
28th International Traffic Records Forum
General Principles
Document Authentication• Is this a genuine document?
• Addressed by anti-counterfeit technologies
• Was it issued legitimately• Unique personalization security• Authenicatable data
28th International Traffic Records Forum
General Principles
Data Authentication• Has data been altered?
• Classical card security techniques• Tamper evident features• Authenticatable data
28th International Traffic Records Forum
General Principles
• Data Authentication – Machine-readable data• Digital signatures/certificates
• Encryption
•Not covered, but not simple• Reliance upon machine authentication requires
high level of system control over data protection• Encryption• Keys
28th International Traffic Records Forum
Data - Logical Security
• Highest security: chip-based Smart Card• PKI implementation• Crypto-processor cards
+ Increase security of off-line transaction+ Increase privacy+ Reduce paperwork+ Reduce the probability of:
• Data alteration• Data substitution
– Increased card & reader costs
28th International Traffic Records Forum
General Principles
Cardholder Authentication• Biometrics preferable
28th International Traffic Records Forum
General Principles
•Reader Authentication(Who authenticates the authenticator?)
Real device or,
A device to capture document, document holder information
Authentication requires logic within document
Cryptographic authentication best, but requires key infrastructure
28th International Traffic Records Forum
EnrollmentCapture Processing
ClientAccess Control
Card Issuance
Identification System Server(s)
HOST(S)CENTRAL SERVER ARRAYS
RDBMS
NetworkManagement
CommunicationNetwork
Point-of-UseVerification
CARD READER &PROCESSINGAPPLICATION
TELEPHONE
Identification System – Key Components
28th International Traffic Records Forum
Smart Card Alliance – White Paper
“Smart Cards and Biometrics in Privacy-Smart Cards and Biometrics in Privacy-Sensitive Secure Identification Systems”Sensitive Secure Identification Systems”
28th International Traffic Records Forum
MatrixID Platform
Identification Card Applications:
•ICAO Travel Documents
•State / National Drivers License
•National ID
•Corporate ID
28th International Traffic Records Forum
Range of Data Input Formats
Text
Digitized Images
Facial
Signature/usual Mark
Fingerprint Image
Biometric Templates
Fingerprint, Facial, Iris, Hand Geometry
28th International Traffic Records Forum
Output Options
Data Structure - accommodates range of formats, including:• Visual Information (Visual Inspection Zone)
• OCR-B (Machine Readable Zone)
• 2-D Barcodes
• High density Magnetic Stripe
• Smart Cards (Contact and Non-Contact)
28th International Traffic Records Forum
MatrixID Interfaces
Designed for distributed system environments:
•Interface to Cryptographic facility
•Digital signatures
•Secure IC loading
•XML Data Structure
•Local Document Issuance
•Remote Document Issuance
28th International Traffic Records Forum
Enrollment Screen
28th International Traffic Records Forum
Verification
28th International Traffic Records Forum
28th International Traffic Records Forum
After the card is read, the MatrixID display shows the following:1. The date/ time and method used to verify the cardholder.2. The date the card was issued and the Issuing Authority.3. That the document passes the integrity checks built into the MatrixID Data Structure4. The card holder’s photo, signature and fingerprint image. 5. The MatrixID will prompt the cardholder to verify their identity by comparing a live scan with the stored image.
28th International Traffic Records Forum
This page depicts the case where the presented fingerprints do not match. The cardholder is not validated.
28th International Traffic Records Forum
This page depicts the caThis page depicts the case where the presented fingerprints match and the cardholder is validated.rd matches the presenter and the cardholder identity is validated.
28th International Traffic Records Forum
•Better technology not sufficient without strategy
•Balance Risk, Privacy, Personal Convenience…
•And Cost
28th International Traffic Records Forum
Technology Changes
New Paradigms to create Transparent Trust
• Dynamically updateable ID
• Negotiated disclosure
• Virtual handshake