28 th international traffic records forum biometrics/smartcard workshop 28 th international traffic...

28th International Traffic Records Forum

Biometrics/SmartCard Workshop

28th International Traffic Records

ForumAugust 4, 2002

Orlando, Florida


Document-holder

Document

Data

Identification Technology

Authentication Domains

Verification of all three elements

X


General Principles

Document Authentication• Is this a genuine document?

• Addressed by anti-counterfeit technologies

• Was it issued legitimately• Unique personalization security• Authenicatable data


General Principles

Data Authentication• Has data been altered?

• Classical card security techniques• Tamper evident features• Authenticatable data


General Principles

• Data Authentication – Machine-readable data• Digital signatures/certificates

• Encryption

•Not covered, but not simple• Reliance upon machine authentication requires

high level of system control over data protection• Encryption• Keys


Data - Logical Security

• Highest security: chip-based Smart Card• PKI implementation• Crypto-processor cards

+ Increase security of off-line transaction+ Increase privacy+ Reduce paperwork+ Reduce the probability of:

• Data alteration• Data substitution

– Increased card & reader costs


General Principles

Cardholder Authentication• Biometrics preferable


General Principles

•Reader Authentication(Who authenticates the authenticator?)

Real device or,

A device to capture document, document holder information

Authentication requires logic within document

Cryptographic authentication best, but requires key infrastructure


EnrollmentCapture Processing

ClientAccess Control

Card Issuance

Identification System Server(s)

HOST(S)CENTRAL SERVER ARRAYS

RDBMS

NetworkManagement

CommunicationNetwork

Point-of-UseVerification

CARD READER &PROCESSINGAPPLICATION

TELEPHONE

Identification System – Key Components


Smart Card Alliance – White Paper

“Smart Cards and Biometrics in Privacy-Smart Cards and Biometrics in Privacy-Sensitive Secure Identification Systems”Sensitive Secure Identification Systems”


MatrixID Platform

Identification Card Applications:

•ICAO Travel Documents

•State / National Drivers License

•National ID

•Corporate ID


Range of Data Input Formats

Text

Digitized Images

Facial

Signature/usual Mark

Fingerprint Image

Biometric Templates

Fingerprint, Facial, Iris, Hand Geometry


Output Options

Data Structure - accommodates range of formats, including:• Visual Information (Visual Inspection Zone)

• OCR-B (Machine Readable Zone)

• 2-D Barcodes

• High density Magnetic Stripe

• Smart Cards (Contact and Non-Contact)


MatrixID Interfaces

Designed for distributed system environments:

•Interface to Cryptographic facility

•Digital signatures

•Secure IC loading

•XML Data Structure

•Local Document Issuance

•Remote Document Issuance


Enrollment Screen


Verification


After the card is read, the MatrixID display shows the following:1. The date/ time and method used to verify the cardholder.2. The date the card was issued and the Issuing Authority.3. That the document passes the integrity checks built into the MatrixID Data Structure4. The card holder’s photo, signature and fingerprint image. 5. The MatrixID will prompt the cardholder to verify their identity by comparing a live scan with the stored image.


This page depicts the case where the presented fingerprints do not match. The cardholder is not validated.


This page depicts the caThis page depicts the case where the presented fingerprints match and the cardholder is validated.rd matches the presenter and the cardholder identity is validated.


•Better technology not sufficient without strategy

•Balance Risk, Privacy, Personal Convenience…

•And Cost


Technology Changes

New Paradigms to create Transparent Trust

• Dynamically updateable ID

• Negotiated disclosure

• Virtual handshake


THANK YOU

Tate Preston

[email protected]