Upload
roland-bates
View
215
Download
0
Embed Size (px)
Citation preview
1
2003
Increased Security, while protecting Privacy ?
True or False ?
Christer Bergman, President and CEO, Precise Biometrics
2
2003
I will talk about...
Precise Biometrics (very brief)
Biometrics..?
Smart Card & Smart ID Card
Fingerprint matching on card
”Increased Security, while protecting Privacy? True or False?
3
2003
This is Precise Biometrics
World leading security solutions based on fingerprintHolds world’s first patent within “Match-on-Card”Founded in 1997 in Lund, SwedenOffices in Lund (40), Stockholm (2) and Washington DC (6)Listed on the Stockholm Stock Exchange O-list since 2000
4
2003
What we do
We create fingerprint-based security solutions for companies, organizations, authorities and private individuals that replaces PIN:s, passwords and keys.
5
2003
Biometrics ....?
6
2003
Trends that fuel the need for biometrics
• Market trends:– Globalization– Mobility and flexibility– Digitalization
• Technology enablers:– Internet– Wireless – e-business and smart cards
All driving a cumbersome growth of PIN-codes and passwords
7
2003
Problems
• Concern that sensitive data is accessed by unauthorized users
• e-business without trust – who’s at the other end of the Internet?
• Passwords, PIN-codes, keys, etc are a hassle => security is often cheated, or upheld at high admin cost
8
2003
Solutions• Confidentiality – encryption• Authentication – digital certificates• Non-repudiation – digital signatures • Convenience + personal security –
biometrics
Digital identity management, smart cards and biometrics enables security
and convenience by making the digital identity personal
9
2003
Why biometrics?
• Uniquely linked to a person, who is present
• Secure and convenient– “No more passwords” (or “Post-It” stickers…)
– Convenient = it will be used
– Cannot be borrowed, stolen or forgotten
• Saves money– Less fraud
– Less cost for password administration
10
2003
What is biometrics?
11
2003
Market share by technology
12
2003
What biometrics, and how ?
Surveillance vs. Access to a serviceIdentification vs. Authentication
1-to-many vs. 1-to-1Enrollment & VerificationFingerprint Image vs. Biometric TemplateTraditional Feature (Minutia) MatchingMore advanced pattern or hybrid matchingMatch-on-Server, Match-on-PC or Match-on CardSecurity or Privacy or Both ?!
13
2003
What is Smart Card ?
14
2003
Smart Cards - A small computer and a crytographic token
• Contains and handles sensitive data• transactions / e-cash / identity / health
profiles• secret codes and keys• biometric templates
• Performs cryptographic computations for• authentication / digital signatures• confidentiality by encryption• key management protocols• biometric match-on-card
15
2003
Smart ID Card =Smart Card + ID Card
Johnson,Jane Marie
Social Security Number Date of Birth
742-76-0064 1969JAN09
Issue Date Expiration Date
1999SEP03 2003SEP01
Pay Grade Geneva Conv. Cat.
LTCOL VI
Rank
A1
Geneva Conventions Identification Card
Active Duty
U.S. Navy
DMDCDMDC
16
2003
Privacy or Security
17
2003
Factors affecting privacyin ID systems
Amount of data
Sensitivity of data
Low
High
High
Very High
Privacy concerns
18
2003
Unique security solutions
PIN, PasswordSomething You Know
Solutions
RelativeSecurity
Level
Something You Have + Something You Know + Something You Are
++
Something You Have + Something You Know
++
Something You Have + Something You Are
++ Biometric
ID Card
++
Something You Have
Key or Card
19
2003
Fingerprint matching on card
20
2003
Match-On-Card technology
Fingerprint matching on smart cards and SIM / WIM cards Brings biometrics and PKI togetherMake digital signatures and encryption of e-mails or documents more secure and convenientMakes it possible to replace PIN:s with fingerprints and to store and match the fingerprint on a smart card instead of a less secure computer
21
2003
PKI & Fingerprint Match On Card
SecureINTERNET
4563 6437
PKI with PIN-codes
PKI with Biometrics
SecureINTERNET
22
2003
Match-On-Card
100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100
100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100
Capture EnrollmentVerification
100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100
100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100
PC Hard DrivePC Hard Drive
Network ServerNetwork Server
Smart CardSmart Card
Reference StorageReference Storage
UNSECURE
UNSECURE
Not Scalable
Not Scalable
23
2003
100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100
Match-On-Card
Verification
100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100
100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100010100100110101010010110101110101101010011101111010100100100011100101010001010100100
PC Hard DrivePC Hard Drive
Network ServerNetwork Server
UNSECURE
UNSECURE
Not Scalable
Not Scalable
Smart CardSmart Card
Matching to reference templateMatching to reference template
• Reference template is exposed during Reference template is exposed during verificationverification
• Card independentCard independent
• Sensor independentSensor independent
• Compatible with DoD Common Access Compatible with DoD Common Access CardCard
• Available for Java Card and MultosAvailable for Java Card and Multos
Reference StorageReference Storage
• Best practices require template to be Best practices require template to be encrypted and signedencrypted and signed
— Secret shared by all workstationsSecret shared by all workstations
24
2003
Why Match-on-Card?Scalability
The matching is performed locally on the card – the system scalability doesn’t have any limit – the matching is fast and independent of open networks
SecurityTwo factor authentication – demanding both a valid smart card, where fragments of your fingerprint are securely stored – and your fingerprint
PrivacyThe template never leaves the secure environment – it cannot be copied or stolen – the privacy issue is radically resolved
25
2003
How it works
Match-on-Card™
26
2003
Privacy and Security
!