Next-Generation of Security Technology Edward M. Cheng, M.D. Ph.D. ABFP CMO, VP Bus. Dev., HealthHighway Consultant Biometrics application in e-Biz edcheng@secugen.com Steve Hong, Director, SW Appl., SecuGen steveh@secugen.com February 13, 2002

Contents of this Seminar Update Current Status of Network Security Review Existing Security Technology Introduction and Relevance of Biometrics Types of Biometrics and Market Trend Potential Biometrics applications Fingerprint Biometrics in Internet application in e-Business

What Consist of a Secure Network? Person-to-Person authentication User identification Data integrity Data confidentiality Privacy protection Non-repudiation User and process management SW

How Secure is our Network? According to recent survey by CSI on 521 security executives: > 32% has experienced incidents of serious electronic fraud- double in 3 years > 30% reported intrusion by outsiders > 55% reported insiders unauthorized access > estimated: in-house security breaches account for 70-90% of all attacks on corporate network Concern: financial, reputation, legal liability

How Serious is ID Theft? 500,000-700,000 Social Security Recipients are victims of fake ID. - Social Security Adminstration in Baltimore Online Credit Card Fraud: $24M/day: $9B/year - Meridien Research Jan. 2002 Online Consumers Survey: 1 in 12 are victimized Total cost in ID Fraud: 1.13% of all Online Transactions or $tens of billion yearly. - Gartner Jan. 2002

Passwords and Locks are Inadequate The GAO report found weaknesses at nearly every point of computer security controls at the Treasury Department’s FMS (Financial Management Service). Government computers that handle $trillion in tax refunds and SS benefits are vulnerable to cyber-attacks. Billions of dollars of payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruption. The GAO recommended FMS to install a security management program and to fix individual weaknesses- identified as access control, such as passwords and locks. - CNN Government Reuters, Feb.5, 2002

Existing Security Technology PKI / Encryption / SSL Firewall Digital Certificate Password and PIN Token Smart Card Biometrics

Passwords Frustration Must be a mixture of alpha-numeric with upper and lower cases Must be random and not easy to figure out Should not be written down or posted on monitor Must be changed regularly Password should not be recycled within 5 months Transfer factor- Passwords get passed around

Cost of maintaining passwords About 50% of calls in IT help desks are password related Estimated cost per employee per year: $200 by Forrester Research Inc. (Economics of Security, 2/98) $340 by Gartner Group Bottom line: A single biometrics can replace multiple applications’ passwords

What is Biometrics ? Definition: Measurement of body’s unique characteristics or behavior Types: Voice, Signature, Facial, Palm, Eye, Fingerprint System components: HW -sensor SW -algorithm, API Middleware and application

Why Biometrics ? Unique Authentication: 1-to-1 matching Identification: 1-to-M matching Convenient Non-repudiable Fast, accurate, non-transferable Nothing to remember and nothing to forget

How is Biometrics Performance Rated? FTE Vs FRR Vs FAR Reliability Speed Ergonomic Intrusiveness Convenience Acceptance

Biometrics Acceptance Historically slow Privacy concern Unreliable Expensive Difficult to integrate Negligence Post September 11 demand and acceptance: increased by 3-4 folds

Change in Acceptance of Biometrics Estimate: ID theft in U.S. is about 500,000 cases/year Consumers are ready to accept biometrics at the cost of decreased privacy and more intrusive method of identification Consumers’ fears and losses due to fraud give strong incentives for institutions to invest heavily in biometrics as alternative to PIN Financial institutions are considering biometrics: ING Direct, American Banker Association, Credit Union of Canada, Deutsche Bank, Citibank Meridien Research Inc. Financial Service will spend $1.8B annually on biometric technology by 2004 IDC, Framingham, MA

“Biometrics is a Good Fit with Banking” “The Technology offers security to customers at ATM, within branches to authorize transactions and for online banking. It can also be used inside companies to secure vaults and monitor access to doors and computer systems. Meridien Research Inc.

Market Trend - 1 Total Biometric Revenue 1999-2005 ($M) 2000 1750 1500 1905.4 1750 1500 1440.6 1250 1000 1049.6 750 729.1 500 523.9 399.4 250 250.9 1999 2000 2001 2002 2003 2004 2005 Biometric Market Report 1999-2005 International Biometric Group – 2001

Market Trend- 2 Fingerprint Market Revenue 2000-2005 ($M) 500 450 400 453.3 400 373.9 350 300 250 266.6 200 150 167.0 100 99.4 50 57.2 2000 2001 2002 2003 2004 2005 Fingerprint Market Report 2000-2005 International Biometric Group – 2001

Market Trend - 3 Biometric Market Report 1999-2005 International Biometric Group – 2001 Fingerprint and Middleware market will lead biometrics market in future Projected Revenue of Fingerprint and Middleware will occupy 40% of Total Market at 2005

Dynamic Growth in Finger-Scan Biometrics 4/16/2017 Dynamic Growth in Finger-Scan Biometrics Worldwide Finger-Scan Biometrics Technology Revenues Market Share by Technology, 2001 (Excludes AFIS Revenues) ($ Millons) Middleware 12% Hand-Scan 11% Facial-Scan 15% Iris-Scan 6% Signature-Scan 3% Voice-Scan 4% Finger-Scan 49% Source: Frost & Sullivan, 2001

Privacy Concern: Minutiae Extraction Fingerprints cannot be reproduced from minutiae template

Areas of Biometrics Application Physical access control Data access security Time and attendance ID theft prevention Privacy protection Fraud reduction Cost-effective and high security

Types of Fingerprint Sensor Semiconductor Capacitive Thermal RF Optical Traditional SEIR Thin Film Technology

Semiconductor Sensors

Semiconductor FP Sensor Small and low profile Cost - expensive at low volume and large sensing area Physical and electrical Unstable Vulnerable to EDS Metal discharge pathway Surface coating required Low tolerance to abuse

Types of Fingerprint Sensor Semiconductor Capacitive Thermal RF Optical Traditional SEIR Thin Film Technology

Traditional Optical Sensor

Traditional Optical FP Sensor Plastic platen with soft coating Nonlinear distortion Low contrast image Stray light interference High power consumption Assembly required mirror for compensation Integration relatively difficult Production- labor intensive

Types of Fingerprint Sensor Semiconductor Capacitive Thermal RF Optical Traditional SEIR Thin Film Technology

New Generation Optical FP Sensors SEIR: Surface Enhanced Irregular Reflection- a break through optical finger-scanning technology High contrast and virtually distortion-free image High performance for extreme skin condition Scratch-proof surface with robust and compact housing Low power consumption Integration relatively easy Mass production capable at low cost

EyeD Mouse TM Award-winning world’s first biometric mouse Most ergonomic & durable fingerprint sensor State-of-the-art fingerprint matching algorithm Matching software: SecuDesktop, SecuIBAS (Features: logon, File En/Decryption, Screen Saver)

SecuGen PC Peripherals

How to Select a Fingerprint Biometrics? User friendliness Durability Cost Size Ease of integration Choice of application products Third-party SW support

Stand-alone Finger-Scan Module Building Access Control Time & Attendance Vehicle Control Door-lock System Point of Sale Safe and Gun control Box Supported protocols: Wiegand, RS232 and RS485

Facility and Attendance Biometrics Overview Biometrics Applications Financial Sector Point of Sale ATM Online Banking Passport Control Border Control Medical Records Mgt HIPAA Compliance Door Lock Time-Attendance Computer Security Access Control Network Security e-Commerce Mobile Phone Call Center Internet Phone Immigration Telecommunication Medical Facility and Attendance National ID Correctional Facility AFIS DMV Social Security Welfare Payment Missing Child Ticket-less Travel Anti-terrorist security Public Sector Social Service Aviation & Travel

Biometrics for Healthcare Patients Website Access Clinical and Account Info Appointments and Messages Personalized Health Info Electronic Medical Records Automatic encounter documentation Electronic transaction processing Online PDA easy data entry Work flow management Transcriptions Financial Management Charge capture at the point of encounter Claims processing and billing Accounts Receivable Eligibility & Authorizations Managed Care Health Plans/IPA Claims, Eligibility, Authorization, Formulary, Regulations, Contracts, Connectivity Provider’s Automated Office

Biometrics Application Physical Access Control Time and Attendance PC/Enterprise/Network Security Internet & e-Commerce B2B Transactions Financial: on-line banking, ATM Medical information system Distant Learning e-Publishing Smart card/Digital Certificate Any password-based application

Distant Learning Physical Access Control Time and Attendance PC/Network Security/IT Student registration/verification On-line testing

Healthcare Physical Access Control Time and Attendance PC/Network Security/IT Patient registration and Identification e-Claim processing EMR Document Management HIPAA Compliance Privacy Protection

Benefits of Biometrics Implementation Maximize network security Ensure users’ privacy Protect institution physical assets Provide user authentication Allow non-repudiable transaction Deter hackers and ID fraud Eliminate password frustration Cut IT cost in password maintenance Increase corporation image, productivity and profitability

Configuration CORPORATE HEADQUARTERS INTERNET Mobile & Remote Warriors SecuIBAS Server Mobile & Remote Warriors PSTN / ISDN / ADSL Customers Hospital University Bank Trading INTERNET PSTN / ISDN / ADSL Home Worker Firewall Groupware Web Server Branch Office SNA Leased Line Supply Chain or Factory

SecuGen Biometric Authentication Web sites SecuIBAS Users

SecuIBAS Web Server Software SecuGen Biometric Authentication SecuIBAS Web Server Software Takes only one day to integrate into your system. Supports various operating systems and databases. Windows 2000/NT Solaris Linux Unix

SecuIBAS Server Software SecuGen Biometric Authentication SecuIBAS Server Software Takes only one day to install. Supports various operating systems and databases. Windows 2000/NT Solaris Linux Unix

SecuGen Biometric Authentication SecuIBAS Client Pack USB plug & play mouse or other sensor Windows device driver Supports Internet Explorer & Netscape

EyeD Mouse TM Award-winning world’s first biometric mouse Most ergonomic & durable fingerprint sensor State-of-the-art fingerprint matching algorithm Matching software : SecuDesktop, iBAS (logon, File En/Decryption, Screen Saver)