Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometrics in eB/eG and the Role of the Emerging BIAS Standard Cathy Tilton – Chair BIAS Integration TC VP, Standards & Emerging Tech, Daon Matt Swayze.

Published byAldous Copeland Modified over 8 years ago

Similar presentations

Presentation on theme: "Biometrics in eB/eG and the Role of the Emerging BIAS Standard Cathy Tilton – Chair BIAS Integration TC VP, Standards & Emerging Tech, Daon Matt Swayze."— Presentation transcript:

1 Biometrics in eB/eG and the Role of the Emerging BIAS Standard Cathy Tilton – Chair BIAS Integration TC VP, Standards & Emerging Tech, Daon Matt Swayze – Project Editor, BIAS (INCITS) Senior Solutions Architect, Daon

2 www.oasis-open.org Questions to be answered n How do newer technologies like biometrics fit into today's eB/eG & SOA environments? n What standards support its use? n How will the new Biometric Identity Assurance Services (BIAS) help?

3 www.oasis-open.org Biometrics

4 www.oasis-open.org Biometrics - Uses n Large Government l Law enforcement n Forensics n Background checks n Prisons Inmates, visitors, guards l Defense n Perimeter security, weapons systems, networks, red force identification n Refugee handling l Civil n Credentialing programs n Border management Pre-entry, Entry, Exit, Status Management/ Benefits n Transportation security n Critical Infrastructure Protection n Schools n Commercial l Access Control n Physical access n Logical access n Employee credentialing l Health Care n Med records (HIPAA) n Patient ID n Pharmacy l Finance n Teller sign-on n Transaction auditing n Virtual branch n Check cashing/POS l Manufacturing n IP protection n Manuf. Control l Events n e.g., Olympics

5 www.oasis-open.org Needs for eB/eG 2 Primary Needs Generic Biometric Services Integrated Authentication Services

6 www.oasis-open.org How biometrics work Enrollment: Verification: Present biometric Match No Match Present biometric Compare Process Capture Process Store

7 www.oasis-open.org Generic requirements n Manage biometric & associated biographic data for a given subject/population n Perform biometric operations (e.g., searches) against a population(s)

8 www.oasis-open.org Authentication requirements n Perform biometric operations & utilize results within an authentication protocol l e.g., Integrate within SAML, WS-S, etc. n Accommodate multiple authentication architectures (i.e., local, server based) l Use of biometric to release authentication token/assertion l Biometric verification server Note: INCITS M1 Study on Biometrics in E-Authentication.

9 www.oasis-open.org Subscriber Identity + Biometric Identity proofing Enrolls biometric Register Biometric Build Credential (bind identity to ref. biometric) Est. Identity + biometric Credential Applies Credential Claimant Claimed identity + Live biometric Verifies identity (through biometric matching) Checks authorization Grants access Assertion Access Requests access Biometric Authentication Server Registration/Enrollment Authentication Process modification of SP800-63.

10 www.oasis-open.org Plan of attack n Define basic services (INCITS) n Define first binding (OASIS) n Future – l Define additional bindings (e.g., ebXML, fastweb, etc.) l Address use within authentication/security protocol l Extend base capabilities (e.g., notifications)

11 www.oasis-open.org Standards n Biometric standards l BIAS l ANSI/INCITS & ISO n Data formats n CBEFF n BioAPI, BIP l Justice n NIEM/GJXDM n EFTS/NIST n Other standards l WS* l SOAP/HTTP l Security n WSS, SAML n ISO/IEC 19092 n ISO SC27 work ACBio l Biographics n ANSI/NIST, GJXDM n CIQ, HR-XML, UN/CEFACT

12 www.oasis-open.org Biometric Identity Assurance Services (BIAS) n In reviewing the current biometric-related standards portfolio and system oriented architecture (SOA) references, it became apparent that a gap existed in the availability of standards related to biometric services. Biometric Applications Biometric Resources ? ANSI/NIST-ITL 1-2000/7 ? BioAPI/BIP ? Other ?

13 www.oasis-open.org BIAS – Driving Requirements n Provide ability to remotely invoke biometric operations across an SOA infrastructure, decoupling the service from the interface (and requester) that calls it. n Provide business level operations, without constraining the application/business logic that implements those operations. n Provide basic capabilities that can be used to construct higher level, aggregate/composite operations. n Be as generic as possible – technology, framework, and application domain independent.

14 www.oasis-open.org INCITS & OASIS Collaboration n Development of the BIAS standard requires expertise in two distinct technology domains to ensure that the final specification provides the right structure, functionality, and technical details: l Biometrics, with standards leadership provided by INCITS M1 l Service Architectures (initially focused on Web services), with standards leadership provided by OASIS n Close collaboration between both standards organizations is required: n Existing standards are available in both domains and many of these standards will provide the foundation and underlying capabilities upon which the biometric services depend. INCITS M1OASIS n Define “taxonomy”: l Identity assurance operations l Data elements n Define Web services bindings: l Schema l Protocol

15 www.oasis-open.org Goals n BIAS will provide an open framework for deploying and invoking biometric-based identity assurance capabilities that can be readily accessed using services-based frameworks. n BIAS will provide a generic set of biometric (and related) functions and associated data definitions to allow remote access to biometric services. n BIAS will specify a set of patterns and bindings for the implementation of BIAS operations using Web services within service-oriented architectures.

16 www.oasis-open.org BIAS System Context (INCITS M1) n BIAS services are modular and independent operations which can be assembled in many different ways to support a variety of business processes. n BIAS services may be implemented with differing technologies on multiple platforms. n BIAS services can be publicly exposed directly and/or utilized indirectly in support of a service- provider’s own public services.

17 www.oasis-open.org BIAS System Context (OASIS) n Defines an XML messaging protocol to implement the “abstract” services specified in INCITS M1. n Defines request, response, acknowledgement, notification, and fault messages (as applicable) for each of the “abstract” services

18 www.oasis-open.org BIAS Services n Subject l Create/delete subject l Add/remove subject from gallery n Biographics l Set/list biographic data l Update/delete biographic data l Retrieve biographic data n Biometrics l Set/list biometric data l Update/delete biometric data l Retrieve biometric data n Searching/processing l Verify subject l Identify subject l Check quality l Classify biometric data l Perform fusion l Transform biometric data n Aggregate services l Enroll l Identify l Verify l Retrieve information

19 www.oasis-open.org Process flow – border mgmt example Start Identify Subject … Match Found? Set Biographic Data Set Biometric Data Set Biographic Data Set Biometric Data Create Subject Add Subject To Gallery Finish No Yes Save and Associate Encounter Create New Subject Known Subject?

20 www.oasis-open.org Example eG use case n Registered Traveler Program l RT is a trusted passenger program to expedite and enhance security screening of passenger participants l Travelers must apply to enroll in the program via a service provider, which collects biographic and biometric information as part of the application process l The TSA conducts a Security Threat Assessment on all applicants l If approved, a traveler is issued an RT card containing authentication information l In operational use, a cardholder is verified to ensure legitimacy using fingerprint or iris biometrics

21 www.oasis-open.org RT – Functional Flow n The Enrollment Provider collects biographic and biometric information from an RT Applicant and transmits it to the CIMS (Steps 1 and 2) n The CIMS formats and transmits the data to the TSA (Step 3). n The TSA conducts a Security Threat Assessment at application and re-vets on a perpetual basis (Step 4) and transmits an approved or not approved finding back to the CIMS (Step 5). n The CIMS informs the Enrollment Provider of acceptance or non-acceptance (Step 6), and the Enrollment Provider informs the RT Applicant and issues a card with the authentication payload created at the CIMS if he or she is approved (Step 7). n When an RT Participant travels through a participating airport, they use the RT card at an RT verification station which confirms the individual’s current status in the RT program (Step 8).

22 www.oasis-open.org Applying BIAS to RT – Step 1 n Pre-Enrollment l Each traveler applying for an RT card may, if supported by the Enrollment Provider, pre-enroll l This involves accessing a web-site and entering biographic data. This data is stored for the applicant. n BIAS Services l Create Subject l Add Biographic Data

23 www.oasis-open.org Applying BIAS to RT – Step 2 n Enrollment l Complete the enrollment process by reviewing biographic information supplied at pre-enrollment and collecting biometric information n BIAS Services l (EP Internal) Retrieve Biographic Data l (EP Internal )Update Biographic Data (if any edits to biographic information) l (EP Internal) Set Biometric Data l (CIMS interface) Enroll

24 www.oasis-open.org Applying BIAS to RT – Steps 3-6 n Registration, Vetting Coordination, and Card Payload Generation l Submit a request to TSA for a Security Threat Assessment n BIAS Services l (CIMS internal) Create Subject l (CIMS internal) Set Biometric Data l (TSA interface) Identify l (CIMS internal) Add Subject to Gallery

25 www.oasis-open.org Applying BIAS to RT – Step 7 n Create Card l If all enrollment processing completes with no adverse information, resulting in an “approval” decision, then the RT card may be issued n BIAS Services l (EP internal) Add Subject to Gallery

26 www.oasis-open.org Applying BIAS to RT – Step 8 n Verification l The traveler’s biometric is captured and compared against the biometric information stored on the card n BIAS Services l (EP internal) Verify Subject

27 www.oasis-open.org Example eB use case – Online Banking n Overview: l An individual has an existing bank account at XYZ Bank and would like to access this account information and perform transactions. l In lieu of a password, the bank has configured their online banking web application to use biometric verification. l The account holder uses a home PC with a biometric device (e.g., an iris camera) installed. n Two situations described: l Enrollment: associated biometric information with the account l Account Access: access the account using a biometric as the method of verification Note: This example could also be structured using biometrics as a front-end to a traditional authentication protocol.

28 www.oasis-open.org Online Banking – Enrollment Account HolderXYZ Bank (1) One-time biometric enrollment password (2) Verify password and initiate biometric enrollment (4) Submit biometric information [Set Biometric Data] (3a) Capture biometric information (3b) Perform local 1:1 verification (1)The bank has issued the individual a one-time password to allow the account holder to enroll biometric information into the system. (2)The individual accesses the online banking site and selects ‘biometric enrollment’. The individual enters the account number and one-time password to access this function. Once verified, the enrollment application is initiated. (3)The individual follows the steps to capture biometric data and to perform a local 1:1 match against that data to ensure it will be matchable. (4)Once suitable data is acquired, it is submitted to the bank as an enrollment [Set Biometric Data].

29 www.oasis-open.org Online Banking – Account Access Account HolderXYZ Bank (1) Access online banking system (3) Submit biometric information [Verify Subject] (2) Capture biometric information (1)The account holder accesses the online banking site and enters the account number. At this point, the individual is challenged to present a biometric (e.g., capture iris data). (2)The individual interacts with the device to capture the biometric data. (3)The biometric data is transmitted to the bank for verification [Verify Subject]. If the verification is successful, the bank will provide access to the transaction screens for the individual's account.

30 www.oasis-open.org Status n INCITS project 1823-D, BIAS l Essentially complete l Expected to go to public review in April timeframe l Latest draft (Rev 4): http://www.incits.org/tc_home/m1htm/2006docs/m1061071.p df n OASIS document: BIAS Messaging Protocol l Working draft – WSDL complete, gaps in other areas l Latest draft (Ed draft 0.8): http://www.oasis- open.org/committees/download.php/22543/bias-1%200- biasmp-ed-08.pdf l WSDL: http://www.oasis- open.org/committees/download.php/22544/bias.wsdl l Goal: Ready for review by Fall 2007

Download ppt "Biometrics in eB/eG and the Role of the Emerging BIAS Standard Cathy Tilton – Chair BIAS Integration TC VP, Standards & Emerging Tech, Daon Matt Swayze."

Similar presentations

Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.

AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
A Successful RHIO Implementation

A Successful RHIO Implementation
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.

NHIN Specifications Richard Kernan, NHIN Specification Lead (Contractor), Office of the National Coordinator for Health IT Karen Witting, Contractor to.
2006 IEEE International Conference on Web Services ICWS 2006 Overview.

2006 IEEE International Conference on Web Services ICWS 2006 Overview.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
GSA Expo 2009 Impact of Secure Flight Program on DoD Travel Mr. George Greiling GSA Expo June 2009.

GSA Expo 2009 Impact of Secure Flight Program on DoD Travel Mr. George Greiling GSA Expo June 2009.
Introduction to ebXML Mike Rawlins ebXML Requirements Team Project Leader.

Introduction to ebXML Mike Rawlins ebXML Requirements Team Project Leader.
1 OASIS Biometrics TC New Committee Kickstart Kevin Mangold Ross Micheals.

1 OASIS Biometrics TC New Committee Kickstart Kevin Mangold Ross Micheals.
Clinic Security and Policy Enforcement in Windows Server 2008.

Clinic Security and Policy Enforcement in Windows Server 2008.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Functional Model Workstream 1: Functional Element Development.

Functional Model Workstream 1: Functional Element Development.
EbXML Overview Dick Raman CEO - TIE Holding NV Chairman CEN/ISSS eBES Vice Chair EEMA and HoD in UN/CEFACT Former ebXML Steering Group.

EbXML Overview Dick Raman CEO - TIE Holding NV Chairman CEN/ISSS eBES Vice Chair EEMA and HoD in UN/CEFACT Former ebXML Steering Group.

Similar presentations

Ads by Google