© Daon Confidential Strategies for Implementing National Identity Systems Nov 28 th 2007 Leo Ring...
-
Upload
skylar-ervine -
Category
Documents
-
view
213 -
download
0
Transcript of © Daon Confidential Strategies for Implementing National Identity Systems Nov 28 th 2007 Leo Ring...
© Daon Confidential
Strategies for Implementing National Identity Systems
Nov 28Nov 28thth 2007 2007
Leo RingLeo Ring
Vice President, DaonVice President, Daon
© Daon Confidential
Daon – Company Profile
• Global provider of identity related software products– Founded in 2000
– We work with customers and partners in every region of the world
– Offices in Washington DC (HQ), Dublin, London, Dubai and Canberra (Australia)
• We create software products that Enable a new generation of Biometric Identity Solutions– Flexible products, intended for integration
– Focus on large-scale population-centric® environments
– Focus on identity life-cycle
– Open and multi-modal
– Focus on modernization
© Daon Confidential
Pre-Enrollment• Provide biographic information• Pay fees• Receive instructions
Capture Biographics• Enter biographic dataor• Verify/correct pre-enrollment data
Identity Proofing• Scan identity documents • Validate documents
Identity Investigation• Biometric duplicate checks
Vetting Complete• Prepare Card Data• Generate templates• Sign card data
Card Issuance• Produce Card• Provide to Citizen
Operational Usage• Citizen presents card and biometric
Capture Biometrics• Capture ten fingerprints• Capture iris (optional)• Capture face (optional)
Identity Investigation• Criminal history checks• Name based checks
National Identity Systems
© Daon Confidential
National Security – Traditional Approach – Separate Identity Systems
AddIdentity / Biometrics
Pa
ss
po
rtId
en
tity
/ B
iom
etr
ics
Cit
ize
n I
D
Fo
reig
n I
D
Iden
tity
/ Bio
met
rics
Iden
tity
/ Bio
met
rics
Separate Systems
Pa
ss
po
rt
Cit
ize
n I
D
Fo
reig
n I
D
Existing Systems
© Daon Confidential
Identity Management System
New Approach - Unified Identity Management
Integrated Integrated Biometric Biometric ServicesServices
Re
fug
ee
s /
As
ylu
mR
efu
ge
es
/ A
sy
lum
Bo
rde
r B
ord
er
Ma
na
ge
me
nt
Ma
na
ge
me
nt
Vis
as
/ P
erm
its
Vis
as
/ P
erm
its
Fo
reig
n I
DF
ore
ign
ID
Cit
ize
n I
DC
itiz
en
ID
Pa
ss
po
rtP
as
sp
ort
IdentityIdentityDatabaseDatabase
© Daon Confidential
Biometric Identity Assurance Requirements are Evolving
Authentication/Identification Identity Assurance
One project at a time An infrastructure for multiple systems
Engineering/Technology Led Business Process and Change Mgt Led
Client-Server based Service-Oriented Architectures
Fingerprint-centric Multi-Biometric
Single Vendor COTS based, Multi-Vendor Framework
Compliance Compliance plus Adaptability
Biometric matching performance Enterprise Systems Performance
Proprietary Standards-based with interoperability
From To
Disparate Federated
© Daon Confidential
Copywrite Daon 2006
National ID Business Challenges
• The failure to prevent duplicate identities results in significant financial loss and questions regarding a national identity schemes integrity
• Biographic only duplicate checking algorithms have failed• In may countries - the current issuing processes may have
created a large number of duplicate identities– Identity duplication and identity creation increase the levels of fraud,
waste and abuse
• In many cases enrolment is an offline process taking multiple days before card issuance
© Daon Confidential
All Biometrics Have Limitations
Biometric FAR FRR FTE
Face 1.00% 1% 0.1%
0.10% 2% 0.1%
1-Finger 1.00% 0.01% 2.5%
0.01% 0.6% 2.5%
2-Finger 1.00% 0.01% 1.5%
0.01% 0.1% 1.5%
4-Finger 0.10% 0.01% 0.8%
0.01% <0.01% 0.8%
8-Finger 0.10% <0.01% 0.3%
0.01% 0.01% 0.3%
10-Finger 0.10% <0.01% 0.2%
<0.01% 0.01% 0.2%
1-Iris 0.10% 1.2% 2.5%
0.01% 1.5% 2.5%
0.001% 1.9% 2.5%
0.0001% 2.0% 2.5%
2-Iris 0.10% 0.5% 4%
0.01% 0.6% 4%
0.001% 0.8% 2.5%
0.0001% 1.2% 2.5%
Iris has a high Failure-to-Enroll rate up to 2.25 Million in 45 Million population but extremely low False Accept rate
Fingerprints achieve good accuracy and efficient processing only when multiple fingers are enrolled
Face has a high False-Rejection rate
FAR = False Accept Rate
FRR = False Reject Rate
FTE = Failure To Enroll
© Daon Confidential
False Matches During Duplicate Checks Require Additional Processing
FAR 50 Million
100 Million
5% 2.5M 5M
2.5% 1.25M 2.5M
1% 500,000 1M
0.1% 50,000 100,000
0.01% 5,000 10,000
0.001% 500 1,000
0.0001% 50 100
• Two ways to reduce these false hit rates are:
• Manually
• Automatically using a second biometric
Number of False Hits Per Search
High false accept rate could lead to 2.5M false “hits” when searching a population of 50M for duplicates.
© Daon Confidential
Copywrite Daon 2006
Representative ways to address large scale National ID challenges• Introduction of Multiple Modes of Biometrics• Algorithms that best address most difficult challenge for this
population and application– Even within a mode like fingerprints certain algorithms perform
better with certain population types
– Accuracy/performance tuned to population
• Population filtering to reduce effective biometric population• Continual technology refresh: incorporating latest algorithms,
devices, IT hardware and new products• Continual and automatic updating of enrolled biometric data
© Daon Confidential
Algorithm Accuracy/Performance tuned to population
• Different demographics produce different accuracies
• Age, ethnic origin, gender, etc.
• 51 to 65 year-olds significantly worse with this device-algorithm
• Age is a disadvantage here• Opposite is true for face
biometrics; an older face is more unique
• Configuration must be made based on observed population
0.001
0.01
0.1
1
0.00000001 0.0000001 0.000001 0.00001 0.0001 0.001 0.01 0.1 1
False Match Rate (FMR)
Fal
se N
on
-Mat
ch R
ate
(FN
MR
)
20-35
36-50
51-65
Tuning for deployment population is vital
© Daon Confidential
Continual Technology Refresh
• A solution that will last for 30+ years must be prepared for major technology advancements during that time…..– Better matching algorithms (e.g ultrasound, fused hand and finger
geometry)
– Better biometric data capture and verification devices
– New biometric types (DNA, Voice, Iris in motion…….)
– Changes in process and policy
– Improvements in Infrastructure• Database• Operating System• Back office processing hardware
© Daon Confidential
Continual and automatic updating of biometric data
• Storage of multiple instances of same biometric, captured at different times, to increase accuracy
• Updating of enrolment data if higher quality data later captured (e.g. at verification)
• Template aging – refresh of enrolment data
• Seamless migration to improved devices and algorithms– Through image storage and open standards
• Frequent reporting of biometric performance; problem prevention
• Ongoing threshold configuration and tuning based on offline analysis of recorded biometrics
• Automated detection of problem devices/sensors through increased error rates (FTE, FTA, FRR) beyond allowed deviations
© Daon Confidential
14
Which meant:
Restoring the efficacy and credibility to the Nation’s immigration system
Daon’s software “powers” the identity management platform authenticating all foreign nationals
Deploying solutions in diverse locations; from detention centers to fishing boats
Which meant:
Restoring the efficacy and credibility to the Nation’s immigration system
Daon’s software “powers” the identity management platform authenticating all foreign nationals
Deploying solutions in diverse locations; from detention centers to fishing boats
AUSTRALIA ASKED US TO DESIGN AND IMPLEMENT AN “IDENTITY AT EVENT” SYSTEM TO PROTECT NATIONAL BORDERS AND IMMIGRATION
AUSTRALIA ASKED US TO DESIGN AND IMPLEMENT AN “IDENTITY AT EVENT” SYSTEM TO PROTECT NATIONAL BORDERS AND IMMIGRATION
© Daon Confidential
The case of Cornelia Rau
© Daon Confidential
16
The EU was faced with unprecedented movement of people (a hallmark of amodern society) requiring a pan EU biometric based VISA system
Which meant:
Daon helped design and is implementing a EU wide system that will prevent chronic security risks, such as VISA “shopping”
Daon software will “power” a system to serve 70 million people
The EU was faced with unprecedented movement of people (a hallmark of amodern society) requiring a pan EU biometric based VISA system
Which meant:
Daon helped design and is implementing a EU wide system that will prevent chronic security risks, such as VISA “shopping”
Daon software will “power” a system to serve 70 million people
THE EU SELECTED A DAON BASED SOLUTION TO DESIGN AND IMPLEMENT A PAN EU VISA SYSTEM FOR ALL 27 MEMBER STATES
THE EU SELECTED A DAON BASED SOLUTION TO DESIGN AND IMPLEMENT A PAN EU VISA SYSTEM FOR ALL 27 MEMBER STATES
© Daon Confidential
miSenseplus - Registered Traveller
Arrival in Dubai
miSense card compatible with Dubai eGate infrastructure and Hong Kong equivalent.
Traveller verified against local watch list database.
Biometric card issued
Biometric card issued and accepted a proxy for passport
Fingerprint biometric and passport biographical information stored.
ICAO standard encryption.
ePassport version 2, similar to existing national identity cards.
Identity Enrolment
Dedicated enrolment station within existing UKIS facility.
13 Biometrics recorded and stored within existing UKIS biometric database.
Background checks conducted and card activated within miSense system.
© Daon Confidential
Summary - Common Approach to Large Populations
• Where possible enroll multiple biometrics– Virtually eliminates failure to enroll
• Consider Iris for duplicate checking
• Provide ICAO compliant quality facial images for human arbitration– Enables use of second biometric to improve accuracy and/or resolve false hits
– Maximizes the long term payoff of the most cumbersome part of the entire process—enrollment
• The incremental cost of enrolling multiple biometrics over time is small
• Take advantage of fingerprint biometrics and low cost sensors for automated 1:1 verifications of identity
• Populations can be divided into multiple matching subsystems tuned for specific population characteristics
• Develop an enroll once use many strategy
• Focus on implementing standards-based business processes such as BIAS