Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Multiple Biometrics Case Study With 100,000+ Users


Published on

A Central, Distributed, Multi-Biometric, Multiple Application Server

A NSW Case Study using multiple biometrics, multiple applications and 100,000+ users.

  • Be the first to comment

  • Be the first to like this

Multiple Biometrics Case Study With 100,000+ Users

  1. 1. Central, Distributed, Multi-biometric, Multiple Application Server<br />A NSW Case Study using multiple biometrics, multiple applications and 100,000+ users.<br />
  2. 2. Background<br />How do biometrics fit?<br />Cost and complexity of securing applications<br />Establishing integrity across numerous processes and rules<br />Protecting investments<br />Future proofing<br />2/16/2010<br />2<br />
  3. 3. Corrective Services NSW<br />An early adopter of biometrics<br />A commercial focus<br />Explored many technologies and applications<br />2/16/2010<br />3<br />
  4. 4. Corrective Services NSW<br />Imperatives<br />Wrongful release<br />Mitigating multiple identities<br />Numerous applications<br />Connect information with operations<br />2/16/2010<br />4<br />
  5. 5. Some Variables<br />30+ sites<br />Broad geography<br />Scaling to 500,000+ users<br />Government network<br />No COTS available<br />Variety in backend environment<br />Multiple biometric technologies<br />Multiple applications<br />Multiple vendors<br />2/16/2010<br />5<br />
  6. 6. Corrective Services NSW<br />Concept: Single Point of Biometric Truth<br />A single identity marker regardless of biometric type or application<br />Available in near real time across the whole network<br />Underpins various DCS business processes<br />2/16/2010<br />6<br />
  7. 7. Corrective Services NSW<br />Capabilities<br />Accept other systems without design/integration overheads<br />Future proofed<br />Scale to 500,000+<br />Network performance not impact it<br />Redundancy across all sites<br />2/16/2010<br />7<br />
  8. 8. Design Process<br />Single Point of Biometric Truth<br />Nothing off the shelf<br />No clarity around business rules<br />Multiple companies<br />2/16/2010<br />8<br />
  9. 9. What Was Built?<br />A “single point of biometric truth” which:<br />Accepts data from various biometric hardware vendors<br />Accepts proprietary software applications <br />Provides near real time (NRT) updates remote data bases<br />2/16/2010<br />9<br />
  10. 10. What is AKITA?<br />AKITA is a biometric identification clearing house<br />AKITA assigns a unique id (UID) to each user, regardless of where they are enrolled or by which biometric device.<br />AKITA contains customer defined data:<br /><ul><li>Demographic data
  11. 11. Photograph
  12. 12. User group
  13. 13. Scanned image of documents' relating to user enrolment</li></ul>2/16/2010<br />10<br />
  14. 14. Site 2<br />Site 3<br />Site 4<br />Site 1<br />Site 5<br />During the day users at Site<br />1 are enrolled using biometric<br />Type A (in this example, iris)and<br />third party application type A.<br />At Site 5 users are enrolled using<br />Biometric Type B (in this example<br />Fingerprint) and third party <br />application type B.<br />All sites enrol new users.<br />All are subscribers to the <br />SPOBT Service<br />Site 6<br />Site 7<br />Site 9<br />Site 8<br />
  15. 15. Site 2<br />After hours, all sites are polled by the SPOBT.<br />Each site gets notification from<br />the SPOBT service separately as<br />configured using the SPOBT Admin<br />Tool on a specific interval or on a daily <br />basis.<br />All new data is collected and<br />returned to the central server.<br />A SPOBT UID is assigned to all <br />new users.<br />Site 3<br />Site 4<br />Site 1<br />Site 5<br />Site 6<br />Site 7<br />Site 9<br />Site 8<br />
  16. 16. All sites are then warned “stand by” <br />to receive all updates from all sites. i.e. each site is about to be delivered a fully replicated copy of the SPOBT.<br />SPOBT can be hosted through WCF over TCP or WSDL through HTTP<br />Security in the SPOBT can be set to one of the following:<br />Windows Integrated<br />RSA Certificate<br />SSL<br />Custom<br />Site 2<br />Site 3<br />Site 4<br />Site 1<br />Site 5<br />Site 6<br />Site 7<br />Site 9<br />Site 8<br />
  17. 17. Site 2<br />All changes and updates from all sites then returned<br />to every other site, along with the unique ID (UID) assigned by<br />the SPOBT.<br />So if I enrolled with isay, Iris Type A at site 1 on Monday I can be<br />recognised with Iris Type B on Site 5 on Tuesday. (or at an interval as short as 60 seconds. Users define the<br />interval).<br />Site 3<br />Site 1<br />Site 4<br />Site 5<br />Site 6<br />Site 7<br />Site 9<br />Site 8<br />
  18. 18. Case Study<br />Corrections NSW<br />Glen Innes<br />Brewarrina<br />Grafton<br />Tabulam<br />Kemsey<br />Tamworth<br />Broken Hill<br />Parramatta<br />Muswellbrook<br />Cessnock<br />Parklea<br />Wellington<br />Lithgow<br />Kariong<br />Silverwater<br />Ivanhoe<br />Oberon<br />Silverwater Womens<br />Bathurst<br />MRRC<br />Emu Plains<br /><ul><li>Multiple remote sites, all connected
  19. 19. 500,000+ users
  20. 20. Two types of iris recognition cameras
  21. 21. One type of fingerprint Reader
  22. 22. Three different proprietary application layers</li></ul>Long Bay<br />John Moroney<br />Kirkconnell<br />Dillwynia<br />Berrima<br />Goulburn<br />Junee<br />Central Server<br />Mannus<br />Cooma<br />Correctional Centre<br />
  23. 23. 2/16/2010<br />16<br />
  24. 24. 2/16/2010<br />17<br />
  25. 25. 2/16/2010<br />18<br />Multiple applications,<br />biometrics, systems and sites<br />
  26. 26. 2/16/2010<br />19<br />Multiple applications,<br />biometrics, systems and sites = <br />potential multiple identities<br />
  27. 27. 2/16/2010<br />20<br />AKITA allows flexibility of applications and biometrics yet <br />ensures a single identity <br />
  28. 28. Central Management<br />2/16/2010<br />21<br />
  29. 29. Summary<br />A functional, working, central biometric clearing house<br />Multiple biometrics and multiple applications<br />When supporting Corrections business processes, eliminates identity fraud on their networks<br />Protects previous and future investments<br />2/16/2010<br />22<br />
  30. 30. Questions<br />2/16/2010<br />23<br />