Multiple Biometrics Case Study With 100,000+ Users

711 views

Published on

A Central, Distributed, Multi-Biometric, Multiple Application Server

A NSW Case Study using multiple biometrics, multiple applications and 100,000+ users.

  • Be the first to comment

  • Be the first to like this

Multiple Biometrics Case Study With 100,000+ Users

  1. 1. Central, Distributed, Multi-biometric, Multiple Application Server<br />A NSW Case Study using multiple biometrics, multiple applications and 100,000+ users.<br />
  2. 2. Background<br />How do biometrics fit?<br />Cost and complexity of securing applications<br />Establishing integrity across numerous processes and rules<br />Protecting investments<br />Future proofing<br />2/16/2010<br />2<br />
  3. 3. Corrective Services NSW<br />An early adopter of biometrics<br />A commercial focus<br />Explored many technologies and applications<br />2/16/2010<br />3<br />
  4. 4. Corrective Services NSW<br />Imperatives<br />Wrongful release<br />Mitigating multiple identities<br />Numerous applications<br />Connect information with operations<br />2/16/2010<br />4<br />
  5. 5. Some Variables<br />30+ sites<br />Broad geography<br />Scaling to 500,000+ users<br />Government network<br />No COTS available<br />Variety in backend environment<br />Multiple biometric technologies<br />Multiple applications<br />Multiple vendors<br />2/16/2010<br />5<br />
  6. 6. Corrective Services NSW<br />Concept: Single Point of Biometric Truth<br />A single identity marker regardless of biometric type or application<br />Available in near real time across the whole network<br />Underpins various DCS business processes<br />2/16/2010<br />6<br />
  7. 7. Corrective Services NSW<br />Capabilities<br />Accept other systems without design/integration overheads<br />Future proofed<br />Scale to 500,000+<br />Network performance not impact it<br />Redundancy across all sites<br />2/16/2010<br />7<br />
  8. 8. Design Process<br />Single Point of Biometric Truth<br />Nothing off the shelf<br />No clarity around business rules<br />Multiple companies<br />2/16/2010<br />8<br />
  9. 9. What Was Built?<br />A “single point of biometric truth” which:<br />Accepts data from various biometric hardware vendors<br />Accepts proprietary software applications <br />Provides near real time (NRT) updates remote data bases<br />2/16/2010<br />9<br />
  10. 10. What is AKITA?<br />AKITA is a biometric identification clearing house<br />AKITA assigns a unique id (UID) to each user, regardless of where they are enrolled or by which biometric device.<br />AKITA contains customer defined data:<br /><ul><li>Demographic data
  11. 11. Photograph
  12. 12. User group
  13. 13. Scanned image of documents' relating to user enrolment</li></ul>2/16/2010<br />10<br />
  14. 14. Site 2<br />Site 3<br />Site 4<br />Site 1<br />Site 5<br />During the day users at Site<br />1 are enrolled using biometric<br />Type A (in this example, iris)and<br />third party application type A.<br />At Site 5 users are enrolled using<br />Biometric Type B (in this example<br />Fingerprint) and third party <br />application type B.<br />All sites enrol new users.<br />All are subscribers to the <br />SPOBT Service<br />Site 6<br />Site 7<br />Site 9<br />Site 8<br />
  15. 15. Site 2<br />After hours, all sites are polled by the SPOBT.<br />Each site gets notification from<br />the SPOBT service separately as<br />configured using the SPOBT Admin<br />Tool on a specific interval or on a daily <br />basis.<br />All new data is collected and<br />returned to the central server.<br />A SPOBT UID is assigned to all <br />new users.<br />Site 3<br />Site 4<br />Site 1<br />Site 5<br />Site 6<br />Site 7<br />Site 9<br />Site 8<br />
  16. 16. All sites are then warned “stand by” <br />to receive all updates from all sites. i.e. each site is about to be delivered a fully replicated copy of the SPOBT.<br />SPOBT can be hosted through WCF over TCP or WSDL through HTTP<br />Security in the SPOBT can be set to one of the following:<br />Windows Integrated<br />RSA Certificate<br />SSL<br />Custom<br />Site 2<br />Site 3<br />Site 4<br />Site 1<br />Site 5<br />Site 6<br />Site 7<br />Site 9<br />Site 8<br />
  17. 17. Site 2<br />All changes and updates from all sites then returned<br />to every other site, along with the unique ID (UID) assigned by<br />the SPOBT.<br />So if I enrolled with isay, Iris Type A at site 1 on Monday I can be<br />recognised with Iris Type B on Site 5 on Tuesday. (or at an interval as short as 60 seconds. Users define the<br />interval).<br />Site 3<br />Site 1<br />Site 4<br />Site 5<br />Site 6<br />Site 7<br />Site 9<br />Site 8<br />
  18. 18. Case Study<br />Corrections NSW<br />Glen Innes<br />Brewarrina<br />Grafton<br />Tabulam<br />Kemsey<br />Tamworth<br />Broken Hill<br />Parramatta<br />Muswellbrook<br />Cessnock<br />Parklea<br />Wellington<br />Lithgow<br />Kariong<br />Silverwater<br />Ivanhoe<br />Oberon<br />Silverwater Womens<br />Bathurst<br />MRRC<br />Emu Plains<br /><ul><li>Multiple remote sites, all connected
  19. 19. 500,000+ users
  20. 20. Two types of iris recognition cameras
  21. 21. One type of fingerprint Reader
  22. 22. Three different proprietary application layers</li></ul>Long Bay<br />John Moroney<br />Kirkconnell<br />Dillwynia<br />Berrima<br />Goulburn<br />Junee<br />Central Server<br />Mannus<br />Cooma<br />Correctional Centre<br />
  23. 23. 2/16/2010<br />16<br />
  24. 24. 2/16/2010<br />17<br />
  25. 25. 2/16/2010<br />18<br />Multiple applications,<br />biometrics, systems and sites<br />
  26. 26. 2/16/2010<br />19<br />Multiple applications,<br />biometrics, systems and sites = <br />potential multiple identities<br />
  27. 27. 2/16/2010<br />20<br />AKITA allows flexibility of applications and biometrics yet <br />ensures a single identity <br />
  28. 28. Central Management<br />2/16/2010<br />21<br />
  29. 29. Summary<br />A functional, working, central biometric clearing house<br />Multiple biometrics and multiple applications<br />When supporting Corrections business processes, eliminates identity fraud on their networks<br />Protects previous and future investments<br />2/16/2010<br />22<br />
  30. 30. Questions<br />2/16/2010<br />23<br />

×