Presentation SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure Access, by Sean Dyon and Jim Sullivan at the AMD Developer Summit (APU13) Nov. 11-13, 2013.
2. Agenda
•
•
•
•
•
•
•
BIO-‐key
background
The
problems
we
solve
Biometric
Opportunity
Architecture
BIO-‐key
+
AMD
+
TrustZone
FreeChoiceID
The
Biometric
Debate
3. BIO-‐key
InternaSonal,
Inc.
The
leader
in
fingerprint
biometric
idenSficaSon
soluSons
• US-‐Based
-‐
Headquartered
in
Wall,
NJ
with
development
labs
in
Eagan,
MN
• Founded
in
1993,
public
since
1997
• Fast,
high
accuracy
fingerprint
authenScaSon
and
idenSficaSon
plaTorm
with
device
interoperability,
and
cloud
ready
infrastructure.
• IntegraSons
and
agreements
with
leading
IAM
and
healthcare
technology
companies
such
as
IBM,
CA,
Oracle,
Allscripts
&
Epic
4. Commercial
Customer
Track
Record
SOME COMMERCIAL CUSTOMERS
!
AT&T
–
Retail
store
wireless
network
employee
ID
!
McKesson
–
PharmaceuScal
dispensing
cabinets
in
thousands
of
hospitals
naSonwide
!
!
!
NCR
(Radiant
Systems)
–
40,000
restaurant
POS
units
&
self
service
kiosks
LexisNexis
–
ID
verificaSon
and
fraud
prevenSon
for
all
MCAT,
CPA,
FINRA
and
CAT
examinees
at
2000
Prometric
tesSng
centers
worldwide
–
RealSme
5
year
alias
lookback
Allscripts
–
(Healthcare
soluSon
provider)
Electronic
Health
Record
access
soluSon
5. BIO-‐key
value
proposiSon
Fingerprint
enabled
endpoint
devices
plus
BIO-‐key
yields
connecHvity
to
exisHng
enterprise
IAM
plaIorms
and
integrated
enterprise
applicaHons
5
6. Frost
&
Sullivan
recognizes
BIO-‐key
Interna9onal,
Inc.
(BKYI)
with
the
2013
North
America
Frost
&
Sullivan
Award
for
CompeBBve
Strategy
InnovaBon
and
Leadership.
The
company
exclusively
offers
mobile
and
Internet-‐based
soGware
solu9ons,
giving
it
an
unbeatable
edge
in
the
cloud-‐based
fingerprint
biometric
solu9on
market.
10. SoluSon:
Interoperable
Soiware
• Insulates
device
manufacturers
and
ISVs
from
strict
dependence
on
scanner
specific
soiware
–
reduces
risk
• Offers
NIST
cerSficaSon
of
accuracy,
required
for
many
regulated
applicaSons
• Allows
for
free
interchange
of
scanners,
and
creates
a
longer-‐lived
asset
in
the
fingerprint
enrollment
• ExisSng
integraSons
with
leading
IAMs
12. Problem
2:
Algorithm
Accuracy
Letdowns
• Apple’s
scanner
hack
raised
the
awareness
of
the
vulnerability
of
having
a
poor
algorithm.
•
Most
scanner
manufacturers
focus
on
the
hardware
image
quality,
and
the
soiware
gets
short
shrii.
• The
natural
inclinaSon
is
to
make
the
thresholds
for
match
low
to
create
a
more
easy
to
access
result
13. Patented
Technology
•
BIO-‐key
technology
enhances
each
fingerprint
43X
•
Extracts
between
1,200
–
1,600
data-‐points
vs.
the
norm
of
50-‐60
•
MathemaScal
template
extraced
using
patented
Vector
Segment
Technology
Image
Capture
v
Image
Enhancement
Model
Creation
Positive Identification in One Second or Less
Matching
14. SoluSon:
Select
a
bemer
algorithm
Accuracy
is
usability
BIO-‐key
achieves
Top
Tier
Scores
for
Accuracy
False
Non Match Rate
BIO-key
IDS
Lockheed
Avalon
Parima
0.0113
0.1684
0.0179
0.0515
0.0133
0.0200
BIO-key
Averages
Imprivata
Imprivata
IDS
Lockheed
Avalon
Parima
0.0066
NA
NA
0.0225
0.0067
0.0094
Equal Error Rate
Averages
15. Fact:
BIO-‐key
Far
Outperforms
NaSve
Algorithms
Table 1: TAR at FAR of 0.0001
Name
POE
2C
0.9909
0.9978
0.9990
1C
L1
1Y
Sagem
1H
ID Solutions
Q
Neuro
1T
Thales
1I
BioLink
DOS
Sagem
DHS2
BIO-key
NIST's
mission
is
to
promote
U.S.
innovaSon
and
industrial
compeSSveness
by
advancing
measurement
science,
standards,
and
technology
in
ways
that
enhance
economic
security
and
improve
our
quality
of
life.
www.nist.gov
ID
1E
0.9908
0.9907
0.9905
0.9874
0.9844
0.9782
0.9748
0.9969
0.9994
0.9974
0.9960
0.9951
0.9920
0.9731
0.9988
0.9996
0.9989
0.9975
0.9980
0.9962
0.9880
DOS
POE
Table 9: Equal Error Rates
Name
ID
DHS2
BIO-key
2C
0.0047
0.0012
0.0005
L1
1Y
Sagem
1C
Sagem
1H
BioLink
1E
ID Solutions
Q
Thales
1I
Neuro
1T
0.0051
0.0058
0.0062
0.0072
0.0080
0.0087
0.0089
0.0004
0.0017
0.0013
0.0113
0.0023
0.0036
0.0023
0.0004
0.0009
0.0008
0.0043
0.0013
0.0019
0.0014
16. Real
World
Performance
Results
#4
Ranked
Hospital
251,447
authenScaSons
with
a
99.34%
success
rate
• Capture
1,500
to
2,000
points
of
data
• 40+
layers
of
image
enhancement
• Validated
by
The
NaSonal
InsStute
of
Standards
&
Technology
(NIST)
• Superior
“One
to
Many”
idenSficaSon
Month
Average
ID
Score
Successes
Failures
Success
Rate
%
November
89.56
251,447
1661
99.34%
Staff
ID#
FuncBon
QuanBty
Average
ID
Score
Low
Score
High
Score
Failures
Success
Rate
%
5,999
92
52
99
0
100%
xxxxxxxxx
ID
Submit
17. Problem
3:
Inside
the
box
thinking
If
the
only
enabled
applicaSon
for
the
scanner
authenScaSon
is
to
unlock
the
device,
then
the
value
to
the
user
is
limited.
18. SoluSon:
IAM
SoluSon
Architecture
User’s
Device
Applications
Utility
Functions
WEB-‐key
Client
Browsers
Cloud
Device
Options
Data
Store
19.
Integrated
with
WAM
&
ESSO
• CA
– Validated
SiteMinder
IntegraSon
– Joined
Cloud
Commons
• On
Sales
and
SoluSons
Catalogs
• IBM
– Validated
ISAM
for
Web
IntegraSon
– OEM
into
ESSO
• Oracle
– OAM
IntegraSon
– OEM
into
ESSO
14
20. OpenID
Flexible
MF
AuthenScaSon
RP
OpenID
Client
/
Browser
OpenID
Server
MulH-‐Factor
Auth
Proxy
MulH-‐Factor
Auth
Layer
(Server)
/
Master
IdP
USER
AUTH
User
Biometric
Client
PWD
Server
BIOMETRIC
USER
AUTH
SIM
/
UICC
DEVICE
AUTH
Biometric
Proxy
FuncHon
AAA
Biometric
Auth
Server
SIM
UE
HSS
22. Biometric
Market
Growth
From
Millions
to
Billions
8000
$6 Billion Dollar Market
Mobility
Mobile Banking & NFC
7000
6000
DEA ePrescription Guidelines
Approve Biometric Technology
5000
Electronic Health Records
Gov’t Incentive Program
Bangladesh
Voter ID
4000
3000
2000
1000
$261M
In 2000
Dot Com Crash
9/11
Increased
Need
Lockheed Martin
Wins F.B.I
BIO-key & Morpho
L1 Investment Partners
Focus on War Biometrics Roll-up
LSID
Physical Access
Light the fuse
0
2000
Traditional ID
2002
2004
Government & Civil ID
2006
Physical Access
2008
2010
Healthcare
2012
2014
Mainstream Consumer
Payments
Account Access
23. Biometrics
is
a
mulS-‐phase
market
The
market
we
were
built
to
address
is
the
next
market
2013
Hospitals
Blood
Centers
Retail
IAM
2010
FBI
Contract
2009
Sell
Law
Enforcement
Division
for
$11.3M
2007
Sell
Fire
&
Safety
Division
for
$7.4M
2004
Acquire
Public
Safety
Group
Acquire
Aether
Systems
Mobile
Gov’t
Div.
2000
–
2001
BIO-‐key
Formed
1996
Company
Publically
Traded
1995
SAC
Technologies
First
Patent
1993
BBG
Engineering
Seek
to
create
fingerprint
ID
soluSon
2013:
Tremendous
Track
Record
70+
Hospital
EHR
Systems
3,000+
Drug
Dispensing
Cabinets
3,000,000
Blood
Donors
80,000,000
Large
Scale
ID
Project
10
Registered
Patents
24. Ambidextrous
Biometric
Approach
• BIO-‐key
is
a
soGware
development
company
providing
full
and
complete
finger
biometric
soluSons
for
local
and
enterprise
use,
including
cloud
ready
server
plaTorms.
• Soiware
supports
and
provides
interoperability
for
all
major
fingerprint
reader
manufacturers,
devices
and
plaTorms.
• BIO-‐key
provides
a
secure,
web-‐based
infrastructure
supporSng
the
most
innovaSve
finger
scanning
devices
for
remotely
capturing
fingerprint
data
to
idenSfy
individuals
•
BIO-‐key
has
targeted
consumer
markets
with
our
plaTorm,
and
we
conSnue
to
innovate
on
how
to
make
that
plaTorm
meet
all
needs,
including
the
privacy
needs
of
the
end
customers.
This
infrastructure
quickly
scales
to
any
size,
and
can
be
accessed
from
any
device
with
an
internet
connecHon
using
any
supported
fingerprint
reader
25. Yesterday’s
Market
vs.
the
Next
Market
Yesterday’s
market
views
biometrics
as
a
point
soluSon,
responding
to
the
opportunity
to
get
creaSve
with
authenScaSon
with
a
myopic,
fear-‐based
approach.
Some
symptoms
are:
• Ignorance
of
biometric
enrollment
lifecycle
–
“only
match
here
in
the
device”
– This
leads
to
non-‐interoperable
algorithms
being
used,
and
vendor
lock
•
Thinking
that
the
scanner
technology
is
the
only
consideraSon
– Apple
fell
vicSm
to
this
in
putng
all
their
eggs
into
the
“market
leading”
sensor
company
without
the
algorithm
chops
behind
it
to
really
make
an
impact
on
security.
Now
they
can’t
let
the
data
off
the
phone,
and
they
were
quickly
hacked.
•
Forgetng
about
the
benefits
of
a
highly
trustworthy,
long-‐lived
biometric
idenSty
asset
to
associate
an
idenSty.
– Everyone
is
so
focused
on
the
print
never
leaving
the
phone.
What
if
I
already
gave
my
fingerprint
to
my
bank
and
they
just
want
to
match
the
person
effecSvely
standing
there
with
a
withdrawal
slip,
using
the
“you
will
know
it’s
me,
if”
metric?
•
p
25
Missing
the
benefits
of
the
fricSonless
authenScaSon
that
biometrics
offers
(think
of
a
doorman),
focusing
instead
on
a
bristling
authenScaSon
process
that
feels
more
like
Checkpoint
Charlie.
26. Yesterday’s
Market
vs.
the
Next
Market
The
Next
market
views
biometrics
as
an
asset
–
the
more
you
have
to
associate
with
it,
the
more
strategic
it
becomes.
PosiSve
indicators
are:
• Broad
use
of
biometrics,
in
different
contexts
–
face
to
face,
mobile,
at
kiosks,
and
at
home.
The
quesSons
being
asked
are
“What
about
other
applicaSons?”
• Realizing
that
the
scanner
is
going
to
be
an
evolving
capture
commodity
–
one
size
will
not
fit
all!
– Don’t
get
hung
up
on
the
belief
that
there
are
any
staSc
truths
about
all
fingerprint
capture
technology.
The
interoperable,
highly
accurate
enrollment
is
the
asset,
and
at
the
end
of
the
day,
only
one
person
has
the
real
finger
that
matches
the
enrollment.
p
26
• Biometrics
can
be
your
door
man,
making
a
secure
entry
easier
to
navigate
The
Next
market
operates
from
a
place
of
opportunity,
offering
idenSty
security
and
businesses
certainty
by
allowing
your
idenSty
to
be
in
a
vault,
not
just
watched
over.
The
Next
market
will
leverage
BIO-‐key’s
privacy
enhancing
plaTorm
features
to
make
biometrics
palatable
to
all.
27. Key
DifferenSators
ACCURACY
SPEED
&
SCALABILITY
" Superior
“One
to
Many”
idenSficaSon
for
de-‐duping
" Biometric
indexing
scalability
" Integrates
quickly
with
exisSng
hardware
&
web
applicaSons
" Scalable
over
many
servers,
scale
up
and
out
INTEROPERABILITY
" Device
independence
with
a
single
enrollment
" Every
major
fingerprint
reader
manufacturer
supported!
IdenHficaHon…Anywhere,
Anyplace,
AnyHme
28. So
what
can
Cloud
Biometrics
do?
• Works
face
to
face
when
it’s
just
you
wanSng
to
prove
who
you
are
–
not
device
dependent
– Really
important
when
you
lose
your
device
• One
enrollment
works
across
the
Internet
of
Things,
not
trapped
inside
one
device
29. So
what
can
Cloud
Biometrics
do?
• Allows
you
to
quickly
and
automaScally
prove
who
you
are
in
the
growing
disintermediated
economy
36. TrustZone
IntegraSon
• BIO-‐key’s
products
are
being
integrated
to
leverage
TrustZone
on
the
client
and
the
server.
– Trustonic
as
a
bridge
Page
36
37. WEB-‐key
and
TrustZone
User
Device
App
Server
Application
Browser
WEB-‐key
APIs
Application
WEB-‐key
APIs
Data
App
Server
Proxy
WEB-‐key
Client
WEB-‐key
Cache
Security
Service
Users
37
Audit
Config
38. FreeChoiceID
–
What
is
it?
BIO-‐key’s
FreeChoiceID
is
a
patent-‐pending
technology
soluSon
to
the
longstanding
problem
of
having
to
choose
between
trusHng
a
recipient
of
sensiSve
data
and
not
giving
the
data
at
all
Raises
comfort
levels
of
users,
reduces
liability
of
recipients
Has
broad
applicaSons
for
any
sensiSve
data
given
voluntarily
to
or
held
by
any
recipient
who
wants
to
offer
users
control
over
their
data
41. TradiSonal
ProtecSon
-‐Problems
• Requires
enrollees
to
trust
recipient’s
privacy
policy
(if
they
even
read
it)
• Revocability
–
data
is
“out
there”
• Data
is
subject
to
unintended
access
outside
of
policy
– Insider
access
– Data
thei
– Subpoena
– Snooping
agencies
42. BIO-‐key
FreeChoiceID:
Per
User
EncrypSon
+
Per
User
Control
Each
key
is
different,
and
is
controlled
by
the
user
43. FreeChoiceID
–
User
remains
in
command
of
their
private
data
• Every
request
for
access
to
secured
data
in
the
server
has
to
first
be
approved
by
the
data
owner
before
a
one-‐Sme
use
decrypSon
key
is
sent
to
the
server
– Always-‐on
smartphone
connecSvity
allows
this
– Human
created
key
can
also
be
used.
• All
decrypSon
and
matching
may
be
placed
in
TrustZone
to
ensure
that
data
access
is
limited
and
secure.
45. Widespread
Myth
=
Fear
Many
believe
that
a
biometric
system
behaves
like
a
password-‐
or
token-‐based
system,
in
that
possessing
or
knowing
something
empowers
anyone
to
be
an
imposter
for
another
person.
This
leads
to
concerns
that
a
hacked
database
costs
you
your
idenSty.
46. The
Truth
Will
Set
You
Free
Biometrics
in
fact
are
just
that,
“measurements
of
you.”
The
measurements
are
of
your
finger
ridge
detail.
The
credenHal
is
your
finger,
not
the
fingerprint
that
it
leaves
behind.
The
key
issue
is
ensuring
confidence
in
a
live
capture
of
an
actual
finger.
Only
if
we
believe
this
is
not
possible
to
assure
should
we
live
in
fear.
47. The
Biometric
Debate
Will
FEAR
or
EFFICIENCY
win
out
in
the
end?
Could
misconcepSons
about
biometrics
ulSmately
deny
our
economy
the
incredible
benefits
it
conveys?
Or
will
there
be
an
understanding
that
the
power
of
the
cloud
applies
in
biometrics,
to
ensure
that
only
you
can
use
your
idenSty?
48. The
Biometric
Debate
Will
FEAR
or
EFFICIENCY
win
out
in
the
end?
Is
fear
a
valid
reason
to
not
transmit
a
biometric
to
a
secure
server
which
in
most
cases
will
already
have
your
biometric
data
–
because
you
want
them
to
have
it,
to
protect
your
ID?
Aren’t
there
beler
ways
for
the
government
to
track
a
person
versus
biometric
matching?
49. Look
to
History
for
the
Answer
“EZPass”
Toll
Transponders:
FEAR:
The
government
will
track
you,
issue
speeding
Sckets
Reality:
They
may
track
you,
but
the
benefit
of
cruising
through
tolls
is
worth
it.
50. Look
to
History
for
the
Answer
Electronic
Devices
on
Planes
during
take-‐off
FEAR:
Electronic
acSvity
might
affect
the
plane’s
electronics,
or
distract
you
in
a
crash.
Reality:
These
fears
have
been
shown
to
be
unfounded
–
airlines
now
allowing
electronics
gate
to
gate
51. ArSficial
market
limitaSons
projected
onto
consumers
that
are
based
solely
on
FEAR,
not
actual
risk
impact,
will
eventually
be
challenged
and
displaced
in
favor
of
greater
efficiency
and
acceptance
of
managed
risk.