Identity Management: Open Biometrics
May 6, 2006
Providing a solution to a problem for an individual situation is simple. Providing a solution to a problem for the entire United States is an order of magnitude. Providing a solution for which the entire world can share in, and has their individual needs meet, is monumental.
This is exemplified by the current state of biometrics technology. Outside of the AFIS database shared by multiple nations there is no biometrics repository of any kind. In order to effectively track, catch or even slow down terrorists, this is exactly what will be required. Several companies currently provide their version of border control, biometrically enabled identity management solutions. However each company’s software requires registration of the user and storage into their proprietary architecture. This may work for a single country to register all persons entering and exiting at the borders, but how does this relate to providing a comprehensive blanket of protection for the world?
Get specificIn order for that to happen, a consortium of world technology leaders must outline their specific requirements for what is tracked, how alerts are delivered, how information is shared, what information is shared and several other factors. This is all after-the-fact information, accessible after the system knows who is requesting access or departure. Ideally, travelers would go to an authorized registration point within any of the participating countries and register their biometric and other related information. These registrations would then be shared across the globe to all participants.
The sharing of registrations provides not only a single point of convenience to the traveler but also aids in detecting potential circumvention of the system.
For this to work effectively, multiple biometric technologies must be utilized within the system. Since no one biometric works for everyone, a layered approach to biometric implementation should be required. Should a traveler fail to register with a fingerprint they could use iris, voice, face or any of the other biometric technologies. The system would track what has passed and what has failed for further detection of circumvention.
Even if fingerprint registration is not possible, images of the traveler’s fingerprints should be taken. This would provide a wealth of information for development of richer algorithms as well as human visual inspection.
Once this repository is under way, smaller applications could also use the repository for use within their applications. This would eliminate the individual registration for each biometric application. Once installed, the application for time and attendance or access control could download the registrations from the repository. This would also help track suspected terrorist hiding within small towns.
Events managementShort of having a national repository of biometrics, smart cards offer an excellent method for a portable database. The current state of smart cards has proven to be less than stellar for security. But the technology will get better, and over time should become a proven leader for portable applications.
Technology grows by leaps and bounds, so while it is common for first-world countries to expect high-speed wireless connection at McDonalds, much of the world’s population has yet to incorporate the Internet into their daily lives. When taken on a global scale, a common denominator must be found. Contactless smart cards are a low-cost solution to a less-than-perfectly connected world. As the world becomes more interested in securing public venues from terrorist threats, the time to act is now. Smart cards provide the means to increase security with valid credentials instantly.
A large problem with smart card deployment in a large community is the cooperation from vendors on how their data is stored and located on the card. In a university setting a smart card may be employed as a debit system at the campus store. The campus store application uses location A on the smart card for storage of its information. The university library also has a smart card application that tracks which books are checked in and out of the library, and also uses location A on a smart card. The current solution is to issue two smart cards to each student or have the vendors of the applications change their application so that they could both share the same card. But security companies have developed a software abstraction layer for smart cards that allow multiple vendors to work with a single smart card. The universal card engine (UCE) allows a single smart card to support multiple vendor independent applications. By implementing UCE, each vendor could simply change the logical location of storage on the card without recompiling a single line of code.