Is This Document the Real Deal?
Emerging technologies, innovative new business models and globalization are combining to unearth a whole new set of business opportunities. Yet all of this change is bringing a Pandora’s box of document security challenges and it’s commanding completely disruptive approaches to solving them.
One positive outcome from all of this change is a trend toward proactive document security. A myriad of disruptive approaches in entire processes are being adopted more rapidly than ever before. These processes are then further empowered by emerging technologies.
But it is the pace at which these disruptions are evolving and being adopted that is astounding to even the most seasoned security professional.
In some cases, specific global events have accelerated adoption of disruptive approaches to solving security challenges, such as after 9/11 when Dutch authorities introduced a new series of travel documents that would no longer be personalized on the spot but would require they be obtained at one of 750 offices located in the Netherlands.
In other cases, it is the responsiveness and ingenuity of technology product vendors that have brought disruptive solutions to meet these new document security challenges.
BIOMETRICSBiometrics is an example of a disruptive approach to document security that is being adopted faster than ever before and the emerging technologies that empower it are evolving equally as rapidly. As a method of identity management and authentication, biometrics has leapfrogged past conventional PIN and password technologies.
The rapid evolution of biometrics has been driven in part by regulations and in part by the maturation of the supporting technological systems and processes that surround it.
Bruce McCulley, an enterprise security architect, recently provided his analysis of biometrics. He has also provided some technical insight into one of the emerging technology products, Fidelica, which is taking a new approach to authentication that transcends many of the perceived limitations of biometrics. McCulley explained that in the early days of biometrics adoption, the development was slowed by concerns over the security of biometric databases themselves, given the volume of personally identifying information they contained. Biometrics also faced massive interoperability challenges that required significant investments in infrastructure before any global rollout could be called a success.
An interesting new approach to biometric identification integrates sensor and authentication logic into a single package, McCulley said. Vertical integration of a proprietary sensor technology for fingerprint imaging with the packaging and support logic required for enrollment and authentication provides a convenient building block for security systems designers and a step up for government and enterprise chief security officers. This eliminates the need to replace existing infrastructure and interoperability issues.
The only information that leaves the card is an authentication decision.
This should facilitate incorporating strong biometric features into two-factor authentication and could even provide a basis for convenient three-factor authentication systems.
Adoption of this biometrically authenticated card has been accelerated by the ubiquity inherent in leveraging the credit card-like package, ensuring the cardholder’s privacy and creation of a credential capable of engaging disparate ID and access systems.
RECOVERABLE BIOMETRICSAs more legislation is enacted around the world that mandates the use of biometric data and as commercial use of biometrics increases, the market for biometric information security and assurance will increase greatly. One example, Personal Identity Solutions’ President Brent Eastwood represented the U.S. recently at the NATO (North Atlantic Treaty Organization) Young Leaders Forum “Building Bridges for the Next Generation” in Riga, Latvia. Eastwood advised, “The problem that can’t be solved is public exposure of biometric information. We touch something - we leave behind our biometrics. It is part of living. In order for the biometrics market to expand, the owner of any biometric should be in control of its use. Eliminating the market value of the stand alone biometric identifier protects identity and preserves privacy.”
Eastwood recommended that the best way to protect biometric data is by making it recoverable. ”The need for recoverability should be a native feature within biometric input devices that spans biometric databases, legacy systems and existing biometric solutions. It should also include all standard natural identifiers.”
Recoverable biometrics is an innovative approach to data security. By interweaving complex, non-linear, mathematical and/or mechanical attributes (within the biometric data) recoverable biometrics creates a method of combinational processing of personally identifying biometric data. The result of which is defined as “identity.” Biometric-based identities possessing two or more attributes or “degrees of uniqueness” are therefore replaceable, also installing complete privacy for the user as well as enhanced security and trust of any biometric.
ANTI-FORENSICSHowever it’s not just security professionals taking advantage of globalization and innovation in employing disruptive approaches. Anti-forensics is also being rapidly adopted and evolving at a faster rate than ever before.
While a key premise behind forensics has always been accurate collection and preservation of court-submissible evidence, anti-forensics attempts to negatively affect the quality of such evidence. Timestamp altering anti-forensic technologies that render those timestamps recovered by forensics tools unreliable in court are becoming increasingly popular and are reaching a disturbing level of technological maturation.
One market accelerant driving adoption and development of anti-forensic technologies is the ever-constant desire by perpetrators to not get caught. Combined with the proliferation of new media devices containing gigabytes of unprotected personally-identifying data and the significant increase in profitability behind identity theft makes anti-forensics a serious threat to document security.
From original fingerprint log tampering to iris scan spoofing, anti-forensics is literally becoming a “get out of jail free” card. As fast as forensics tools can be developed, anti-forensics technologies seem right behind them.
So for all of the social and technological advancement that globalization and innovation has brought us, have we really made any progress in the fight against identity theft?
For document security, best practices haven’t changed at all. Best practice is as it has always been: a layered approach. The real advantage that globalization and innovation have brought is executive management finally recognizes the need for proactive, rather than reactive, document security. And that is progress.