Id Card Template Samples by ztg35984

VIEWS: 155 PAGES: 36

More Info


   September 7th 2005

 Presentation by Tamer Uz
 Chapter I

   Descriptions
   Authentication
   Overview of Biometric Systems
   Biometric Identification
   Biometric Verification
   Biometric Enrollment
   Biometric System Security
   Biometrics: Science of identifying, or verifying the
    identity of, a person based on physiological or
    behavioral characteristics.
   Authorization:        Authentication:
    Permission or          Validating or figuring
                           out the identity of a
    approval.              person.
   There are 3 traditional way of verifying the
    identity of a person:
       Possessions (keys, passports, smartcards , …)
       Knowledge
            Secret (passwords, pass phrases, …)
            Non-secret (user Id, mothers maiden name, favorite
       Biometrics
            Physiological (fingerprints, face, iris, …)
            Behavioral (walking, keystroke pattern, talking, …)
   The 3 modes of authentication are sometimes
       User id + password
       ATM card + password
       Passport + face picture and signiture
There are two different authentication methods in

   Verification: Is he/she the person who claims he/she
    is? Works with id + biometrics. Thus it is based on a
    combination of modes.

   Identification: Who is this person? Uses only the
    biometrics and searches the entire database.
  Overview of Biometric Systems
There are five important properties of biometric

1. Universality
2. Uniqueness
3. Permanence
4. Collectability
5. Acceptability
 Overview of Biometric Systems

Biometric Identifiers
 Overview of Biometric Systems
Biometric Subsystems
 Biometric readers (sensors)

 Feature extractors

 Feature Matchers
  Overview of Biometric Systems
A generalized diagram of a biometric system is as
    Overview of Biometric Systems
Design Issues:
4 basic design specifications of biometric systems are

   System accuracy
        How often the system accepts an imposter (FAR)
        How often the system rejects a genuine user (FRR)

   Computational Speed

   Exception Handling
        Failure to use (FTU)
        Failure to enroll (FTE)
        Failure to acquire (FTA)

   System Cost
    Overview of Biometric Systems
Engineering Questions                           -   What feature set is amenable for automatic
-   Trusting people/biometrics?
                                                -   Given the input data how to extract the
-   Which biometrics is best for a given            features from it?

-   How are the error numbers that are          -   How to define a matching metric that
    reported for different biometrics to be         translates the intuition of “similarity” among
    interpreted?                                    the patterns?
-   Are new security holes created because of   -   How to implement the matching metric?
    the use of the biometrics?
                                                -   Organization of the database?
-   How to achieve a low exception rate?
                                                -   Methods for searching the database?
-   How to acquire the biometrics and how to
    do it in a convenient way?
                                                -   Security?

                                                -   Privacy?
        Biometric Identification
Biometric identification is based only on biometric
          Biometric Identification
Biometric identification system can be used in
  two different modes

•   Positive identification
    •   Authorization of a group without id
•   Negative identification
    •   Most Wanted List
         Biometric Verification
Biometric verification differs from biometric
  identification in that the presented biometric is only
  compared with a single enrolled biometric entity
  which matches the input id
           Biometric Verification
There are two possible database configurations for the
  verification systems

Centralized Database: As the name suggests the enrollment
  information is in a central database. When the token (id/card)
  is provided, the corresponding biometrics is retrieved and the
  comparison is made with the newly presented biometric
  sample. E.g. laptop

Distributed Database: In this case the enrollment template is
  usually stored in a device that the user carries. The user
  provides the device and his/her biometrics. Then the
  comparison is performed between the two. E.g. smart cards
             Biometric Enrollment
Process of registering subjects in biometric database
Positive Enrollment:
   •   To create a database of eligible subjects
   •   Biometric samples and other credentials are stored in the database. An
       id (or a smart card) is issued to the subject.
Negative Enrollment:
   •   To create a database of ineligible subjects
   •   Often without subject cooperation or even knowledge
        Biometric System Security
   Possible Security Concerns:
       Biometric information is presented when the owner is not

       Hacking the scanner, feature extractor, matcher, database,
        and any other possible module in the system.
 Chapter II

   Descriptions
   Secure Authentication Protocols
   Access Control Security Services
   Authentication Methods
   Authentication Protocols
   Matching Biometric Samples
   Verification by Humans
   Passwords vs. Biometrics
   Hybrid Methods
   Authorization: Permission to access a resource

   Access Control: A mechanism for limiting the use of some
    resource to authorized users

   Access Control List: A data structure associated with a
    resource that specifies the authorized users and the conditions
    for their access

   Authenticate: To determine that something is genuine; to
    determine reliably the identity of the communicating party

   Authentication: Permission to access a resource
 Secure Authentication Protocols
Characteristics of an authentication protocol:
 Established in advance

 Mutually agreed

 Unambiguous

 Complete (Able to handle exceptions)

An authentication protocol itself does “not” guarantee
Access Control Security Services
Some basic security services that should be offered by
  any access control system are:
 Authentication

 Non-repudiation

 Confidentiality
        Authentication Methods
Possession (P)
Knowledge (K)
Biometrics (B)
         Authentication Protocols
Authentication protocol is the tasks the user and the
 access point has to perform to be able to determine
 whether the user has enough credentials or not.

Part of Authentication Protocols:
      Enrollment
      Tokens. E.g. T={x1…xn|xi Є (P,K,B)}
      Comparison rules. E.g. Matching threshold
      Other rules. E.g. “Three strikes and you are out”, or the
       order of the presentation of the tokens: “First id number,
       then the fingerprint, and than the key”
     Matching Biometric Samples
• P and K are checked by exact comparison;
• B is compared via pattern recognition techniques because of sampling
  variations, noise and distortions

Three crucial design aspects of biometric system:
•  The biometric sampling or signal acquisition (B=f(ß))
•  The similarity function s=s(B1, B2) between two templates
•  The decision threshold T that decides on a match or mismatch
     Matching Biometric Samples
Only the biometrics is needed (no id is claimed).

•   Authorization is granted if d=di
•   Multiple di might satisfy the similarity criteria. A secondary
    matcher (possible a human expert) tries to narrow it down.
     Matching Biometric Samples
   Screening

•   Negative identification.

•   Searching whether a subject is in an “interesting” people
    database or not. (Most wanted criminals)

•   Using biometrics only may result in too many false positives
    (or false negatives depending on T). Bad ROC.

•   Therefore several tokens P1, B1, K1, P2, K2, B2 etc. should
    be matched with the ones in the file.
     Matching Biometric Samples
   Verification
•   Id + B is provided. (Sometimes K too)
•   The template corresponding the Id is retrieved from
    the database
•   If s(B,Bi)>T pass, else fail.
     Matching Biometric Samples
   Continuity of Identity

•   Are the authenticated and authorized persons
    the same?

•   Re-establishing the authentication credentials

•   Surveillance cameras
         Verification by Humans
   By looking at the biometrics (face, signatures…)
   Face verification error rate 1:1000
   Signature verification is not very secure
     Passwords versus Biometrics
   Passwords: Exact match
   Biometrics: Probabilistic match
       FAR, FRR
                Hybrid Methods
   More than one identifier is used {P, K, B}
   Two Remarks
       B with {P, K}. Reduces identification to
        verification (from 1:many to 1:1)
       B1 with B2. Results in better ROCs than using
        only B1 or only B2
   Combination of matching scores is an
    application specific problem

To top