Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina.

Slides:



Advertisements
Similar presentations
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Advertisements

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
International Telecommunication Union ASN.1 Today and Tomorrow © 2002 OSS Nokalva.
Summary Introduction The protocols developed by ITU-T E-Health protocol Architecture of e-Health X.th1 X.th2 to X.th6 Common Alerting Protocol Conclusion.
Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
11-1 ©2007 Raj JainCSE571SWashington University in St. Louis Kerberos V5 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130
Authentication Applications
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
PIV Data Model Testing Ketan Mehta March 3, 2006.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography and Network Security Chapter 17
Electronic mail security -- Pretty Good Privacy.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Chapter 8 Web Security.
Web services security I
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Electronic Mail Security
S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Hosted by: June 23-26, 2003 New York City State of Biometric Standards Jeff Stapleton, Manager Information Risk Management
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
DICOM Security Andrei Leontiev, M.S. Dynamic Imaging.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
Web305 Security Practices for Web Services (Part 1) : Now I Understand Eric Schmidt Technical Evangelist Platform Strategy & Partner Group Microsoft Corporation.
 A Web service is a method of communication between two electronic devices over World Wide Web.
NETWORK SECURITY.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TNC Proposals for NEA Protocols Presentation by Steve Hanna to NEA WG meeting at IETF 71 March 11, 2008.
PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.
ITU K ALEIDOSCOPE 2013 October 18, 2012 G RIFFIN – A PRIL 2013 IEEE Global Communications 2015 Conference IoTAAL Workshop - Sunday, December 6, 2015 Security.
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.
Cryptography CSS 329 Lecture 13:SSL.
Ketan Mehta March 3, 2006 PIV Data Model Testing Ketan Mehta March 3, 2006.
Key management issues in PGP
Computer Communication & Networks
Chapter 5: The Art of Ensuring Integrity
Instructor Materials Chapter 5: The Art of Ensuring Integrity
XCBF - XML Common Biometric Format
Instructor Materials Chapter 5: The Art of Ensuring Integrity
Presentation transcript:

Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina USA

May OASIS XCBF TC XCBF - XML Common Biometric Format – X9.84 Biometric Information Management and Security – BioAPI Specification Version 1.0 and 1.1 – CBEFF - Common Biometric Exchange File Format X ASN.1 XML Encoding Rules (XER) X9.96 XML Cryptographic Message Syntax - X9.73 Cryptographic Message Syntax - X.509 Certificates 1024 bytes - X9.68 Compact Domain Certificates 170 bytes

May XCBF/X9.84 BiometricObject F EC010000BEF7F15DC593F44F

May X9.84 Revelation Biometric data cannot be kept confidential –faces can be photographed –voices can be recorded –fingerprints can be lifted –signatures can be copied Thus the security of an authentication system cannot rely on secrecy of biometric data Instead, must ensure the integrity and authenticity of the biometric data – privacy is optional

May X9.84 in a Nutshell Establishes a FRAMEWORK consisting of components –Data Capture, Signal Processing, Matching, Storage, etc. Defines REQUIREMENTS for operating a biometric authentication system in a financial services environment –Enrollment, Verification, Identification and Storage Provides TECHNIQUIES satisfying the privacy, integrity and authenticity requirements for biometric data (ASN.1) –Harmonized w/ NISTR 6529 CBEFF & BioAPI Specification 1.0 Offers comprehensive set of CONTROL OBJECTIVES –professional auditor can validate a biometric authentication system

May CBEFF XCBF Biometric Architecture Biometric Service Provider BioAPI Framework Application BIR Cryptographic Service Provider X9.84 Biometric Security XER/DER Biometric Object Biometric Validation Control Objectives

May XCBF Integrity BiometricSyntax and ASN.1 Encoding Rules (DER, XER) –Integrity and mutual authentication requirements [1] Biometric Header Biometric Data (BD) Integrity Block AID Security Info Integrity Value [0] Biometric Header Biometric Data (BD) UnprotectedIntegrity Algorithm Identifier RSA / SHA-1 DSA / SHA-1 ECDSA / SHA-1 MAC or HMAC Security Info algorithm parameters key management info Integrity Value digital signature MAC

May XCBF Integrity ASN.1 BiometricObject can be digitally signed, MACed (or HMAC), or used in CMS SignedData or CMS AuthenticatedData using DER or XER [1] Biometric Header Biometric Data (BD) Integrity Block AID Security Info Integrity Value [0] Biometric Header Biometric Data (BD) UnprotectedIntegrity IntegrityObject ::= SEQUENCE { biometricObject BiometricObject, integrityBlock IntegrityBlock } IntegrityBlock ::= CHOICE { signature Signature, mac Mac, signedData SignedData, authenticateData AuthenticatedData }

May XCBF Privacy Biometric Syntax and ASN.1 Encoding Rules (DER, XER) –Privacy Option [2] Biometric Header Privacy Block AID Security Info Biometric Data [0] Biometric Header Biometric Data (BD) UnprotectedPrivacy Algorithm Identifier DES Triple DES AES Security Info algorithm parameters key management info Biometric Data encrypted data encrypt Biometric Data (BD) Biometric Data (BD)

May XCBF Privacy ASN.1 BiometricObject can be used in CMS EncryptedData, CMS EnvelopedData or encrypted with a named key using DER or XER encoding rules [2] Biometric Header Privacy Block AID Security Info Biometric Data [0] Biometric Header Biometric Data (BD) UnprotectedPrivacy PrivacyObject ::= SEQUENCE { biometricHeader BiometricHeader, privacyBlock PrivacyBlock } PrivacyBlock ::= CHOICE { fixedKey EncryptedData, namedKey NamedKeyEncryptedData, establishedKey EnvelopedData } NamedKeyEncryptedData ::= SEQUENCE { keyName OCTET STRING, encryptedData EncryptedData } encrypt Biometric Data (BD) Biometric Data (BD)

May XCBF Integrity & Privacy Biometric Syntax and ASN.1 Encoding Rules (DER, XER) –Integrity and authentication with privacy [1] Biometric Header Integrity Block AID Security Info Integrity Value [0] Biometric Header Biometric Data (BD) [3] Biometric Header Privacy Block AID Security Info Biometric Data Integrity Block AID Security Info Integrity Value Biometric Data (BD) encrypt generate digital signature

May XCBF Integrity & Privacy ASN.1 Biometric Syntax and ASN.1 Encoding Rules (DER, XER) –Integrity and authentication with privacy [1] Biometric Header Integrity Block AID Security Info Integrity Value [3] Biometric Header Privacy Block AID Security Info Biometric Data Integrity Block AID Security Info Integrity Value Biometric Data (BD) encrypt PrivacyAndIntegrityObject ::= SEQUENCE { biometricHeader BiometricHeader, privacyBlock PrivacyBlock, integrityBlock IntegrityBlock } Represented in XML as......

May Useful Links XCBF and X9.84 rely heavily on ITU-T SG17 Technologies. ASN.1 X.680 and X Directory X.500 Standards Module Database Syntax Checker and Books Recommendations Host: ftp://ties.itu.int login: asn1 password: notation1ftp://ties.itu.int Griffin Consulting -Secure Messaging Design, Tools and Services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.