Biometrics: Government and Public Safety Opportunities Presented by: FRANCES ZELAZNY DIRECTOR OF CORPORATE COMMUNICATIONS

Agenda The New Climate for Biometrics Prerequisites for Accelerated Adoption Key Legislation Standards Technology Advances Integrated Solutions The role of biometrics

The Decade of Security The New World Networked, Global,…, Challenged!  Terrorism  Border Control  Immigration  Crime  The Internet  Mobile Access  Identity Fraud/Theft A New Framework for Security Is Needed

Security Based on Trust Security Must Go Beyond Fences, Doors & Firewalls to Establishing Trust & Gating Human Actions Trust Biometrics Identification

Government Regulated Industries Commercial (Mass Adoption) Law enforcement Dept. of Defense Financial m-commerce Fortune 2000 e-commerce Access Healthcare Transportation Transactions Federal Agencies Point of Sale Evolution Towards Mainstream National ID Programs

Prerequisites for Accelerated Adoption Clear Value Proposition Mission & Mandate & Political Will Legislation driven Clearing Adoption Barriers: End user resistance: Awareness & Education Privacy concerns: Responsible use & IBIA principles Validation Initiatives Building practical technical architecture RFI/RFP Pilots Standards Technology Advances & Maturation Funding

Pre 9/11 Legislation E-Sign Act Recognized biometrics as a form of digital signatures Health Insurance Portability & Accountability Act (HIPAA) Regulations support use of biometrics as a means to protect privacy of patient records Financial Services Modernization Act Privacy regulations covering information sharing among financial institutions and their affiliates

9/11 Effect By November 2001, 16 Congressional Legislative Initiatives Cited Biometric Implementation Made Increased Deployment in Civil and Government Programs Inevitable Mandated Use in Critical Infrastructure Accelerated Private Sector Adoption Key Legislation: Aviation and Transportation Security Act (2001) USA PATRIOT Act (2001) Enhanced Border Security and Visa Entry Reform Act (2002) Maritime Transportation Security Act (2002) Defense Appropriation 2002, 2003

Clear Political Will “…every foreign visitor desiring entrance into the United States to carry a travel document containing biometric identification -- that would be fingerprints or facial recognition “ President George W. Bush, May 14, 2002 “Fingerprints do not lie” Attorney General, John Aschroft, June 4, 2002 Formation of National Biometric Security Project

Initiatives New Initiatives/Pilots for Testing Solution Architecture & Operational Scenarios: DOD: Common Access Card (CAC) DHS/TSA: Transportation Worker Identification Card (TWIC) DHS: US VISIT (Entry / Exit) GSA: Smart Access / Common ID Continued discussions on Trusted Traveler, Drivers’ License Standard Extensive NIST & DARPA testing programs Expect/Hope for Government to GFE biometrics in their upcoming RFPs

Current Structure Ad-Hoc Group on Biometric Application Profiles Ad-Hoc Group on Biometric Data Interchange Formats Ad-Hoc Group on Biometric Interoperability in Support of the Gov. Smart Card Framework Ad-Hoc Group on Biometric Performance Testing, Quality, and Definitions Standards Activities – M1

Standards Under Development Application Profile Verification & Identification of Transportation Workers Application Profile Personal Identification for Border Crossing Application Profile Biometric Verification in Point-of-Sale Systems Finger Minutiae Format for Data Interchange Finger Pattern-Based Interchange Format Face Recognition Format for Data Interchange Finger Image Interchange Format Iris Image Format for Data Interchange M1 Standard

M1 Standards Incubators

Technology Advances: FRVT 2002 Demonstrated that facial recognition is ready for prime- time in large-scale 1 to many applications Accuracy comparable to finger under controlled environment Top tier technologies demonstrate maturation of industry Need to focus our efforts on supporting large implementations, quite different than a technology race Scalability, Redundancy, Flexibility are Key

Technology Advances: Live Scan A central component of registration and background checking process Capturing the gold standard tenprint New technologies like Moisture Discriminating Optics, Clear Trace Imaging, Dual Beam Illumination make it possible to capture clearer prints for maximum hits, higher throughput with less maintenance issues & lower cost

Technology Advances: Mobile ID Mobile units allow for spot checks along the border using dual biometrics (finger and face) Huge impact on domestic agencies that are already using these types of systems 100% of all hits verified

Technology Advances: Face & Finger Fusion Face & Finger biometrics readily address legacy data issues Int’l Civil Aviation Organization (ICAO) 9303 recommends face methods in travel documents November GAO Report (GAO ) on the use of Biometrics and Border Security very positive towards face & finger January NIST Report (303a) supports the use of face & finger biometrics on border Proven performance improvements through fusion logic

Integrated Solutions: The Role of Biometrics While biometrics are critical for new security framework Must keep in mind they: Are merely an enabling component Must be viewed as subservient to overall security requirements Impose significant constraints on system design Looking at security from biometric end is tantamount to the “tail wagging the dog.”

Biometrics’ Constraints, Why? Imperfect technologies Unfamiliar to end-users Workflow change Difficult to scale Data security issues Integration challenges Complex Architecture remote distributed systems impact both client & server-sides Raise legal & social issues (e.g. privacy) Biometric complexity creates opportunity for a new component that simplifies integration & adoption: “Identity Framework”

Identity Framework Middleware play: That provides identity information & user management to any security application Expected to become largest IT infrastructure play over next 5 yrs Dramatically enhances biometric value proposition Next: Examine traditional vs. Identity Framework- based approaches to holistic security Security Systems Biometrics Identity Framework

Physical Transacti onal Access Logical Background Checking Qualification Trusted Identity Negative Databases Data-Mining Engines Intelligence Identity Processes ID Databases Data Capture (biometric, ID) Enrollment Badging, ID Cards, etc Credential Issuance PKISurveillance Detection On Demand ID

Traditional Security Systems: Stove-Piped Not leveraged: significant redundancies Many loop holes Long term: higher total cost of ownership (more costly to maintain, upgrade, or add new capabilities) System 1 Adding Biometrics System 2System 3 Biometrics System 1 Biometrics System 2System 3

Continuity of Authentication™ Common underlying technical architecture Handle multiple biometrics Handle non-biometric methods Audit all biometric and non-biometric transactions

Using Identity Framework Shared identity-related services with well defined API Ties components from different vendors to create a holistic system Same Identity data served across many different security applications Continuity of Authentication Universal Access System 1 System 2 System 3 Biometrics … Identity Framework

Building Holistic Systems Multiple components invariably required to deliver overall security or identity systems Example: AFIS Live scan, Access control, Information security, Badging, etc. End user may consider procuring total system from single vendor Risks: Single vendor is unlikely to always have “best of breed” offerings for all component Technology vendors not necessarily best system integrators Proprietary total solution may trap end user by eliminating choices down the line

Lowering The Risk Adopt Identity Framework Best of breed identity technologies/biometrics from various vendors System integrator to pull overall system together Advantages: More competitive solution Better solution: Flexible, Scalable, Interoperable, Interchangeable Staged development & deployment Not locked into vendor proprietary offering X

The Last Word Biometric performance should be looked at in context of total systems Biometric systems can meet real world requirements today! Identity Management begins with adopting a framework -- a critical middleware that can enhance biometric value & allow staged adoption of biometrics without violating system design principles Continue to be very upbeat about biometrics & their role in enhancing total security!

For More Information NameFrances Zelazny TitleDirector of Corporate Communications Phone: Fax: Web Site: