Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina.

Similar presentations


Presentation on theme: "Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina."— Presentation transcript:

1 Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina 27608-2319 USA +1 919 291 0019 phil.griffin@asn-1.com

2 May 2002 1 OASIS XCBF TC XCBF - XML Common Biometric Format – X9.84 Biometric Information Management and Security – BioAPI Specification Version 1.0 and 1.1 – CBEFF - Common Biometric Exchange File Format X.693 - ASN.1 XML Encoding Rules (XER) X9.96 XML Cryptographic Message Syntax - X9.73 Cryptographic Message Syntax - X.509 Certificates 1024 bytes - X9.68 Compact Domain Certificates 170 bytes

3 May 2002 2 XCBF/X9.84 BiometricObject 1 14000000F40100000100120003... 000000000EC010000BEF7F15DC593F44F

4 May 2002 3 X9.84 Revelation Biometric data cannot be kept confidential –faces can be photographed –voices can be recorded –fingerprints can be lifted –signatures can be copied Thus the security of an authentication system cannot rely on secrecy of biometric data Instead, must ensure the integrity and authenticity of the biometric data – privacy is optional

5 May 2002 4 X9.84 in a Nutshell Establishes a FRAMEWORK consisting of components –Data Capture, Signal Processing, Matching, Storage, etc. Defines REQUIREMENTS for operating a biometric authentication system in a financial services environment –Enrollment, Verification, Identification and Storage Provides TECHNIQUIES satisfying the privacy, integrity and authenticity requirements for biometric data (ASN.1) –Harmonized w/ NISTR 6529 CBEFF & BioAPI Specification 1.0 Offers comprehensive set of CONTROL OBJECTIVES –professional auditor can validate a biometric authentication system

6 May 2002 5 CBEFF XCBF Biometric Architecture Biometric Service Provider BioAPI Framework Application BIR Cryptographic Service Provider X9.84 Biometric Security XER/DER Biometric Object Biometric Validation Control Objectives

7 May 2002 6 XCBF Integrity BiometricSyntax and ASN.1 Encoding Rules (DER, XER) –Integrity and mutual authentication requirements [1] Biometric Header Biometric Data (BD) Integrity Block AID Security Info Integrity Value [0] Biometric Header Biometric Data (BD) UnprotectedIntegrity Algorithm Identifier RSA / SHA-1 DSA / SHA-1 ECDSA / SHA-1 MAC or HMAC Security Info algorithm parameters key management info Integrity Value digital signature MAC

8 May 2002 7 XCBF Integrity ASN.1 BiometricObject can be digitally signed, MACed (or HMAC), or used in CMS SignedData or CMS AuthenticatedData using DER or XER [1] Biometric Header Biometric Data (BD) Integrity Block AID Security Info Integrity Value [0] Biometric Header Biometric Data (BD) UnprotectedIntegrity IntegrityObject ::= SEQUENCE { biometricObject BiometricObject, integrityBlock IntegrityBlock } IntegrityBlock ::= CHOICE { signature Signature, mac Mac, signedData SignedData, authenticateData AuthenticatedData }

9 May 2002 8 XCBF Privacy Biometric Syntax and ASN.1 Encoding Rules (DER, XER) –Privacy Option [2] Biometric Header Privacy Block AID Security Info Biometric Data [0] Biometric Header Biometric Data (BD) UnprotectedPrivacy Algorithm Identifier DES Triple DES AES Security Info algorithm parameters key management info Biometric Data encrypted data encrypt Biometric Data (BD) Biometric Data (BD)

10 May 2002 9 XCBF Privacy ASN.1 BiometricObject can be used in CMS EncryptedData, CMS EnvelopedData or encrypted with a named key using DER or XER encoding rules [2] Biometric Header Privacy Block AID Security Info Biometric Data [0] Biometric Header Biometric Data (BD) UnprotectedPrivacy PrivacyObject ::= SEQUENCE { biometricHeader BiometricHeader, privacyBlock PrivacyBlock } PrivacyBlock ::= CHOICE { fixedKey EncryptedData, namedKey NamedKeyEncryptedData, establishedKey EnvelopedData } NamedKeyEncryptedData ::= SEQUENCE { keyName OCTET STRING, encryptedData EncryptedData } encrypt Biometric Data (BD) Biometric Data (BD)

11 May 2002 10 XCBF Integrity & Privacy Biometric Syntax and ASN.1 Encoding Rules (DER, XER) –Integrity and authentication with privacy [1] Biometric Header Integrity Block AID Security Info Integrity Value [0] Biometric Header Biometric Data (BD) [3] Biometric Header Privacy Block AID Security Info Biometric Data Integrity Block AID Security Info Integrity Value Biometric Data (BD) encrypt generate digital signature

12 May 2002 11 XCBF Integrity & Privacy ASN.1 Biometric Syntax and ASN.1 Encoding Rules (DER, XER) –Integrity and authentication with privacy [1] Biometric Header Integrity Block AID Security Info Integrity Value [3] Biometric Header Privacy Block AID Security Info Biometric Data Integrity Block AID Security Info Integrity Value Biometric Data (BD) encrypt PrivacyAndIntegrityObject ::= SEQUENCE { biometricHeader BiometricHeader, privacyBlock PrivacyBlock, integrityBlock IntegrityBlock } Represented in XML as......

13 May 2002 12 Useful Links XCBF and X9.84 rely heavily on ITU-T SG17 Technologies. ASN.1 X.680 and X.690 - Directory X.500 Standards Module Database http://www.itu.int/ITU-T/asn1/database/index.html Syntax Checker and Books http://www.ossnokalva.com/ Recommendations http://www.itu.int/ITUT/studygroups/com17/languages/index.html Host: ftp://ties.itu.int login: asn1 password: notation1ftp://ties.itu.int Griffin Consulting -Secure Messaging Design, Tools and Services http://ASN-1.com/


Download ppt "Biometric Information Management For Security Phillip H. Griffin Griffin Consulting 1625 Glenwood Avenue Hayes Barton at Five Points Raleigh, North Carolina."

Similar presentations


Ads by Google