SlideShare une entreprise Scribd logo

ISSA Web Conference - Biometric Information Security Management

Phil Griffin
Phil Griffin

August 2010 presentation.

Technologie
1  sur  12
Télécharger pour lire hors ligne
Biometric Information Security Management Phillip H. Griffin Information Security Consultant GRIFFIN Consulting
Biometric Security Standards • X9.84 - 2010 Biometric Information Management and Security – Industry neutral information security standard – Financial services specific use cases – Became a US national standard in 2003 – Revised 2009 • Wells provided editor; Griffin created secure abstract schema • Selectively incorporates ISO 19092 improvements • ISO 19092 – Extends & internationalizes X9.84-2003 – McCormick, US expert; Griffin, standard editor – Omitted important X9.84 technical content – Omitted schema for practical implementation 2
Biometric Security Standards Content X9.84 ISO 19092 Biometrics Overview & Tutorial   Technical Considerations & Architecture   Biometric Information Security Management   Cryptographic Controls and Techniques  Physical Controls   ASN.1 Schema (compact binary & XML markup)  Secure Biometric System Event Journal  3
Biometric Security Standard Content X9.84 ISO 19092 Audit Checklist (BVCO)   Match Decision Protocol  ISO 8583 Retail Message Extension  Data Flow Diagrams & Descriptions  Security Considerations   Public Policy Considerations  Business Use Cases   4
X9.84 – A Biometrics Tutorial Biometric Technology Overview – Basics ”Biometric identification leverages the universally recognized fact that certain physiological or behavioral characteristics can reliably distinguish one person from another “ Biometric Types – Fingerprint (Voice, Signature, Iris, Retina, Face, …) ”The pattern of friction ridges and valleys on an individual's fingertips is considered unique to that individual.“ 5
X9.84 Authentication System Compliance Biometric System Auditor Checklist Biometric Validation Control Objectives Environmental Controls – A biometric system within or employing an IT infrastructure requires these controls for a secure implementation Key Management Lifecycle Controls – Needed when a biometric system employs cryptographic protection, e.g., digital signatures for data integrity & origin authentication, and encryption for confidentiality Biometric Information Lifecycle Controls – A biometric system enrolls individuals by capturing biometric data to generate, distribute, use, and eventually terminate templates, similar to a PKI. 6
X9.84 Authentication System Compliance Biometric System Event Journal Shows that an organization provides reasonable assurance that environmental, key management lifecycle, and biometric information life cycle events are accurately and completely logged – that the operation of the biometric system meets the control objectives Confidentiality & integrity of current & archived event journals maintained Complete event journals are securely and confidentially archived in accordance with disclosed business practices Event journals are reviewed periodically by authorized personnel 7
Extending Biometric Template Information Biometric Template Attributes Attributes can be bound to a template using a detached signature. Detached signatures are stored separately from the template itself. Detached signatures do not interfere with template use by a biometric service provider, say during the biometric matching process. Signature verification of information security management attributes that are cryptographically bound to a biometric reference template can be performed by another application process, perhaps by a Web Service. 8
Biometric Security Management Attributes <Modality> <BiometricType> fingerprint </BiometricType> <BiometricType> iris </BiometricType> <Modality> <Factors> 2 </Factors> -- Two factor authentication <Attempts> 3 </Attempts> -- Lock after 3 bad tries <BiometricPolicy> <policyIdentifier> 1.2.3.4 </policyIdentifier> <policyReference> http://phillipgriffin.com/policy/99 </policyReference> </BiometricPolicy> 9
Binding Security Attributes to Reference Templates <Detached-Signature id=1056> <Attributes> <Hash> ▪▫▪▫ </Hash> <factors> 2 </factors> <SAML> ▪▫▪▫ </SAML> BSP <Bank> ▪▫▪▫ </Bank> <userID> ▪▫▪▫ </userID> ▪▫▪▫ Detached signatures can bind security and Database privacy attributes to biometric templates . 10
Biometric Security Management Layer Identity and Access Management BSP User Auth IAM / BSP API Biometric Security Password Management Application Event Journal User BSM PKI Signed Attributes 11
For a Deeper Dive … • ANSI X9.84 : 2010 - Biometric Information Management and Security • ANSI X9.73 : 2010 - Cryptographic Message Syntax (CMS) – ASN.1 and XML • ISSA Journal, January 2007: ISO 19092: A Standard for Biometric Security Management 12

Recommandé

Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanationindianadvisory
 
Life & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityLife & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityInnoTech
 
Telebiometric information security and safety management
Telebiometric information security and safety managementTelebiometric information security and safety management
Telebiometric information security and safety managementPhil Griffin
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Harikrishna Patel
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMISierraware
 
13 biometrics - fool proof security
13 biometrics - fool proof security13 biometrics - fool proof security
13 biometrics - fool proof securitySrikanth457
 

Recommandé

Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanationindianadvisory
 
Life & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityLife & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityInnoTech
 
Telebiometric information security and safety management
Telebiometric information security and safety managementTelebiometric information security and safety management
Telebiometric information security and safety managementPhil Griffin
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Harikrishna Patel
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMISierraware
 
13 biometrics - fool proof security
13 biometrics - fool proof security13 biometrics - fool proof security
13 biometrics - fool proof securitySrikanth457
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security Systemijfcstjournal
 
(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric AuthenticationInternational Center for Biometric Research
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentationtsteh
 
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief Mestizo Enterprises
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle BH
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideoutgueste69f645
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with BiometricsInternational Center for Biometric Research
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Briefwdjohnson1
 
BSI Biometrics Standards Brochure
BSI Biometrics Standards BrochureBSI Biometrics Standards Brochure
BSI Biometrics Standards BrochureBSI British Standards Institution
 
PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper HelpSystems
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Biometric systems quiz materials
Biometric systems quiz materialsBiometric systems quiz materials
Biometric systems quiz materialsyasmeenreem
 
De-Duplication-01-03-2011
De-Duplication-01-03-2011De-Duplication-01-03-2011
De-Duplication-01-03-2011msandeepin
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationFIDO Alliance
 

Contenu connexe

Tendances

Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security Systemijfcstjournal
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentationtsteh
 
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief Mestizo Enterprises
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle BH
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Briefwdjohnson1
 
PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper HelpSystems
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Biometric systems quiz materials
Biometric systems quiz materialsBiometric systems quiz materials
Biometric systems quiz materialsyasmeenreem
 
De-Duplication-01-03-2011
De-Duplication-01-03-2011De-Duplication-01-03-2011
De-Duplication-01-03-2011msandeepin
 

Tendances (20)

Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security System
 
(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentation
 
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideout
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Brief
 
BSI Biometrics Standards Brochure
BSI Biometrics Standards BrochureBSI Biometrics Standards Brochure
BSI Biometrics Standards Brochure
 
PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from Patents
 
Biometric systems quiz materials
Biometric systems quiz materialsBiometric systems quiz materials
Biometric systems quiz materials
 
De-Duplication-01-03-2011
De-Duplication-01-03-2011De-Duplication-01-03-2011
De-Duplication-01-03-2011
 

Similaire à ISSA Web Conference - Biometric Information Security Management

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationFIDO Alliance
 
ITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 PresentationITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 PresentationPhil Griffin
 
Enhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control SystemsEnhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control SystemsStar Link Communication Pvt Ltd
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework Raleigh ISSA
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
Biometric Systems
Biometric SystemsBiometric Systems
Biometric SystemsSn Moddho
 
Axxera Security Solutions
Axxera Security SolutionsAxxera Security Solutions
Axxera Security Solutionsakshayvreddy
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol Nishmitha B
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Salesforce DevOps Online Training Institute
Salesforce DevOps Online Training InstituteSalesforce DevOps Online Training Institute
Salesforce DevOps Online Training Instituteeshwarvisualpath
 
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...Amazon Web Services
 
Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...Charles Li
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...ijcisjournal
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 

Similaire à ISSA Web Conference - Biometric Information Security Management (20)

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
 
ITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 PresentationITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 Presentation
 
Biometrics security
Biometrics securityBiometrics security
Biometrics security
 
Enhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control SystemsEnhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control Systems
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
 
Biometric Systems
Biometric SystemsBiometric Systems
Biometric Systems
 
Axxera Security Solutions
Axxera Security SolutionsAxxera Security Solutions
Axxera Security Solutions
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Salesforce DevOps Online Training Institute
Salesforce DevOps Online Training InstituteSalesforce DevOps Online Training Institute
Salesforce DevOps Online Training Institute
 
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
 
Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and Benefits
 
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
 

Dernier

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Dernier (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

ISSA Web Conference - Biometric Information Security Management

  • 1. Biometric Information Security Management Phillip H. Griffin Information Security Consultant GRIFFIN Consulting
  • 2. Biometric Security Standards • X9.84 - 2010 Biometric Information Management and Security – Industry neutral information security standard – Financial services specific use cases – Became a US national standard in 2003 – Revised 2009 • Wells provided editor; Griffin created secure abstract schema • Selectively incorporates ISO 19092 improvements • ISO 19092 – Extends & internationalizes X9.84-2003 – McCormick, US expert; Griffin, standard editor – Omitted important X9.84 technical content – Omitted schema for practical implementation 2
  • 3. Biometric Security Standards Content X9.84 ISO 19092 Biometrics Overview & Tutorial   Technical Considerations & Architecture   Biometric Information Security Management   Cryptographic Controls and Techniques  Physical Controls   ASN.1 Schema (compact binary & XML markup)  Secure Biometric System Event Journal  3
  • 4. Biometric Security Standard Content X9.84 ISO 19092 Audit Checklist (BVCO)   Match Decision Protocol  ISO 8583 Retail Message Extension  Data Flow Diagrams & Descriptions  Security Considerations   Public Policy Considerations  Business Use Cases   4
  • 5. X9.84 – A Biometrics Tutorial Biometric Technology Overview – Basics ”Biometric identification leverages the universally recognized fact that certain physiological or behavioral characteristics can reliably distinguish one person from another “ Biometric Types – Fingerprint (Voice, Signature, Iris, Retina, Face, …) ”The pattern of friction ridges and valleys on an individual's fingertips is considered unique to that individual.“ 5
  • 6. X9.84 Authentication System Compliance Biometric System Auditor Checklist Biometric Validation Control Objectives Environmental Controls – A biometric system within or employing an IT infrastructure requires these controls for a secure implementation Key Management Lifecycle Controls – Needed when a biometric system employs cryptographic protection, e.g., digital signatures for data integrity & origin authentication, and encryption for confidentiality Biometric Information Lifecycle Controls – A biometric system enrolls individuals by capturing biometric data to generate, distribute, use, and eventually terminate templates, similar to a PKI. 6
  • 7. X9.84 Authentication System Compliance Biometric System Event Journal Shows that an organization provides reasonable assurance that environmental, key management lifecycle, and biometric information life cycle events are accurately and completely logged – that the operation of the biometric system meets the control objectives Confidentiality & integrity of current & archived event journals maintained Complete event journals are securely and confidentially archived in accordance with disclosed business practices Event journals are reviewed periodically by authorized personnel 7
  • 8. Extending Biometric Template Information Biometric Template Attributes Attributes can be bound to a template using a detached signature. Detached signatures are stored separately from the template itself. Detached signatures do not interfere with template use by a biometric service provider, say during the biometric matching process. Signature verification of information security management attributes that are cryptographically bound to a biometric reference template can be performed by another application process, perhaps by a Web Service. 8
  • 9. Biometric Security Management Attributes <Modality> <BiometricType> fingerprint </BiometricType> <BiometricType> iris </BiometricType> <Modality> <Factors> 2 </Factors> -- Two factor authentication <Attempts> 3 </Attempts> -- Lock after 3 bad tries <BiometricPolicy> <policyIdentifier> 1.2.3.4 </policyIdentifier> <policyReference> http://phillipgriffin.com/policy/99 </policyReference> </BiometricPolicy> 9
  • 10. Binding Security Attributes to Reference Templates <Detached-Signature id=1056> <Attributes> <Hash> ▪▫▪▫ </Hash> <factors> 2 </factors> <SAML> ▪▫▪▫ </SAML> BSP <Bank> ▪▫▪▫ </Bank> <userID> ▪▫▪▫ </userID> ▪▫▪▫ Detached signatures can bind security and Database privacy attributes to biometric templates . 10
  • 11. Biometric Security Management Layer Identity and Access Management BSP User Auth IAM / BSP API Biometric Security Password Management Application Event Journal User BSM PKI Signed Attributes 11
  • 12. For a Deeper Dive … • ANSI X9.84 : 2010 - Biometric Information Management and Security • ANSI X9.73 : 2010 - Cryptographic Message Syntax (CMS) – ASN.1 and XML • ISSA Journal, January 2007: ISO 19092: A Standard for Biometric Security Management 12