Telebiometrics, and applications in Japan Yoshiaki ISOBE Yoshiaki ISOBE Systems Development Lab. Hitachi, Ltd. yoshiaki.isobe.en@hitachi.com Geneva, 6‐7 December 2010 Addressing security challenges on a global scale 2 Introduction Biometrics is one of Authentication technologies Bi ti i f A th ti ti t h l i Authentication technologies: Knowledge: What you know Knowledge: What you know Password, PIN, etc. Possession: What you have ID card Smart card One time password generator etc ID card, Smart card, One time password generator etc. Biometric Feature: What you are Fingerprint, Face, Finger‐vein, etc. These are used to integrate on various application, case by case Credit card(EMV): Smart card and PIN Credit card(EMV): Smart card and PIN Immigration: IC Passport and Biometrics (Face, Fingerprint, Iris) Geneva, 6‐7 December 2010 Addressing security challenges on a global scale 3 What is Biometrics? ISO/IEC JTC 1 SC 37 (Biometrics) defined the term ISO/IEC JTC 1 SC 37 (Bi t i ) d fi d th t of “Biometrics”: automated recognition of individuals based on their automated recognition of individuals based on their behavioural and biological characteristics Biometrics has advantages over other Biometrics has advantages over other authentication methods: Availability (Forgetless) y( g ) Security (Direct link to the authentication subject) O Operation Cost (Operation for i C (O i f Loss/Stolen) Geneva, 6‐7 December 2010 Addressing security challenges on a global scale 4 What is Telebiometrics? TTP (ex: Government) Is it genuine certificate? Yes Yes. Is she same person? Yes. Network Certificate of Certificate of Biometric feature Issuing Hanako Hitachi You are Hanako! Send Capturing of Bi Biometric feature i f User Nice meet you! Verifier However, there are various security threats on ICT environment. ITU‐T SG 17 Question 9 “Telebiometrics” is standardizing some network authentication model using biometrics and security requirements for each authentication model using biometrics, and security requirements for each models. Geneva, 6‐7 December 2010 Addressing security challenges on a global scale 5 ITU‐T Recommendations on Telebiometrics‐1 • For conventional Biometric technologies ISO 19092 ISO 19092 X 1086 X.1086 Security Guideline in operating and building system How to use the Biometrics on telecommunication environment X.1083 Remote Control X.1084 Requirements for open network and protocol Fi Fingerprint i ISO 19795 ISO 19792 Evaluating Evaluating Method Geneva, 6‐7 December 2010 X.1089 Sign TTemplate format l t f t for open network Face Face Ii Iris Other? Vein Voice Standardizing by ISO/IEC SC 37 Conventional Biometric Technology (BSP) Addressing security challenges on a global scale 6 ITU‐T Recommendations on Telebiometrics‐2 • For Biometric template protection technologies • Biometric Cryptosystem • Cancelable biometrics X.1086 Amd.1 Security Guideline to operate and to develop system How to use the BTP tech. on telecommunication environment ISO/IEC 24745 ISO/IEC 24745 X.1088 Applied it to the Framework X.gep Evaluating Method PIE And PIR Applied it to the protection Mechanism Biometric Cryptosystem X.ott PIV Applied it to the Model Cancelable biometrics Mechanism Other? Biometric Template Protection Technology Geneva, 6‐7 December 2010 Addressing security challenges on a global scale 7 Telebiometrics application in Japan with relationship to ITU‐T Recommendations to ITU‐T Recommendations 1. ATM on Financial service Japanese Bankers Association released the recommendation (guideline) to avoid fraudulent transactions and to protect customers at Jan. 2005 p – • Prevention of ATM Frauds / Card Skimming – – 2. Logical access control on business application – 3. Smart card implementation Biometric authentication for ATM transactions Increasing to require secure access to customer privacy information on sales department or integrity of evidence information on sales department, or integrity of evidence editor, e.g. drug trial, hospital, … Cloud service – Integration cost is important for cloud application. Cancelable biometric authentication service for cloud application have started in Japan at June 2010 application have started in Japan at June 2010 Geneva, 6‐7 December 2010 Addressing security challenges on a global scale 8 1. ATM application on two ITU‐T X.1086 model ATM with finger vein authentication The Local model in ITU T X 1086 The Local model in ITU‐T X.1086 Capturing vein image from finger The Download model in ITU T X 1086 The Download model in ITU‐T X.1086 Central Server Application Application Vein Device Vein Device ATM / Teller Terminal Application Biometric M/W Driver Sensor Controller Smart Card R/W M/W:Middleware, R/W:Reader‐Writer, AP:Application Geneva, 6‐7 December 2010 Authentication Server AP Vein DB Vein Device ATM / Teller Terminal Application Biometric M/W Sensor Compare Driver Storage & Addressing security challenges on a global scale Compare 9 2. Logical access control for Business applications • The center model in ITU‐T X.1086 1 Authentication Server Input ID and Bio data Client PC 0 2 指静脈情報を事前に登録 Send ID and Bio data SSL 登録 4 Sales staff Drug trial staff Drug trial staff Hospital staff Windows Domain Server Geneva, 6‐7 December 2010 Biometric authentication Access to Business Application User for each example: 1. 2. 3. 3 Enrolled Biometric data Application example: 1. Customer management 2. Drug trial report system 3. Medical report system Business Application Addressing security challenges on a global scale 10 3. Biometric authentication as Cloud service Outsourcing of Storage & Comparison to The Third Party model in ITU‐T X 1086 Outsourcing of Storage & Comparison to The Third Party model in ITU‐T X.1086 End user Application Service Provider SSL ・Ease use Application Server Authentication Service Provider Biometric Bi ti Authentication Server Cloud Center SSL ・Low cost and Speedy start for secure authentication ・Applied the cancelable biometrics for secure operation Cancelable biometrics Client Advantage 1: Biometric feature protection Biometrics Authentication Server Sensor Comparison Enc Trans Secret parameter OK/NG Send Comparable to remain encrypted feature Advantage Ad t 2 2: Cancelable Biometric Authentication Server Old parameter Client Old template Update Update Difference calculation Difference value New parameter Geneva, 6‐7 December 2010 New template Update Updatable to remain encrypted feature Addressing security challenges on a global scale 11 Summary ITU‐T SG 17 Question 9 is standardizing for secure biometrics authentication on telecommunication There are various telecomm. application using h l l Telebiometrics technologies for convenient and secure authentication This presentation have introduced Telebiometrics Recommendations and 3 Telebiometrics applications in Recommendations, and 3 Telebiometrics applications in Japan Geneva, 6‐7 December 2010 Addressing security challenges on a global scale 12 Telebiometrics and applications in Japan Telebiometrics, and applications in Japan Yoshiaki ISOBE Hitachi, Ltd., Systems Development Laboratory Yoshiaki isobe en@hitachi com Yoshiaki.isobe.en@hitachi.com Geneva, 6‐7 December 2010 Addressing security challenges on a global scale 13