Corrective Services NSW implemented a centralized, multi-biometric system called AKITA to provide a single biometric identity for over 500,000 users across 30+ sites. AKITA accepts data from various biometric hardware vendors and proprietary software applications, assigning a unique ID to each user. It provides near real-time biometric updates across the network to integrate information with operations and prevent wrongful release or multiple identities that could arise from the variety of biometric technologies and applications used.
2. Background How do biometrics fit? Cost and complexity of securing applications Establishing integrity across numerous processes and rules Protecting investments Future proofing 2/16/2010 2
3. Corrective Services NSW An early adopter of biometrics A commercial focus Explored many technologies and applications 2/16/2010 3
4. Corrective Services NSW Imperatives Wrongful release Mitigating multiple identities Numerous applications Connect information with operations 2/16/2010 4
5. Some Variables 30+ sites Broad geography Scaling to 500,000+ users Government network No COTS available Variety in backend environment Multiple biometric technologies Multiple applications Multiple vendors 2/16/2010 5
6. Corrective Services NSW Concept: Single Point of Biometric Truth A single identity marker regardless of biometric type or application Available in near real time across the whole network Underpins various DCS business processes 2/16/2010 6
7. Corrective Services NSW Capabilities Accept other systems without design/integration overheads Future proofed Scale to 500,000+ Network performance not impact it Redundancy across all sites 2/16/2010 7
8. Design Process Single Point of Biometric Truth Nothing off the shelf No clarity around business rules Multiple companies 2/16/2010 8
9. What Was Built? A “single point of biometric truth” which: Accepts data from various biometric hardware vendors Accepts proprietary software applications Provides near real time (NRT) updates remote data bases 2/16/2010 9
13. Scanned image of documents' relating to user enrolment2/16/2010 10
14. Site 2 Site 3 Site 4 Site 1 Site 5 During the day users at Site 1 are enrolled using biometric Type A (in this example, iris)and third party application type A. At Site 5 users are enrolled using Biometric Type B (in this example Fingerprint) and third party application type B. All sites enrol new users. All are subscribers to the SPOBT Service Site 6 Site 7 Site 9 Site 8
15. Site 2 After hours, all sites are polled by the SPOBT. Each site gets notification from the SPOBT service separately as configured using the SPOBT Admin Tool on a specific interval or on a daily basis. All new data is collected and returned to the central server. A SPOBT UID is assigned to all new users. Site 3 Site 4 Site 1 Site 5 Site 6 Site 7 Site 9 Site 8
16. All sites are then warned “stand by” to receive all updates from all sites. i.e. each site is about to be delivered a fully replicated copy of the SPOBT. SPOBT can be hosted through WCF over TCP or WSDL through HTTP Security in the SPOBT can be set to one of the following: Windows Integrated RSA Certificate SSL Custom Site 2 Site 3 Site 4 Site 1 Site 5 Site 6 Site 7 Site 9 Site 8
17. Site 2 All changes and updates from all sites then returned to every other site, along with the unique ID (UID) assigned by the SPOBT. So if I enrolled with isay, Iris Type A at site 1 on Monday I can be recognised with Iris Type B on Site 5 on Tuesday. (or at an interval as short as 60 seconds. Users define the interval). Site 3 Site 1 Site 4 Site 5 Site 6 Site 7 Site 9 Site 8
22. Three different proprietary application layersLong Bay John Moroney Kirkconnell Dillwynia Berrima Goulburn Junee Central Server Mannus Cooma Correctional Centre
29. Summary A functional, working, central biometric clearing house Multiple biometrics and multiple applications When supporting Corrections business processes, eliminates identity fraud on their networks Protects previous and future investments 2/16/2010 22