SlideShare uma empresa Scribd logo

ISSA Web Conference - Biometric Information Security Management

Phil Griffin
Phil Griffin

August 2010 presentation.

Tecnologia
1 de 12
Baixar para ler offline
Biometric Information Security Management Phillip H. Griffin Information Security Consultant GRIFFIN Consulting
Biometric Security Standards • X9.84 - 2010 Biometric Information Management and Security – Industry neutral information security standard – Financial services specific use cases – Became a US national standard in 2003 – Revised 2009 • Wells provided editor; Griffin created secure abstract schema • Selectively incorporates ISO 19092 improvements • ISO 19092 – Extends & internationalizes X9.84-2003 – McCormick, US expert; Griffin, standard editor – Omitted important X9.84 technical content – Omitted schema for practical implementation 2
Biometric Security Standards Content X9.84 ISO 19092 Biometrics Overview & Tutorial   Technical Considerations & Architecture   Biometric Information Security Management   Cryptographic Controls and Techniques  Physical Controls   ASN.1 Schema (compact binary & XML markup)  Secure Biometric System Event Journal  3
Biometric Security Standard Content X9.84 ISO 19092 Audit Checklist (BVCO)   Match Decision Protocol  ISO 8583 Retail Message Extension  Data Flow Diagrams & Descriptions  Security Considerations   Public Policy Considerations  Business Use Cases   4
X9.84 – A Biometrics Tutorial Biometric Technology Overview – Basics ”Biometric identification leverages the universally recognized fact that certain physiological or behavioral characteristics can reliably distinguish one person from another “ Biometric Types – Fingerprint (Voice, Signature, Iris, Retina, Face, …) ”The pattern of friction ridges and valleys on an individual's fingertips is considered unique to that individual.“ 5
X9.84 Authentication System Compliance Biometric System Auditor Checklist Biometric Validation Control Objectives Environmental Controls – A biometric system within or employing an IT infrastructure requires these controls for a secure implementation Key Management Lifecycle Controls – Needed when a biometric system employs cryptographic protection, e.g., digital signatures for data integrity & origin authentication, and encryption for confidentiality Biometric Information Lifecycle Controls – A biometric system enrolls individuals by capturing biometric data to generate, distribute, use, and eventually terminate templates, similar to a PKI. 6
X9.84 Authentication System Compliance Biometric System Event Journal Shows that an organization provides reasonable assurance that environmental, key management lifecycle, and biometric information life cycle events are accurately and completely logged – that the operation of the biometric system meets the control objectives Confidentiality & integrity of current & archived event journals maintained Complete event journals are securely and confidentially archived in accordance with disclosed business practices Event journals are reviewed periodically by authorized personnel 7
Extending Biometric Template Information Biometric Template Attributes Attributes can be bound to a template using a detached signature. Detached signatures are stored separately from the template itself. Detached signatures do not interfere with template use by a biometric service provider, say during the biometric matching process. Signature verification of information security management attributes that are cryptographically bound to a biometric reference template can be performed by another application process, perhaps by a Web Service. 8
Biometric Security Management Attributes <Modality> <BiometricType> fingerprint </BiometricType> <BiometricType> iris </BiometricType> <Modality> <Factors> 2 </Factors> -- Two factor authentication <Attempts> 3 </Attempts> -- Lock after 3 bad tries <BiometricPolicy> <policyIdentifier> 1.2.3.4 </policyIdentifier> <policyReference> http://phillipgriffin.com/policy/99 </policyReference> </BiometricPolicy> 9
Binding Security Attributes to Reference Templates <Detached-Signature id=1056> <Attributes> <Hash> ▪▫▪▫ </Hash> <factors> 2 </factors> <SAML> ▪▫▪▫ </SAML> BSP <Bank> ▪▫▪▫ </Bank> <userID> ▪▫▪▫ </userID> ▪▫▪▫ Detached signatures can bind security and Database privacy attributes to biometric templates . 10
Biometric Security Management Layer Identity and Access Management BSP User Auth IAM / BSP API Biometric Security Password Management Application Event Journal User BSM PKI Signed Attributes 11
For a Deeper Dive … • ANSI X9.84 : 2010 - Biometric Information Management and Security • ANSI X9.73 : 2010 - Cryptographic Message Syntax (CMS) – ASN.1 and XML • ISSA Journal, January 2007: ISO 19092: A Standard for Biometric Security Management 12

Recomendados

Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanation
indianadvisory
 
Life & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityLife & Work Online Protecting Your Identity
Life & Work Online Protecting Your Identity
InnoTech
 
Telebiometric information security and safety management
Telebiometric information security and safety managementTelebiometric information security and safety management
Telebiometric information security and safety management
Phil Griffin
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protection
proitsolutions
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consulting
IDBI Intech
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Harikrishna Patel
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Sierraware
 
13 biometrics - fool proof security
13 biometrics - fool proof security13 biometrics - fool proof security
13 biometrics - fool proof security
Srikanth457
 

Recomendados

Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanation
indianadvisory
 
Life & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityLife & Work Online Protecting Your Identity
Life & Work Online Protecting Your Identity
InnoTech
 
Telebiometric information security and safety management
Telebiometric information security and safety managementTelebiometric information security and safety management
Telebiometric information security and safety management
Phil Griffin
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protection
proitsolutions
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consulting
IDBI Intech
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Harikrishna Patel
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Sierraware
 
13 biometrics - fool proof security
13 biometrics - fool proof security13 biometrics - fool proof security
13 biometrics - fool proof security
Srikanth457
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
Teemu Tiainen
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security System
ijfcstjournal
 
(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication
International Center for Biometric Research
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
Christophe Briguet
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentation
tsteh
 
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
Mestizo Enterprises
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
IBMSSA
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft Private Cloud
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle BH
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideout
gueste69f645
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
ORACLE USER GROUP ESTONIA
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Jack Forbes
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
International Center for Biometric Research
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Brief
wdjohnson1
 
BSI Biometrics Standards Brochure
BSI Biometrics Standards BrochureBSI Biometrics Standards Brochure
BSI Biometrics Standards Brochure
BSI British Standards Institution
 
PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper
HelpSystems
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
SafeNet
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Biometric systems quiz materials
Biometric systems quiz materialsBiometric systems quiz materials
Biometric systems quiz materials
yasmeenreem
 
De-Duplication-01-03-2011
De-Duplication-01-03-2011De-Duplication-01-03-2011
De-Duplication-01-03-2011
msandeepin
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
FIDO Alliance
 

Mais conteúdo relacionado

Mais procurados

[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
IBMSSA
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle BH
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
International Center for Biometric Research
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
SafeNet
 
Biometric systems quiz materials
Biometric systems quiz materialsBiometric systems quiz materials
Biometric systems quiz materials
yasmeenreem
 
De-Duplication-01-03-2011
De-Duplication-01-03-2011De-Duplication-01-03-2011
De-Duplication-01-03-2011
msandeepin
 

Mais procurados (20)

Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security System
 
(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentation
 
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideout
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Brief
 
BSI Biometrics Standards Brochure
BSI Biometrics Standards BrochureBSI Biometrics Standards Brochure
BSI Biometrics Standards Brochure
 
PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from Patents
 
Biometric systems quiz materials
Biometric systems quiz materialsBiometric systems quiz materials
Biometric systems quiz materials
 
De-Duplication-01-03-2011
De-Duplication-01-03-2011De-Duplication-01-03-2011
De-Duplication-01-03-2011
 

Semelhante a ISSA Web Conference - Biometric Information Security Management

NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
FIDO Alliance
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
fcleary
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
 
Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...
Charles Li
 
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
ijcisjournal
 

Semelhante a ISSA Web Conference - Biometric Information Security Management (20)

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
 
ITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 PresentationITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 Presentation
 
Biometrics security
Biometrics securityBiometrics security
Biometrics security
 
Enhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control SystemsEnhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control Systems
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
 
Biometric Systems
Biometric SystemsBiometric Systems
Biometric Systems
 
Axxera Security Solutions
Axxera Security SolutionsAxxera Security Solutions
Axxera Security Solutions
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Salesforce DevOps Online Training Institute
Salesforce DevOps Online Training InstituteSalesforce DevOps Online Training Institute
Salesforce DevOps Online Training Institute
 
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
 
Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and Benefits
 
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

ISSA Web Conference - Biometric Information Security Management

  • 1. Biometric Information Security Management Phillip H. Griffin Information Security Consultant GRIFFIN Consulting
  • 2. Biometric Security Standards • X9.84 - 2010 Biometric Information Management and Security – Industry neutral information security standard – Financial services specific use cases – Became a US national standard in 2003 – Revised 2009 • Wells provided editor; Griffin created secure abstract schema • Selectively incorporates ISO 19092 improvements • ISO 19092 – Extends & internationalizes X9.84-2003 – McCormick, US expert; Griffin, standard editor – Omitted important X9.84 technical content – Omitted schema for practical implementation 2
  • 3. Biometric Security Standards Content X9.84 ISO 19092 Biometrics Overview & Tutorial   Technical Considerations & Architecture   Biometric Information Security Management   Cryptographic Controls and Techniques  Physical Controls   ASN.1 Schema (compact binary & XML markup)  Secure Biometric System Event Journal  3
  • 4. Biometric Security Standard Content X9.84 ISO 19092 Audit Checklist (BVCO)   Match Decision Protocol  ISO 8583 Retail Message Extension  Data Flow Diagrams & Descriptions  Security Considerations   Public Policy Considerations  Business Use Cases   4
  • 5. X9.84 – A Biometrics Tutorial Biometric Technology Overview – Basics ”Biometric identification leverages the universally recognized fact that certain physiological or behavioral characteristics can reliably distinguish one person from another “ Biometric Types – Fingerprint (Voice, Signature, Iris, Retina, Face, …) ”The pattern of friction ridges and valleys on an individual's fingertips is considered unique to that individual.“ 5
  • 6. X9.84 Authentication System Compliance Biometric System Auditor Checklist Biometric Validation Control Objectives Environmental Controls – A biometric system within or employing an IT infrastructure requires these controls for a secure implementation Key Management Lifecycle Controls – Needed when a biometric system employs cryptographic protection, e.g., digital signatures for data integrity & origin authentication, and encryption for confidentiality Biometric Information Lifecycle Controls – A biometric system enrolls individuals by capturing biometric data to generate, distribute, use, and eventually terminate templates, similar to a PKI. 6
  • 7. X9.84 Authentication System Compliance Biometric System Event Journal Shows that an organization provides reasonable assurance that environmental, key management lifecycle, and biometric information life cycle events are accurately and completely logged – that the operation of the biometric system meets the control objectives Confidentiality & integrity of current & archived event journals maintained Complete event journals are securely and confidentially archived in accordance with disclosed business practices Event journals are reviewed periodically by authorized personnel 7
  • 8. Extending Biometric Template Information Biometric Template Attributes Attributes can be bound to a template using a detached signature. Detached signatures are stored separately from the template itself. Detached signatures do not interfere with template use by a biometric service provider, say during the biometric matching process. Signature verification of information security management attributes that are cryptographically bound to a biometric reference template can be performed by another application process, perhaps by a Web Service. 8
  • 9. Biometric Security Management Attributes <Modality> <BiometricType> fingerprint </BiometricType> <BiometricType> iris </BiometricType> <Modality> <Factors> 2 </Factors> -- Two factor authentication <Attempts> 3 </Attempts> -- Lock after 3 bad tries <BiometricPolicy> <policyIdentifier> 1.2.3.4 </policyIdentifier> <policyReference> http://phillipgriffin.com/policy/99 </policyReference> </BiometricPolicy> 9
  • 10. Binding Security Attributes to Reference Templates <Detached-Signature id=1056> <Attributes> <Hash> ▪▫▪▫ </Hash> <factors> 2 </factors> <SAML> ▪▫▪▫ </SAML> BSP <Bank> ▪▫▪▫ </Bank> <userID> ▪▫▪▫ </userID> ▪▫▪▫ Detached signatures can bind security and Database privacy attributes to biometric templates . 10
  • 11. Biometric Security Management Layer Identity and Access Management BSP User Auth IAM / BSP API Biometric Security Password Management Application Event Journal User BSM PKI Signed Attributes 11
  • 12. For a Deeper Dive … • ANSI X9.84 : 2010 - Biometric Information Management and Security • ANSI X9.73 : 2010 - Cryptographic Message Syntax (CMS) – ASN.1 and XML • ISSA Journal, January 2007: ISO 19092: A Standard for Biometric Security Management 12