SlideShare a Scribd company logo

ISSA Web Conference - Biometric Information Security Management

Phil Griffin
Phil Griffin

August 2010 presentation.

Technology
1 of 12
Download to read offline
Biometric Information Security Management Phillip H. Griffin Information Security Consultant GRIFFIN Consulting
Biometric Security Standards • X9.84 - 2010 Biometric Information Management and Security – Industry neutral information security standard – Financial services specific use cases – Became a US national standard in 2003 – Revised 2009 • Wells provided editor; Griffin created secure abstract schema • Selectively incorporates ISO 19092 improvements • ISO 19092 – Extends & internationalizes X9.84-2003 – McCormick, US expert; Griffin, standard editor – Omitted important X9.84 technical content – Omitted schema for practical implementation 2
Biometric Security Standards Content X9.84 ISO 19092 Biometrics Overview & Tutorial   Technical Considerations & Architecture   Biometric Information Security Management   Cryptographic Controls and Techniques  Physical Controls   ASN.1 Schema (compact binary & XML markup)  Secure Biometric System Event Journal  3
Biometric Security Standard Content X9.84 ISO 19092 Audit Checklist (BVCO)   Match Decision Protocol  ISO 8583 Retail Message Extension  Data Flow Diagrams & Descriptions  Security Considerations   Public Policy Considerations  Business Use Cases   4
X9.84 – A Biometrics Tutorial Biometric Technology Overview – Basics ”Biometric identification leverages the universally recognized fact that certain physiological or behavioral characteristics can reliably distinguish one person from another “ Biometric Types – Fingerprint (Voice, Signature, Iris, Retina, Face, …) ”The pattern of friction ridges and valleys on an individual's fingertips is considered unique to that individual.“ 5
X9.84 Authentication System Compliance Biometric System Auditor Checklist Biometric Validation Control Objectives Environmental Controls – A biometric system within or employing an IT infrastructure requires these controls for a secure implementation Key Management Lifecycle Controls – Needed when a biometric system employs cryptographic protection, e.g., digital signatures for data integrity & origin authentication, and encryption for confidentiality Biometric Information Lifecycle Controls – A biometric system enrolls individuals by capturing biometric data to generate, distribute, use, and eventually terminate templates, similar to a PKI. 6
X9.84 Authentication System Compliance Biometric System Event Journal Shows that an organization provides reasonable assurance that environmental, key management lifecycle, and biometric information life cycle events are accurately and completely logged – that the operation of the biometric system meets the control objectives Confidentiality & integrity of current & archived event journals maintained Complete event journals are securely and confidentially archived in accordance with disclosed business practices Event journals are reviewed periodically by authorized personnel 7
Extending Biometric Template Information Biometric Template Attributes Attributes can be bound to a template using a detached signature. Detached signatures are stored separately from the template itself. Detached signatures do not interfere with template use by a biometric service provider, say during the biometric matching process. Signature verification of information security management attributes that are cryptographically bound to a biometric reference template can be performed by another application process, perhaps by a Web Service. 8
Biometric Security Management Attributes <Modality> <BiometricType> fingerprint </BiometricType> <BiometricType> iris </BiometricType> <Modality> <Factors> 2 </Factors> -- Two factor authentication <Attempts> 3 </Attempts> -- Lock after 3 bad tries <BiometricPolicy> <policyIdentifier> 1.2.3.4 </policyIdentifier> <policyReference> http://phillipgriffin.com/policy/99 </policyReference> </BiometricPolicy> 9
Binding Security Attributes to Reference Templates <Detached-Signature id=1056> <Attributes> <Hash> ▪▫▪▫ </Hash> <factors> 2 </factors> <SAML> ▪▫▪▫ </SAML> BSP <Bank> ▪▫▪▫ </Bank> <userID> ▪▫▪▫ </userID> ▪▫▪▫ Detached signatures can bind security and Database privacy attributes to biometric templates . 10
Biometric Security Management Layer Identity and Access Management BSP User Auth IAM / BSP API Biometric Security Password Management Application Event Journal User BSM PKI Signed Attributes 11
For a Deeper Dive … • ANSI X9.84 : 2010 - Biometric Information Management and Security • ANSI X9.73 : 2010 - Cryptographic Message Syntax (CMS) – ASN.1 and XML • ISSA Journal, January 2007: ISO 19092: A Standard for Biometric Security Management 12

Recommended

Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanationindianadvisory
 
Life & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityLife & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityInnoTech
 
Telebiometric information security and safety management
Telebiometric information security and safety managementTelebiometric information security and safety management
Telebiometric information security and safety managementPhil Griffin
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Harikrishna Patel
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMISierraware
 
13 biometrics - fool proof security
13 biometrics - fool proof security13 biometrics - fool proof security
13 biometrics - fool proof securitySrikanth457
 

Recommended

Simple cloud security explanation
Simple cloud security explanationSimple cloud security explanation
Simple cloud security explanationindianadvisory
 
Life & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityLife & Work Online Protecting Your Identity
Life & Work Online Protecting Your IdentityInnoTech
 
Telebiometric information security and safety management
Telebiometric information security and safety managementTelebiometric information security and safety management
Telebiometric information security and safety managementPhil Griffin
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech
 
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...
Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDeve...Harikrishna Patel
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMISierraware
 
13 biometrics - fool proof security
13 biometrics - fool proof security13 biometrics - fool proof security
13 biometrics - fool proof securitySrikanth457
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security Systemijfcstjournal
 
(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric AuthenticationInternational Center for Biometric Research
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentationtsteh
 
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief Mestizo Enterprises
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle BH
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideoutgueste69f645
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with BiometricsInternational Center for Biometric Research
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Briefwdjohnson1
 
BSI Biometrics Standards Brochure
BSI Biometrics Standards BrochureBSI Biometrics Standards Brochure
BSI Biometrics Standards BrochureBSI British Standards Institution
 
PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper HelpSystems
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Biometric systems quiz materials
Biometric systems quiz materialsBiometric systems quiz materials
Biometric systems quiz materialsyasmeenreem
 
De-Duplication-01-03-2011
De-Duplication-01-03-2011De-Duplication-01-03-2011
De-Duplication-01-03-2011msandeepin
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationFIDO Alliance
 

More Related Content

What's hot

Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security Systemijfcstjournal
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentationtsteh
 
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief Mestizo Enterprises
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle BH
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Briefwdjohnson1
 
PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper HelpSystems
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Biometric systems quiz materials
Biometric systems quiz materialsBiometric systems quiz materials
Biometric systems quiz materialsyasmeenreem
 
De-Duplication-01-03-2011
De-Duplication-01-03-2011De-Duplication-01-03-2011
De-Duplication-01-03-2011msandeepin
 

What's hot (20)

Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
A New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security SystemA New Research and Design for Grid Portal Security System
A New Research and Design for Grid Portal Security System
 
(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication(2007) BioKey - Privacy Preserving Biometric Authentication
(2007) BioKey - Privacy Preserving Biometric Authentication
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentation
 
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
IP UtiliNET ©Fusitronics Facial Biometric Systems Application Brief
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010
 
Securityinsideout
SecurityinsideoutSecurityinsideout
Securityinsideout
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
 
Defense Foundation Product Brief
Defense Foundation Product BriefDefense Foundation Product Brief
Defense Foundation Product Brief
 
BSI Biometrics Standards Brochure
BSI Biometrics Standards BrochureBSI Biometrics Standards Brochure
BSI Biometrics Standards Brochure
 
PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 
Internet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from PatentsInternet of Things (IoT) Security Measures Insights from Patents
Internet of Things (IoT) Security Measures Insights from Patents
 
Biometric systems quiz materials
Biometric systems quiz materialsBiometric systems quiz materials
Biometric systems quiz materials
 
De-Duplication-01-03-2011
De-Duplication-01-03-2011De-Duplication-01-03-2011
De-Duplication-01-03-2011
 

Similar to ISSA Web Conference - Biometric Information Security Management

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationFIDO Alliance
 
ITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 PresentationITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 PresentationPhil Griffin
 
Enhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control SystemsEnhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control SystemsStar Link Communication Pvt Ltd
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework Raleigh ISSA
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
Biometric Systems
Biometric SystemsBiometric Systems
Biometric SystemsSn Moddho
 
Axxera Security Solutions
Axxera Security SolutionsAxxera Security Solutions
Axxera Security Solutionsakshayvreddy
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol Nishmitha B
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Salesforce DevOps Online Training Institute
Salesforce DevOps Online Training InstituteSalesforce DevOps Online Training Institute
Salesforce DevOps Online Training Instituteeshwarvisualpath
 
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...Amazon Web Services
 
Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...Charles Li
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...ijcisjournal
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 

Similar to ISSA Web Conference - Biometric Information Security Management (20)

Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
 
ITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 PresentationITU Kaleidoscope 2013 Presentation
ITU Kaleidoscope 2013 Presentation
 
Biometrics security
Biometrics securityBiometrics security
Biometrics security
 
Enhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control SystemsEnhancing Security and Efficiency The Power of Biometric Access Control Systems
Enhancing Security and Efficiency The Power of Biometric Access Control Systems
 
2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework 2010-02 Building Security Architecture Framework
2010-02 Building Security Architecture Framework
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
 
Biometric Systems
Biometric SystemsBiometric Systems
Biometric Systems
 
Axxera Security Solutions
Axxera Security SolutionsAxxera Security Solutions
Axxera Security Solutions
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol A secure Crypto-biometric verification protocol
A secure Crypto-biometric verification protocol
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Salesforce DevOps Online Training Institute
Salesforce DevOps Online Training InstituteSalesforce DevOps Online Training Institute
Salesforce DevOps Online Training Institute
 
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agenc...
 
Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...Li charles emerging biometrics identity services in the cloud 02122015b - ...
Li charles emerging biometrics identity services in the cloud 02122015b - ...
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and Benefits
 
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERP...
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
 

Recently uploaded

Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Hiroshi SHIBATA
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 

Recently uploaded (20)

Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 

ISSA Web Conference - Biometric Information Security Management

  • 1. Biometric Information Security Management Phillip H. Griffin Information Security Consultant GRIFFIN Consulting
  • 2. Biometric Security Standards • X9.84 - 2010 Biometric Information Management and Security – Industry neutral information security standard – Financial services specific use cases – Became a US national standard in 2003 – Revised 2009 • Wells provided editor; Griffin created secure abstract schema • Selectively incorporates ISO 19092 improvements • ISO 19092 – Extends & internationalizes X9.84-2003 – McCormick, US expert; Griffin, standard editor – Omitted important X9.84 technical content – Omitted schema for practical implementation 2
  • 3. Biometric Security Standards Content X9.84 ISO 19092 Biometrics Overview & Tutorial   Technical Considerations & Architecture   Biometric Information Security Management   Cryptographic Controls and Techniques  Physical Controls   ASN.1 Schema (compact binary & XML markup)  Secure Biometric System Event Journal  3
  • 4. Biometric Security Standard Content X9.84 ISO 19092 Audit Checklist (BVCO)   Match Decision Protocol  ISO 8583 Retail Message Extension  Data Flow Diagrams & Descriptions  Security Considerations   Public Policy Considerations  Business Use Cases   4
  • 5. X9.84 – A Biometrics Tutorial Biometric Technology Overview – Basics ”Biometric identification leverages the universally recognized fact that certain physiological or behavioral characteristics can reliably distinguish one person from another “ Biometric Types – Fingerprint (Voice, Signature, Iris, Retina, Face, …) ”The pattern of friction ridges and valleys on an individual's fingertips is considered unique to that individual.“ 5
  • 6. X9.84 Authentication System Compliance Biometric System Auditor Checklist Biometric Validation Control Objectives Environmental Controls – A biometric system within or employing an IT infrastructure requires these controls for a secure implementation Key Management Lifecycle Controls – Needed when a biometric system employs cryptographic protection, e.g., digital signatures for data integrity & origin authentication, and encryption for confidentiality Biometric Information Lifecycle Controls – A biometric system enrolls individuals by capturing biometric data to generate, distribute, use, and eventually terminate templates, similar to a PKI. 6
  • 7. X9.84 Authentication System Compliance Biometric System Event Journal Shows that an organization provides reasonable assurance that environmental, key management lifecycle, and biometric information life cycle events are accurately and completely logged – that the operation of the biometric system meets the control objectives Confidentiality & integrity of current & archived event journals maintained Complete event journals are securely and confidentially archived in accordance with disclosed business practices Event journals are reviewed periodically by authorized personnel 7
  • 8. Extending Biometric Template Information Biometric Template Attributes Attributes can be bound to a template using a detached signature. Detached signatures are stored separately from the template itself. Detached signatures do not interfere with template use by a biometric service provider, say during the biometric matching process. Signature verification of information security management attributes that are cryptographically bound to a biometric reference template can be performed by another application process, perhaps by a Web Service. 8
  • 9. Biometric Security Management Attributes <Modality> <BiometricType> fingerprint </BiometricType> <BiometricType> iris </BiometricType> <Modality> <Factors> 2 </Factors> -- Two factor authentication <Attempts> 3 </Attempts> -- Lock after 3 bad tries <BiometricPolicy> <policyIdentifier> 1.2.3.4 </policyIdentifier> <policyReference> http://phillipgriffin.com/policy/99 </policyReference> </BiometricPolicy> 9
  • 10. Binding Security Attributes to Reference Templates <Detached-Signature id=1056> <Attributes> <Hash> ▪▫▪▫ </Hash> <factors> 2 </factors> <SAML> ▪▫▪▫ </SAML> BSP <Bank> ▪▫▪▫ </Bank> <userID> ▪▫▪▫ </userID> ▪▫▪▫ Detached signatures can bind security and Database privacy attributes to biometric templates . 10
  • 11. Biometric Security Management Layer Identity and Access Management BSP User Auth IAM / BSP API Biometric Security Password Management Application Event Journal User BSM PKI Signed Attributes 11
  • 12. For a Deeper Dive … • ANSI X9.84 : 2010 - Biometric Information Management and Security • ANSI X9.73 : 2010 - Cryptographic Message Syntax (CMS) – ASN.1 and XML • ISSA Journal, January 2007: ISO 19092: A Standard for Biometric Security Management 12