William J. Lawson, Ph.D. (firstname.lastname@example.org)
Michael F. Shapiro (email@example.com)
Identity Theft and Need for Identity Authentication
Identity theft has reached epidemic proportions. The nationwide consumer cost is estimated at over $5 billion a year and the business cost at $48 billion a year, growing by as much as 30% per year. The large amounts of information that government and business collect, often in an attempt to secure identity, is one source of theft, since the information is placed into other documents and files that often end up ultimately in general circulation. The tragedy of 9-11 and the continuing threat of another attack have made identity systems a “front burner” issue.The “missing link” in current security schemes has been securely tying the user’s identity to the various systems without requiring extensive replacement of equipment and systems without compiling large amounts of identifying data that places individuals’ information at risk for theft. Equally important is providing for the inclusion of the disabled in mainstream identification systems.
Foundation Biometric Solution
Biometric recognition technology relies upon the physical characteristics of an individual, such as fingerprints, voiceprint, pattern of the iris of the eye and facial pattern, in identifying an individual, offering positive identification that is difficult to counterfeit.
Using biometric recognition technology, Secure Biometric Corporation developed a multiple purpose, self-authenticating, self-powered, self-contained, handheld Universal Biometric Identification ID token (the X-Pass™ Personal Information Assistant—X-Pass PIA), now patent pending, that will aid in confirming an individual’s identity to allow that individual secure access to information or facilities and to conduct transactions. Because the X-Pass PIA requires a positive identification of an individual via a biometric for activation, it eliminates “repudiation” by that individual—any transaction must have been originated by the enrolled individual and that person only.
SBC’ X-Pass differs from other biometric products in three critical ways:
The use of biometrics is the preferred method of authentication. However, if the user does not wish to employ biometrics, then the user can choose to designate a PIN as an alternative authentication method.
Breaking the Implementation Logjam
The X-Pass PIA “breaks the logjam” by simplifying the implementation issue for a secure personal ID system. The self-contained biometric serves as a gatekeeper (authenticator) to activate a variety of authorization functions, in a role as emulator of existing devices (“legacy systems” such as proximity cards, smart cards or magnetic stripe cards) or as a partner in yet-to-be developed transaction systems through a certificate framework—PKI (public key infrastructure). Following initial enrollment(s), there is no need for further “biometric” transactions with the “outside” world. In this perspective, the X-Pass PIA is a personal ID authenticator carried by the individual and hosting a number of “enrollments” from various entities and organizations that support subsequent authorizations---to enter a door, sign onto a computer or network and so on. This reduces the level of complexity and difficulty in a widely scalable and immediately deployable secure ID system, orders of magnitude simpler than solutions from any potential competitors.
Promotes Universal Accessibility/Adaptive Device
Historically, assistive technologies have been limited to the connection of local assets. Security concerns were satisfied by limited physical (“hands on”) access to the assistive device. With the introduction of both wired and wireless networked architectures, assistive technologies useful to the physically challenged must now be adaptive to local and networked devices.
The X-Pass PIA can be used to store data of all types, but it is commonly used to store encrypted data, human resources data, medical data, access preferences, and biometric data (template). Because it is a programmable platform, it can readily accommodate applications that facilitate accessibility. The X-Pass is an adaptive device that will allow people of all ability levels to interface with a multitude of authentication systems. The X-Pass design already incorporates audible feedback. SBC is actively pursuing the implementation of voice command and voiceprint recognition as a complementary or supplemental biometric. Because the X-Pass can interact with a card reader, USB port, contactless proximity reader, or bi-directional radio, it supports interactions with a wide range of access and control systems and facilitates compliance with Section 508 of the Rehabilitation Act and the Americans with Disabilities Act (ADA). The X-Pass PIA is the best storage medium to use when implementing a biometric authentication system that will satisfy the range of security, accessibility, and legal requirements.
Adaptation to People of Variable Abilities
Think of the X-Pass PIA as a key. It can open doors and provides security to keep others away from an individual’s personal data. It can be customized to an individual’s access needs: to access one’s home, garage, accounts, or to invoke a customized setting for any secure area or application.
Comparison to the Smart Card
The X-Pass PIA is the next evolution in the development of the smart card. Besides its versatility in use with a variety of physical and logical access systems, the X-Pass PIA incorporates significantly more memory than even advanced smart card designs, giving it special capability as a secure information container.
There are major benefits to users of all ability levels:
· Universal design (adaptive and programmable)
· High speed access and throughput
· Durable and reliable, because all elements of the card are self-contained
· User-friendly and simple to use.
· Less intrusive, protection of privacy
· Encryption and encryption protocols provide excellent security; the unit maintains an active defense against tampering
· Flexibility of use because of the interoperability of applications
· Does not require special readers and can operate in contactless mode
The biometric input can be one or more biometric sensors, such as fingerprint scanners, image capture devices for iris pattern or facial geometry recognition and microphones for voiceprint matching. Output communications include dynamic magnetic stripe, smart card, proximity radio, longer-range radio, infrared, serial or USB communication ports or other wired or wireless communication channels. The X-Pass PIA also includes a speaker that allows the processor to produce audible indications and outputs. It also incorporates a display and a keyboard to communicate with a user and includes sufficient secure memory to store sensitive personal information.
The X-Pass PIA stores biometric data onboard (without the use of a centralized database), as well as cryptographic keys (certificates) in order to authenticate an individual’s identity. In current use with a fingerprint based biometric, the user will place his or her finger on the X-Pass’s finger print scanner. This scanned information is compared to the fingerprint data already contained in the X-Pass PIA and, if it matches, the device authenticates the person presenting it as the same person whose fingerprint was originally enrolled. Cryptographic keys are assigned by an issuing and verifying organization (such as a financial institution or a government entity—a “local registration agent”), which are released as a means of providing confirmation of the identity of the individual who originally entered a fingerprint onto the token. The X-Pass can also be loaded to use voice verification as a complementary or supplemental biometric test. Once the identity of the individual is verified, the individual may use the X-Pass PIA for a number of functions such as secure access, information exchange and financial and credit card transactions.
The X-Pass PIA is well suited for dynamically adaptive use in a number of areas:
· Finance (credit and debit cards, e-purses, telecommunications authorization and accounting);
· Government documents (driver licenses, visas, passports),
· Physical access (including time and attendance)
· Computer access and information security
· Healthcare (prescription control, medical records, Medicare, Medicaid and insurance identification)
· Trusted traveler/trusted worker (airport security, entry/exit, border crossing and control)
User education and price reductions over time will bring the X-Pass PIA from primarily government use into the high value transactions market (institutional finance), network and computer access, then to other commercial applications and finally into the consumer market (credit and debit cards). However, it can serve an immediate need through its ability to support accessibility to better integrate an underserved challenged population into the burgeoning use of complex security systems.
Copyright © 1998