Protecting data, transactions and privacy In recent years, there's been a move among governments and commercial organizations toward using secure personal identification systems as a way of verifying the identity of individuals. Heightened concerns over terrorist threats and immigration control have prompted a number of countries, including members of the European Union, to pilot biometric passports. In addition, a number of governments have plans underway for implementing a smart driver's license or national ID card. Secure ID systems can help businesses and agencies restrict access to physical locations and secure networks, as well as provide an identity verification process for receiving government services or conducting online transactions.
To compete effectively in today's digital environment while safeguarding personal information, public and private entities are turning to IBM On Demand Innovation Services (ODIS) – a collaboration between IBM Research and IBM Global Business Services –for better ways to achieve identity verification while protecting data, transactions and privacy. As a leader in the field of data security, biometric identification systems and smart card technology, IBM ODIS has been at the forefront of those efforts, combining IBM Research's array of technology tools and systems with the hands-on expertise of IBM Global Business Services consultants to deliver customized secure ID solutions to a global clientele.
Biometrics Biometric technologies provide an automated means of identifying or authenticating the identity of a living person based on unique physiological or behavioral characteristics. Digitized representations of fingerprints, facial scans, hand geometry, and voice, iris or retina patterns can be captured via sensor, scanner, microphone or camera. The unique characteristics are then extracted from the biometric image and used to create the user's biometric template, which is stored in a database or on a machine-readable ID card. Alternately, the complete biometric image can be stored, but understandably, this option requires substantially more memory and also can present greater privacy concerns than a system that stores only biometric templates.
Public key infrastructure Public key cryptography has for many years served as a core technology for many computing security systems. Using public and private key pairs allows one cryptographic operation – encryption – to be performed using one key from the pair, while the reverse operation – decryption – requires the other key. The private key remains concealed by the key owner, while the public key is freely disseminated. Internet public key infrastructure (PKI) provides additional safeguards by allowing a public key for an end-user to be certified without requiring the corresponding private key to be transmitted online to the certification authority. In most cases, the key pair is generated at the end-user's side of the infrastructure with the private key remaining securely stored in the local environment – for instance, in a smart card token.
Infoprint Workflow IBM's Infoprint Workflow (IPW) product is a distributed client server solution that can be used to automate the smart card print manufacturing process. The highly customizable system is divided into two major components: the backend server, which implements the processes that make up a workflow, and the Windows-based GUI, which enables the client to configure and manage the workflow. The IPW solution offers an array of security management options to help protect the integrity of the smart card production process, and provides tracking and reconciliation facilities through each process stage.
Smart cards Smart cards are capable of storing large amounts of biometric and other data on an embedded chip that interacts intelligently with a smart card reader. The use of chips makes the cards more fraud resistant than relying on the conventional magnetic strip data storage system. When employed as part of a Secure ID solution, sensitive data is typically encrypted, both on the ID card and during communications with the reader system. In some cases, digital signatures may be added to help provide for data integrity.
Secure ID solutions Researchers at IBM's Watson and Zurich Laboratories have combined the power of both biometric and public key encryption technologies to develop solutions for IBM Global Business Services clients requiring secure, convenient and portable ways of establishing users' identity. With the power to hold a digital credential in an embedded chip, the Secure ID smart card offers government agencies the ability to use advanced encryption and biometrics security mechanisms that are: a) extremely difficult to forge and b) pointless to steal because they can only be used by the rightful owner. For this reason, a key component of any Secure ID system is the process of enrollment. Rather than relying on paper form- or electronic-based applications, biometrics-based systems require personal enrollment interviews as well as in-person pickup – a massive undertaking when implemented on a national scale. In addition to verifying the identity of each individual as their biometric information is recorded, government agencies must scan and save application documents and abide by specific directives surrounding the handling of personal data – requirements that create additional need for highly secure storage and infrastructure solutions.
Recognized as a leader in smart card systems integration (Frost and Sullivan 2004), IBM Global Business Services worked with a government in Asia to provide a smart card solution for approximately 20 million citizens. The card incorporates IBM biometrics and chip technology, and is designed to accommodate new applications in the future. In a separate engagement, IBM Global Business Services oversaw a European chip-based consumer payment project, providing almost one million terminals and 100 million cards to retailers and banks.
Building on its expertise in biometric technologies, IBM Global Business Services consultants worked with the French public agency GILFAM to help automate the land registry process in a way that would allow transactions to be made online, with electronic ownership deeds replacing paper ones. IBM's solution involved implementing an electronic signature system that uses a biometric template of a judge's fingerprint to safeguard the authenticity of the online records.
More recently IBM Global Business Services assisted a government agency in overhauling its production operations in anticipation of rolling out a new security-enhanced driver's license. IBM Global Business Services consultants provided the client with a complete end-to-end technical architecture and infrastructure for card production, as well as provisions for quality and security management.
The future of Secure ID With a number of European governments preparing to pilot biometric passports and/or national ID cards, IBM is well positioned to market its Secure ID solution to the global community. In addition to government agency applications, the Secure ID solution could also be adapted to store patient medical records for use by insurance companies and healthcare providers, and could provide an additional layer of security in screening airline passengers. Other possible applications include use by businesses and universities to verify employee and student identity, and to track purchases and meal consumption. The IBM Secure ID system is an invaluable tool for designing custom solutions for enterprises seeking new ways to implement identity and authentication verification, helping clients address national and business security issues while safeguarding personal privacy.
Secure Trade Lane Read Forbes article on STL
| |
