Upload
charles-li
View
93
Download
1
Tags:
Embed Size (px)
Citation preview
© 2014 IBM Corporation
Biometrics Identity Services in the Cloud
Dr. Charles Li Hong KimIBM Federal CTO Group
© 2014 IBM Corporation2
2
Topics
� Biometrics Identity
� The Mega Trends
� Biometrics Identity Cloud Service Model
� Summary
© 2014 IBM Corporation3
Biometrics Identity
Establish
Identity
Players
Entitlement(s)
Actions
Identity
Trust
(Rules)
Status
(Environment)
Reputation
(History)
Manage
Identity
© 2014 IBM Corporation4
� Demand for Mobility
− 7 billion mobile phones of which close to 2 billion smart phones
− Available mobile platforms
− API and Apps economy
� Biometrics Data Collection Proliferation
− Big Data and Its technologies
� Biometrics Standard Adoption
− ISO SC37, INCITS M1, NIST ITL,
− Many standards developed since 9/11, 2001
� Biometrics Commoditization
− Capture devices and software standardization starting SOA era…
� Advancement of Cloud Technologies & Standards
− AWS, IBM Softlayer
− OpenStack, Cloud foundry …
The Mega Trends
© 2014 IBM Corporation5
Biometrics Data Proliferation
1 Billion Arrivals 2012 world wide United States – 100-200 million international arrivals 2012
1 Exabytes traveling data
Unique Identification Authority of India (UIDAI) plans to enroll 1.2 billion citizens.(UID Program) ( enroll million /day; half billion by
2014) 3-4 Exabytes Biometrics &
Biographic Data
Prolific Usage of Mobile Phones 7 Billion Mobile Phones
7 Exabytes of behavior data
ID Cards/Border Crossings/Benefits/Multiple
Instances
7,000,000,000x(10 Print 0.5-1MB + Face 200KB +
IRIS KB)
7 Exabytes
EU VIS Biometrics Matching System (BMS) at
70 million individuals and 100K daily enrollment
~100 Terabyte
US DoS has in the range of 100 million faces & Others~ at least 10-50 Terabytes
DHS IDENT over 150 million identities; 125,000 transactions daily
~100-300 Terabytes
FBI NGI ~ over100 Million Fingerprints & More coming plus Faces/Iris
~100-200 Terabytes
1 GigaBytes = 1000MB
1 TeraBytes = 1000GB
1 PetaBytes = 1000TB
1 ExaByes = 1000PB
1 ZettaBytes = 1000EB
1 YottaBytes = 1000ZB
many instances, history, transaction, logs… data in reality
© 2014 IBM Corporation6
1
InfrastructureIaaS
Platform PaaS
SoftwareSaaS
Biometrics Architecture
Standard Interface
Process Data
Process Data
Process Data
Process Data
Process Data
Process Data
Process Data
Process Data
Process Data
Enrolment Service
1:1 Identification
Service
….
Fingerp
rint
Biometric Data
IrisFace
IdentificationVerification Applications
A Cloud Architecture
© 2014 IBM Corporation7
Biometrics Application from the current to the future paradigm
High capital cost
Expensive tech refresh
End to end solution
Resources need biometrics skillsets
Lower refresh costs
Proliferation of biometrics usage
Increased adoption by Small & Medium Business market
Leverage mobile revolution
Leverage cloud services
Leverage other commodity technologies
© 2013 IBM Corporation
Operational Cloud
Biometrics as a ServiceAdjust resources based on load
Facial
BiometricsData Sources
Elastic Compute Resources
…Finger print
Mix of simple
and complex requests
Dev/Test Cloud
Test Bed
Test Data
Compute Resources
Data
Service and
algorithm Dev/Test
Mobile clients
Field Ops
User
User
User
User
Players
Technology Providers System Integrators Users & Apps
Benefits
� Quickly provision development environment
� Cloud development ecosystem
� Faster test cycles
Benefits
� Shared resources(Bare metal, Visualization & Cloud)
� Separation from Cloud, Solution and Service Level Agreements
� Identity Services to include all sources
� Enable competition
Benefits
� On-demand performance requirements
� Support Mobile seamlessly – work the same way
• Apache Cordova for cross platform native mobile apps
• Expose cloud services via RESTful APIs
Mobile Standards
• OpenStack to orchestrate compute, storage, and network resources
• Example – IBM Softlayer, Amazon AWS
IaaS Standards
1
PaaS Standards
• Cloud foundry to manage application runtimes and API services
• Examples - Bluemix
22
Better Capabilities and Benefits to All Players
Biometrics Identity Service Cloud Model
© 2013 IBM Corporation
Biometrics Identity Service Cloud Model
Operational Cloud
Biometrics as a ServiceAdjust resources based on load
Facial
BiometricsData Sources
Elastic Compute Resources
…Finger print
Biometric and
Identity Services
Develop/Test Cloud
Test Bed
Test Data
Compute Resources
Data
Service and
algorithm Dev/Test
Mobile clients
Field Operation
User
User
User
User
Application/Integration Services
Data in Motion –
Streaming Pattern
Web 2.0
Pattern
J2EE/OLTP
Patterns
Map/Reduce
Pattern
MobileDesktop,InteroperateAnalyst – Human Examiner
• Cloud – Data, Compute, Network• Options – On-premise, Off-
Premise, Hybrid
• Enroll, Identity, Identity, Retrieve,• Subject Manipulation(create, delete,
update, retrieve),
• Biometrics and Biographic manipulation
Biometrics Identity Cloud Services
1
4
3
2
5
© 2013 IBM Corporation
OpenStack Growth in 4 Years - Standards Can Enable Markets
Revenue projections$1.7B in 2016$3.3B in 2018
Eleventh Release –“Icehouse”
Revenue about $883M15,000 community members
First release – “Austin”
1,500 community members
20102011
2014
Future
� OpenStack is an example of a Cloud Standard and Reference Architecture based on
− Openness
− Modularity
− Well defined interfaces
� In short amount of time, ignited a market that promoted
− Active community
− Reduced vendor lock-in
− Agility
− Innovation
� However
− Cloud is still emergent market
− Tremendous competition
© 2013 IBM Corporation
Biometrics Identity Services in the Cloud
Standard forBiometrics Identity
Services In The Cloud
Government
Industry
Academics
Broad Base of Input
Cloud Standards Biometrics Standards
• OpenStack (IaaS)
• Cloudfoundry (PaaS)
• ANSI/NIST ITL
• INCITS M1
Leverage Existing Standards
© 2013 IBM Corporation12
Summary
� Focus on Identity Assertion
�Biometrics Identity Service – a Cloud Model
�Next Steps
• Industry Contribution
• Standard Initiation
• Reference Application Development
© 2013 IBM Corporation13
© 2014 IBM Corporation14
Views on biometrics technology and system
What is missing?
© 2013 IBM Corporation15
For Your Reference: BIAS System Context
� BIAS services provide basic biometric identity assurance functionality as modular and independent operations which can be assembled in many different ways to perform and support a variety of business processes
� BIAS services are intended to offer a consistent and common interface to various system resources, which may include:
– A 1:1 fingerprint verification matching server
– A 1:N iris search/match engine– A facial biometric watch list– A criminal or civil AFIS system– A name-based biographic identity
database– An archive of biometric identifiers– A gallery/population of subjects
© 2013 IBM Corporation16
For Your Reference: Preliminary BIAS Services (1)
� Create Subject– creates a new subject record and
associates a subject ID to that record
� Delete Subject– deletes an existing subject record and,
in an encounter-centric model, any associated encounter information from the system
� Add Subject to Gallery– registers a subject to a given gallery or
population group
� Delete Subject from Gallery– removes the registration of a subject
from a gallery or population group
� Set Biographic Data– associates biographic data with a given
subject record; may either replace existing data or create a new encounter
� Set Biometric Data– associates biometric data with a given
subject record; may either replace existing data or create a new encounter
� Delete Biographic Data– removes biographic data from a given
subject or encounter
� Delete Biometric Data– removes biometric data from a given
subject or encounter
� List Biographic Data– lists the biographic data elements
stored for a subject or encounter
� List Biometric Data– lists the biometric data elements stored
for a subject or encounter
© 2013 IBM Corporation17
For Your Reference: Preliminary BIAS Services (2)
� Retrieve Biographic Data– retrieves the biographic data
associated with a subject or encounter
� Retrieve Biometric Data– retrieves the biometric data associated
with a subject or encounter
� Update Biographic Data– updates the biographic data for an
existing subject or encounter
� Update Biometric Data– updates the biometric data for an
existing subject or encounter
� Check Quality– Returns a quality score for a given
(input) biometric
� Verify Subject– performs a 1:1 verification match
between a given biometric and either a
claim to identity in a given gallery or
another given biometric
� Identify Subject– performs an identification search
against a given gallery for a given
biometric, returning a rank-ordered
candidate list of a given maximum size
� Transform Biometric Data– transforms or processes a given
biometric in one format into a new
target format (e.g. feature extraction,
center/crop, convert data format)
© 2013 IBM Corporation18
For Your Reference: Preliminary BIAS Services (3)
� Enroll– adds a new subject or, in an encounter-
centric model, a new encounter to the system
– may include and be contingent upon a negative identification
– an aggregate/compound service which may utilize other BIAS services: Create Subject, Set Biometric Data, and Add Subject to Gallery
� Identify– performs an identification function
according to system requirements and/or resources (e.g. search multiple galleries)
– an aggregate/compound service which may utilize other BIAS services: Identify Subject, Set Biographic Data, and Set Biometric Data
� Verify– performs a 1:1 verification function
according to system requirements and/or resources
– an aggregate/compound service which may utilize other BIAS services: Verify Subject, Set Biographic Data, and Set Biometric Data
� Retrieve Information– retrieves requested information about a
subject– may include biographic + biometric
data, and/or multiple encounters– an aggregate/compound service which
may utilize other BIAS services: Retrieve Biographic Data and Retrieve Biometric Data