Upload
digitalpersona
View
912
Download
2
Tags:
Embed Size (px)
DESCRIPTION
This slide presentation provides an overview of biometric and authentication technology and the overall issues, benefits and impact of these type of solutions.
Citation preview
City of Winter Park, Florida
Biometrics and Biometrics and AuthenticationAuthentication
City of Winter Park, Florida
Biometrics and Biometrics and AuthenticationAuthentication
George MaldonadoSystems AdministratorMCSE, CCNA, MCP, Net+
Lets Define !
“biometric: is a physiological or behavioral characteristic of a human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.”
“authentication: Positive verification of identity (man or machine), verification of a person’s claimed identity”
FBI CJIS Requires: That Each person who is authorized to store, process, and/or transmit FBI CJIS/CHRI data must be authenticated by use of a unique user ID and password or a form of advance authentication. Advance authentication is required for devices that access FBI CJIS data/CHRI from non secure locations or via the internet, wireless or dial-in connections.
Advance authentication is the term describing added security functionality, in addition to the typical use identification and authentication of login ID and password.
Who are you? Prove it.
Why Biometrics? Biometrics is the simplest and most inexpensive way to accurately identify or verify individuals
based upon each person’s unique physical or behavioral characteristics. Biometrics work by unobtrusively matching patterns of live individuals in real time against enrolled records.
It fits the basic security principal:“What You Have, What You Know, What You Are”
Biometric-based solutions are able to provide for confidential financialtransactions and personal data privacy. The need for biometrics in the enterprisewide network security infrastructure is a must technology, because single-factorauthentication methods are easy to break and therefore inherently important toour citizens. Identity thefts Something you know can be stolen Shared, predicted or hacked Fingerprints – mature enough to deter crime and even terrorism
Implementation Summary
User Statistics Total Users: 545 Users with registered fingerprints: 364 Readers deployed: 364
City Hall Emergency Vehicles (Police and Fire Trucks) Electric Division & Water Plants Central Facilities including vehicle maintenance
Fingerprints as a Biometric High Universality A majority of the population (>96%) have legible fingerprints Even identical twins have different fingerprints (most
biometrics fail) Individuality of fingerprints established through empirical
evidence High Permanence Fingerprints are formed in the fetal stage and remain
structurally unchanged through out life. High Performance One of the most accurate forms of biometrics available High Acceptability Fingerprint acquisition is non intrusive. Requires no training. .
What We Are Using
DigitalPersona Pro for Active Directory Installed on desktops Installed on existing servers
Hardware DigitalPersona U.are.U 4500 fingerprint readers Existing “swipe readers” embedded in various
models of popular notebooks and PCs.
IT Environment (Past & Present)Current Environment Single Active Directory Domain Password Authentication
Applications Login to:
Windows Domain or Network Access Naviline iSeries (AS400 Green Screen) Outlook
Any application setup for biometric logon at the City will have this icon on the logon screen
Driving Forces
Pain Points Resolve password related issues
Needed Security that couldn’t be shared Eliminated desktop sharing Excellent opportunity to put in place Password and screen
saver Policies
Meet CJIS Mandate Requirements Advance authentication is required for devices that access FBI
CJIS data/CHRI from non secure locations or via the internet, wireless or dial-in connections.
Advance authentication is required for devices that access FBI CJIS data/CHRI from non secure locations or via the internet, wireless or dial-in connections.
Available Solutions
Solutions Considered Inflexis DesktopID
Why other solutions were not selected No real AD integration “Petting” reader No centralized fingerprint storage No different than a token device (can get
expensive)
Why DigitalPersona
Easy for Users Employees embraced it Best trade off between convenience and security Faster than recalling and typing very complex passwords Intuitive to use – visual cues
Simple user registration process Single Sign on function Automatic Wizard detects login fields in applications and
web sites
Easy for the IT Administrators Easily create login templates for applications the Wizard
cannot detect Push out the templates via GPOs
Why DigitalPersona
Robust, Centralized Server Software Tight Active Directory Integration Single or Two-factor authentication options Flexible Authentication Policies
Secure and Compliant Met CJIST mandate of requiring Two-Factor Authentication Event Logs of who accessed what and when Protect sensitive information through digital signing and
encryption of email and documents
Reader is well constructed
Implementation Summary
Benefits to IT:
Met federal and state requirements Avoid fines and penalties
Compliance’s intrinsic benefit Creates a more definitive baseline for data sharing
and protection. Improve security, communications, and overall
business practices.
Create Flexible Group Policies
Implementation Summary
CJIS Compliance Impact Criminal Justice Information System
FBI Requirement Two-factor Authentication
Create and maintain criminal justice information system For authorized state, local criminal justice, and
noncriminal justice users Supports operations, policy analysis, and public
safety Must be accurate, timely, complete, appropriately
secured to protect privacy rights, cost-effective, and accessible.
General Issues
Low humidity areas may require hand moisturizer
During initial set up, shield the fingerprint reader from direct sunlight
Thank You!!
George MaldonadoSystems AdministratorMCSE, CCNA, MCP, Net+