© Daon Confidential Strategies for Implementing National Identity Systems Nov 28 th 2007 Leo Ring Vice President, Daon.

© Daon Confidential

Strategies for Implementing National Identity Systems

Nov 28Nov 28thth 2007 2007

Leo RingLeo Ring

Vice President, DaonVice President, Daon

© Daon Confidential

Daon – Company Profile

• Global provider of identity related software products– Founded in 2000

– We work with customers and partners in every region of the world

– Offices in Washington DC (HQ), Dublin, London, Dubai and Canberra (Australia)

• We create software products that Enable a new generation of Biometric Identity Solutions– Flexible products, intended for integration

– Focus on large-scale population-centric® environments

– Focus on identity life-cycle

– Open and multi-modal

– Focus on modernization

© Daon Confidential

Pre-Enrollment• Provide biographic information• Pay fees• Receive instructions

Capture Biographics• Enter biographic dataor• Verify/correct pre-enrollment data

Identity Proofing• Scan identity documents • Validate documents

Identity Investigation• Biometric duplicate checks

Vetting Complete• Prepare Card Data• Generate templates• Sign card data

Card Issuance• Produce Card• Provide to Citizen

Operational Usage• Citizen presents card and biometric

Capture Biometrics• Capture ten fingerprints• Capture iris (optional)• Capture face (optional)

Identity Investigation• Criminal history checks• Name based checks

National Identity Systems

© Daon Confidential

National Security – Traditional Approach – Separate Identity Systems

AddIdentity / Biometrics

Pa

ss

po

rtId

en

tity

/ B

iom

etr

ics

Cit

ize

n I

D

Fo

reig

n I

D

Iden

tity

/ Bio

met

rics

Iden

tity

/ Bio

met

rics

Separate Systems

Pa

ss

po

rt

Cit

ize

n I

D

Fo

reig

n I

D

Existing Systems

© Daon Confidential

Identity Management System

New Approach - Unified Identity Management

Integrated Integrated Biometric Biometric ServicesServices

Re

fug

ee

s /

As

ylu

mR

efu

ge

es

/ A

sy

lum

Bo

rde

r B

ord

er

Ma

na

ge

me

nt

Ma

na

ge

me

nt

Vis

as

/ P

erm

its

Vis

as

/ P

erm

its

Fo

reig

n I

DF

ore

ign

ID

Cit

ize

n I

DC

itiz

en

ID

Pa

ss

po

rtP

as

sp

ort

IdentityIdentityDatabaseDatabase

© Daon Confidential

Biometric Identity Assurance Requirements are Evolving

Authentication/Identification Identity Assurance

One project at a time An infrastructure for multiple systems

Engineering/Technology Led Business Process and Change Mgt Led

Client-Server based Service-Oriented Architectures

Fingerprint-centric Multi-Biometric

Single Vendor COTS based, Multi-Vendor Framework

Compliance Compliance plus Adaptability

Biometric matching performance Enterprise Systems Performance

Proprietary Standards-based with interoperability

From To

Disparate Federated

© Daon Confidential

Copywrite Daon 2006

National ID Business Challenges

• The failure to prevent duplicate identities results in significant financial loss and questions regarding a national identity schemes integrity

• Biographic only duplicate checking algorithms have failed• In may countries - the current issuing processes may have

created a large number of duplicate identities– Identity duplication and identity creation increase the levels of fraud,

waste and abuse

• In many cases enrolment is an offline process taking multiple days before card issuance

© Daon Confidential

All Biometrics Have Limitations

Biometric FAR FRR FTE

Face 1.00% 1% 0.1%

0.10% 2% 0.1%

1-Finger 1.00% 0.01% 2.5%

0.01% 0.6% 2.5%

2-Finger 1.00% 0.01% 1.5%

0.01% 0.1% 1.5%

4-Finger 0.10% 0.01% 0.8%

0.01% <0.01% 0.8%

8-Finger 0.10% <0.01% 0.3%

0.01% 0.01% 0.3%

10-Finger 0.10% <0.01% 0.2%

<0.01% 0.01% 0.2%

1-Iris 0.10% 1.2% 2.5%

0.01% 1.5% 2.5%

0.001% 1.9% 2.5%

0.0001% 2.0% 2.5%

2-Iris 0.10% 0.5% 4%

0.01% 0.6% 4%

0.001% 0.8% 2.5%

0.0001% 1.2% 2.5%

Iris has a high Failure-to-Enroll rate up to 2.25 Million in 45 Million population but extremely low False Accept rate

Fingerprints achieve good accuracy and efficient processing only when multiple fingers are enrolled

Face has a high False-Rejection rate

FAR = False Accept Rate

FRR = False Reject Rate

FTE = Failure To Enroll

© Daon Confidential

False Matches During Duplicate Checks Require Additional Processing

FAR 50 Million

100 Million

5% 2.5M 5M

2.5% 1.25M 2.5M

1% 500,000 1M

0.1% 50,000 100,000

0.01% 5,000 10,000

0.001% 500 1,000

0.0001% 50 100

• Two ways to reduce these false hit rates are:

• Manually

• Automatically using a second biometric

Number of False Hits Per Search

High false accept rate could lead to 2.5M false “hits” when searching a population of 50M for duplicates.

© Daon Confidential

Copywrite Daon 2006

Representative ways to address large scale National ID challenges• Introduction of Multiple Modes of Biometrics• Algorithms that best address most difficult challenge for this

population and application– Even within a mode like fingerprints certain algorithms perform

better with certain population types

– Accuracy/performance tuned to population

• Population filtering to reduce effective biometric population• Continual technology refresh: incorporating latest algorithms,

devices, IT hardware and new products• Continual and automatic updating of enrolled biometric data

© Daon Confidential

Algorithm Accuracy/Performance tuned to population

• Different demographics produce different accuracies

• Age, ethnic origin, gender, etc.

• 51 to 65 year-olds significantly worse with this device-algorithm

• Age is a disadvantage here• Opposite is true for face

biometrics; an older face is more unique

• Configuration must be made based on observed population

0.001

0.01

0.1

1

0.00000001 0.0000001 0.000001 0.00001 0.0001 0.001 0.01 0.1 1

False Match Rate (FMR)

Fal

se N

on

-Mat

ch R

ate

(FN

MR

)

20-35

36-50

51-65

Tuning for deployment population is vital

© Daon Confidential

Continual Technology Refresh

• A solution that will last for 30+ years must be prepared for major technology advancements during that time…..– Better matching algorithms (e.g ultrasound, fused hand and finger

geometry)

– Better biometric data capture and verification devices

– New biometric types (DNA, Voice, Iris in motion…….)

– Changes in process and policy

– Improvements in Infrastructure• Database• Operating System• Back office processing hardware

© Daon Confidential

Continual and automatic updating of biometric data

• Storage of multiple instances of same biometric, captured at different times, to increase accuracy

• Updating of enrolment data if higher quality data later captured (e.g. at verification)

• Template aging – refresh of enrolment data

• Seamless migration to improved devices and algorithms– Through image storage and open standards

• Frequent reporting of biometric performance; problem prevention

• Ongoing threshold configuration and tuning based on offline analysis of recorded biometrics

• Automated detection of problem devices/sensors through increased error rates (FTE, FTA, FRR) beyond allowed deviations

© Daon Confidential

14

Which meant:

Restoring the efficacy and credibility to the Nation’s immigration system

Daon’s software “powers” the identity management platform authenticating all foreign nationals

Deploying solutions in diverse locations; from detention centers to fishing boats

Which meant:

Restoring the efficacy and credibility to the Nation’s immigration system

Daon’s software “powers” the identity management platform authenticating all foreign nationals

Deploying solutions in diverse locations; from detention centers to fishing boats

AUSTRALIA ASKED US TO DESIGN AND IMPLEMENT AN “IDENTITY AT EVENT” SYSTEM TO PROTECT NATIONAL BORDERS AND IMMIGRATION

AUSTRALIA ASKED US TO DESIGN AND IMPLEMENT AN “IDENTITY AT EVENT” SYSTEM TO PROTECT NATIONAL BORDERS AND IMMIGRATION

© Daon Confidential

The case of Cornelia Rau

© Daon Confidential

16

The EU was faced with unprecedented movement of people (a hallmark of amodern society) requiring a pan EU biometric based VISA system

Which meant:

Daon helped design and is implementing a EU wide system that will prevent chronic security risks, such as VISA “shopping”

Daon software will “power” a system to serve 70 million people

The EU was faced with unprecedented movement of people (a hallmark of amodern society) requiring a pan EU biometric based VISA system

Which meant:

Daon helped design and is implementing a EU wide system that will prevent chronic security risks, such as VISA “shopping”

Daon software will “power” a system to serve 70 million people

THE EU SELECTED A DAON BASED SOLUTION TO DESIGN AND IMPLEMENT A PAN EU VISA SYSTEM FOR ALL 27 MEMBER STATES

THE EU SELECTED A DAON BASED SOLUTION TO DESIGN AND IMPLEMENT A PAN EU VISA SYSTEM FOR ALL 27 MEMBER STATES

© Daon Confidential

miSenseplus - Registered Traveller

Arrival in Dubai

miSense card compatible with Dubai eGate infrastructure and Hong Kong equivalent.

Traveller verified against local watch list database.

Biometric card issued

Biometric card issued and accepted a proxy for passport

Fingerprint biometric and passport biographical information stored.

ICAO standard encryption.

ePassport version 2, similar to existing national identity cards.

Identity Enrolment

Dedicated enrolment station within existing UKIS facility.

13 Biometrics recorded and stored within existing UKIS biometric database.

Background checks conducted and card activated within miSense system.

© Daon Confidential

Summary - Common Approach to Large Populations

• Where possible enroll multiple biometrics– Virtually eliminates failure to enroll

• Consider Iris for duplicate checking

• Provide ICAO compliant quality facial images for human arbitration– Enables use of second biometric to improve accuracy and/or resolve false hits

– Maximizes the long term payoff of the most cumbersome part of the entire process—enrollment

• The incremental cost of enrolling multiple biometrics over time is small

• Take advantage of fingerprint biometrics and low cost sensors for automated 1:1 verifications of identity

• Populations can be divided into multiple matching subsystems tuned for specific population characteristics

• Develop an enroll once use many strategy

• Focus on implementing standards-based business processes such as BIAS

© Daon Confidential

Thank You

[email protected]

Leo Ring

+1-202-413-6287