Natural Security Alliance

Transcription

1 Natural Security Alliance Biometrics Based Projects: How to Build Trust in biometrics projects? October 7-8, 2014 Barcelona

2 Summary! 3 Key questions 1/ How to succeed biometrics based deployment project? 2/ How to use biometrics without compromising security and privacy 3/ How to evaluate and certify biometrics for non-governmental approach?! Answers involve : Data protection, Standard Vs Proprietary solutions, Model of deployment, Ecosystem of services providers and vendors, testing and certi"cation process, integration into current infrastructure and user experience 2

3 Current Payment Experience

4 The authentication problems addressed! Merchants Increase business and customer adoption Universal / not limited to a speci"c payment solution Limited impact on the back-of"ce! Banks Customer Adoption Multi-channel compliant Proven security! Users No privacy concern Ease of use

5 5 Natural Security Alliance - Standard

6 Hands-free payment 6

7 7 Natural Security Alliance - Core speci"cations

8 8 Natural Security Alliance - Core speci"cations

9 Natural Security Alliance - Timeline INIT R&D PHASE EXPERIMENTATION & PROJECTS PHASE Retailers and banks looking for a new, fast, convenient payment technology Creation of a R&D company: Patents deposit Writing of the speci"cations and certi"cation process Technologies assessment French experimentation: 1000 cardholders 2 cities 200 POS Very good feedback Pictures from the experimenta2on in France (2013) Provision of the speci"cations to an open standard organisation to share the governance and to facilitate the adoption of the technology. Projects starting soon in various countries: France, Russia, Chile Pilot: San Jose University

10 45 Members from various business areas

11 6 months pilot (From October 2012 to March 2013 )! 4 large supermarkets and many merchants involved! Near 1000 Cardholders! Near 5000 transactions! 200 POS! Results available online More Than 9 Out of 10 Pilot Participants Ready for Natural Security Biometric Payment 11

12 Privacy in practice Design Technological choices Privacy by Design Privacy by Default Implementation Evaluation Commitment from data controllers Privacy Rules

13 Technology compatible standard Environment Bluetooth 3 POC / Bluetooth Low Energy / Contact / NFC Secure Storage Bluetooth 3 POC Smartcard / Secure Element TEE / Smartcard / Secure Element Pictures 13

14 Sim /Embedded SE /TEE : new implementations SIM CARD SE/TEE THIRD PARTY? 14

15 GIE Cartes Bancaires Approval (Chip & Tips)! GIE Cartes Bancaires started the certi"cation process of a NS device: EMV-based payment with biometrics as new CVM! 2015: France will be the "rst country to roll out wireless biometric EMV-based supports Risk Assessment Release Acceptation Bulletin Acquirer and issuer Approval framework Approval Reference document September December May 15

16 Deployment model

17 Evaluation! BAI : to de"ne a common process for testing, approval and certi"cation of biometric technology for non-governmental applications : To become the reference on the performance, security and usability of biometrics Aligned with business and user needs, Based on use cases (transactions, online services, physical access control) Focus on the consistency of the evaluation (environment + functionnality + performance + security) A methodoloy for repetability rather than just producing results initiative welcomed by regulators 17

18 Framework Biometrics Alliance Initiative Business requirements Framework Tools providers Lab Tests run Certi"cation body Certi"cation

19 Conclusion ALLIANCE

20 Natural Security Alliance EuraTechnologies, 165 avenue de Bretagne, Lille ( : SIRET : / APE : 7490 B