Natural Security Alliance Biometrics Based Projects: How to Build Trust in biometrics projects? October 7-8, 2014 Barcelona
Summary! 3 Key questions 1/ How to succeed biometrics based deployment project? 2/ How to use biometrics without compromising security and privacy 3/ How to evaluate and certify biometrics for non-governmental approach?! Answers involve : Data protection, Standard Vs Proprietary solutions, Model of deployment, Ecosystem of services providers and vendors, testing and certi"cation process, integration into current infrastructure and user experience 2
Current Payment Experience
The authentication problems addressed! Merchants Increase business and customer adoption Universal / not limited to a speci"c payment solution Limited impact on the back-of"ce! Banks Customer Adoption Multi-channel compliant Proven security! Users No privacy concern Ease of use
5 Natural Security Alliance - Standard
Hands-free payment 6
7 Natural Security Alliance - Core speci"cations
8 Natural Security Alliance - Core speci"cations
Natural Security Alliance - Timeline 2007 2008 2008 2012 2012 2013 2014 - INIT R&D PHASE EXPERIMENTATION & PROJECTS PHASE Retailers and banks looking for a new, fast, convenient payment technology Creation of a R&D company: Patents deposit Writing of the speci"cations and certi"cation process Technologies assessment French experimentation: 1000 cardholders 2 cities 200 POS Very good feedback Pictures from the experimenta2on in France (2013) Provision of the speci"cations to an open standard organisation to share the governance and to facilitate the adoption of the technology. Projects starting soon in various countries: France, Russia, Chile Pilot: San Jose University
45 Members from various business areas
6 months pilot (From October 2012 to March 2013 )! 4 large supermarkets and many merchants involved! Near 1000 Cardholders! Near 5000 transactions! 200 POS! Results available online More Than 9 Out of 10 Pilot Participants Ready for Natural Security Biometric Payment 11
Privacy in practice Design Technological choices Privacy by Design Privacy by Default Implementation Evaluation Commitment from data controllers Privacy Rules
Technology compatible standard Environment 802.15.4 Bluetooth 3 POC 802.15.4 802.15.4 / Bluetooth Low Energy / Contact / NFC Secure Storage 802.15.4 Bluetooth 3 POC Smartcard / Secure Element TEE / Smartcard / Secure Element Pictures 13
Sim /Embedded SE /TEE : new implementations SIM CARD SE/TEE THIRD PARTY? 14
GIE Cartes Bancaires Approval (Chip & Tips)! GIE Cartes Bancaires started the certi"cation process of a NS device: EMV-based payment with biometrics as new CVM! 2015: France will be the "rst country to roll out wireless biometric EMV-based supports Risk Assessment Release Acceptation Bulletin Acquirer and issuer Approval framework Approval Reference document 2014 2015 September December May 15
Deployment model
Evaluation! BAI : to de"ne a common process for testing, approval and certi"cation of biometric technology for non-governmental applications : To become the reference on the performance, security and usability of biometrics Aligned with business and user needs, Based on use cases (transactions, online services, physical access control) Focus on the consistency of the evaluation (environment + functionnality + performance + security) A methodoloy for repetability rather than just producing results initiative welcomed by regulators 17
Framework Biometrics Alliance Initiative Business requirements Framework Tools providers Lab Tests run Certi"cation body Certi"cation
Conclusion ALLIANCE
Natural Security Alliance www.twitter.com/naturalsecurity EuraTechnologies, 165 avenue de Bretagne, 59000 Lille contact@naturalsecurityalliance.org www.naturalsecurityalliance.org ( : +33 3 617 614 61 www.linkedin.com/company/natural-security www.twitter.com/naturalsecurity www.vimeopro.com/naturalsecurity/tv 20 SIRET : 800 130 692 / APE : 7490 B