Mobile ID, the Size Compromise

Similar documents
FBI Next Generation Identification (NGI)

Biometric Use Case Models for Personal Identity Verification

Biometric Center of Excellence (BCOE)

Large-scale AFIS and multi-biometric identification. MegaMatcher SDK

Biometric Technology

Mobile Fingerprint Authentication Solution

Role of Biometrics in Cybersecurity. Sam Youness

World s Best Mobile Fingerprint Authentication Algorithm

IAFIS Overview. NGI Development. NGI Capabilities. NGI Implementation. NGI User Support UNCLASSIFIED 2

6 facts about GenKey s ABIS

Role of Biometric Technology in Aadhaar Authentication

AWARD TOP PERFORMER. Minex III FpVTE PFT II FRVT PRODUCT SHEET. Match on Card. Secure fingerprint verification directly on the card

SUPREMA LiveScan Solutions. June 2009

EU Passport Specification

Quantitative Tests Supporting Standardized Biometric Data for Large Scale Identity Management

Advances in Stand-off Biometrics

Guidelines for Capturing Palmprints and Supplementals

Biometric Offender Movement

Biometric Enrolment for the European Visa Informationsystem (VIS)

COUNTY OF LOS ANGELES REQUEST FOR INFORMATION. RFI No. 414-SH MULTI-BIOMETRIC IDENTIFICATION SYSTEM

Aadhaar enabled Public Distribution System in Haryana

Smart Card and Biometrics Used for Secured Personal Identification System Development

UNCLASSIFIED / FOUO UNCLASSIFIED / FOUO

Western Identification Network Service Strategy (January, 2008)

THE ADVANCE OF BIOMETRICS IN GOVERNMENT FIVE WAYS UNISYS IS SUPPORTING BIOMETRIC EXCELLENCE IN GOVERNMENT AGENCIES WORLDWIDE

MORPHOSMART CBM SERIES

Matching Performance for the US-VISIT IDENT System Using Flat Fingerprints NISTIR C. L. Wilson, M. D. Garris, & C. I. Watson

ISO/IEC INTERNATIONAL STANDARD. Information technology Biometric data interchange formats Part 4: Finger image data

REDUCING COSTS BY ENHANCING THE FLEXIBILITY OF BIOMETRIC SOLUTIONS

NISTIR 7249 Two Finger Matching With Vendor SDK Matchers

REAL-TIME IDENTIFICATION USING MOBILE HAND-HELD DEVICE : PROOF OF CONCEPT SYSTEM TEST REPORT

ISO/IEC INTERNATIONAL STANDARD. Information technology Biometric data interchange formats Part 4: Finger image data

Biometric quality for error suppression

NIST Tests Supporting Biometric Identification Applications

Biometric Security Roles & Resources

Computer Security. 10. Biometric authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

I I FBI-SC-FPL From: Sent: lleo.gov] arch 24, :55 PM To: I Cc: le.gov. Subject: White House Domestic Policy Request Attachments:

Computer Security 4/15/18

Demographic Update through Update Client Lite (UCL)

2016 Global Identity Summit Pre-Conference Paper. Fingerprints

16F Parkview Tower, Jeongja, Seongnam, Gyeonggi, , Korea T F E

Coesys Enrollment Solutions for Government Programs

Aadhaar. Scalability & Data Management Challenges. Dr. Pramod K. Varma. Chief Architect, UIDAI

Biometric Sample Quality Standards Importance, Status, and Direction

Aadhaar Authentication Failure in the Public Distribution System of Andhra Pradesh

Cyber Security Technologies

Phase I: Technical Capability of Biometric Systems to Perform 1:300m Identification

FRAMEWORK FOR CERTIFICATION OF BIOMETRIC FINGERPRINT SCANNERS. (PUBLIC)

Keystroke Dynamics: Low Impact Biometric Verification

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM

Overview of ANSI INCITS Fingerprint Standards on Data Interchange Format. Robert Yen DoD Biometrics Management Office 4 October, 2005

NeoFace Watch real-time face recognition How does it work? May 2018 Global Face Recognition Centre of Excellence NEC Europe

mobichk powered by White Paper address 345 Plainfield Avenue, Suite 204 Edison, New Jersey, phone

Federal Bureau of Investigation CJIS Division Next Generation Identification

Recommendation 20.1 & Manager Gordon Brussow ID Unit Forensic Division

Lumidigm Frequently Asked Questions

Online and Offline Fingerprint Template Update Using Minutiae: An Experimental Comparison

Extremely-Large-Scale Biometric Authentication System - Its Practical Implementation

Solution for large-scale AFIS or multi-biometric systems. MegaMatcher Accelerator

Applying biometric authentication to physical access control systems

FIDO AND PAYMENTS AUTHENTICATION. Philip Andreae Vice President Oberthur Technologies

PersonelID and PositiveID An Executive Summary

Latent Fingerprint Matching: Fusion of Rolled and Plain Fingerprints

Advanced Biometric Access Control Training Course # :

The National Biometrics Challenge 2011 Update

Exploring Similarity Measures for Biometric Databases

Leading Innovation in Biometrics & Security SUPREMA. Biometric Solutions for Mobile. a Whe. Contact: Suprema.

NGI and Rap Back Focus Group Briefing

Secure Web Fingerprint Transaction (SWFT) Frequently Asked Questions

Secure Government Computing Initiatives & SecureZIP

CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018

2016 Global Identity Summit Pre-Conference Paper Biometric Interoperability 2021

CIS 4360 Secure Computer Systems Biometrics (Something You Are)

Toward a Manageable Criminal History System

BIOFLEX. Applications

Face recognition algorithms: performance evaluation

FINGERPRINT BIOMETRICS

FINGERPRINT MATHING IN INDIA: AN OVERVIEW Rahul Vivek Purohit 1 S.A.Imam 2

Standard CIP-006-3c Cyber Security Physical Security

Secure Lightweight Activation and Lifecycle Management

Understanding Fingerprint Biometrics

The European Union approach to Biometrics

Registry of USG Recommended Biometric Standards

Standard CIP-006-4c Cyber Security Physical Security

Biometric Specifications for Personal Identity Verification

Bio-FactsFigures.docx Page 1

An introduction on several biometric modalities. Yuning Xu

Match On Card MINEX 2

Forensics: The Next Frontier for Biometrics. Anil K. Jain Michigan State University October 27, 2015

Biometrics Our Past, Present, and Future Identity

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

Standardized Biometric Templates in Indian Scenario: Interoperability Issues and Solutions

Solution. Imagine... a New World of Authentication.

IMPLEMENTING AN HSPD-12 SOLUTION

Base Access. Smart Identity Card Program. November 16, Jay Orgeron. BISA Program Manager

NeoFace Watch. High Performance Face Recognition. John Smith. Eva Christina. Missing Person. Person of Interest

Access Control Biometrics User Guide

Ujma A. Mulla 1 1 PG Student of Electronics Department of, B.I.G.C.E., Solapur, Maharashtra, India. IJRASET: All Rights are Reserved

Palmprint Recognition using Novel Fusion Algorithm

Version 1.4. Cogent VDM and Device Guide

Transcription:

Mobile ID, the Size Compromise Carl Gohringer, Strategic Business Development E-MOBIDIG Meeting, Bern, 25/26 September 1

Presentation Plan The quest for increased matching accuracy. Increased adoption of Palm prints and 1000 PPI resolution Increased adoption of mobile ID Increased no. of projects; Early history ; Observations & Standards Standards explained A) PIV & Appendix F; B) Mobile ID best practices explained 3 rd Party tests and results: A) UIDAI; B) NIST Conclusions Questions? 2

The quest for increased accuracy: Palm print + 1000PPI Proven fact: Fingerprint/Palm print Image quality and size directly correlate to matching performance. Result: Law Enforcement around the globe is adopting devices with larger scanning areas and higher scanning resolutions to feed their AFIS. Examples (only). Adoption of / By Palm LS 1000 PPI LS UK Ident1/NPIA 2002 - FBI 2002 2010 or 2011 RCMP 2002 2010 Norway PDMT 1998 2005 3

The quest for increased accuracy: Multi-Factor Identification 4

The quest for increased accuracy: Palm print + 1000PPI Increase in image quality True1000ppi L Scan 1000P VS. 500ppi re-sampled to 1000ppi 1000ppi L Scan 1000PX VS. 500ppi on L Scan 500P Main objective: increase ID accuracy Increase in scanning area / size 5

Mobile ID Definition: Rapid Mobile Identification w/ 2 fp against an AFIS Increasing demand and multiple applications: Mobile ID, Special Operative/forces, Forensic investigation, port police, border control, etc. Increasing offer: Mobile ID: Rapidly increasing demand Increasing quantity of projects: Rapid ID: Several US States/counties. Swiss Mobile AFIS, Police, Switzerland Lantern/MIDAS/Mobile ID, UK Mobile ID, PSNI, Northern Ireland 6

Mobile ID: Early History and Standards Result: Increased no. of public tenders and deployments. Requirements mainly driven by operational needs and the Officer s convenience/tolerance. Size, weight and usability (ergonomics, functionality) = main selectors 7

Mobile ID: Early History and Standards Observations: The contrast between no-mobility and mobility = positive But little to no benchmarking done on matching accuracy between devices and vendors. Few to no credible industry 3 rd party standards and best practices considered or reflected in evaluation criteria. Some earlier projects specified FBI PIV standard Was the only NIST / FBI standard related to mobile handheld devices. Since 2010 we have: NIST Mobile ID best practices and SAP levels. Under Appendix F certification, specifically for Mobile Identification scenarios. 8

Milestones of Image quality at FBI (FBI / NIST EBTS standard) the FBI has developed this standard for electronically encoding and transmitting biometric image, identification, and arrest data Major milestones for image quality evaluation FBI Appendix G 1995 FBI Appendix F 1999 FBI PIV 2006 FBI Mobile ID 2010 Interim image quality specifications Final image quality specifications with increased requirements Lower-level standard for one-to-one fingerprint verification New category within App. F for Mobile Identification 9

Mobile ID: PIV and Appendix F Standards What are the standards? There are two standards currently in use for fingerprints: Appendix F and PIV-071006. Appendix F has stringent image quality conditions, focusing on the human fingerprint comparison and facilitating large scale machine manyto-many matching operation. PIV-071006 is a lower-level standard designed to support one-to-one fingerprint verification. Certification is available for devices intended for use in the FIPS 201 PIV program. Reference: https://www.fbibiospecs.org/iafis_faq.html 10

FBI scanner certification categories PIV (Personal Identity Verification) For enrolment and ID authentication (mainly single finger scanners) Mobile ID For scanners capturing flat and rolled fingers in a portable acquisition station FBI scanner certification categories ID FLATS For scanners capturing flat fingers only in a 3.2 x 3.0 image capture area. Livescan For scanners capturing flat and rolled fingers in a 3.2 x 3.0 image capture area ID Verification = 1:1 Match Identification = 1:n Match 11

Mobile ID: FBI image quality requirements 4 Cert. Categories 2 Image Quality Standards PIV Appendix F PIV Identification Flats Livescan Mobile ID 12

Mobile ID: NIST Best Practice Recommendation NIST NIST stands for National Institute of Standards and Technology Body of standards recognized not only in the USA, but also worldwide In August 2009, NIST published «Mobile ID Device Best Practice Recommendation» 2012 2011 Cross Cross Match Match Technologies 13

Mobile ID: Understanding SAP / FAP levels A mobile identification device is a livescanner viewed in the context of a portable biometric acquisition station SAP means Subject Acquisition Profile FAP = is the SAP for Fingerprint Set of characteristics concerning the capture of a biometric sample. Device capture dimensions It is Applicable to 3 biometric modalities: fingerprint (FAP), face and iris. The higher the SAP/FAP level value, the stronger the acquisition requirements FAP Levels Number of fingers Image quality specification 14

Mobile ID: SAP / FAP levels Verification Mobile ID Minimum SAP Level Source: Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information from NIST 2012 2011 Cross Cross Match Match Technologies 15

Mobile ID: Operational Environment & Risk Level Risk levels according to NIST Severe risk levels imply that loss of life and/or property can result if accurate identification or verification is not made. A moderate risk environment is defined for those encounters with a subject with no or questionable identification. An officer cannot detain a subject for more than a limited amount of time without making an arrest. In this situation, it is necessary to quickly identify the subject or retain biometric information sufficient to verify the subject s identity at a later date. A mild risk environment is defined for those encounters where enrollment and identification data will be used at a later date. At that time the subject would be available for comparison to the data previously retained. Examples of mild enrollments include preparing for future logical or physical access control for a subject, or retaining one or more biometric images for verification in court while the subject is available. Verification examples include tracking a subject through the jail or court system using the retained biometric images. In these cases a failure to match would result in additional action to verify the subject s identity, primarily inconveniencing no one but the subject. 2012 Cross CONFIDENTIAL Match Technologies & PROPRIETARY FOR INTERNAL USE ONLY 16

Mobile ID: Understanding the function Enrollment (example: a complete civil or criminal booking) Identification (trying to determine the identity of someone): 1:n comparaison Verification (trying to validate the identity of someone): 1:1 comparaison 2012 Cross CONFIDENTIAL Match Technologies & PROPRIETARY FOR INTERNAL USE ONLY 17

Mobile ID: SAP level for police work The case for SAP 30 We can safely assume that the risk factor would be moderate We also know what we are trying to achieve: identification So what do NIST Best Practices recommend for such a scenario? 2012 Cross CONFIDENTIAL Match Technologies & PROPRIETARY FOR INTERNAL USE ONLY 18

19

Mobile ID: Capture dimensions of FAP levels Rolled impressions FAP 10 FAP 20 FAP 30 Flat impressions FAP 10 FAP 20 FAP 30 20

FAP Level Mobile ID: Conclusion on Size Compromise Certification category Specification Capture dimension (WxH) Number of simultaneous captured flat fingers FAP 10 PIV-071006 0.5 x 0.65 12.7mm x 16.5mm 1 FAP 20 PIV-071006 0.6 x 0.8 15.2mm x 20,3mm 1 FAP 30 PIV-071006 0.8 x 1.0 20,3mm x 25,4mm 1 Direct correlation between Scanner Size and device FAP Level. The > the size, the > FAP level FAP 30 > and Image Quality level than FAP 10 or FAP 20 (Apx F vs. PIV) The > size = > Quality = > weight = > $ Size/Weight/Costs 21

UID study: Determining best authentication accuracy using fingerprints > 620 million people enrolled 22

The UID study The Size Compromise: 3 rd Party tests Unique ID Authority of India (UIDAI) overseeing largest biometric deployment in the history of mankind Stringent requirements + a certification authority to authorize devices + technologies UIDIA published study evaluating SAP levels corrolation to matching accuracy Results: «Amongst the 26 devices studies, the single finger unlabeled FRR (False Rejection Rate) for up to 3 attempts varied from 2% to 23%! Concretely, we have: SAP10 SAP20 FRR 9,69% @ FAR 0.0001 FRR 2,92% @ FAR 0.0001 FRR 6,51% @ FAR 0.001 FRR 1,68% @ FAR 0.001 Single finger, 3 attempts Which led UIDIA to conclude: «Larger sensors provided better accuracy than smaller sensors» 2012 Cross CONFIDENTIAL Match Technologies & PROPRIETARY FOR INTERNAL USE ONLY 23

The Size Compromise: UID Fingerprint accuracy study Test setup Proof-of-Concept studies in 8 states Period: Apr. 2011 Jan 2012 35.000 Aadhaar holders (mixed by gender, age and place of living) 15 scanner models Factors investigated Different sensor technologies Different minutiae extractors Number of fingers Fingerprint quality Best finger analysis Network (availability, bandwidth, service provider, landline vs. mobile, reliability & latency factors across networks) 24

The Size Compromise: UID study results 25

The Size Compromise: UID study results Device impact on matching accuracy Large sensors (FAP 20 compliant) provide better accuraccy than smaller sensors (FAP10 compliant) Other findings Highlights Using Best Finger for authentication, FRR is much lower (up to 6 times) than using any specific finger Residents in 15-60 years age group showed the best authentication accuracy. Senior residents (60+) had the highest rejection rates. Enrolment NFIQ is poor a indicator to determine the best finger 26

NIST study: Impact of fingerprint capture dimension on matching performance Test setup A. Probe set: 100000 randomly selected images from FBI platinum repository 50.000 images with mated record 50.000 images with non-mated record B. Cut images according to FAP levels 10, 20 and 30 (+ control image) Gallery of 1.615.228 images 1 2 3 27

The Size Compromise: NIST, FAP level vs. accuracy FAP 10 FAP 20 FAP 30 FNIR / FPIR: False Non-Identification Rate / False Positive-Identification Rate FNIR false non-identification rate with FAP 10 almost double that of FAP 20 FAP 30 excels over all FAP levels FPIR not impacted by different FAP levels 28

The Size Compromise: NIST, 2-finger combinations The more fingers the better the matching performance Except for two thumbs, FAP 20/30 with two fingers better matching performance than FAP 10 with four fingers Two thumbs lowest performance across all FAP levels 29

NIST study results (4) Optimization strategy for given systems All test cases against (FAP10/20/30 and finger combinations) against all gallery configurations (flats, rolled, ten-prints) FAP 30 with two index fingers best combination FAP 10 with two index and two middle fingers as alternative Two thumbs lowest performance (all FAP levels) 30

The Size Compromise: 3 rd Party tests Capture dimensions vs. matching performance 1 2 31

The Size Compromise: NIST study conclusions The larger the capture size dimensions, the better the matching performance FAP 30 excels in matching performance over all 3 FAP levels For legacy FAP 10 systems: A combination of 2 index + 2 middle fingers can be an alternative to 2 FAP 30 index fingers. Ten flat fingers provide best matching performance compared to other flat only combinations Using only two fingers: Two index finger provides best and two thumbs provides lowest matching performance Attention: Sequence issues to be considered 32

In the End; Lessons learned: The Size Compromise: Conclusions PIV SAP 10 and SAP 20 = Made for verification, not Identification Better than nothing but not recommended for Mobile ID against AFIS. SAP 30 (PIV and Appendix F certified) = Minimum recommended level for sufficient Identification accuracy against an AFIS. 3 rd party tests show significant % of IDs missed using FAP 10 or FAP 20 (PIV) devices that would have been hits with FAP 30 devices. Scanner Size / weight / cost should be minimized, while avoiding to significantly compromise on matching accuracy (SAP level). Flash new! (of 2014-09-08): PSNI concluded initial trial of SAP 30 mobile ID devices in Belfast. One (1) single weekend. 40-50 transactions. 8 Hits. 8 arrested. 1 jailed. 1 st SAP 30 Mobile ID deployment in UK. Past = SAP 10. 33

THANK YOU! QUESTIONS? Carl Gohringer, 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback