Determining a person's identity securely, conveniently, and in a privacy-guaranteeing
way without creating new cost-drivers 
|
In recent years, there has been a trend among governments and
commercial organizations toward using secure personal identification
systems as a way of verifying the identity of individuals. Heightened
concerns over terrorist threats and immigration control have prompted
a number of countries, including members of the European Union,
to pilot biometric passports. In addition, a number of governments
have plans to implement a national ID card or a "smart"
driver's license (see for example the US' RealID act).
Secure ID systems can help businesses and agencies restrict access
to physical locations and secure networks, as well as provide an
identity verification process for receiving government services
or conducting online transactions.
Our team integrates various aspects of expertise to provide such
systems in a wide range of public and private sector applications.
Most notably, these include public key infrastructure (PKI), biometry,
workflow, smart chip technology, and in-depth process knowledge
gained from cooperation with customers and colleagues from IBM Global
Business Services.
|
|
|
|
|
|
|
|
|
Secure ID in less than 2 minutes.
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
| |
|
|
Public key infrastructure
|
|
Public key cryptography has long served as a core technology for
many computer security systems. Using public and private key pairs,
one can perform cryptographic operation encryption with one key
from the pair, while the reverse operation decryption requires the
other key. The private key remains concealed by the key owner, whereas
the public key is freely disseminated. Internet PKI provides additional safeguards by ensuring that a public key
for an end-user can be certified without requiring the corresponding
private key to be transmitted online to the certification authority.
In most cases, the key pair is generated at the end-user's side
of the infrastructure, and the private key remains securely stored
in the local environment such as in a smart card token. For many
years, our team has been developing the core cryptographic software
used in many IBM products, such as Websphere or Host-on-demand.
|
|
|
| |
|
|
|
Biometrics
|
|
Biometric technologies provide an automated means of identifying
or authenticating the identity of a living person based on unique
physiological or behavioral characteristics. Digitized representations
of fingerprints, facial scans, hand geometry, as well as voice,
iris or retina patterns can be captured via sensors, scanners, microphones
or cameras. The unique characteristics are then extracted from the
biometric image and used to create the user's biometric template,
which is stored in a database or on a machine-readable ID card.
Alternatively, the complete biometric image can be stored, but —
understandably — this option requires substantially more memory
and also can present greater privacy issues than a system that stores
only biometric templates.
|
|
|
| |
|
|
|
Workflow
|
|
IBM's Infoprint Workflow (IPW) product is a distributed client–server
solution that can be used to automate the smart card print manufacturing
process. The highly customizable system is divided into two major
components: the backend server, which implements the processes that
make up a workflow, and the Windows-based GUI, which enables the
client to configure and manage the workflow. The IPW solution offers
an array of security management options to ensure the integrity
of the smart card production process, and provides tracking and
reconciliation facilities throughout each process stage.
|
|
|
| |
|
|
|
Smart chips
|
|
Chips such as those used in smart cards are capable of storing
large amounts of biometric and other data and of interacting intelligently
with external devices. The use of chips makes these devices more
fraud-resistant than relying on the conventional magnetic strip
data storage system still used in many identification applications
such as company badges or credit cards. When employed as part of
a secure ID solution, sensitive data is typically encrypted, both
on the ID card and during communications with the reader system.
In some cases, digital signatures may be added to help ensure data
integrity.
|
|
|
| |
|
|
| |
|
Taking
the production of secure ID cards as an example, the following issues
have to be considered in a manner that is very efficient, secure,
adds no complexity or costs to existing means of ID production, and
is in compliance with international standards:
| · |
Understanding the security features (from high-tech polycarbonates
and engraving to smart cards) to find the appropriate solution
for a given situation. |
| · |
Production and personalization of the cards in a secure and
efficient manner (enrollment kiosks, secure processes to prevent
the production of unauthorized cards, processes to control card
production and printing of associated documents). |
| · |
Fast and efficient verification of cards, for example at border
crossings, by police etc. |
| · |
Understanding of partners and their production and technical
capabilities for each of the required components. |
|
|
|
| |
| |
|
|
| |
|
| In
addition to government agency applications, Secure ID can also be
used to store patient medical records for use by insurance companies
and healthcare providers, and could provide an additional layer of
security in screening airline passengers. Other possible applications
include use by businesses and universities to verify employee and
student identity, and to track purchases and meal consumption. IBM
Secure ID is an invaluable source of information for any enterprise
seeking a portable solution to identity and authentication verification.
It helps clients address national and business security issues while
safeguarding personal privacy. |
|
|
 |
| |
|
|
Authentication
solutions