Identity Management and Biometrics in the Government of Canada - PowerPoint PPT Presentation

1 / 23

About This Presentation

Title:

Identity Management and Biometrics in the Government of Canada

Description:

Identity Management. and Biometrics. in the. Government of Canada. Alice Sturgeon. Senior Director, ... GC-wide framework permits extension to the. enterprise ... – PowerPoint PPT presentation

Number of Views:151

Avg rating:3.0/5.0

Slides: 24

Provided by: alicest

Category:

more less

Transcript and Presenter's Notes

Title: Identity Management and Biometrics in the Government of Canada

1
Identity Management and Biometricsin the
Government of Canada
Public Forum University of Toronto June 15, 2006

Alice Sturgeon
Senior Director,
Accessibility, Identity Management and Security
Information Privacy and Security Policies
Division
CIO Branch

2
Why is identity management important?

Program integrity and program costs
Identity theft and identity fraud impact on the
economy
Privacy
Private sector support and guidance
Client Satisfaction
Avoid collecting the same or similar information
more than once
Service Transformation
Opportunities for service improvement
Opportunities for cost savings
Support to PSAT agenda
GC-wide framework permits extension to the
enterprise of initiatives such as MyAccounts

3
Context

Growth of government services need for proof of
entitlement
Proof of entitlement proof of identity
Foundation documents for identity birth
certificate (provincial/territorial) and
immigration documents (federal)
Secondary documents issued based on foundation
documents
Result over time secondary documents used as
foundation documents
Outcome House of Cards

4
Identity and Government Three key roles
Authenticating Identity
Providing Identification
Establishing Identity

Numerous organizationsinvolved at all levels
ofgovernment, for example
Federally issued..
Social Insurance Number (SIN)
Passport
Issued by Provinces/ Territories
Birth registration
Birth certificate
Health card
Drivers license
Most organizations require a similar base of
information to provide identification
Some additional needs specific to the
organization

Shared jurisdiction
Federal rolefor those arrivingin Canada
Provincial / Territorial role with Vital
Statistics for those born in Canada
Based on relativelystandard set of
coreattributes including
Name
Place of Birth
Date of Birth
Gender
Citizenship

Separate stand-alone processes by department or
program for authentication
E-Pass
Health Infoway
Service Canada
Etc.
Common function provide
verification of clients identity
Enabling technologies
PKI
Biometrics
Tokens

5
What is identity for individuals?

Identity the concept of self
Set of attributes that make up the identity of a
single, specific individual
Foundation of our social system
Categories
Attribute identity
Physiological/Biometric identity
Biographical identity

6
What is identity? 2

Business
Do governments share identification information
for registered businesses, ie. federally,
provincially or territorially-registered
businesses?
Which identifier(s) can be used Federal
Business Number?

GC Employees
What privacy rights apply?
Does shared authentication methodology extend to
other jurisdictions through governance provided
by Public Sector CIO Council?
Do the same principles apply for both GC
employees and other Canadians?

At what level is separation of direction and
guidance required for each set of clients?
7
Guiding Principles

Government responsibility
Protection of privacy
Joint accountability
Equity of access
Universality
Quality of service
Security commensurate with risk
Uniformity of standards and compatibility of
systems
Acceptability to the public

Source F/P/T Council on Identity Identity
Strategic Framework, November 2002
8
Complementary Objectives

Citizen-centric service transformation and
service delivery based on a single, comprehensive
concept of identity, encompassing all government
clients
External clients citizens, residents, taxpayers,
vendors
Canadian businesses
GC employees and contractors
Strong verification of identity for
authentication, to address security concerns of
anti-terrorism, identity theft, and similar
threats of todays global electronic environment.

9
Security and Service Delivery
SERVICES
SECURITY
Privacy
Identity Proving
IDENTITY
International Requirements
Common and Shared Services
Service Transformation
PKI
Authentication
Multi-Jurisdictional services
Biometrics
Document Integrity
Standards
National Security Policy and Government Security
Policy
Unique Identifiers
10
Biometrics Backgrounder

Many Types of Biometrics
Physiological
Iris
Fingerprint (including nail)
Hand (including knuckle, palm, vascular)
Face
Voice
Retina
DNA
Even Odour, Earlobe, Sweat pore, Lips
Behavioural
Signature
Keystroke
Voice
Gait
and more to come

Purpose of Biometrics To prove an individual who
they claim to be

Supporting Many Business Purposes
Security
Financial Services
Health Care
Service Delivery
Fraud Reduction
Physical Access Control

Definition of Biometrics Automated recognition of
individuals based on their behavioural and
biological characteristics
11
Facial Recognition

Maps facial characteristics of an individual
Distance between the persons eyes
Angle of jaw
Length of nose, etc.
Advantages less intrusive, fewer privacy
concerns
Disadvantages most susceptible to failed or
false match caused by changes to physical
appearance, angling differences least static
characteristic dataset increases correlate to
decrease in accurate match

12
Fingerprint

Matching ridges, whorls and patterns
Finger minutiae and finger-pattern techniques
Advantages
More accurate than facial recognition
Least expensive and most readily available
Disadavantages
Interoperability of automated fingerprint
identification systems (AFIS) readers and
template software
Operator error
Spoofing/liveness unsuitable for unattended
systems (e.g., CANPass)
Acceptability hygiene concerns criminal
connotation

13
Iris Scan

Advantages
Iris patterns are static
Exception eye diseases and artificial changes
High accuracy
Size of database does not affect accuracy rates
Impossible to spoof
Disadvantages
Acceptability highly intrusive
More expensive and difficult to implement

14
Biometrics Standards

To support interoperability and data interchange
among applications and systems
Includes the following aspects
Common file frameworks
Biometric Application Programming Interfaces
(APIs)
Biometric Data Interchange Formats
Evaluation Criteria
Methodologies for performance testing
Consideration of cross-jurisdictional and
societal aspects
Many standards bodies
ISO/IEC JTC1/SC37Subcommittee 37 on Biometrics
ICAO machine readable travel documents
U.S. NIST and ANSI

15
Biometrics Standards (2)

ISO/IEC JTC1 SC37 - Biometrics
Inaugural Plenary December 2002
Six Working Groups
WG 1 Harmonized Biometric Vocabulary
WG 2 Biometric Technical Interfaces
WG 3 Biometric Data Interchange Formats
WG 4 Biometric Application Profiles
WG 5 Biometric Testing and Reporting
WG 6 Cross-Jurisdictional and Societal Aspects
24714 Cross-jurisdiction and societal impacts of
implementations of biometrics

16
ISO/IEC TR 24714-1

Cross-Jurisdictional and Societal Aspects of
Implementation of Biometric Technologies, Part 1
Guide to the Accessibility, Privacy and Health
and Safety Issues in the deployment of Biometric
Systems for Commercial Application
Objectives
Enhanced acceptance of systems using biometrics
by users
Improved public perception and understanding
Smoother introduction and operation of these
systems
Potential long-term cost reduction (whole life
costs)
Establishment of commonly accepted good privacy
practices and principles

17
Biometrics Architecture
Business and Service Immigration Prison
Visitation Cross-Border Travel Native
Status
Information Citizenship Record of Birth
Record of Employment Medical Records
Biometric Technologies Finger Minutiae
Hand Geometry Iris Scan Facial
Scan
Applications and solutions Border Crossing
Bldg Access Airport Access Data
Access
18
GC Biometric Considerations (1)

1. Encourage Adoption of Standards
Identify requirements that can employ ISO
standards (e.g. interoperability, data
interchange, performance measurement, etc.)
All GC documentation should be consistent with
standardized vocabulary as per ISO Standards
Increase overall understanding and application of
biometrics by using biometrics tutorials
developed by ISO.
2. Promote Industry Compliance
Procurement of biometric components and standards
should be compliant to the relevant biometrics
standards
The GC should assume leadership role in the
establishment of biometric certification bodies
Establishment of performance testing bodies
(possibly in conjunction with NIST).

19
GC Biometric Considerations (2)

3. Participate in Standards Development
Departments undertaking biometric pilot programs
should become members of Canadian Advisory
Council (CAC) to SC 37
Knowledge gained through biometric
implementations should be shared with others and
the biometric standards bodies (ISO, ANSI)
4. Increase Knowledge of Standards
Raise and maintain general awareness of
Biometrics standards development activities
Biometrics pilots and implementations currently
underway in other countries.

20
Relative Nature of Authentication
ISO/IEC 15408 evaluated Certified smart token
Policy control
Certified smart token PIN control No policy
control
Smart token No PIN or policy control
Certified software-based Policy control
Software-based No pswd/PIN or policy control
HIGH
LOW
MEDIUM
Encrypted biometric template
Biometrics with no crypto token or No biometric
Authentication Continuum
21
Some Legislation, Policies Standards
In Canada