Oregon's Experience with EDR Biometrics

spotlessstareSecurity

Nov 29, 2013 (3 years and 4 months ago)

82 views

NAPHSIS 2007

Salt Lake City

Oregon’s Experience with

EDR Biometrics

Michael Day, MPA

Communications Coordinator

Oregon Vital Events Registration System

Center for Health Statistics

Department of Human Services

The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Introduction to Biometrics


Genuine two
-
factor authentication
combines:


Something you know


login/password


Something you are


fingerprint



Oregon uses the APC Biopod:


The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Device Installation



USB Connection


We provide a disk containing
necessary software


Device driver


Microsoft .NET Framework


Vendor program to adjust security
settings


Support tech during rollout



The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Biometric Signing

The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Example


Fails:

Biometric Signing

The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Animation Example


Fails:

Biometric Signing

The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Animation Example


Successful:

Overall Experience



Users largely accepting



Cool” “Fun” “Easy”



Sometimes frustrating


Takes some practice for consistent finger
placement


Requires all “I’s dotted and T’s crossed”
before it will authenticate

The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Concerns: Security


System creates templates using
pattern matching



Reference template created and stored
during initial enrollment



Match template created when signing record



Compare the two to authenticate


The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Concerns: Security


Template security is the critical factor


Template is created using a hash function


Hash function is a formula used to turn
fingerprint pattern into numeric data


One
-
way process


“Chops and mixes” original data


Further encrypted


AES 256
-
bit


Only encrypted hash value is
transmitted/stored, not fingerprint pattern

The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Concerns: Distrust


Some resistance to fingerprint storage


“Big brother” has their fingerprints?


Loss of privacy



How to address concerns


Biometric security white paper


Positive experience of other users


Increased use of fingerprints elsewhere

The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Other Experiences


Co
-
exists with other biometric devices



Device can be used for other
biometric functions

The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007

Additional Information


General information:


Mike Day, Communications Coordinator


michael.r.day@state.or.us


971
-
673
-
1196


Technical questions:


Sandra Sams, Technical Lead


sandra.sams@state.or.us


971
-
673
-
0579


www.oregon.gov/DHS/ph/OVERS/


The NAPHSIS/NCHS Collaboration

Past Successes and Future Challenges

Salt Lake City, UT June 3
rd



7
th
, 2007