Next-Generation of Security Technology

Edward M. Cheng, M.D. Ph.D. ABFP

CMO, VP Bus. Dev., HealthHighway

Consultant Biometrics application in e-Biz

edcheng@secugen.com

Steve Hong, Director, SW Appl., SecuGen

steveh@secugen.comFebruary 13, 2002

Contents of this Seminar

• Update Current Status of Network Security

• Review Existing Security Technology

• Introduction and Relevance of Biometrics

• Types of Biometrics and Market Trend

• Potential Biometrics applications

• Fingerprint Biometrics in Internet application in e-Business

What Consist of a Secure Network?

• Person-to-Person authentication

• User identification

• Data integrity

• Data confidentiality

• Privacy protection

• Non-repudiation

• User and process management SW

How Secure is our Network?

• According to recent survey by CSI on 521 security executives:

> 32% has experienced incidents of serious electronic fraud- double in 3 years

> 30% reported intrusion by outsiders

> 55% reported insiders unauthorized access

> estimated: in-house security breaches account for 70-90% of all attacks on corporate network

• Concern: financial, reputation, legal liability

How Serious is ID Theft?

• 500,000-700,000 Social Security Recipients are victims of fake ID.

- Social Security Adminstration in Baltimore

• Online Credit Card Fraud: $24M/day: $9B/year - Meridien Research Jan. 2002

• Online Consumers Survey: 1 in 12 are victimized • Total cost in ID Fraud: 1.13% of all Online

Transactions or $tens of billion yearly. - Gartner Jan. 2002

Passwords and Locks are Inadequate• The GAO report found weaknesses at nearly every point of

computer security controls at the Treasury Department’s FMS (Financial Management Service).

• Government computers that handle $trillion in tax refunds and SS benefits are vulnerable to cyber-attacks.

• Billions of dollars of payments and collections are at significant risk of loss or fraud, sensitive data are at risk of inappropriate disclosure, and critical computer-based operations are vulnerable to serious disruption.

• The GAO recommended FMS to install a security management program and to fix individual weaknesses- identified as access control, such as passwords and locks.

- CNN Government Reuters, Feb.5, 2002

Existing Security Technology

• PKI / Encryption / SSL

• Firewall

• Digital Certificate

• Password and PIN

• Token

• Smart Card

• Biometrics

Passwords Frustration

• Must be a mixture of alpha-numeric with upper and lower cases

• Must be random and not easy to figure out• Should not be written down or posted on monitor • Must be changed regularly• Password should not be recycled within 5 months• Transfer factor- Passwords get passed around

Cost of maintaining passwords

• About 50% of calls in IT help desks are password related

• Estimated cost per employee per year:– $200 by Forrester Research Inc.

(Economics of Security, 2/98)

– $340 by Gartner Group

• Bottom line: A single biometrics can replace multiple applications’ passwords

What is Biometrics ?

• Definition: Measurement of body’s unique characteristics or behavior

• Types: Voice, Signature, Facial, Palm, Eye, Fingerprint

• System components: – HW -sensor– SW -algorithm, API– Middleware and application

Why Biometrics ?

• Unique

• Authentication: 1-to-1 matching

• Identification: 1-to-M matching

• Convenient

• Non-repudiable

• Fast, accurate, non-transferable

• Nothing to remember and nothing to forget

How is Biometrics Performance Rated?

• FTE Vs FRR Vs FAR

• Reliability

• Speed

• Ergonomic

• Intrusiveness

• Convenience

• Acceptance

Biometrics Acceptance

• Historically slow – Privacy concern– Unreliable– Expensive– Difficult to integrate– Negligence

• Post September 11– demand and acceptance: increased by 3-4 folds

Change in Acceptance of Biometrics

• Estimate: ID theft in U.S. is about 500,000 cases/year

• Consumers are ready to accept biometrics at the cost of decreased privacy and more intrusive method of identification

• Consumers’ fears and losses due to fraud give strong incentives for institutions to invest heavily in biometrics as alternative to PIN

• Financial institutions are considering biometrics:

ING Direct, American Banker Association, Credit Union of Canada, Deutsche Bank, Citibank

Meridien Research Inc.

• Financial Service will spend $1.8B annually on biometric technology by 2004

IDC, Framingham, MA

“Biometrics is a Good Fit with Banking”

“The Technology offers security to customers at ATM, within branches to authorize transactions and for online banking. It can also be used inside companies to secure vaults and monitor access to doors and computer systems.

Meridien Research Inc.

Market Trend - 1

20002000

17501750

15001500

12501250

10001000

750750

500500

250250

0019991999 20002000 20012001 20022002 20032003 20042004 20052005

250.9

399.4

523.9

729.1

1049.6

1440.6

1905.4

Total Biometric Revenue 1999-2005 ($M)Total Biometric Revenue 1999-2005 ($M)

International Biometric Group – 2001International Biometric Group – 2001Biometric Market Report 1999-2005Biometric Market Report 1999-2005

400400

350350

300300

250250

200200

150150

100100

5050

0020002000 20012001 20022002 20032003 20042004 20052005

57.2

99.4

167.0

266.6

373.9

453.3

Fingerprint Market Revenue 2000-2005 ($M)Fingerprint Market Revenue 2000-2005 ($M)

International Biometric Group – 2001International Biometric Group – 2001Fingerprint Market Report 2000-2005Fingerprint Market Report 2000-2005

450450

500500

Market Trend- 2

52.7

99.4

167

266.6

373.9

453.3

199.6190

307.5

97.1

130.6

101.1

12.5

282

320.6

367.8

426.2

496.3

563.4

40.5

111.2

49.924.211.4

0

100

200

300

400

500

600

2000 2001 2002 2003 2004 2005

Fingerprint

Facial-Scan

Hand Geometry

Middleware

Iris-Scan

Voice

Signature

Keystroke

AFIS

Market Trend - 3

International Biometric Group – 2001International Biometric Group – 2001Biometric Market Report 1999-2005Biometric Market Report 1999-2005

Fingerprint and Middleware market will lead biometrics market in futureProjected Revenue of Fingerprint and Middleware will occupy 40% of Total Market at 2005

Dynamic Growth in Finger-Scan Biometrics

36.1

59.3

94.5

143.4

208.6

290.1

0

50

100

150

200

250

300

2001 2002 2003 2004 2005 2006

($ Millons)

Worldwide Finger-Scan Biometrics Technology Revenues

Source: Frost & Sullivan, 2001Middleware

12%

Hand-Scan11%

Facial-Scan15%

Iris-Scan6%

Signature-Scan3%

Voice-Scan4%

Finger-Scan49%

Market Share by Technology, 2001

(Excludes AFIS Revenues)

Privacy Concern: Minutiae Extraction

Fingerprints cannot be reproduced from minutiae template

Areas of Biometrics Application

• Physical access control

• Data access security

• Time and attendance

• ID theft prevention

• Privacy protection

• Fraud reduction

• Cost-effective and high security

Types of Fingerprint Sensor

• Semiconductor– Capacitive– Thermal– RF

• Optical– Traditional– SEIR

• Thin Film Technology

Semiconductor Sensors

Semiconductor FP Sensor

• Small and low profile

• Cost - expensive at low volume and large sensing area

• Physical and electrical Unstable

• Vulnerable to EDS

• Metal discharge pathway

• Surface coating required

• Low tolerance to abuse

Types of Fingerprint Sensor

• Semiconductor– Capacitive– Thermal– RF

• Optical– Traditional– SEIR

• Thin Film Technology

Traditional Optical Sensor

Traditional Optical FP Sensor

• Plastic platen with soft coating• Nonlinear distortion • Low contrast image • Stray light interference• High power consumption• Assembly required mirror for compensation • Integration relatively difficult• Production- labor intensive

Types of Fingerprint Sensor

• Semiconductor– Capacitive– Thermal– RF

• Optical– Traditional– SEIR

• Thin Film Technology

New Generation Optical FP Sensors

• SEIR: Surface Enhanced Irregular Reflection- a break through optical finger-scanning technology

• High contrast and virtually distortion-free image• High performance for extreme skin condition• Scratch-proof surface with robust and compact housing • Low power consumption• Integration relatively easy• Mass production capable at low cost

EyeD Mouse TM

Award-winning world’s first biometric mouse Most ergonomic & durable fingerprint sensor State-of-the-art fingerprint matching algorithm Matching software: SecuDesktop, SecuIBAS (Features: logon, File En/Decryption, Screen Saver)

SecuGen PC Peripherals

How to Select a Fingerprint Biometrics?

• User friendliness

• Durability

• Cost

• Size

• Ease of integration

• Choice of application products

• Third-party SW support

Stand-alone Finger-Scan Module

Building Access Control Time & Attendance Vehicle Control Door-lock System Point of Sale Safe and Gun control Box Supported protocols: Wiegand, RS232 and RS485

Biometrics Applications

Biometrics OverviewBiometrics Overview

Financial Sector

Point of SaleATMOnline Banking

Passport ControlBorder Control

Medical Records MgtHIPAA Compliance

Door LockTime-Attendance

Computer Security

Access ControlNetwork Securitye-Commerce

Mobile PhoneCall CenterInternet Phone

Immigration

Telecommunication

Medical Facility and Attendance

National IDCorrectional FacilityAFISDMV

Social Security

Welfare Payment

Missing Child

Access Control Ticket-less Travel Anti-terrorist security

Public Sector Social Service Aviation & Travel

Private & Confidential - Copyright of eBuku Sdn. Bhd.

1

mCommerce mCommerce Implementation OverviewImplementation Overview

Internet / Intranet

CLIENTS

MIDDLEWARE

SECURITY

WIRELESS

mCommerce

eRIS™

Option : SecuIBAS™

Biometrics for Healthcare

Electronic Medical Records• Automatic encounter documentation• Electronic transaction processing• Online PDA easy data entry• Work flow management•Transcriptions

PatientsWebsite Access• Clinical and Account Info• Appointments and Messages• Personalized Health Info

Health Plans/IPA•Claims, Eligibility, Authorization,•Formulary, Regulations, Contracts,•Connectivity

Financial Management• Charge capture at the point of encounter• Claims processing and billing • Accounts Receivable • Eligibility & Authorizations• Managed Care

Provider’s Automated Office

Biometrics Application • Physical Access Control • Time and Attendance • PC/Enterprise/Network Security• Internet & e-Commerce • B2B Transactions• Financial: on-line banking, ATM• Medical information system• Distant Learning• e-Publishing• Smart card/Digital Certificate• Any password-based application

Distant Learning

• Physical Access Control

• Time and Attendance

• PC/Network Security/IT

• Student registration/verification

• On-line testing

Healthcare

• Physical Access Control • Time and Attendance• PC/Network Security/IT• Patient registration and Identification• e-Claim processing• EMR• Document Management• HIPAA Compliance• Privacy Protection

Benefits of Biometrics Implementation

• Maximize network security• Ensure users’ privacy • Protect institution physical assets• Provide user authentication• Allow non-repudiable transaction• Deter hackers and ID fraud • Eliminate password frustration• Cut IT cost in password maintenance• Increase corporation image, productivity and

profitability

INTERNET

Home Worker

PSTN / ISDN / ADSL

SNA Leased Line

CORPORATE HEADQUARTERS

Firewall

Customers

Mobile & Remote Warriors

Supply Chain or Factory

Branch Office

PSTN / ISDN / ADSL

Hospital UniversityBank Trading

Groupware

Web Server

Configuration

SecuIBAS Server

SecuGen Biometric Authentication

SecuIBAS Web Server Software Takes only one day to integrate into

your system. Supports various operating systems

and databases.• Windows 2000/NT• Solaris• Linux• Unix

SecuIBAS Web Server Software Takes only one day to integrate into

your system. Supports various operating systems

and databases.• Windows 2000/NT• Solaris• Linux• Unix

SecuGen Biometric Authentication

SecuIBAS Server Software Takes only one day to install. Supports various operating

systems and databases.• Windows 2000/NT• Solaris• Linux• Unix

SecuIBAS Server Software Takes only one day to install. Supports various operating

systems and databases.• Windows 2000/NT• Solaris• Linux• Unix

SecuGen Biometric Authentication

SecuIBAS Client Pack USB plug & play mouse or other sensor Windows device driver Supports Internet Explorer & Netscape

SecuIBAS Client Pack USB plug & play mouse or other sensor Windows device driver Supports Internet Explorer & Netscape

EyeD Mouse TM

Award-winning world’s first biometric mouse Most ergonomic & durable fingerprint sensor State-of-the-art fingerprint matching algorithm Matching software : SecuDesktop, iBAS (logon, File En/Decryption, Screen Saver)