Biometrics and authentication webinar v3

City of Winter Park, Florida Biometrics and Authentication George Maldonado Systems Administrator MCSE, CCNA, MCP, Net+

Lets Define ! “ biometric: is a physiological or behavioral characteristic of a human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.” “ authentication: Positive verification of identity (man or machine), verification of a person’s claimed identity” FBI CJIS Requires: That Each person who is authorized to store, process, and/or transmit FBI CJIS/CHRI data must be authenticated by use of a unique user ID and password or a form of advance authentication. Advance authentication is required for devices that access FBI CJIS data/CHRI from non secure locations or via the internet, wireless or dial-in connections. Advance authentication is the term describing added security functionality, in addition to the typical use identification and authentication of login ID and password. Who are you? Prove it.

Why Biometrics? Biometrics is the simplest and most inexpensive way to accurately identify or verify individuals based upon each person’s unique physical or behavioral characteristics. Biometrics work by unobtrusively matching patterns of live individuals in real time against enrolled records. It fits the basic security principal: “ What You Have, What You Know, What You Are” Biometric-based solutions are able to provide for confidential financial transactions and personal data privacy. The need for biometrics in the enterprise wide network security infrastructure is a must technology, because single-factor authentication methods are easy to break and therefore inherently important to our citizens. Identity thefts Something you know can be stolen Shared, predicted or hacked Fingerprints – mature enough to deter crime and even terrorism

Implementation Summary User Statistics Total Users: 545 Users with registered fingerprints: 364 Readers deployed: 364 City Hall Emergency Vehicles (Police and Fire Trucks) Electric Division & Water Plants Central Facilities including vehicle maintenance

Fingerprints as a Biometric High Universality A majority of the population (>96%) have legible fingerprints Even identical twins have different fingerprints (most biometrics fail) Individuality of fingerprints established through empirical evidence High Permanence Fingerprints are formed in the fetal stage and remain structurally unchanged through out life. High Performance One of the most accurate forms of biometrics available High Acceptability Fingerprint acquisition is non intrusive. Requires no training. .

What We Are Using DigitalPersona Pro for Active Directory Installed on desktops Installed on existing servers Hardware DigitalPersona U.are.U 4500 fingerprint readers Existing “swipe readers” embedded in various models of popular notebooks and PCs.

IT Environment (Past & Present) Current Environment Single Active Directory Domain Password Authentication Applications Login to: Windows Domain or Network Access Naviline iSeries (AS400 Green Screen) Outlook Any application setup for biometric logon at the City will have this icon on the logon screen

Driving Forces Pain Points Resolve password related issues Needed Security that couldn’t be shared Eliminated desktop sharing Excellent opportunity to put in place Password and screen saver Policies Meet CJIS Mandate Requirements Advance authentication is required for devices that access FBI CJIS data/CHRI from non secure locations or via the internet, wireless or dial-in connections. Advance authentication is required for devices that access FBI CJIS data/CHRI from non secure locations or via the internet, wireless or dial-in connections.

Available Solutions Solutions Considered Inflexis DesktopID Why other solutions were not selected No real AD integration “ Petting” reader No centralized fingerprint storage No different than a token device (can get expensive)

Why DigitalPersona Easy for Users Employees embraced it Best trade off between convenience and security Faster than recalling and typing very complex passwords Intuitive to use – visual cues Simple user registration process Single Sign on function Automatic Wizard detects login fields in applications and web sites Easy for the IT Administrators Easily create login templates for applications the Wizard cannot detect Push out the templates via GPOs

Why DigitalPersona Robust, Centralized Server Software Tight Active Directory Integration Single or Two-factor authentication options Flexible Authentication Policies Secure and Compliant Met CJIST mandate of requiring Two-Factor Authentication Event Logs of who accessed what and when Protect sensitive information through digital signing and encryption of email and documents Reader is well constructed

Implementation Summary Benefits to IT: Met federal and state requirements Avoid fines and penalties Compliance’s intrinsic benefit Creates a more definitive baseline for data sharing and protection. Improve security, communications, and overall business practices. Create Flexible Group Policies

Implementation Summary CJIS Compliance Impact Criminal Justice Information System FBI Requirement Two-factor Authentication Create and maintain criminal justice information system For authorized state, local criminal justice, and noncriminal justice users Supports operations, policy analysis, and public safety Must be accurate, timely, complete, appropriately secured to protect privacy rights, cost-effective, and accessible.

General Issues Low humidity areas may require hand moisturizer During initial set up, shield the fingerprint reader from direct sunlight

Thank You!! George Maldonado Systems Administrator MCSE, CCNA, MCP, Net+

Biometrics and authentication webinar v3

More Related Content

What's hot (20)

Viewers also liked (12)

Similar to Biometrics and authentication webinar v3 (20)

Recently uploaded (20)

Biometrics and authentication webinar v3