PRIME IDENTITY MANAGEMENT CORE

Transcription

1 PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It establishes managed scalable registries vital for the realization of government-initiated services such as electoral census and the fulfillment of individuals requests for secure documents. This scalable platform enables the secure processing and administrative workflow management of PRIME Enrollment applications, and seamlessly interfaces with production and issuance infrastructures. Its two main components are advanced data handler and workflow applications suite. The advanced data handler is responsible for applications authenticity check, data decryption using customer generated keys, identification and identity uniqueness check, data processing and registries population. The workflow applications suite enables role based control and oversight over the biometric identification management platform and administrative workflow, whilst preserving separation of duties, auditability and accountability. Most of the key functionalities are built in core services resulting in a complete service oriented architecture that empowers the workflow applications and dependent services. PRIME Identity Management Core incorporates world-class Automated Biometric/ Fingerprint Identification Systems (ABIS / AFIS) and Public Key Infrastructures. KEY FEATURES a Client controlled security a Multimode solution (offline/online, centralized/decentralized) a Scalable service oriented architecture a Robust and secure registries a World class AFIS / ABIS a World class PKI a Highly customizable administrative workflow a Multiple biometrics support a Compliant with international standards

2 ADVANCED DATA HANDLER ADVANCED DATA HANDLER is a collection of highly robust and scalable services capable of substantial data handling, encompassing safe authentication, decryption, processing of enrollment applications and populating registries. ADVANCED DATA HANDLER has been developed based on multitier service oriented architecture in adherence to international software development best practices. The services receive encrypted enrollment packages or single enrollment applications through their windows communication framework interface and process them in a highly secure and efficient manner. Multiple processing stages are implemented to ensure that only authenticated and accurate data is populated into the registries. FEATURES a Multi-threaded services that ensure reliability, scalability, and security a Service oriented multi-tier architecture allowing seamless addition of cluster nodes and automatic load balancing, without any service interruption a Multimode solution (offline/online, centralized/decentralized) a Modular scalability reducing initial capital investments a Live clustering capabilities enabling the processing of very high volumes of enrollments and real-time system capacity upgrade a Complete tracking of received, pending, and processed enrollment applications (in both offline and online modes) FUNCTIONALITIES a Decompression of enrollment applications a Diversified session keys generation and decryption of enrollment applications using client generated root keys a Application origin authenticity check and anti-cloning mechanisms a User defined procedures ensuring compliance to pre-defined data policies prior to any registry update a Interface with AFIS / ABIS to perform: o Verification through 1:1 fingerprint validation o o Identification through 1:N fingerprint validation De-duplication through 1:N fingerprint verifications to ensure identity uniqueness and prevent duplicates a Automated volume processing of application forms utilizing ADF (automatic document feeder) scanners for OCR (optical character recognition), fingerprints extraction, and facial image retrieval a Compliant with ISO and ICAO standards BUSINESS CONTINUITY MODEL AT HEART a Functionality and services high availability through software robustness and redundant hardware configurations a High network availability designs a Complete data protection through hardware (clustering, SAN, and RAID technologies) and advanced data backup solutions

3 APPLICATIONS ENROLLMENT SUPERVISOR a Comprehensive management of enrollment database without compromising integrity and security a Complete audit and trace logs for accountability with the capability to roll back and recover past transactions a Ability to search, view, edit, suspend and cancel enrollment entries a Broad range of pre-defined reports with the flexibility to create custom reports a Detailed audit reports FORENSIC INVESTIGATOR a Retrieval of all records involved in a single duplicate case in order to investigate potential fraud attempts and preserve identity uniqueness a Availability of advanced forensic tools supporting accurate detection of duplicates a Complete report generation and auditing capabilities EXCEPTIONS MANAGER a Enables smooth management and auditing of exceptional cases whilst preserving operations continuity a Complete management of enrollment applications and exceptions CONTENTIONS AND CLAIMS MANAGEMENT a Complete management of claims and contentions in enrollment scenarios where individuals enrollment eligibility can be protested such as voting scenarios a Report generation and decision management APPROVAL PROCESS APPLICATION a Watch lists check (including biometrics watch list) a Administrative check (e.g. financial, medical, travelers movements verifications) a Multi-level approval process ADMINISTRATION APPLICATIONS a Intuitive administrative dashboard providing real-time information on platform services and transactions a Role-based remote system administration and control allowing the separation of duties and administrative privileges FORMS HANDLING APPLICATION a Enables the processing of paper-based applications for infrastructure-less centers a OCR of text information, retrieval of biometrics (facial image, fingerprints and signature) and creation of electronic applications DEPLOYMENT MANAGER a Comprehensive control over all the deployed enrollment units, whether mobile or fixed a Central control that manages and tracks mass deployment of enrollment software (serials and keys generation, registration and updates) in an optimal time frame a Easy maintenance, replacement and upgrade operations whilst preventing cloning attempts

4 FULL SUPPORT AND INTEGRATION CERTIFIED AUTOMATED FINGERPRINT/BIOMETRICS IDENTIFICATION SYSTEM (AFIS / ABIS) PRIME Identity Management Core seamlessly integrates with internationally renowned and field proven AFIS / ABIS systems allowing easy and fast deployment of complete end-to-end systems. a Fault tolerant scalable cluster architecture allowing parallel matching techniques and full redundancy. Live clustering capabilities enabling real-time AFIS / ABIS capacity upgrade without any interruption. a Each cluster node matches up to 100,000,000 fingerprints per second a Full MINEX Compliance and NIST approval for core biometrics engines a Fingerprint matching with a high degree of reliability and accuracy, with tolerance to fingerprint translation, rotation, and deformation using advanced adaptive image filtering a Support for a wide range of standards: WSQ, BioAPI 2.0 (ISO/IEC :2006), ISO/IEC :2005, ANSI/INCITS CERTIFIED PUBLIC KEY INFRASTRUCTURE PRIME Identity Management Core integrates with renowned and certified PKI solutions ranging from enterprise level for administration use to national scale. a Creation and management of certification authorities a Real time certificate lifecycle management (approval, issuance, monitoring and revocation of certificates) a Secure web-based portal for authorized configuration and management a Complete activities auditing and logging a Comprehensive reporting functionality SOFTWARE SECURITY SSO USER MANAGEMENT a Comprehensive and advanced user management system deploying Single-Sign-On (SSO) architecture that allows a central user management authority to delegate roles and rights a Compatible with all PRIME solutions a Multi-login hierarchy a Role management with override capability to perform user based rights assignment a Password based, card based, and/or biometrics based user authentication a User authentication and non-repudiation enforcement using cryptography and biometrics KEY MANAGEMENT SYSTEM (KMS) a Provides an intuitive graphical user interface to generate and manage cryptographic materials throughout their entire lifecycle (e.g. keys, X.509 certificates, other certificates) a Support for various cryptographic algorithms (AES, 3DES, SHA-256, RSA, ECC) and control over key sizes and properties a Integration with hardware security modules (HSM) that are compliant with Federal Information Processing Standard (FIPS 140-2) and Common Criteria (CC ISO/IEC15408) a Onboard execution of critical cryptographic information involving very secret keys that cannot be exported from the HSM a Complete responsibility and accountability for all transactions performed on the KMS while employing the N eye methodology for crucial actions such as key import and export or attribute manipulation a Support for ZMK transfer through key ceremonies executed by different custodians a Integration with certified proprietary or open source PKI solutions AUDIT AND REPORTING a Complete transaction auditing and system logging a Customizable and flexible reporting module to fit clients needs a Integrated supervision and administration tools

5 WORKFLOW APPLICATIONS SUITE Workflow applications suite offers safe, comprehensive and structured control over the processed enrollment applications. This service oriented workflow applications suite allows the administration of exceptions, contentions, flagged enrollment duplicates, as well as the realization of administration lawful workflow in a safe, logged and audited manner. This service oriented framework provides the required flexibility during deployments and upgrades. Features a Service oriented architecture based on industry standard for large scale systems ensuring scalability, reliability and security a Configurable workflow enabling custom processes and flow definition a Multi database technology (e.g. Microsoft SQL or Oracle) to address customer preferences or legacy constraints a High availability system for service continuity through software robustness and hardware configurations a Enforced non-repudiation for users actions and decisions via cryptography and biometrics a Enforced security on all communications using advanced encryption techniques and digital signatures a Full client control over system security and data privacy through client generated keys in certified HSM (hardware security modules) a Multi-language support a Built on industry-leading Microsoft.NET, WCF (Windows Communication Framework) and XML APPROVAL PROCESS APPLICATION ENROLLMENT SUPERVISOR FORENSIC INVESTIGATOR CONTENTIONS & CLAIMS MANAGEMENT SSO FOR AUDITED AUTHORIZED ACCESS CONTROL ADMINISTRATION APPLICATIONS FORMS HANDLING EXCEPTIONS MANAGER DEPLOYMENT MANAGER PERSON S UNIQUE REGISTRY & ELECTRONIC APPLICATION REGISTRY ADVANCED DATA HANDLER KMS PKI AFIS

6 APPLICATIONS a National ID cards a Biometric passports a Visas a Resident Permits a Driving License a Vehicles Registration a Health Care Card a Biometrics Voters Cards a And others RELATED PRIME SOLUTIONS a Enrollment a Mobile Enrollment Kit a Personalization & Issuance a Border Control a Secure Documents ABOUT INKRIPT INKRIPT DELIVERS BESPOKE SOLUTIONS IN THE FIELDS OF SECURITY PRINTING, SMARTCARDS AND TRUSTED IDENTIFICATION. Established in 1973 as a security print house, we have expanded to become an international provider of secure solutions to governments, telecom operators and financial institutions with a global footprint. This growth was driven by determined dedication to our customers, total commitment to quality and constant investment in state-of-the-art technologies, and leveraged by the inherent accumulated expertise. Our portfolio of products addresses the ever-evolving needs of our clients; this compels us to constantly enhance our capabilities and offerings to comply with internationally accredited norms, standards and directives.