Biometric Electronic Signaturein a Bank Biometryczny podpis elektroniczny w kontekście banku

Transcription

1 Biometric Electronic Signaturein a Bank Biometryczny podpis elektroniczny w kontekście banku

2 Agenda 1. Biometric e-signature: what is it? 2. Possible Biometric Signature Applications 3. Biometric Electronic Signature in a Bank a. Bank branch b. E-banking 4. Benefits of Biometric Signature 5. Finger Vein advantages for Biometric Signature 6. Biometric Signature architecture 7. Security issues

3 Biometric signature Biometric signature -> concept of e- signature system which is using biometrics to authenticate private key for signing and authentication. This case shows biometric signature concept based on Finger Vein biometric technology. Both biometric templates and private keys are stored in HSM on server side.

4 Possible Biometric Signature applications Banks branches(authentication, signing of loan agreements etc.) e-banking (transaction authentication, signing agreements remotely) Citizen care in central and local government offices (signing and submitting forms e.g. registering a company) Health care (central medical register, e- prescription) Social benefits payments (eg. pensions scheme) many others

5 Biometric Electronic Signature in a Bank 1. Bank branch a. Sign electronic documents (eg. lease, card, account agreements) and transactions (legally binding signature) b. Reduce/eliminate stolen identity frauds c. Reduce/eliminate workflow of paper documents d. Substantially reduce operational costs of documents workflow 2. E-banking a. Prestigious service for VIP/corporate users b. Sign electronic documents through on-line channel c. Increase safety of on-line transactions

6 Biometric Bank Branch SIGNED PAPER DOCUMENTS WORKFLOW BANK BRANCH BANK HQ SIGNED ELECTRONIC DOCUMENTS WORKFLOW

7 Biometric e-banking BANK HQ Corporate/VIP users Highest transaction security (PKI based) Signing agreements through e-banking

8 Benefits of biometric signature Highest security (PKI based) No additional equipment on user side(e.g. smart cards) no device live cycle costs ease of use possibility to use e-signature for people with lack of technical skills No costsof issuing and using of the e-signature for the user costwill be held on company (bank) side licence or/and per transaction fee to issuer/supplier Substantial savings for institutions (banks) elimination of paper documents circulation (printing, transportation, archiving, destroying) decrease of stolen identity frauds

9 FingerVein advantages for Biometric Signature Finger Vein offers (compared with other biometrics): high accuracy rates high resistance to criminal tampering speed of authentication privacy compliance nont traceable biometrics Finger Vein suits Biometric Signature: strong authentication reliability market presence in many sectors easy to use

10 Biometric SignatureArchitecture Biometric Authentication Server biopkiservice Server Certification Authority HSM FAS biopki service CVS CA Certificate Validation Server

11 Biometric Signature architecture-available operations User registration Biometric authentication Accessing sensitive data Biometric signature

12 Biometric Signature -user registration HSM Private key AES key FAS Serwis biopki CA CVS ID BIO ID Pers data BIO Cert ID Pers data BIO

13 Biometric Signature architecture -user registration 1.Typing personal data 2.Checking data... 3.Registering data

14 Biometric Signature architecture -user registration 4. Registering of biometric templates 5. Certifate creation

15 Biometric Signature architecture -user registration 6. Generated certificate can be validated using special Certificate Validation System

16 Biometric Signature -biometric authentication HSM Private key AES key FAS Serwis biopki CA CVS ID BIO ID Pers data Cert ID BIO

17 Biometric Signature -accessing sensitive data HSM Private key AES key FAS Serwis biopki CA CVS ID BIO ID Pers data Cert ID BIO

18 Biometric Signature -biometric signature HSM Private key AES key FAS Serwis biopki CA CVS ID BIO ID Pers data Cert ID BIOForm hash ID Form BIO

19 Biometric Signature -examples Access to patient health data and treatment history in clinic/hospital

20 Biometric Signature -examples Drugstore

21 Biometric Signature -examples Company registration

22 Security issues User registration Data storage Data transmission Electronic signature

23 Security issues -user registration Registering user in the system on dedicated units in government offices / banks by authorized staff after strict user identity verification Introducing changes to the registered user data Allowed only on dedicated registering units According to a strict procedure

24 Security issues -data storage Servers Stored a in secure location Access control procedures Security audits Sensitive data Encrypted with additional key (AES 256b) generated during user registration Encryption key associated with biometric data (biometrical authorization of key access)

25 Security issues -data transmission Server-client communication SSL protocol (entirely encrypted data transmission) Establishing secure data communication channel cryptoprocessor smart cards Unambiguous identification of the end-user unit Security of the private key associated with a specific end-user unit Server-server communication SSL protocol (entirely encrypted data transmission) Establishing secure data communication channel cryptoprocessor smart cards

26 Security issues -electronic signature Private key (RSA), associated with user certificate Stored in a strongly secured HSM module of the PKI service server Documents/data signed inside the HSM A private key never leaves the HSM Certified HSM module, e.g. Common Criteria

27 Thank you for your attention! Al. Jana Pawła II 12, Warszawa tel. : Al. Jana Pawła II 41L, Kraków kontakt@mobileexperts.pl tel