Finger Vein digital biometric signature: use cases

Transcription

1 Finger Vein digital biometric signature: use cases Arkadiusz Buroń Presales & Account Director Information Systems Group Serock,

2 Agenda 1. Introduction to Finger Vein technology 2. Digital biometric signature and its applications 3. Finger Vein BioPKI server-based biometric signature 4. Finger Vein B-1 card-based biometric signature 5. Summary 1

3 1. Introduction to Finger Vein technology 2

4 Why Finger Vein in banking? Technology made for banking (Japan, 2004) Highest security level (FAR < 0,0001%) Fully protects customers privacy High acceptance by bank s customers (>85%) Positive feedback from personal data protection organizations as for use in banking Complete solution, fully adapted to the needs of banks in Europe (security, working conditions) The biggest amount of references in Europe and the world (hundreds of banks, millions of users) Compatibility of implemented solutions (templates, system) possibility to connect systems The world s first biometric technology allowing electronic signing of the documents

5 The way Finger Vein works During acquisition the comparison of the template, individual differences, varation of width of blood veins and differences in the positioning of the finger are taken into account. Comparison of the finger with registered reference template takes place on the Finger Vein biometric reader on on the chip card. Comparison of the finger with registered reference template takes place in real time (is not based on vector comparison, as in the case of fingerprints) 4

6 Finger Vein applications in banking Long-time presence on the market allowed to develop a range of readers allowing the implementation of Finger Vein technology in wide range of banking services, wherever strong authentication of the identity declared by customer is required. BRANCHES ATMs CORPORATE BANKING FRANCHISE BRANCHES ACCESS CONTROL BIOMETRIC SIGNATURE DEPOSIT BOXES POS VTM 5

7 Security level Comparison with other authorization methods Finger Vein + PKI Complete identity confirmation Finger Vein / iris Complete identity confirmation Token (SecurID) One-time passwords (OTP) login / pass Fingerprint (np.. Apple Pay) NFC Payment volume 6

8 Selected references in financial sector BPS Group / SGB Group Biometric withdrawals from ATMs (including social benefits) in Polish cooperative banks (Poland) Bank BPH Biometric authentication of identity (branch without ID), cash transactions and operations in bank branches (Poland) Turkiye IS Bankasi The largest network of 3000 ATMs with biometric authentication - the Biyokilmlik service (Turkey) Getin Bank Biometric authentication of identity and transactions in new Getin Up branches and Getin Point self-service branches (Poland) Banque Accord Implementation of Finger Vein biometric payments in Auchan stores (France) Planet Cash Europe s first ATM network enabling biometric withdrawals to the customers of various banks (Poland) Barclays Bank Finger Vein authentication system in corporate and internet banking in Barclays Bank (UK) Finger Vein in Japan The largest biometric project in the world over 80 thousand ATMs, over 80% of Finger Vein share in the market (Japan) New York s Shinkin Central Bank Implementation of Finger Vein biometric access control to most protected areas (USA) 7

9 2. Digital biometric signature and its applications 8

10 Definition of digital biometric signature Digital biometric signature is a combination of biometric technology with PKI infrastructure, to ensure the integrity of the signed document by the use of biometrics to authenticate access to cryptographic keys by which the classic electronic signature is made. Biometric signature can be implemented in two models: Server-based Model Private key of the user is stored on bank s servers or servers of trusted thord party Finger Vein BioPKI Card-based Model Private key of the user is stored on the chip card Finger Vein B-1 9

11 Finger Vein biometric signature models Server-based Model Finger Vein BioPKI Area of application: bank s own branches network partner s branches network mobile advisor self-service bank branches (VTM) Scope of application: signing of documents between Bank and Customer (agreements, applications, etc.), both by the Customer and employee of the Bank signing of internal documentation by the employye of the Bank Example of implementation: Getin Bank Authorization of access to the private keys, stored in the central HSM in the Bank, through the Finger Vein biometric technology. Card-based Model Finger Vein B-1 Area of application: corporate banking (corporate customers and SME) internet banking for retail and private banking customer Scope of application: Login to electornic banking platform Authorization of transactions and signing of documents in the remote channels (on the electronic banking platform) Example of implementation: Barclays Bank Authorization of access to the private keys, stored on the user s chip card, through the Finger Vein biometric technology. 10

12 Finger Vein biometric signature and handwritten signature biometrics 11

13 3. Finger Vein BioPKI server-based biometric signature 12

14 Business case Reduction of paper documents workflow at the Bank (paperless) - reducing the cost of printing, scanning, indexing, transport, archiving and culling the paper documents Increased security comparing to traditional handwritten signature verification No after-sales forwarding, dropping, abuse documents Short sales processes (time-to-cash) - to increase sales effectiveness by reducing the duration of the signing documents procedure and gain time for advisory services The possibility of moving FTE used for the processing of documents for the sales processes Automatic control of Who (completeness of signatures), Where (location in which signature was made) and When (time stamp) signed the document, enabling streamlining of audit procedures (no change since the signing of the document). 13

15 Principle of functioning Finger Vein BioPKI biometric signature solution allows for issuance and management of customer certificates, and for the ability to sign documents / agreements at the branch using Finger Vein reader. The signed document in electronic form may be submitted to the bank repository. Bank may offer to the customer placing the signed agreement in electronic form on customer s internet account. 14

16 Sulotion elements Finger Vein Server central software (heart of the system) Obrazowanie wzorców FingerVein Finger Vein BioPKI Server and Finger Vein CA biometric signature software FV Monitor Management Module and FV Content Management Module monitor s software network (ethernet) Finger Vein reader network (ethernet) Finger Vein monitor (12 ) 3 Finger Vein infrastructure 2 FV 1 15

17 4. Finger Vein B-1 card-based biometric signature 16

18 Business case Reduction of frauds in remote channel, caused by users sharing the access to their account, by introducing the strongest method of user identity authentication Reduction of frauds in remote channel, caused by the action of hackers, through the introduction of technology, which allows for 100% authentication of identity of the user who confirm the operation in the electronic banking system Faster and easier support for users of corporate banking system by eliminating the access codes (PIN) Reduction of costs associated with the issuance, personalization and distribution of smart cards to corporate customers, as well as handling the claims related to PIN codes, comparing with the standard card-based PKI 17

19 Change of approach Unique combination of established technologies Security and Customer Experience Links the individual clearly to the transaction Replaces the PIN with high performance biometric identifier. Secure biometrics (Finger Vein) Cryptographic SIM Achieves individual non-repudiation Eliminates card-sharing.. Gives the possibility to eliminate the necessity of sharing the date, including personal data, ssimplify card management and lower costs Generate keys and certificates onsite, at user enrolment Possible no pre-personalisation of cards Low impact on current infrastructure build on standard authentication platforms and protocols such as PKCS11 minimal impact on endpoints Sign What You See 18

20 Solution components Banking portal 1. Finger Vein B-1 biometric PC (customer) Finger Vein reader 2. CAP card applet (PKI + Finger Internet browser PLUG-IN 4 Vein biometrics) 3. LIB middleware PKCS#11 3 LIB CCID driver (Windows) library 4. PLUG-IN plug-in to the browser (fo the purpose of integration) Bank Hitachi 1 SIM card CAP 2 Others PIN 19

21 Card personalisation modes (workflow) Key Generic blank SIM card SIM with keys and finger vein CA Hitachi PKI+FV CAP CardCo1 CardCo2 blank SIM Bank blank SIM Customer1 Customer2 Customer3 POST-PERSONALISATION MODE Certificate Key SIM with keys and PIN CA PIN Customer1 Bank CardCo Customer2 Certificate PIN Customer3 PRE-PERSONALISATION MODE Registration 20

22 Customer HTTPS PKCS#7 UTF8 Bank Transaction signing workflow Create parameters for signing application Check signature and payload Store and log transaction data Checks and compiles business txn Create signing web page Internet Send txn data to back-end Presents SWYS window SHA256 digest Build signed data package Verify finger Data is signed Create transaction Click Sign Place finger 21

23 5. Summary 22

24 Summary The use of biometric signature technology enables fully to implement the idea of "paperless" and "digital banking" in the Bank. Security of biometric signature is mainly based on the level of security of the used biometric technology (necessity to use biometrics with the highest security factors available on the market => Finger Vein) Depending on the area of using the biometric signatures necessary is to select the appropriate fuctioning model of the biometric signature: 1. Server-based model (Finger Vein BioPKI) - ideal for applications in the relationship with the retail customer (bank branches) 2. Card-based model (Finger Vein B-1) - dedicated to internet banking, with an indication on corporate banking The necessity of use of the card-based model of digital biometric signature (Finger Vein B-1) in the corporate banking channel stems from the fact that the Bank has repeatedly does not have a direct relationship with the user of the system (employee of a company that uses the services of the Bank). Such situation generates controversy for a central processing and storage of biometric templates of the user. 23

25 Thank you for attention Arkadiusz Buroń Presales & Account Director Information Systems Group Serock,

26