delivering online services using biometric authentication

19
ca Securecenter Delivering Online Services Using Biometric Authentication Lynda Hoel & Steve Shulhan Session Number SCX06S #CAWorld Office of the Chief Information Officer Province of British Columbia

Upload: ca-technologies

Post on 30-Jun-2015

308 views

Category:

Technology


0 download

DESCRIPTION

The Province of British Columbia has implemented a corporate biometrics management and authentication service based on CA Single Sign-On and BIO-key’s WEB-key technologies. The solution uses fingerprint biometrics to positively identify Corrections clients and provide them with self-serve access to secure online services. For more information on Security solutions from CA Technologies, please visit: http://bit.ly/10WHYDm

TRANSCRIPT

Page 1: Delivering Online Services Using Biometric Authentication

ca Securecenter

Delivering Online ServicesUsing Biometric Authentication

Lynda Hoel & Steve Shulhan

Session Number SCX06S #CAWorld

Office of the Chief Information OfficerProvince of British Columbia

Page 2: Delivering Online Services Using Biometric Authentication

2 © 2014 CA. ALL RIGHTS RESERVED.

Abstract

The Province of British Columbia has implemented a corporate biometrics management and authentication service based on CA Single Sign-On and BIO-key’s WEB-key technologies. The solution uses fingerprint biometrics to positively identify Corrections clients and provide them with self-serve access to secure online services.

Lynda HoelProvince of BC

Director, Service Operations

Steve ShulhanProvince of BC

Manager, Technical Services

Page 3: Delivering Online Services Using Biometric Authentication

3 © 2014 CA. ALL RIGHTS RESERVED.

The BC Vision: Citizens @ the Centre

BC’s Strategy:“....leverage technology and information to

establish a new relationship with citizens, and create more effective services and better,

more informed decision making. “

BC Citizens want more on-line accessto government services

Page 4: Delivering Online Services Using Biometric Authentication

4 © 2014 CA. ALL RIGHTS RESERVED.

The key issue:

How citizens can “prove” who they are on-line

…and do it securely, easily and consistently across multiple contexts with

confidence that privacy is respected

Page 5: Delivering Online Services Using Biometric Authentication

5 © 2014 CA. ALL RIGHTS RESERVED.

Our Identity and Authentication Services

Worker ID & password

CA Single Sign-On

Federation Services

Page 6: Delivering Online Services Using Biometric Authentication

6 © 2014 CA. ALL RIGHTS RESERVED.

New Business Request

The Province of British Columbia has implemented a corporate biometrics management and authentication service in response to a Supreme Court of Canada ruling guaranteeing the rights of persons awaiting trial in custody to reasonable access to the electronic evidence provided by Crown Prosecutors.

– the reasonable clause has been interpreted to mean almost unlimited access

– increasing volume of digital evidence (video and wiretap) – needs to work in secure custody environments

– user ID/PWD not viable and SmartCards not viable

Page 7: Delivering Online Services Using Biometric Authentication

7 © 2014 CA. ALL RIGHTS RESERVED.

A New Biometrics Solution

In addition to the existing Identity Information Services we also required:

A solution to manage fingerprint biometrics for Corrections Clients to enable client identification, and access to online services

A Corporate solution, as a shared service, able to support multiple tenants and their authorities to collect and manage biometric and identity information about their clients

Page 8: Delivering Online Services Using Biometric Authentication

8 © 2014 CA. ALL RIGHTS RESERVED.

Our Key Principals

Privacy– Keep the Office of the Information Privacy Commissioner (OIPC) informed

and onboard

– Comply with privacy legislation; in particular the Freedom of Information and Protection of Privacy Act (FOIPPA)

– Align with privacy and security policies

Leverage existing investments in identity information management (BCeID), and authentication services (CA Single Sign-On)

Purchase COTS where it makes sense, customize to fit

Page 9: Delivering Online Services Using Biometric Authentication

9 © 2014 CA. ALL RIGHTS RESERVED.

Our Key Principals (continued)

Align with emerging identity information management directions:– privacy by design

– identity federation

– a corporate identity information management service

– a person centric identity model, where a person has a single identity record connected with one-many credential management services

– standard corporate authentication services (ADFS and CA Single Sign-On)

Design as a shared service with a multi-tenant environment

Page 10: Delivering Online Services Using Biometric Authentication

10 © 2014 CA. ALL RIGHTS RESERVED.

Why BIO-Key?

Extract from BIO-key Educational Webinar Series

Page 11: Delivering Online Services Using Biometric Authentication

11 © 2014 CA. ALL RIGHTS RESERVED.

Why BIO-Key?

Extract from BIO-key Educational Webinar Series

Page 12: Delivering Online Services Using Biometric Authentication

12 © 2014 CA. ALL RIGHTS RESERVED.

Our Implementation Features

– Supports enrolling single digits, or pairs of digits

– High performance indexing and searching

– Scalable

Lab for technical POC, to understand the models

Integrate with CA’s Single Sign-On

Complete privacy and security assessments

Integration with client Relying Party applications:– Enrollment; Corrections staff authenticate using their Worker ID and password to

supervise biometrics enrolments.

– Identity/Credential management/repair

– User identity check; Corrections staff confidently identify returning clients

– User authentication; Corrections clients use biometrics credentials to access CA Single Sign-On protected online services

Page 13: Delivering Online Services Using Biometric Authentication

13 © 2014 CA. ALL RIGHTS RESERVED.

Our Implementation

Page 14: Delivering Online Services Using Biometric Authentication

14 © 2014 CA. ALL RIGHTS RESERVED.

Our Implementation

Page 15: Delivering Online Services Using Biometric Authentication

15 © 2014 CA. ALL RIGHTS RESERVED.

Our Results

To streamline enrollment workflows, collaborated with BIO-key to extend product functionality to work with devices capable of collecting fingerprint biometrics from 2 fingers at a time

Engaged with BIO-key to complete an implementation health-check to identify and resolve enrollment performance issues local to our implementation and configuration options

Pilot in 2 of 9 custody facilities, and 5 of 45 community centres – full production starting January 2015

During pilot, 25% of all custodial clients have been enrolled and 10% of community clients have been enrolled

Page 16: Delivering Online Services Using Biometric Authentication

16 © 2014 CA. ALL RIGHTS RESERVED.

Lessons Learned

Develop a shared understanding with stakeholders about LOB requirements and corporate strategic objectives – craft a single story to address both sets of values

Establish executive support, build solid working relationships, and clarify governance before issues are escalated

Have vendors review/comment on infrastructure/architecture before we build

Plan on health-checks when implementing new technologies (and periodically afterwards)

Invest in diagnostic and monitoring tools

Page 17: Delivering Online Services Using Biometric Authentication

17 © 2014 CA. ALL RIGHTS RESERVED.

Futures in BC (not officially approved)

Corrections is considering using Biometrics authentication for:

– Staff– Visitors– Contractors

Corrections is considering extending authentication services to include:

– Access to telephony systems– Door and building controls

Page 18: Delivering Online Services Using Biometric Authentication

18 © 2014 CA. ALL RIGHTS RESERVED.

For More Information

To learn more about Security,

please visit:

http://bit.ly/10WHYDm

Insert appropriate screenshot and text overlayfrom following “More Info Graphics” slide here;

ensure it links to correct pageSecurity

Page 19: Delivering Online Services Using Biometric Authentication

19 © 2014 CA. ALL RIGHTS RESERVED.

For Informational Purposes Only

© 2014 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

This presentation provided at CA World 2014 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer references relate to customer's specific use and experience of CA products and solutions so actual results may vary.

For Customer/Partner content please note:

Customer/Partner content provided in this presentation has not been reviewed for accuracy and is based on information provided by CA Partners and Customers.

Terms of this Presentation