Iridian Technologies, Inc

1
CACR Information Security Workshop Bill Voltmer,
President/CEO
Iridian Technologies, Inc Moorestown, NJ
USA Iridian Technologies, SA Geneva, Switzerland
856-222-9090866-IRIDIAN (U.S.
Canada)www.iridiantech.com
2
Iridian Technologies, IncIris recognition
biometric software
Iris

• Privately held
• Incorporated 1990, began operations 1993
• Merged with Sensar Inc, July 2000
• WW headquarters located in Moorestown, NJ
• Iridian Technologies SA headquartered in Geneva,
  Switzerland
• Holds numerous US international software patents

3
Youve Probably Heard About Us

• Schiphol Airport, Amsterdam
• Heathrow Airport, London
• Canadian Airports, Ottawa
• Atlanta, Knoxville, Frankfurt
• S-Travel, Zurich Switzerland
• Singapore/Malaysia borders
• The Hajj pilgrimage, Saudi Arabia
• US-FAA Secure Executive Toolset
• Defense, Army, Navy, data centers, correctional
  facilities, public utilities

The Afghan Girl
Access border crossing implemented by
Schiphol Group, CMG, and Joh Enschede
4
The Netherlands

• Privium implemented by the Schiphol Group,
  JESS, and CMG
• 89 charge, convenient parking at Schiphol,
  lounge access
• Installed kiosks and turnstiles using 11
  verification via a smart card
• Used to enter and exit country
• Includes one-stop immigration and security lane
  during exit
• As of March 2002, 2,000 enrolled, averaging
  10,000 transactions per month

5
Canada

• Iridians iris recognition technology and
  certified hardware/software were specified in
  recent CCRA EPPS RFP
• Implementation expected to begin Summer 2002 in 2
  airports growing to 8
• Similar user design as The Netherlands except
  central database enrollment

Iridians iris recognition being tested to meet
the Canadian governments requirement for
technology aimed at EPPS, an Expedited Passenger
Processing System. EPPS will eventually allow
pre-approved travelers to clear customs more
smoothly. - The Ottawa Citizen March 5, 2002
6
User authentication is the key to a business
secure physical and logical perimeters.
Traditional security devices or procedures
allow the user to be the weakest link in the
security model. Positive authentication is
needed because it enables authorization and
administration procedures. Iris Recognition
delivers positive authentication.
7
Source The New Yorker
8
Security-Privacy-Convenience
Before September 11, 2001
No America
E ME A
Asia
1. Convenience
1. Security
1. Security
2. Privacy
2. Privacy
2. Convenience
3. Security
3. Convenience
3. Privacy
9
Security-Privacy-Convenience
Post September 11, 2001
No America
E ME A
Asia
1. Security
1. Security
1. Security
2/3. Privacy
2. Privacy
2. Convenience
2/3. Convenience
3. Convenience
3. Privacy
10
To Conduct Secure Business

• Authenticate the point of entry
• At the sender receiver nodes
• At the door or gate
• Authorize the action
• Privilege the right to gain access
• Administer the policies
• Secure the data transport
• Database management with privacy

Access border crossing implemented by
Schiphol Group, CMG, and Joh Enschede
11
Biometric Types

• Iris Recognition uses a video camera to
  pinpoint the independent coordinates of the iris
  of the eye
• Face defines a dozen or so points on the face
  and measures the distance between them
• Fingerprints looks for pattern ends and their
  changes in direction
• Hand measures the size and angles of a persons
  hand features
• Voice analyzes the sound waves and speech
  patterns of a recorded voice
• Others signature, retinal scan, keyboard

12
How to Measure a Biometric

• False Acceptance Rate (FAR) accepting users who
  it shouldnt accept
• False Rejection Rate (FRR) rejecting users who
  it should accept
• Outlier Population the percentage of people who
  cannot use the biometric because they do not have
  the characteristic
• Storage and Matching - the business application
  should determine to use either verification or
  identification or both

13
Authentication

• ALL biometrics can verify
• Verification asks Does this live record match a
  particular stored value?
• It requires a password or PIN or token to suggest
  a pointer, then the system verifies the match.
• Verification answers It is or is not a match.
• Iris Recognition identifies
• Identification asks WHO is this person?
• It does not require a password or PIN or token
  because it finds the person by doing an
  exhaustive search of the database.
• Identification answers
• This is so-and-so OR
• This record is valid and is approved for
  processing

14
Security and Privacy can be Balanced if

• The biometric and application align
• Iris recognition requires user participation
  opt-in
• Some biometrics are passive
• Data integrity is assured
• In systems architecture
• In the template
• In transactions
• In storage
• Data managers follow policies

15
The Iris is NOT the Retina
16
How Iris Recognition Works

• Uses a video image of the iris
• Analyzes the iris patterns, preparation for
  secure transport
• Creates a 512 byte IrisCodeR template to describe
  the patterns
• Matches the code to all IrisCodes
• in a database/file
• Accepts or rejects individual

17
Common Platform
Walkup Physical Access Kiosk Gate/Perimeters
Desktop Information Access Single Sign
On/Off Domain Log-on
Personal Information Access Transactions Single
Sign On
18
Client or Camera Resident Software

• Image capture and evaluation, image compression
• Image security preparation for transport
  including countermeasures and permutations
• Offers 3DES encryption at API
• Some cameras use PrivateID to support internet
  video conferencing, video capture/editing, and
  video e-mail applications
• Drivers support multiple Windows versions
• Using APIs, can be used with smart cards,
  passports, LAN/WAN logon, digital document
  signing, e-commerce transaction authorization etc

19
Secure Authentication Server
KnoWho Authentication Server

• Accepts secured iris image from PrivateidTM
• Creates IrisCodeR and performs matching
  algorithms
• Can perform identification (1n) or verification
  (11)
• Offers 3DES encryption at API and database
• Supports Oracle or SQL db
• Currently runs on NT 4.0, W2000
• Linux and Solaris shortly
• Sold as whole unit or as a kit
• Priced per user (1 user 2 IrisCodesR)

Application Servers
TCP/IP network
Windows Desktop
ODBC Database Oracle, MS-SQL
Internet Connection
www
20
LG IrisAccessTM 2200powered by xxxxxxxx
Walk-up Applications Facility access Immigration/a
irport security Data centers Utility power
plants Prison book/release Time
attendance Benefits Audio instructions Auto
focus View 3 to 12 inches Small size
21
Oki-Panasonic BM-ET500TM powered by xxxxxxxx
Walk-up Applications Immigration/airport
security Gate control Utility power
plants Prison book/release Time
attendance Benefits Two-iris recognition Stand
up to a meter away Auto focus Surveillance Face
image capture
22
Panasonic AuthenticamTM powered by PrivateIDTM
Desktop Applications Local logon Domain
logon Single Sign On LAN administration Desktop
security Benefits Amber/green LED View 19 to
21 inches Small size Video conferencing
Available at Enterprise Resellers
23
Application Integration Architecture
24
Partnerships
25
To Conduct Secure Business

• Authenticate the point of entry
• At the sender receiver nodes
• At the door or gate
• Authorize the action
• Privilege the right to gain access
• Administer the policies
• Secure the data transport
• Database management with privacy

Iris Recognition delivers positive
authentication.