Introduction to Private Identity as a Service (PIDaaS): Secure authentication system, based on biometric recognition technologies through mobile devices. October 20 th, 2015 contacts@pidaas.eu www.pidaas.eu
Contents 1 Introduction... 1 2 Goals of the project... 1 3 State of the art... 1 4 Issues to solve... 1 5 PIDaaS solution... 2 6 The benefits... 3 7 Pilots... 4 7.1 E-commerce... 4 7.2 E-health... 4 7.3 E-citizen... 5
1 Introduction PIDaaS aims to create and to field-test a secure authentication system, based on biometric recognition technologies (speaker and face recognition) through mobile devices. PIDaaS is a project co-founded under the ICT Policy Support Programme by the following partners: CSI Piemonte, Bantec, Eurecat, Ricoh, University of Kent, E-bros, TicSalut and Hogskolen I Gjovik. 2 Goals of the project The goals of PIDaaS are: 1. To develop a robust, flexible, scalable and easy to integrate service for identity assurance of user s with the help of bio-identities features in mobile devices. 2. To share with internet application providers, the possibility of an easy integration of biometric authentication of their customers into their remote identification processes. 3 State of the art The identification and verification of individuals using biometric identifiers based on personal traits have been widely used in different contexts, governmental, forensic (police investigations) and for commercial uses. Mobile devices and the explosion of social media increase the use of biometrics for daily activities which require authentication, such as payments, and for the substitution of passwords and PINs. However, some issues must be well addressed, like user acceptance or resistance to fraud. The current biometric authentication technologies are: Voice scan Finger scan Facial scan Iris scan Hand scan Vein recognition DNA matching Signature scan In-Air signature Keystroke scan Gait 4 Issues to solve It has been done an analysis of the existing solutions and its authentication process. This section describes the problems encountered of the studied solutions: Biometric algorithms must be tailored in order to fit the specific sensors characteristics of mobile devices. 1
Required security preservation of biometric data in the authentication process: o User s biometric samples are strongly linked with user s identity. o The multiple enrolment processes for every service provider increases the user s feelings about getting out of control of her/his data. o Lack of user control and potential privacy. Non-renewability of personal biometrics traits: Renewability and revocability are essential functionalities required in identity management. The protection of biometric data and its sharing across different legal entities is very difficult to achieve because of non-uniform National/European personal data regulations. Difficulty of the integration process of biometric authentication for mobile/web services and application developers. 5 PIDaaS solution PIDaaS aims to create a secure authentication system, based on biometric recognition technologies (speaker and face recognition) through mobile devices. It is the result of the integration of the following three technologies: BTPS, IdForMe and LMP. The platform consists on the following components: 1. PIDaaS Mobile application: It allows the users to manage their identity, personal data and biometric templates (digital reference of characteristics that have been extracted from a biometric sample) and to be authenticated through speaker and face recognition. The management of data allows the users to authorize which action is performed in their name on any website and decide what information they allow to access to Website, Mobile apps, online purchasing, etc. The authentication process is based on the IdForMe platform, which allows people to do the authentication process using the speaker and face recognition verification technology. 2. PIDaaS Backend: It provides to the Mobile Application and Service Providers a gateway to access to the PIDaaS platform services. Through this gateway, service providers can ask for login authentication services, and users can manage their stored data. 3. PIDaaS Life Management Platform (LMP): It is responsible for storing the information about PIDaaS users, service providers and for monitoring the users activities within the PIDaaS platform. It is a mechanism for sharing personal data between the user and the services in a secure way. Its objectives in PIDaaS are: Manage the authentication process. Store the biometric templates (verification data). Provide control to users over those templates and their personal data. 4. PIDaaS Biometric Template Protection Scheme (BTPS): It is responsible for creating and verifying the biometrics templates of the users (so called Pseudo Identities). This technology enables the creation of multiple pseudo-bio-identities from the same biometric trait, with the possibility of revoking, renewing and reissuing them. It assures the privacy 2
by allowing the use of biometric traits while avoiding the inherited risk of classic biometric solutions. The integration of these technologies will be tested and validated in three different pilots: E-commerce, E-health and E-citizen. The pilots will be used for the analysis of the usage of the service. PIDaaS Platform BTPS Encoder BTPS Verifier Push Notification Service Mobile Application Life Management Platform Backend Service Provider Other Device Figure 1: PIDaaS architecture 6 The benefits PIDaaS provides an innovative approach to e-services (e-commerce, e-citizen, and e-health) in a way giving users strong advantages and market competitiveness in the following aspects: 1. Convenience: PIN or password is omitted or expressed by voice/face; 2. Security: users are verified by their biometrics; 3. Privacy protection: biometric information used for verification is protected by BTPS. These merits makes PIDaaS solution promising in the current and future markets because none of existing identity authentication solutions including those biometrics-enabled can perform well in all the three above aspects in the same time, which makes a good market perspective for the PIDaaS solution. Each technology also enriches the solution with its specific benefits: BTPS technologies have been proved to be useful for voice/face biometric modality. 3
Biometric mobile verification systems because many manufacturers have adapted their existing technology to be ready for deployment. LMP technology meets the need for the necessary trust frameworks and the need for greater dialogue between regulators and private sector. LMP offers a service where the user is the centre of decision. Figure 2: Functioning of PIDaaS pilots 7 Pilots 7.1 E-commerce This pilot takes place in an environment of e-commerce (B2B). PIDaaS solution will be integrated on the platform of one of the biggest e-shops in Finland, the company F9 Distribution OY. PIDaaS will be used by real customers. Objectives Test and prove technical and functional quality of offered solution. Test and get feedback on usability of PIDaaS solution. Get feedback about market acceptance and commercial attractiveness of PIDaaS solution. Easiness of PIDaaS integration into e-commerce solution, provided by E-Bros. 7.2 E-health TICSalut will carry the pilot in Catalonia (Spain). It will be useful to test integration of PIDaaS with the platform of the Catalan health system. This platform enables people to interact online through computer or other mobile devices with the health department, its agencies and providers (hospitals, health centers, etc.). 4
Objectives Accessibility of the patients on their data in the Catalan health system by authenticating themselves through the PIDaaS platform. Testing its performance and usability. 7.3 E-citizen There will be a pilot performed in Italy, in which PIDaaS will be integrated in the service of visualization of the personal data within the human resources procedures. The employees belonging to an administration or company will be able to access to their personals records (such as payroll, holidays, time off work, etc.) and visualize them. Objectives To confirm that PIDaaS authentication grants users safe access to data and with adequate performance and usability degrees. Testing its performance and usability degrees. 5