Case Study

The World’s Largest Employer Uses a Web-Based Platform for Biometric Identity Proofing

The US Department of Defense uses Aware’s WebEnroll™ platform on 3,500 workstations for browser-based biometric enrollment and data management to make their background check system more secure and its maintenance more efficient.

The U.S. Department of Defense workforce consists of 1.4 million men and women in uniform, and over 800,000 civilian personnel. The Defense Manpower Data Center (DMDC) is the agency responsible for administering the DOD’s personnel-related tasks, including background checks for all in-uniform and civilian employees. Each year, thousands of new employment applications are processed.

Part of the employee onboarding process is to collect the fingerprints of every applicant and submit them to various external systems for search. This process serves to flag an applicant whose fingerprints exist in a criminal database or watch list, and helps the DMDC verify that every applicant is fit for employment with the DoD.

Biometrics are a powerful tool for identity proofing because they’re more definitive identifiers than biographic identity data such as name, date of birth, and address, which rely on forgeable ID cards, draw upon error-prone records, and are simply not unique or permanent. Biometrics enhance biographics by using physically unique traits that can be used to search a biometric database.

Download PDF here if you are having trouble viewing.

The Problem: Windows-Based Software Poses Maintenance Challenges and Security Risks

Windows-based software applications have traditionally been used for biometric enrollment. These custom, thick-client applications can be difficult to maintain and support, especially in a system of large scale. The software has to be manually installed, maintained, and kept up-to-date with operating system updates and the introduction of new biometric capture hardware, such as fingerprint scanners.

Security can also be a concern, since the biometric enrollment process involves capture of each applicant’s biographic data and fingerprints, which is personally identifiable information (PII). Where this sensitive data is processed and analyzed on a PC, it is potentially persisted in the Windows environment and put at risk of exposure.

The Solution: Browser-Based Biometric Data Enrollment and Management

In 2016, Aware helped DMDC launch its “SWFT Plus” program, providing a browser-based biometric enrollment platform to be used across all four major services (Army, Air Force, Navy, Coast Guard) and smaller entities within the DoD.

3,500 SWFT Plus workstations are used to enroll fingerprints via a web-based user interface provided by WebEnroll, Aware’s browser-based biometric data enrollment and management solution. WebEnroll is actually built upon two market-leading products from Aware: BioComponents and BioSP.

BioComponents deploy within a browser user interface for image and data capture. They handle the “micro-workflows” associated with capturing and verifying the quality and integrity of fingerprint images and associated biographic data. This includes sequence checking to ensure that each fingerprint is properly identified (e.g. right middle), segmentation of slap images, validation of image quality standards, FBI-certified WSQ image compression and data formatting, and more. BioComponents provide support for live scan capture of fingerprints as well as scanning of inked fingerprint cards scans.

 BioSP (Biometric Services Platform) is a workflow and middleware server used to perform processing, routing, and storage of enrollments and search results responses. In the DMDC system, BioSP receives the applicants’ enrollments from the SWFT enrollment workstations and forwards them to SWFT server which submits them for government background checks.

The Benefits: Less Complexity, Greater Security, Ease-of-Use

Less maintenance, support, downtime. The DMDC’s new browser-based biometrics system requires less software maintenance, support overhead, and downtime by reducing the effort associated with maintaining a Windows-based alternative. This saves time, money, and effort that would otherwise be dedicated to managing workstation software.

Consistency across the entire system. SWFT Plus also better standardizes capture, storage, and forwarding of fingerprints across the DoD. A biometrics solution delivered via a centralized, cloud-based web services model ensures consistency across the organization in terms of workflow and version control. Every enrollment is always executed compliantly, and on the same, uniform, up-to-date platform, regardless of location.

Enhanced security. A key benefit of DMDC’s browser-based implementation was enhanced security. All biometric data is now stored in a server behind a firewall; no traces of PII are left behind on the workstation.

Extensible and future-proof. Finally, Aware’s WebEnroll solution supports other modalities in addition to fingerprint, including face and iris. This means that the solution deployed by DMDC is extensible; should they wish to add face or iris in the future, they can simply add the respective BioComponents to capture those modalities, a benefit that may prove useful in the future.