Certibio: Biometrics-as-Services in Practice
A key feature of the Certibio service it is sufficiently flexible to accommodate a variety of customer requirements, in terms of functionality, performance, privacy, and security.
As the largest provider of digital certificates in Brazil, Certisign has gained a deep understanding of identity and security. It has led them to recognize the power of biometrics to address identity fraud, as is evident from the recent launch of biometric identity proofing and authentication services by their new subsidiary, “Certibio”. As in much of the world, Identity fraud is a problem in Brazil where the service is launching, so there is demand for a service that is not only robust but also sufficiently flexible and scalable to address a variety of customers and requirements.
Certibio provides biometric identity proofing and authentication services to its customers, which might include banks, government agencies, retailers, or any other type of business that wishes to biometrically authenticate its employees and/or customers. By consuming these as services, Certibio customers avoid an upfront investment in biometric enrollment and data storage equipment and software and avoid the risk and costs of future maintenance and obsolescence.
The Certibio service emphasizes the value of identity proofing, which serves to ensure that the individual applying for an account is in fact who they claim to be, and that the biometrics that they collect are of high quality and bonded unambiguously to trusted identity information. They ensure that the biometrics they collect during the identity proofing process are of sufficient quality for reliable future authentications and that they are linked to reliable, professionally-vetted identity information.
Once a business signs on for services, biometric authentication equipment is installed at locations where authentication will be performed. Enrollees must bring proof of identity as specified by their sponsor. They are interviewed by a Certibio service agent, who performs the initial identity proofing process and also collects their biometrics. The system supports fingerprint, face, iris and voice biometrics. Once the enrollment process is complete, the collected biometrics are used to search the database for a previously enrollment. If one is found and the identity information is conflicting, then further investigation is warranted. If the information is not conflicting, then the enrollment is updated. The enrollee is issued a unique ID number.
Once the enrollee is in the system, they can be biometrically authenticated at customer locations, such as a bank. A bank might require that new customers for new accounts be authenticated using the Certibio system. The new customer simply submits their Certibio identification number and their biometrics are scanned. The bank officer receives back from Certibio the identity information provided upon enrollment. This identity information had been professionally vetted, so the bank can be confident that the identity information being presented is accurate. The bank might also require that the customer biometrically authenticate for certain types of transactions.
A key feature of the Certibio service it is sufficiently flexible to accommodate a variety of customer requirements, in terms of functionality, performance, privacy, and security. A few of the different choices available to customers follow, and new service capabilities and enhancements are already in the works.
1. Fingerprint, face, iris, and/or voice biometrics
2. Single modality or several modalities
3. Storage of biometric data in Certibio cloud, customer’s private cloud/server, or use of existing government database
At the center of the multi-tiered Certibio system is a management platform, used to coordinate business logic and workflow across the system, as well as administrative functions. It serves as a central service between biometric collection workstations used for biometric enrollment, identification, and verification, and the various matching services available. These services include one-to-one biometric verification services provided by the government identity bureau, and biometric search and match services performed by Certibio. The Certibio biometric matching services are provided by the Biometric Matching Platform. Operating Platforms are used to manage the workstations.
There are two configurations available for customers: 1) Certibio-managed data and 2) customer-managed data. In the first configuration, Certibio provides all biometric matching and storage from a Biometric Matching Platform operating within the secure Certibio private cloud. Each platform is a custom-configured instantiation of Aware’s Biometric Services Platform (BioSP™). The Certibio enrollment and verification workstations utilize Aware SDKs.