دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش:
نویسندگان: Office of the Under Secretary of Defense
سری:
ناشر:
سال نشر:
تعداد صفحات: 178
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 3 مگابایت
در صورت تبدیل فایل کتاب Biometrics And their Relation to Identity Management Report of the Defense Science Board Task Force on Defense Biometrics به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب بیومتریک و ارتباط آنها با گزارش مدیریت هویت گروه ویژه هیئت علمی دفاعی در مورد بیومتریک دفاعی نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
Washington, D.C. 20301-3140......Page 1
TOC......Page 2
Biometric Product Assurance 54......Page 7
Controlling Access 108......Page 8
APPENDIX P — GLOSSARY OF TERMS 143......Page 9
Figure 12: Privacy Considerations 71......Page 10
The Task Force finds that biometrics suffers from a characteristic of many “new” areas of technology and application. At the outset, biometrics had (it seems) as many advocates making unsupportable performance claims as it had detractors decrying its mystery, uncertainty and unacceptability on the basis of historic formulations of governance, privacy, etc. It is also true that in biometrics the truth lies between these extreme positions, and for the most part, has yielded to thoughtful technical analysis and collaborative, inclusive, organizational effort. The Task Force will make several recommendations designed to advance these two parallel but associated lines of effort, the technological and the organizational.......Page 11
Combatant Commander: A designated commander responsible for developing and/or coordinating the requisite Concepts of Operations (CONOPS), joint experimentation and training, and joint and inter-agency doctrine for the military applications of biometrics.......Page 12
Decide who is/will be the ID-Mgmt/Biometrics Principal Staff Assistant (PSA) and update the documentation to reflect that reality.......Page 13
We were gratified when, on 4 October 2006, the Deputy Secretary of Defense designated the Director, Defense Research & Engineering (DDR&E) as the Principal Staff Assistant (PSA) for biometrics, with responsibility for the authority, direction, and control of DoD biometrics programs, initiatives, and technologies. The Army was named in the same document as Executive Agent, with defined responsibilities under the direction of the PSA. Most of the specific recommendations contained in the report, then, are aimed at the PSA. These are distributed throughout the report and recapitulated in the last chapter, categorized according to whether they reflect: internal DoD issues; issues external to DoD; remaining organizational issues; R&D, materiel and technology issues; information management issues; and/or, legal and privacy issues.......Page 14
Finally, although the art form of reports such as this often presages key recommendation in the Executive Summary, we do not. There are simply too many. Instead, we have chosen to recapitulate all the recommendations and their associated conclusions in Chapter 18. These are characterized according to the category of the recommendation: Information management and sharing; R&D and technology; Issues external to the Department of Defense; Internal issues; Organizational issues; and Legal and privacy issues. Where the recommendations fall into more than one category, they are duplicated for convenience and within each category the recommendations are treated in the order of their appearance in the body of the report.......Page 15
In any very small group there is no need for identity management. However, whenever populations become more numerous, especially if they are not always or ever in physical contact with each other, distinguishing among individuals becomes steadily more important. In national security matters, as friend/foe distinctions such as clothing (uniforms) diminish in incidence and usefulness, this point is underlined. Differentiation based on sight, sound and smell provided the earliest distinctions, and the data management was initially based on “full path names”—i.e., the “begats”.......Page 17
The term biometric is the name given a technology that is the measurement of a living, human characteristic. This process includes the ability to measure characteristics such as fingerprints, voice recordings, irises, heat patterns, keystroke rhythms, and facial images; comparing a person's unique characteristics against previously enrolled images for the purpose of recognition.......Page 18
It is also important to define “identity.” Strictly speaking “identity” is the “unit of analysis” (or record or row) in an identity management system. A particular identity is a particular record which (in a well-ordered system) has a unique “accession number,” which one also might think of as “the identity.” When associated with individual humans in a system, the concept of “root identity” emerges, as discussed below.......Page 19
The real meat of a modern Identity Management system is not the front end, badges, tokens, and/or biometrics, but the information system in which they operate, the “IT backplane”. This recognition represents a change in the attitude of program sponsors and the user population. Complex/expensive tokens (e.g. Smart Card) are useful and prescribed in many applications but, if limited to local operation, are often impractical in situations where DoD seeks an ID solution. The geographic and organizational scope, plus the growth in size of enrollee populations, has made it clear that modern networked IT solutions offer the best hope of achieving mission success. The centralization in design, development, management and operation that usually accompanies networked systems provides economies of scale and allows us to amortize costs over a larger set of uses. It also is associated with improvements in interoperability.......Page 20
Figure 1: The Creation of a Digital Identity......Page 21
Of all these features and considerations, HSPD-12 provides only the most basic, but this is the foundation upon which all else can be built. Put another way, absent the HSPD-12 foundation, all such effort would represent a house built on sand. As such, it defines the space within which remaining policy, technical, and organizational efforts are still required.......Page 22
Care must be taken to explore completely the potential ramifications of deploying a large -scale identity system, because the costs of fixing, redesigning, or even abandoning a system after broad deployment would likely be extremely high.......Page 23
Authenticated root Identities are needed to make ID-enabled applications work. One can only get to the payback at the application layer of an Identity Management system after having undertaken the cost and effort of establishing verifiably-unique root identity enrollment. This identity must be “transportable” over time and distance, in terms that benefit both the enrollee and sponsor. The enrollee must be able to convincingly assert his true ID to access resources or avoid sanctions. This aspect of the total IM strategy, the creation of root Identity to a strong and common standard, is the focal point of the prescriptive provisions of HSPD-12.......Page 24
A selling point for such secrets as authenticators is that they are easily issued, invalidated in the event of compromise, and reissued upon authorized request. The down side is that, historically, they are readily compromised. Insofar as they tend to be meaningful to you, someone who knows you may know the secret or be able to guess the password or phrase. The more generally meaningful they are, the more susceptible to brute force “dictionary” attacks.......Page 25
Use of asymmetric authentication schemes to validate private keys embedded within the CAC.......Page 26
In the previous discussion of the Common Access Card, biometrics are part of the multi-factor process in validating both the credential and the credential holder.......Page 27
Figure 2: Registration and Authentication Procedure......Page 28
rec_1......Page 29
It is possible to envision an expanding set of ID-sensitive applications in work and society, collectively comprising what one author has termed an “Identiverse,” within which security and functionality are enhanced, privacy as well, if designed and managed properly. Benefits may take the form of increased efficiency in workflow, access to resources, convenience, etc.......Page 31
Figure 3: IAFIS Workflow......Page 33
rec_2......Page 34
Facial recognition is clearly something that humans rely on daily, yet experience tells us that either we are not perfect at it, or faces/facial features are not all that unique. Both are likely true, and until recently, humans were about as good at facial recognition as computers,......Page 35
Recent research, sponsored by several interested federal organizations, suggests that we are not all that bad at it. Or, said differently, computers aren’t all that much better. Figure 5 maps the probability of a correct recognition against the probability of a false acceptance in identity matching of “difficult face pairs.” While there were two or three machine algorithms that surpassed the performance of the humans, we humans did quite well, and managed to beat out the majority of the machine algorithms. In this same paper, most face systems easily beat human performance on “easy face pairs.”......Page 36
Of course, the computer is significantly faster, but the same research did show that humans aren’t all that slow; our performance did not improve if we took longer than two seconds to contemplate the faces. Human performance did decline noticeably if the faces were only shown for a half second or less. Ultimately, though, computers will be increasingly fast and powerful, increasingly small and inexpensive, and have access to ever-improving matching algorithms. In the Task Force’s view, this is the key insight: At the same time, collection devices (cameras) will also increase in ubiquity and performance. Taken together, these conditions are expected to lead to strong advances in the prevalence and performance of automated FR applications. The emergence and refinement of “3D imaging,” as discussed later, will only serve to accelerate this trend. The “Rubicon” will be the acceptance of FR, given these enhancements, as an operationally-practical modality for accurate, high-volume and high-speed search, which it is not today.......Page 37
Iris recognition is the process of recognizing a person by analyzing the random pattern of the iris. The automated method of iris recognition is relatively young, existing in patent only since 1994. As shown in Figure 6, the iris is a muscle within the eye that regulates the size of the pupil, controlling the amount of light that enters the eye. It is the colored portion of the eye with coloring based on the amount of melatonin pigment within the muscle. Iris recognition has long been dominated by a single vendor, but with the recent expiration of the iris recognition concept patents, additional options now exists. The multi-agency Iris Challenge Evaluation was developed to assist their development and to independently assess their capabilities.......Page 38
Most tests of iris recognition products have yielded indications of very high performance in terms of matching error rates, particularly the false acceptance rates (FAR). However, the results also indicate that some sensors are very difficult to use, resulting in high failure to enroll (FTE) rates and slow transaction times. Iris recognition has difficulty operating in outdoor environments, and some adverse lighting conditions can induce significant levels of false reject rates (FRR).......Page 39
A growing awareness of Identity Management by the medical community is leading to the convergence of medical biometrics capabilities for medical treatment, with Identity Management.......Page 40
Who are the customers/partners in this line of work?......Page 41
rec_4......Page 42
While it is difficult to imagine new biometrics that might leave a similar identity residue, the value of such could be high for certain DoD and law enforcement missions.......Page 43
We strive to ensure that in processing the biometric our compression algorithms do not lose “vital” information. In practical terms, this means that we hope that the encoded information is functionally as unique as the original, and as easily processed, i.e., compared. Almost inevitably, information is lost. If we fail to save the original, we may be frustrated at a later date when a newer and better algorithm is developed and our previous encoding has inadvertently discarded now-essential information, which we now can no longer recover. If so, the value of our legacy repositories of identity information is devalued.......Page 45
rec_5......Page 46
Another factor also comes into play in determining performance under any given set of costs and benefits, the a priori probability that a true match or non-match will be presented.......Page 47
In the real world, some biometric indices are simply not sufficiently accurate for the intended application, no matter how we adjust the criterion. This may be because our implementation of the biometry is poor, or because the biometric is simply not sufficiently unique in the population of interest. In the real world, too, the biometric system may be additionally stressed by having to render its decision “hastily” (or “promptly” depending on whether you are the designer or the user.) If more exhaustive processing could improve sufficiently the quality of the match, then the inexorable Moore’s law gives us hope.......Page 48
As we have pointed out elsewhere, it was the sudden introduction of this new mission that appeared to fragment the Army’s ongoing biometrics program, which was then oriented toward information assurance and (peacetime) access control.......Page 49
Intellectually, the distinction can be made to disappear in a more expansive regimen: an individual presents himself/herself to the “system.”......Page 51
The Task Force solicited “use cases,” in the form of scenarios or vignettes of biometrics in action, from all its government advisors and added its own experience and imagination. Perhaps the most comprehensive and authoritative set are provided as “operational vignettes” in the Capstone Concept of Operations For DoD Biometrics In Support of Identity Superiority, which are presented in their entirety in Appendix E.......Page 52
Appendices E through N of this report detail the use cases identified by the Task Force, including those sourced from other elements of the federal government in which Defense missions are impacted or DoD capabilities evoked.......Page 53
1. Improve the consistency of review policies by using a peer-review process (such as is used for journals) to facilitate repeatability, documentation of experiments, and executability.......Page 55
Consideration of these driving forces led to the identification of four “preeminent challenges” in the NBC document: sensors, systems, interoperability, and social issues of communications and privacy.......Page 56
Scalability......Page 57
rec_6......Page 58
In a strong information assurance setting, this is likely to be the state-supported impostor’s preferred method. Because such attacks are not unique to biometrics, although their probability would likely increase as a result of strong biometrics at the front end, we do not discuss these here and suggest that research in this area is the province of the DoD NII/CIO and DIRNSA wearing their information-assurance caps.......Page 59
rec_7......Page 60
rec_9......Page 61
rec_11......Page 62
rec_14......Page 63
rec_16......Page 64
rec_18......Page 65
rec_19......Page 66
rec_22......Page 67
The absence of universally understood and agreed upon interpretation of law and policy related to biometrics has led to disparate local interpretation and/or implementation, which is inefficient and ineffective;......Page 69
rec_23......Page 70
rec_26......Page 71
rec_28......Page 72
rec_29......Page 73
rec_30......Page 74
rec_33......Page 75
rec_34......Page 76
rec_37......Page 77
rec_38......Page 78
Finally, we suggest that the modern history of biometrics and IM in America has been dominated by programs which “worked,” in a technological sense, but which were deemed unacceptable in the “court of public opinion.” We must learn from these experiences, and pay close attention to these “social science” aspects of the total biometrics topic, as we seek to design, develop, field and operate biometrics programs that “work” in every respect, here and in forward operating areas.......Page 79
rec_observationprivacy_16......Page 80
rec_39......Page 81
rec_41......Page 82
The definition of identity theft varies according to the mission and the customers of affected agencies and businesses. The FBI and the FTC broadly interpret the identity theft statutes to include any financial or non-financial account takeover and true name fraud as identified in 18 U.S.C. 1029 (e)(1). The FTC Identity Theft Clearinghouse collects consumer identity theft information on true name, account takeovers, and credit card fraud. The American Banking Association (ABA) defines identity theft as financial account takeovers and true name fraud for deposit accounts only. Major credit card companies such as MasterCard and Visa categorize identity theft as account takeovers and fraudulent applications but exclude most other forms of credit card fraud (use of lost, stolen, or never-received cards; counterfeit cards; and mail order/telephone order fraud) from the definition. The most significant difference in these definitions is the means by which an account takeover is defined. MasterCard and Visa do not consider the fraudulent use of a credit card as account takeover because the perpetrator of the fraud has not fully assumed the identity of the victim. However, the FTC and the FBI consider credit card numbers to be a means of identification, and any use of the account numbers constitutes identity theft-related account takeover.......Page 83
Identity thieves use many techniques to target victims and obtain sensitive personal information. These methods range from conventional tactics, such as identity theft facilitated through a personal relationship with the victim, to advanced schemes using technology and the Internet. The furtive methods employed by perpetrators of identity theft often allow criminals to remain anonymous and prevent consumers from detecting the theft before significant damage is inflicted.......Page 84
Approximately 50 percent of identity theft victims claim to know the identity of the perpetrator, who is usually a relative, neighbor, or acquaintance of the victim. Although conducted on a less visible scale than high-profile mass thefts of consumer information, the prevalence of identity theft committed through a personal relationship can prove especially detrimental to victims. Criminals often have access to bank account and credit card information, property deeds, and identifying documentation.......Page 85
Mailbox theft is another common method to obtain personal information. Mailboxes yield valuable information from bank account statements and credit card bills to credit card marketing offers. In apartment buildings, the mailboxes are typically located in one central area. This is an excellent target for collectors of information. The criminal can access multiple mailboxes within minutes. In single family communities, mailboxes located at the end of the driveway are easily accessible for an identity thief to steal incoming or outgoing mail. It is common for the resident to drop outgoing mail in their mailbox and put the flag up signifying that mail is in the mailbox. Although this flag signals a mail pickup to the mail carrier, it is a “red flag” for an identity thief to steal the mail. Typically, the outgoing mail will contain checks for payment to credit card and utility companies. Bill payments may contain an account number, the name, address, telephone number of the person, and the checking account number. Identity thieves have enough information to constitute an account takeover.......Page 86
Identity thieves also use employment advertisements to deceive individuals into relinquishing personal information. In this scheme, the perpetrator posts a job advertisement online or contacts the victim through a spam e-mail. The victim responds to the job posting through an online job application. This application requests sensitive information including date of birth, SSN, employment history, and contact information. In some instances, the victim’s identity is immediately exploited; in others, the victim may actually become an employee of the subject, often agreeing to receive and resend money or products to the subject before their identity is compromised.......Page 87
Criminals use many methods to obtain or create fraudulent identification documents. High-quality fraudulent identification documents, such as social security cards and birth certificates, can be used to acquire subsequent identification documents, such as passports and driver’s licenses. Blank documents stolen from legitimate sources, such as the DMV, may be impossible for law enforcement officials to detect as counterfeit. Technological advances and sophisticated computer graphics programs enable criminals to create high-quality fraudulent driver’s licenses and passports complete with holograms and other security features. Many fraudulent documents appear so realistic that they escape the detection of highly-trained individuals. Fraudulent documents present a significant national security threat to the United States and preclude law enforcement from verifying an individual’s true identity.......Page 88
The bottom line in this part of our discussion must be that while biometrics can seal a given human being to a set of biometric indicators, nothing can underwrite the claims made by the enrollee or anybody else regarding the “TRUE identity” underlying the enrollment. A person may perhaps succeed in enrolling with a false biographic story – once. What we must hope they can never do is to discard that “root ID” in favor of any other at a whim, and fail to be detected in so doing. In fact, current procedures associated with HSPD-12 seek to mitigate just that threat, by requiring background investigation before permitting biometric enrollment for root ID.......Page 89
1. The reference biometric (biometric at rest) must be digitally signed to detect tampering, and the association of the biometric with either identity or privilege must maintain a mechanism for revocation. A biometric used for privilege should be traceable to the biometrics used for establishment of identity, and must also be revocable.......Page 90
rec_42......Page 91
rec_43......Page 92
rec_44......Page 93
rec_46......Page 94
Finding: A decision to save only the extracted information and discard the “original” entails future risk and serves only to conserve computer storage and processing, each of which is getting cheaper and cheaper. Because the value of a legacy identity database grows non-linearly with the number of individuals, that is, the utility grows faster than the size of the database, discarding the “original” is likely a false economy. It is, however, sobering to “do the math”. The FBI digitization standard of 500dpi yields a fingerprint record of 10mb. Lossless compression, in practice, seldom does better than 2:1. The FBI has some 200 million fingerprint cards and its automated system topped 52 million records last July, with 6,000-7,000 new accessions per day. They handle 65,000 service requests per day. (Page 36)......Page 95
Recommendation 42.: That the PSA for biometrics cause this issue of using the biometric, itself, for remote authentication across a broad multi-use network to be re-examined. Participants in the re-evaluation would include, inter alia, the CIO(s), the ASD/NII, and the DIRNSA. (Page 81)......Page 96
Recommendation 11.: The OSD PSA for biometrics should work with ASD/NII, DoJ/FBI and the Services to identify and achieve time-based performance requirements for biometrics data transmission, comparison/analysis and return of results, all in the context of operational needs in the various use cases. Establish programs to develop or modify existing biometrics collection and/or data-routing systems to achieve required timeliness. (Page 52)......Page 97
Recommendation 42.: That the PSA for biometrics cause this issue of using the biometric, itself, for remote authentication across a broad multi-use network to be re-examined. Participants in the re-evaluation would include, inter alia, the CIO(s), the ASD/NII, and the DIRNSA. (Page 81)......Page 98
Recommendation 2 : The PSA for biometrics, in lieu of a PSA for identity management, should assign the accountability for analyzing, documenting, and refining the business and work-flow processes and systems architecture(s). (Page 24)......Page 99
Recommendation 38.: The OSD PSA for biometrics, in coordination with and supported by the USD/P&R, should examine the model used to support and encourage the emergence of Information Assurance (IA) as a recognized and accredited academic discipline in the 1990’s, in terms of its possible relevance for reproduction and application to IM/biometrics. In the IA case, the National Security Agency provided technical advice and oversight; sponsored conferences, papers and some basic research; established standards for accreditation; and awarded recognition and other resources to qualifying institutions. This strategy is perceived to have been instrumental in accelerating the definition and emergence of IA as a specific professional field, just in time to support the Department’s, and the nation’s, rapidly-expanding needs. We believe the current circumstances related to biometrics, and especially to identity management, demonstrate many similarities. (Page 68)......Page 100
Recommendation 25.: The Secretary of Defense should consider the establishment of a dedicated, senior-level position on the OSD staff. This official should have cognizance over all Identity Management activities across the Department, and should also represent the department’s total interests in this area externally, coordinating appropriately with other US governmental departments and agencies, and international partners. The PSA for Biometrics would report to this office. (Page 61)......Page 101
Recommendation 41.: The OSD PSA for biometrics should request a broad review by the Office of General Counsel (OGC) of the privacy implications of biometrics use within the Department, which should be coordinated with the Department of Justice. Based on the results the PSA, in coordination with the Defense Privacy Board and the OGC, should create comprehensive biometrics privacy policies and strategies as required to support the range of defense missions, consonant with interagency efforts. (Page 72)......Page 102
Appendix A — Terms of Reference......Page 103
Mr. Russell McIntyre, DIA/DT......Page 107
Ms. Amely Moore, SAIC......Page 108
22 June 2006......Page 109
28-29 September 2006......Page 110
Appendix D — Appointing New OSD PSA for Biometrics......Page 113
OLE_LINK9......Page 115
Track a Person of Interest......Page 116
Manage Local Populations during Military Operations......Page 117
Upon completion of in-processing, the visitor is granted access to specific parking lots and buildings on the installation. The validation process is repeated in a layered security procedure, using the individual’s specific identification biometric-enabled token processed by networked security access control devices. The visitor’s identification and access level is confirmed at each location. The visitor enters the main building for a scheduled meeting, where he must provide a biometric sample to gain access. The collected sample is compared to the local trusted source, and following a positive match access is granted. Physical security personnel ensure that the visitor does not possess any prohibited items.......Page 118
Biometric data is collected as the affected individuals are rescued, treated or entered into the refugee management process. DoD personnel utilize the collected biometric files stored in the local un-trusted source as the reference set against which subsequent matches are made. As personnel are placed aboard transportation, provided medical care or basic services at a disaster relief site, the individuals’ biometrics are the “tokens” that authorize their access. In each instance, once the biometric file is matched, the identity is referenced against repositories of non-biometric information such as camp rosters, medical records, records of service provided, transportation logs, etc. to enable better management of services provided and needs of the population. This data and the collected biometrics are shared with the host nation and our coalition partners to assist in integrating their relief efforts with those of US forces. The host nation also compares the collected information to compare with whatever repositories of non-biometric data may have survived the disaster (tax records, census data, etc) to assist in the speedy location and reuniting of families. At the request of relief organizations, the national government shares the biometric data and identification results with NGOs and neighboring countries affected by the refugee flow.......Page 119
Control Physical Access......Page 120
The following year a different Army medical detachment deploys to the AOR to perform MEDCAPs. At the first village, Army medics encounter far more villagers awaiting vaccination than anticipated, creating concern that the amount of on-hand vaccine is insufficient. To assist the ongoing mission, a repository of associated information has been established during previous MEDCAP exercises. Biometrics samples are collected on each person awaiting vaccination and matched to the local-trusted source. Numerous positive matches occur. These match results are compared against the repository of associated information to identify which individuals received vaccinations in the past. Analysis of the match results and the repository of associated information reveals that a large number of those awaiting vaccination have already received the vaccine during previous MEDCAPs.......Page 121
A newly-arrived disbursing officer is ordered into the local community to pay a contractor for recently completed work. This officer has never met the local national to whom he is to pay a large sum of cash. Following the directions provided by a local interpreter, the disbursing officer arrives at what he believes is the office of the intended contractor. Unbeknownst to the disbursing officer, he has arrived at a fake contractor's office. As a condition of payment the supposed contractor provides his biometric information. A field match test reveals the presented biometric samples do not match the biometric file of the individual identified in the contract. The disbursing officer refuses to pay despite the local interpreter’s and contractor's insistence.......Page 122
Several months later, the detainees are released to a foreign government for adjudication and repatriation.......Page 123
Identify An Unknown Individual During Tactical Operations......Page 124
Control Physical Access......Page 125
This is the process of establishing that the CAC Card is in the possession of the individual who is the legitimate owner of the card. Classically, identity authentication is achieved using one or more of these factors: a) something you have, b) something you know, and c) something you are. The assurance of the authentication process increases with the number of factors used. In the case of the CAC Card, these three factors translate as follows: a) something you have – possession of a CAC Card, b) something you know – knowledge of the PIN, and c) something you are – the visual characteristics of the cardholder, and the live fingerprint samples provided by the cardholder. Thus, mechanisms for CAC cardholder validation include:......Page 127
Enable Information Assurance......Page 128
Periodic revalidation of an individual’s identity......Page 129
Verify the military identity of a person requesting military pay and benefits......Page 131
Verify the military identity of a person being issued a military credential to enable pay and benefits access......Page 132
Verify the disaster identity of a person being issued a temporary credential to enable benefits access......Page 133
Identify a deceased individual......Page 135
The quick reaction force with the explosive ordinance team and weapons intelligence team arrived. The EOD team commander quickly debriefed the on – site command on what occurred, determined the entry control point to begin his teams render safe procedure to ensure that that are had no more IEDs. The quick reaction force fanned out and expanded the perimeter. The WIT members began interview patrol unit members, began taking photographs of the area. As the EOD team expanded their search area they found the dropped PMR and recovered it. The EOD team member who recovered it checked for it being booby trapped not being aware that the insurgent had dropped it while fleeing the site. The EOD operator was forensically aware knowing that it may have latent finger prints on it. He left for the WIT to handle. No further IEDs were found and the EOD team cleared the WIT on to the site pointing out the PMR......Page 137
The CEXC has received both devices from the EOD Battalion for second phase exploitation. The second phase exploitation will consist of checking for latent prints on the exterior of the devices. If found they will be recovered and entered into the Biometric Automated Tracking System or BATs. Matches are reported to the appropriate entities to support follow – on operations. The wrapping of the firing pack is removed and retained for forwarding to TEDAC......Page 138
Use of biometrics as a forensic element in the exploitation chain for captured IED components is a new activity for DoD, tactical commanders and their Soldiers and Marines. Practical education has not yet caught up with expectation for result. In the scenario presented only those forensically trained handled recovered devices. However another scenario often occurs in which several soldiers handle devices without forensic awareness training or proper gloves, evidence bags. The DVD titled “Biometrics: New Techniques to Fight the War on Terrorism presented the strategic need well however success with this forensic application begins at the tactical level with proper training and education for the first tactical responders.......Page 139
As with any other application that has evidentiary value in a court of law its value, acceptance and standard of application have to be known before it enters said court. In a counterinsurgency operation sovereignty is ultimately shared with the supported country with the host’s courts law where those involved in insurgent activities are tried. This is the case in Iraq. The identity system of Iraq, how it functioned, where it resided, who was in it and the standards by which that occurred was not known nor regarded as significant. Biometric data recovered from device, weapon, document or other circumstance needs to be handled and presented in such a way as to support to the identification and prosecution of suspected insurgents.......Page 140
The Transportation Security Administration (TSA) has several programs involving biometrics, such as the domestic Registered Traveler program. It is designed to allow low-risk individuals to bypass the long security inspection lines in airports and proceed through a biometrically-enabled checkpoint. Another program is focused on verifying the identity of hazardous material truck drivers. Verifying that a person has the authority to enter a restricted area of an airport gave rise to a program designed to establish a biometrics qualified products list that airport authorities can rely upon to select devices that will meet TSA requirements. The Transportation Worker Identity Card (TWIC) is a major initiative that will allow workers to access different facilities with one identity document that may contain multiple biometrics and authorization levels for various locations. It is being designed to be conformant with the specifications of the PIV for Government workers and contractors accessing government facilities.......Page 141
The Department of Homeland Security (DHS) and INTERPOL exchange fingerprint data on internationally wanted criminals. DHS also shares lookout records on terrorists and major criminals, gang-related records (such as MS13) and deportee records with other countries. This information may be shared on a case-by-case basis with other countries and agencies, depending on agreements with the data provider. An example is working with the Government of El Salvador to exchange biometric information on persons involved in gang related activities.......Page 142
DHS also works with nations to review their biometrics and identity management programs. A recent example is the seminar held with the Government of Indonesia on e-Passports and national ID.......Page 143
OLE_LINK1......Page 145
Several months later, the detainees are released to a foreign government for adjudication and repatriation.......Page 146
Several years later, a U.S. police department responds to a trespassing complaint at a local water treatment plant. Two subjects are apprehended and fingerprints are taken at the police department’s primary booking station. The fingerprints are transmitted to the FBI’s fingerprint database and matches are made against the previously shared biometric samples from the military detainees. Since the fingerprints have been entered into the KST File, the FBI’s CJIS Division Intelligence Group notifies the Terrorist Screening Center (TSC) of the encounter. As a result, the TSC notifies a Joint Terrorism Task Force to investigate whether the trespassing act was an indication of a terrorist threat to the nation.......Page 147
It has been suggested that within the context of a broad privilege management regime, built on HSPD-12, it could be possible to dynamically control access to key data, equipment and even facilities, selectively enabling new operators, while “locking out” systems or operators which had been compromised.......Page 149
Appendix O - Biometric Modalities Matrix......Page 151
A......Page 153
B......Page 154
An open forum to share information throughout government, industry, and academia. For more information visit www.biometrics.org.......Page 155
C......Page 156
An individual that willingly provides his/her biometric to the biometric system for capture. An individual who wishes to assert an identity. Example: A worker submits his/her biometric to clock in and out of work. See also indifferent user, non-cooperative user, and uncooperative user.......Page 157
D......Page 158
An expression of one’s identity suitable for computer-mediated transactions, on-line transactions, or transmission/certification of identity over modern communications networks.......Page 159
E......Page 160
The process of converting a captured biometric sample into biometric data so that it can be compared to a reference. See also biometric sample, feature, template.......Page 161
F......Page 162
A face recognition development program sponsored by the U.S. Government from 2003-2005. For more information visit http://www.frvt.org/FRGC/. See also FERET, FRVT.......Page 163
I......Page 164
Identity Theft Assumption and Deterrence Act, as amended, defines identity theft as the knowing transfer or use, without lawful authority, of a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable state or local law.......Page 165
Integration, Tasking and Networking; one of five IAFIS segments that provides workflow management of ten-print, document, and latent print processing, as well as storage and retrieval of fingerprint images; maintains FIMF and provides connectivity among all IAFIS segments, as well as the front-end communications between the IAFIS and LE community who make electronic submissions and requests.......Page 166
L......Page 167
M......Page 168
N......Page 169
O......Page 170
P......Page 171
R......Page 172
S......Page 173
Fingerprints taken by simultaneously pressing the four fingers of one hand onto a scanner or a fingerprint card. Slaps are known as “four finger simultaneous plain impressions.”......Page 174
T......Page 175
An error that occurs in a statistical test when a false claim is (incorrectly) not rejected. For example: Frank claims to be John and the system verifies the claim. See also false accept rate (FAR).......Page 176
V......Page 177
Z......Page 178
Word Bookmarks......Page 0