Biometrics Identity Management Systems(BIMS)
Doug Greene, Director and Chief Information Officer30 April 2015
What are Biometrics?
2
Biometrics are distinctive, measurable, physical traits used to describe and identify individuals”“
Why does UNHCR use Biometrics?
3
Fingerprints and iris scans allow UNHCR to verify, protect and maintain identities over time
Strengthens integrity of existing registration data Fast, accurate and reliable identity verification Protection of identities and avoiding identity
misrepresentation Facilitating identity management during refugee
movement
What is BIMS?
Outcomes:• Highly-positive passenger experience and feedback
• Over 45 million transactions since deployment in 2010• Transaction time < 15 seconds
• Introduced automated e-Passports gates at Heathrow and Stansted Airport
• Both airports represent 54% of all incoming passenger traffic to the UK
• Featuring advanced anti-tailgating solution (single gate with detection portal)
UK Self-Clearance for EU ePassport Holders
Chad Verification/Enrolment – 450,000 Refugees
Proven Industry Solution
Thailand Verification/Enrolment – 120,000 Refugees
4
What is BIMS?
Components
Mobile Identity ManagementAOptix Stratus
Fingerprints, Iris, Face
Under Consideration
Accenture Unique Identity Service Platform (UISP)(Pre-Filtering & Matching Algorithms)
• GREEN BIT Fingerprint Scanner• IriTech Iris Capture• Logitech Webcam
5
6
What is BIMS?
User Interface
4/6/1975Angelina JolieAngelina Jolie
7
Registration/Identification site Uplink Geneva
Mobiledata
InternetISPISP
SatelliteOperator laptop
Operator tablet
Field server, with partial database Main database
Matching servers
HTTPS server
What is BIMS?
High-Level Process Flow
BIMS Capture Devices• 10 fingerprint images• 2 iris images• 1 facial image
BIMS Client• Controls image quality• Integrates with proGres• Submits enrolment package
to Local BIMS server
BIMS Local Server• Creates biometric templates• Matches with local database to ensure no duplicates• Queues enrolment for submission to Central System
BIMS Central Server• Accepts enrolment package from BIMS Local Server
• De-duplicates enrolment with global gallery of biometric recordsManages synchronization between Local Servers (Local-Central-Local)
• Manages adjudication cases (suspected duplicates) and sends cases down to relevant Local BIMS Server
8
What is BIMS?
System Architecture
UNCHR Office
DIST Corporate Infrastructure (Geneva)
Ultisat Hub (Blavand)
proGres V3 Worstation
Riverbed
CIsco ISR
Cisco 2900 Series
S Y S ACT P OE RP S P S U
I
AC OK 10 0-12 0/20 0- 24 0V~4 /2A, 50 -60 Hz
Laptop
Remote BIM and proGres V3 Site
Ku VSAT(ISP)BGANThuraya IP+3G Modem ADSL
Internet Transit LAN
Transit LAN
UltiSat
Global Internet
Local MobileNetwork
SWISSCOM 3825 (VNG) COLT 3825 (MBT)
Ultisat Router(s) - MBT
Riverbed Steelhead
Public DMZ
BIMS and proGres V4 Networks
CRM Reporting SQL Server
FrontEnd
BIMS & proGres V4 Central InfrastructureCRM App
Riverbed Mobile
Controller
Notes: All BIMS and proGres V4 Servers Virtual on Hyper-VPhysical SQL ServersAll Prod DB Storage on SSDDR Instance TBD (Possibly relocation of Pre-ProdAll Riverbed machines are virtual on VMware
Tablet
Connectivity Kit (ISR & Riverbed)
Other common DIST Infrastructure
Active DirectoryUNHCR.ORG (.LOCAL)
SCCM/SCOM
BIMS and proGres V4 Backend Security Zone
Single User3G/LTE
Connection
Other Satellite Provider(Irmasat, Thuraya, Iridium, etc)
Country Internet
Bottleneck
Nexus SH
Riverbed Central
Steelhead
FWs-External (MBT/VNG)
Kemp Reverse-Proxy/Load Balancers –
Progres.unchr.org -
FrontEnd
Riverbed Netprofiler
Riverbed Steelhead
SAFEHOST
MBT/VNG
Cisco 2900 Series
S Y S ACT P OE RP S P S U
I
AC OK 10 0- 12 0/20 0-24 0V~4/2 A, 50 - 60 Hz
Riverbed
proGres V3 ServerBIMS Local Node BIMS Servers
proGres V3 ServerBIMS Local Node
C-Band VSAT(UltiSat)
Strong and Reliable Connectivity
Online system with direct connection to global database
Multiple Operating ScenariosMultiple Operating Scenarios
Intermittent / Weak Connection
Partially-online system, which syncs
automatically with global database
whenever possible
No Connectivity
Fully offline system, with no connection to global
database
9
What is BIMS?
Security Architecture
All users must authenticate
No data retained on workstations
Operators must authenticate with
biometrics
Field servers 8͛hard drives encrypted
Field servers host only a localised database subset
Main system located behind
UNHCR firewalls
Main system backed up nightly
All main system servers virtual, with
redundant hosts
Field servers use unique SSL certificates to access main system
Role- and site-based permissions, on per-user basis
All BIMS network communications
encrypted with SSL
10
BIMS Enrolment Process
Pre-Identification
Site 1
Site 2
Site 3
Step 2: Pre-identification
Checks for existing enrolments in local area
Step 1: Refugee arrivesInitiation of enrolment in proGres
Result 1:Identity match detected in Site 1 STOP PROCESSESSING
Result 2:Identity not foundCONTINUE ENROLMENT
Geneva
Protection Interview
Enrolment
11
Enrolment Capture and Confirmation
Site 1
Site 2
Site 3
Step 3: Captured biometrics are submitted to
central system, which checks for quality and existing enrolments
Geneva
BIMS Enrolment Process
Result 1:Identity match found from Site 3CREATE ADJUDICATION CASE
Result 2:Identity not foundENROLMENT CONFIRMED
Adjudication Desk
2015 Deployments
ASIAThailandIndiaSri LankaIndonesiaMalaysiaAfghanistanPakistan
Planning is underway with the following UNHCR operations
*Pilot Site
AFRICAChadCongo BrazzaSomaliaKenyaMalawi*MozambiqueZambiaZimbabweSouth Africa
Top Related