3M Identity Management

Transcription

3M Identity Management
3M Identity Management
3M™ Cogent Managed MobileID Service
Introduction
their mobile environment— sending requests for identification to
their State AFIS and, where allowed, to the FBI’s Repository for
Individuals of Special Concern (RISC). The FBI’s RISC fingerprint
database includes approximately 2 million records of wanted persons,
sex offender registry sunjects, and known or suspected terrorists.
Solution Overview
3M Cogent’s MMIS functions as a gateway for the mobile devices
to communicate and search the state AFIS, and subsequently, if
permitted, the federal database, FBI RISC.
A growing number of law enforcement agencies are turning to
mobile fingerprint identification technology to provide real-time
identification capabilities to law enforcement officers. Mobile
identification (MobileID) is a valuable crime fighting tool that requires
and investment in infrastructure that small- to medium-sized
agencies may not have the resources to support. To address this
need, 3M Cogent has developed a backend infrastructure, Managed
MobileID Service (MMIS). Agencies can leverage MMIS to implement
First Segment
The design architecture for the MMIS consists of three distinct
segments. The first segment illustrates the agencies and the mobile
identification devices.
The second segment illustrates the MMIS, hosted at 3M Cogent
in Pasadena, CA. This segment includes the firewalls, VPN server,
Certificate Authority Server, and the MobileID submission server.
The third segment illustrates the state AFIS and FBI RISC mobile
search systems.
Second Segment
host certificate
+
or Login
Certificate
Authority
Server
HTTPS
SMTP
FTP
State
VPN
Agency 1
BCII, MI2, or MI3
Third Segment
HTTPS
Agency 2
MI2 or MI3
Mobile
Wireless
Network
+
User Enrollment
Login
MobileID
Server
Authentication WS
Submission WS
Authentication Service
User Group Manager
FBI
User Enrollment Station
Web UGM + CSD330
Figure 1. Architecture overview for the Managed MobileID Service (MMIS)
Empowering Law Enforcement,
Leading Biometric Solutions
a 3M Company
Cogent’s MMIS security is fully compliant with the FBI’s Criminal
3M
Justice Information Services (CJIS) Security Standard and offers
two ways to secure the communication between an agency’s mobile
devices and the MMIS. The first method utilizes VPN technology
to create a secure channel between the mobile service and 3M
Cogent’s MobileID server. The second method requires
two-factor biometric authentication over a CJIS-compliant HTTPS
secure communication. User credentials are managed centrally on
3M Cogent’s User Group Manager (UGM) while fingerprints are
managed using 3M Cogent’s Web UGM.
The second workflow involves the identification searches which
are sent from the mobile device, through the firewall, to the web
service before being forwarded to 3M Cogent’s MobileID workflow
region. After a MobileID search transaction is properly formatted
to state and FBI standards, it will be forwarded to the state AFIS
for subject identification. In addition, if the state’s AFIS system is
able to communicate with the FBI RISC database, the search will be
forwarded to that system as well.
Using a secure mobility client, 3M Cogent supports iPhone®,
iPad®, Android®, and Mobile Ident II & III devices. The VPN client
provides reliable and easy-to-deploy encrypted network connectivity,
including:
3M Cogent has implemented MobileID service for many customers in
several states, including California against DOJ/FBI, Florida against
FDLE/FBI, Ohio against Ohio BCI/FBI, Houston Police Department
against Texas DPS/FBI, and Maryland against Maryland DPSCS/FBI.
Transactions are transmitted through the state’s secure network and
utilize common protocols such as SMTP, FTP, and HTTPS.
1. Strong encryption, including AES-256 and 3DES-168
2. Advanced encryption, including NSA Suite B algorithms, ESPv3 with
IKEv2, 4096-bit RSA keys, Diffie-Hellman group 24, and enhanced
SHA2 (only available for IPsec IKEv2 connections; Premium ASA
license required)
The server configuration for 3M Cogent’s MMIS capacity and
performance requirements provide 2,000 two-finger searches at
peak-hour throughput, with a response time of 15 seconds within 3M
Cogent’s system. The storage capacity can hold up to three months
of transactions and can be configured for additional time if needed.
3. Access Control List (ACL) and Disabling Split-Tunneling will be
implemented to secure network
Standard audit reports available to agencies include:
1. Mobile Search Transaction Reports for a Specified Period
2. Hit Reports During a Specified Period
3. Mobile Searches Statistics Reports During a Specified Period (i.e.,
daily, monthly, yearly)
3M Cogent’s MMIS includes two types of workflows. The first
workflow is for user authentication requests which are sent from the
mobile device, through the firewall, to the web service before being
forwarded to the authentication server. The authentication server
ensures that only authorized agency personnel are using the mobile
devices.
NIST/
HTTPS
Authentication
Server
State/FBI
NIST
DMN
NIST/HTTPS
or FTP
or SMTP
Features:
•500 ppi fingerprint sensor
•Weighs less that 5 ounces
3M™ Cogent CSD330
Single-digit Fingerprint Scanner
•Color LCD display
•Bluetooth communication
Features:
• USB 2.0 power/data
3M Cogent can typically accomodate any state’s WAN connection.
System Components and Pricing
Agencies interested in 3M Cogent’s MMIS will need to purchase
mobile identification devices, Web UGM license, and a CSD330
single-digit fingerprint scanner from 3M Cogent. The agencies
will need to provide SIM cards and wireless communication for
the mobile identification devices and an up-to-date computer
workstation for the Web UGM.
•Data encryption (optional)
•WSQ image compression
•FBI Mobile ID FAP 10
• Ambient light rejection
Models Available:
•BlueCheck II: Optical fingerprint scanner model
• FBI Mobile ID SAP 30
•BlueCheck IIu: Capacitive fingerprint scanner model
•BlueCheck IIa: Capacitive fingerprint scanner model for iOS devices
Table 1. Successful implementation of 3M Cogent’s MMIS requires the collaboration between agency, state, and 3M Cogent to ensure the
following responsibilities are met:
Agency
2
State

Ensure MMIS compliance with CJIS security standards

Integrate 3M Cogent MMIS and state systems



System integration testing


Define audit reports


Provide CJIS Security Amendment for criminal outsourcing
to 3M Cogent



AFIS state submission detailed ICD and testing support

Grant permission for MobileID search submission to state AFIS

Support FBI RISC search submission

3M Identity Management
iPhone and iPad are registered trademarks of Apple, Inc. Android is a registered trademark of Google, Inc.
3M Cogent
Provide 3M Cogent MobileID Service System, firewall, VPN, communication between mobiles and MMIS
Service contract
Figure 2. 3M Cogent’s MMIS Communication Protocols
3M Identity Management
One of the lightest, ruggedized mobile identification devices available.
Uses Bluetooth communication to securely transfer fingerprint data to
a Bluetooth-enabled Android, BlackBerry®, or iOS smart phone for
submission to the Managed MobileID Service.
System to enroll and manage
user credentials and fingerprints
enabling biometric logon on
selected mobile identification
devices ensuring use by
authorized personnel.
3M Cogent’s MMIS leverages the state’s network infrastructure,
ensuring compliance with all state and federal requirements for the
transmission of sensitive information.
• Network management is administered solely by the state’s IT staff
3M Cogent
Mobile
Region Server
3M™ Cogent BlueCheck® II with MobileID
Client for smart phones
Web UGM License with CSD 330
• 500 ppi optical fingerprint sensor
• Circuit installation
Workflow
Socket
Pricing for the mobile identification devices is based on the total
number of devices to be deployed. Please contact 3M Cogent for
customized pricing and additional information.
Implementation
• 3M Cogent-provided network equipment
Web
Service
2. More than 10 mobile identification devices and/or 20+ users
• Leasing a private T1 circuit to establish a network connection to the
state’s private network and utilizing the state-defined encryption
These additional reports can be developed on a time and materials
basis.
NIST WS
over
HTTPS
1. Less than 10 mobile identification devices and enrolling less than
20 users
An example of a typical state network infrastructure design could
include:
Agencies can request customized reports to meet specific agency
operational requirements.
MI2 & MI3
or
BC II &
smartphone
“3M Cogent’s MMIS provides
a cost-effective framework for
collaboration between local and
state agencies.”
3M Cogent offers two pricing options for the Web UGM license and
CSD 330 fingerprint scanner:
3
Bluetooth is a registered trademark of Bluetooth Sig, Inc.
BlackBerry is a registered trademark of BlackBerry Limited Corporation.
3M™ Cogent Mobile Ident II (MI2)
3M™ Cogent Mobile Ident III (MI3)
Mobile identification handheld device with an all-in-one, compact,
ergonomic design. Ideal for enhancing identity verification programs
for military, law enforcement, and other types of agencies, allowing
users to access crucial data in challenging environments.
Multi-biometric mobile identification handheld device for military,
law enforcement, and civil government applications. Ideal for remote
subject identification, disaster scene management, ID document
authentication, traffic citation, and much more.
Features:
•500 ppi optical fingerprint sensor
Features:
•500 ppi optical fingerprint sensor
•Color LCD touch-screen
•Color LCD touch-screen
•Built-in camera
•Built-in camera
•Bluetooth, wireless, and
data communication
•Modular attachments: contact/contactless
smart card readers, magnetic stripe card
reader, barcode scanner, passport reader,
3 inch thermal printer
•Data encryption enabled
•WSQ image compression
•Bluetooth, wireless, and data
communication
•FBI Mobile ID FAP 20
•Data encryption enabled
•WSQ image compression
•FBI Mobile ID FAP 30
Complete security begins with 3M:
As a partner, 3M Identity Management uses powerful strategies, products and systems to create complete solutions for your
security challenges. To learn more about our industry leading security materials and end-to-end identification and authentication
solutions, visit 3M.com/IdentityManagement.
Important Notice to Purchaser
3M Identity Management offers complete solutions and a range of security products to protect against article and/or document identity counterfeit, alteration, diversion, duplication, simulation and substitution.
However, no security products can guarantee absolute protection against attempts to successfully accomplish these illegal activities. For specific 3M product and solution warranties please see
3M.com/IdentityManagement.
Warranty, Limited Remedy and Limited Liability
THE FOLLOWING IS MADE IN LIEU OF ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 3M warrants
that its 3M Identity Management products will meet 3M’s written specification at the time of shipment. 3M’s obligation and your exclusive remedy shall be, at 3M’s option, to replace or repair the 3M product
or refund the purchase price of the 3M product. IN NO EVENT WILL 3M BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO,
LOSS OF PROFITS, IN ANY WAY RELATED TO THE PRODUCTS REGARDLESS OF THE LEGAL THEORY ASSERTED. User is responsible for determining whether the 3M product is fit for a particular purpose and
suitable for user’s application. Warranties, remedies and limitations may vary by product and jurisdiction. Please consult 3M product quote or agreement, or contact 3M for specific information about individual
products.
Identity Management
United States and Latin America
3M Center,
Building 225-4N-14
St. Paul, MN 55144-1000
U.S.A.
1-800-581-2631
3M.com/IdentityManagement
Identity Management
Europe, Middle East and Africa
Identity Management
Asia Pacific
Identity Management
Canada
3M United Kingdom PLC
1 Yishun Avenue 7
1545 Carling Avenue
3M Centre
Singapore 768923
Ottawa, ON
Cain Road
+65-6450-8888
Canada K1Z8P9
Bracknell
1-613-722-2070
RG12 8HT
United Kingdom
+44(0)-8705-360036
3M and Cogent are trademarks of 3M Company. All other trademarks are the property of their respective owners.
Identity Management
3M Cogent, Inc.
639 N. Rosemead Blvd.
Pasadena, CA 91107
1-626-325-9600
Please recycle. Printed in U.S.A.
© 3M 2014. All rights reserved.
Used under license in Canada.