3M Identity Management
Transcription
3M Identity Management
3M Identity Management 3M™ Cogent Managed MobileID Service Introduction their mobile environment— sending requests for identification to their State AFIS and, where allowed, to the FBI’s Repository for Individuals of Special Concern (RISC). The FBI’s RISC fingerprint database includes approximately 2 million records of wanted persons, sex offender registry sunjects, and known or suspected terrorists. Solution Overview 3M Cogent’s MMIS functions as a gateway for the mobile devices to communicate and search the state AFIS, and subsequently, if permitted, the federal database, FBI RISC. A growing number of law enforcement agencies are turning to mobile fingerprint identification technology to provide real-time identification capabilities to law enforcement officers. Mobile identification (MobileID) is a valuable crime fighting tool that requires and investment in infrastructure that small- to medium-sized agencies may not have the resources to support. To address this need, 3M Cogent has developed a backend infrastructure, Managed MobileID Service (MMIS). Agencies can leverage MMIS to implement First Segment The design architecture for the MMIS consists of three distinct segments. The first segment illustrates the agencies and the mobile identification devices. The second segment illustrates the MMIS, hosted at 3M Cogent in Pasadena, CA. This segment includes the firewalls, VPN server, Certificate Authority Server, and the MobileID submission server. The third segment illustrates the state AFIS and FBI RISC mobile search systems. Second Segment host certificate + or Login Certificate Authority Server HTTPS SMTP FTP State VPN Agency 1 BCII, MI2, or MI3 Third Segment HTTPS Agency 2 MI2 or MI3 Mobile Wireless Network + User Enrollment Login MobileID Server Authentication WS Submission WS Authentication Service User Group Manager FBI User Enrollment Station Web UGM + CSD330 Figure 1. Architecture overview for the Managed MobileID Service (MMIS) Empowering Law Enforcement, Leading Biometric Solutions a 3M Company Cogent’s MMIS security is fully compliant with the FBI’s Criminal 3M Justice Information Services (CJIS) Security Standard and offers two ways to secure the communication between an agency’s mobile devices and the MMIS. The first method utilizes VPN technology to create a secure channel between the mobile service and 3M Cogent’s MobileID server. The second method requires two-factor biometric authentication over a CJIS-compliant HTTPS secure communication. User credentials are managed centrally on 3M Cogent’s User Group Manager (UGM) while fingerprints are managed using 3M Cogent’s Web UGM. The second workflow involves the identification searches which are sent from the mobile device, through the firewall, to the web service before being forwarded to 3M Cogent’s MobileID workflow region. After a MobileID search transaction is properly formatted to state and FBI standards, it will be forwarded to the state AFIS for subject identification. In addition, if the state’s AFIS system is able to communicate with the FBI RISC database, the search will be forwarded to that system as well. Using a secure mobility client, 3M Cogent supports iPhone®, iPad®, Android®, and Mobile Ident II & III devices. The VPN client provides reliable and easy-to-deploy encrypted network connectivity, including: 3M Cogent has implemented MobileID service for many customers in several states, including California against DOJ/FBI, Florida against FDLE/FBI, Ohio against Ohio BCI/FBI, Houston Police Department against Texas DPS/FBI, and Maryland against Maryland DPSCS/FBI. Transactions are transmitted through the state’s secure network and utilize common protocols such as SMTP, FTP, and HTTPS. 1. Strong encryption, including AES-256 and 3DES-168 2. Advanced encryption, including NSA Suite B algorithms, ESPv3 with IKEv2, 4096-bit RSA keys, Diffie-Hellman group 24, and enhanced SHA2 (only available for IPsec IKEv2 connections; Premium ASA license required) The server configuration for 3M Cogent’s MMIS capacity and performance requirements provide 2,000 two-finger searches at peak-hour throughput, with a response time of 15 seconds within 3M Cogent’s system. The storage capacity can hold up to three months of transactions and can be configured for additional time if needed. 3. Access Control List (ACL) and Disabling Split-Tunneling will be implemented to secure network Standard audit reports available to agencies include: 1. Mobile Search Transaction Reports for a Specified Period 2. Hit Reports During a Specified Period 3. Mobile Searches Statistics Reports During a Specified Period (i.e., daily, monthly, yearly) 3M Cogent’s MMIS includes two types of workflows. The first workflow is for user authentication requests which are sent from the mobile device, through the firewall, to the web service before being forwarded to the authentication server. The authentication server ensures that only authorized agency personnel are using the mobile devices. NIST/ HTTPS Authentication Server State/FBI NIST DMN NIST/HTTPS or FTP or SMTP Features: •500 ppi fingerprint sensor •Weighs less that 5 ounces 3M™ Cogent CSD330 Single-digit Fingerprint Scanner •Color LCD display •Bluetooth communication Features: • USB 2.0 power/data 3M Cogent can typically accomodate any state’s WAN connection. System Components and Pricing Agencies interested in 3M Cogent’s MMIS will need to purchase mobile identification devices, Web UGM license, and a CSD330 single-digit fingerprint scanner from 3M Cogent. The agencies will need to provide SIM cards and wireless communication for the mobile identification devices and an up-to-date computer workstation for the Web UGM. •Data encryption (optional) •WSQ image compression •FBI Mobile ID FAP 10 • Ambient light rejection Models Available: •BlueCheck II: Optical fingerprint scanner model • FBI Mobile ID SAP 30 •BlueCheck IIu: Capacitive fingerprint scanner model •BlueCheck IIa: Capacitive fingerprint scanner model for iOS devices Table 1. Successful implementation of 3M Cogent’s MMIS requires the collaboration between agency, state, and 3M Cogent to ensure the following responsibilities are met: Agency 2 State Ensure MMIS compliance with CJIS security standards Integrate 3M Cogent MMIS and state systems System integration testing Define audit reports Provide CJIS Security Amendment for criminal outsourcing to 3M Cogent AFIS state submission detailed ICD and testing support Grant permission for MobileID search submission to state AFIS Support FBI RISC search submission 3M Identity Management iPhone and iPad are registered trademarks of Apple, Inc. Android is a registered trademark of Google, Inc. 3M Cogent Provide 3M Cogent MobileID Service System, firewall, VPN, communication between mobiles and MMIS Service contract Figure 2. 3M Cogent’s MMIS Communication Protocols 3M Identity Management One of the lightest, ruggedized mobile identification devices available. Uses Bluetooth communication to securely transfer fingerprint data to a Bluetooth-enabled Android, BlackBerry®, or iOS smart phone for submission to the Managed MobileID Service. System to enroll and manage user credentials and fingerprints enabling biometric logon on selected mobile identification devices ensuring use by authorized personnel. 3M Cogent’s MMIS leverages the state’s network infrastructure, ensuring compliance with all state and federal requirements for the transmission of sensitive information. • Network management is administered solely by the state’s IT staff 3M Cogent Mobile Region Server 3M™ Cogent BlueCheck® II with MobileID Client for smart phones Web UGM License with CSD 330 • 500 ppi optical fingerprint sensor • Circuit installation Workflow Socket Pricing for the mobile identification devices is based on the total number of devices to be deployed. Please contact 3M Cogent for customized pricing and additional information. Implementation • 3M Cogent-provided network equipment Web Service 2. More than 10 mobile identification devices and/or 20+ users • Leasing a private T1 circuit to establish a network connection to the state’s private network and utilizing the state-defined encryption These additional reports can be developed on a time and materials basis. NIST WS over HTTPS 1. Less than 10 mobile identification devices and enrolling less than 20 users An example of a typical state network infrastructure design could include: Agencies can request customized reports to meet specific agency operational requirements. MI2 & MI3 or BC II & smartphone “3M Cogent’s MMIS provides a cost-effective framework for collaboration between local and state agencies.” 3M Cogent offers two pricing options for the Web UGM license and CSD 330 fingerprint scanner: 3 Bluetooth is a registered trademark of Bluetooth Sig, Inc. BlackBerry is a registered trademark of BlackBerry Limited Corporation. 3M™ Cogent Mobile Ident II (MI2) 3M™ Cogent Mobile Ident III (MI3) Mobile identification handheld device with an all-in-one, compact, ergonomic design. Ideal for enhancing identity verification programs for military, law enforcement, and other types of agencies, allowing users to access crucial data in challenging environments. Multi-biometric mobile identification handheld device for military, law enforcement, and civil government applications. Ideal for remote subject identification, disaster scene management, ID document authentication, traffic citation, and much more. Features: •500 ppi optical fingerprint sensor Features: •500 ppi optical fingerprint sensor •Color LCD touch-screen •Color LCD touch-screen •Built-in camera •Built-in camera •Bluetooth, wireless, and data communication •Modular attachments: contact/contactless smart card readers, magnetic stripe card reader, barcode scanner, passport reader, 3 inch thermal printer •Data encryption enabled •WSQ image compression •Bluetooth, wireless, and data communication •FBI Mobile ID FAP 20 •Data encryption enabled •WSQ image compression •FBI Mobile ID FAP 30 Complete security begins with 3M: As a partner, 3M Identity Management uses powerful strategies, products and systems to create complete solutions for your security challenges. To learn more about our industry leading security materials and end-to-end identification and authentication solutions, visit 3M.com/IdentityManagement. Important Notice to Purchaser 3M Identity Management offers complete solutions and a range of security products to protect against article and/or document identity counterfeit, alteration, diversion, duplication, simulation and substitution. However, no security products can guarantee absolute protection against attempts to successfully accomplish these illegal activities. For specific 3M product and solution warranties please see 3M.com/IdentityManagement. Warranty, Limited Remedy and Limited Liability THE FOLLOWING IS MADE IN LIEU OF ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 3M warrants that its 3M Identity Management products will meet 3M’s written specification at the time of shipment. 3M’s obligation and your exclusive remedy shall be, at 3M’s option, to replace or repair the 3M product or refund the purchase price of the 3M product. IN NO EVENT WILL 3M BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS, IN ANY WAY RELATED TO THE PRODUCTS REGARDLESS OF THE LEGAL THEORY ASSERTED. User is responsible for determining whether the 3M product is fit for a particular purpose and suitable for user’s application. Warranties, remedies and limitations may vary by product and jurisdiction. Please consult 3M product quote or agreement, or contact 3M for specific information about individual products. Identity Management United States and Latin America 3M Center, Building 225-4N-14 St. Paul, MN 55144-1000 U.S.A. 1-800-581-2631 3M.com/IdentityManagement Identity Management Europe, Middle East and Africa Identity Management Asia Pacific Identity Management Canada 3M United Kingdom PLC 1 Yishun Avenue 7 1545 Carling Avenue 3M Centre Singapore 768923 Ottawa, ON Cain Road +65-6450-8888 Canada K1Z8P9 Bracknell 1-613-722-2070 RG12 8HT United Kingdom +44(0)-8705-360036 3M and Cogent are trademarks of 3M Company. All other trademarks are the property of their respective owners. Identity Management 3M Cogent, Inc. 639 N. Rosemead Blvd. Pasadena, CA 91107 1-626-325-9600 Please recycle. Printed in U.S.A. © 3M 2014. All rights reserved. Used under license in Canada.