A PROJECT REPORT ON
REGISTRY AND PERSONAL IDENTIFICATION SOLUTIONS (RAPIDS)
SBMITTED BY: ABITHA K P
DEPARTMENT OF COMPUTER SCIENCE
COCHIN UNIVERSITY OF SCIENCE AND TECHNOLOGY
RAPIDS(Registry and Personal Identification Solution) is a dynamic flexible solution that can be used for any program in which citizens, residents or visitors register to receive a secure ID card or other identity verification documentâ€whether for national ID programs, voter registration, government services, or more. RAPIDS can even support internal ID-related access cards to provide access to facilities or government computer systems. With such features as live biometric capture and verification against the smart ID card, RAPIDS offers reliable identity verification for individuals seeking security services. RAPIDS framework also supports Application Processing, Biographic and Biometric Capture, Biometric Verification (1-1 comparison of live biometric against biometric stored on a smartcard). This application can be used by governments which attempt to serve more citizens in more convenient way and make sure that services and benefits are delivered only to those for whom theyâ„¢re intended. And also it is helpful to verify the citizen identity reliably and securely.
Recognizing that the most critical step of the identity lifecycle is the initial validation of the claimed identity, source identity documents are being checked via electronic interfaces to the issuing agency rather than relying on paper documents which can typically be easily forged. More and more, biometric identification during the registration process is being used to prevent duplicate enrollments and detect existing duplicate registrations.
Identification and Credentialing is a solution area where organizationsâ€public and private sectorâ€are increasing their spend. Identification and Credentialing includes verifying the identity of individuals, authorizing them to participate in specific programs or verification activities (for example, crossing a border, authorization to drive, or accessing a building), and allowing access to specific resources. The RAPIDS Framework integrates a number of functions required to manage end-to-end life cycle of registered persons and secure documents. With such features as live biometric capture and verification against the smart ID card, RAPIDS offers reliable identity verification for individuals seeking services. RAPIDS framework also supports Application Processing, Biographic and Biometric Capture, Biometric Verification (1-1 comparison of live biometric against biometric stored on a smartcard) This application can be used by governments which attempt to serve more citizens in more convenient way and make sure that services and benefits are delivered only to those for whom theyâ„¢re intended. And also it is helpful to verify the citizen identity, reliably and securely.
CITIZEN IDENTIFICATION ENVIRONMENT:
As governments today attempt to serve more citizens in more convenient ways, the challenge is to make sure that services and benefits are delivered only to those for whom theyâ„¢re intended. Identity fraud costs taxpayers money and reduces public confidence in government, so security is paramount. Manual processes simply canâ„¢t keep pace, and they increase the likelihood of erroneous decisions by even the most experienced agents. Even where individual processes are automated, systems that donâ„¢t talk to one another mean that vital information can be missed, and redundancy and inefficiency in collecting citizen information can increase costs for government and frustrate citizens. Itâ„¢s all too easy to issue a valid ID card based on fraudulent identification, to deliver a valid document to an imposter, or to issue multiple documents in different names to the same person. Security is critical because citizen ID cards are often used as source documents for other purposes.
KEY STRATEGIC TRENDS:
Recognizing that the most critical step of the identity lifecycle is the initial validation of the claimed identity, source identity documents are being checked via electronic interfaces to the issuing agency rather than relying on paper documents which can typically be easily forged. More and more, biometric identification during the registration process is being used to prevent duplicate enrollments and detect existing duplicate registrations.
Another trend in civilian identification involves making identity validation available to other parties, both government and private, as an online service, with a range of levels of validation depending on the requesting party and privacy considerations.
1.3 GLOBAL CHALLENGES:
o Increased need to issue security credentials that employ strong authentication technologies (for example, biometrics or smart cards)
To issue different levels of security clearances depending upon the area in which an individual will be granted access
• Organizations needs to share trusted identities across our enterprise network (federated identities)
• Increased need to control access to facilities, restricted areas, and information systems
• Increased need to issue security credentials that are impervious to identity fraud, tampering, counterfeiting, and terrorist exploitation
• Increased need to protect private/personal information
• Compelling need to develop efficient processes that balance security, service and privacy at a reasonable cost with an acceptable level of risk.
1.4 RAPIDS SOLUTION:
o The framework enables implementation of best practices in the citizen identity management, access control and secures border initiative domains.
o Registry and Positive ID Solutions Framework provides reusable components for the most common business processes based on global best practices and standards.
o Unisys 3D Blueprinting methodology links the userâ„¢s business strategy and processes to their system.(See Appendix B)
Registry and Personal Identification Solutions (RAPIDS) is a framework (Figure 1.1) using which, solutions are structured to capture biographic and biometric data in real- time with immediate checks on a person's identity, and produce e-ID cards and passports. RAPIDS provides a highly configurable workflow and business rules engine and allows for significant variability to support unique client requirements in the areas of enrolment processing, different technologies for secure documents, and different solutions and uses of biometrics.
Environment Requirements for RAPIDS:
Table 1.1: Environment Requirements
# Environment Description Version 1 Server JBoss 4.0.5 2 Software Prerequisites Java jdk1.5.0_12 3 IDE Eclipse Europa 3.3.0 4 Tools SQL Yog 5.17 5 Deployment Environment Windows XP 6 Database MySQL Server 5.0 20
RAPIDS FUNCTIONAL VIEW
This chapter describes the functional characteristics of RAPIDS.
2.1 VERIFYING CITIZEN IDENTITY RELIABLY AND
RAPIDS is a dynamic flexible solution that can be used for any program in which citizens, residents or visitors register to receive a secure ID card or other identity verification documentâ€whether for national ID programs, voter registration, government services, or more. RAPIDS can even support internal ID-related access cards to provide access to facilities or government computer systems. The Registry and Positive Identification Solution (RAPIDS) framework integrates the following key business processes, including:
• Application and Enrollment
• Card Issuance and Quality Assurance
• Point-of service Verification and Authorization
With such features as live biometric capture and verification against the smart ID card, RAPIDS offers reliable identity verification for individuals seeking services.
2.2 ENROLLMENT OVERVIEW:
The RAPIDS framework supports all facets of enrollment, including:
The RAPIDS framework includes all the application processing needs of a large-scale registration and ID system, including the ability to create new, retrieve existing, modify, finalize, persist, archive and delete applications. The framework also allows for the creation of different application types with business rules that can be specified to apply to one or more of these application types.
Biographic and Biometric Capture
Whether an agent enters the application information into the system or an applicant uses a self-service kiosk or the Internet, or even if a paper form is submitted, RAPIDS verifies the completeness of the application, ensures the required supporting documents are presented, and receives and processes any required payments. Weâ„¢ll apply document authentication technology to capture and digitize supporting documentationâ€such as a birth certificateâ€ and check the authenticity of each document.
Biometric Verification (1-1 comparison of live biometric against biometric
stored on a smartcard)
The ability to ensure that a person claiming a certain identity is in fact the person being claimed is a challenge in any secure system. As a best practice, 1-1 verification is performed before issuing an ID to the applicant. This involves a direct, local comparison of the biometrics stored on the ID card with the live biometrics of the person picking up the ID. This serves the secondary purpose of testing the card to ensure the registrant will not run into verification issues when using the card. 22
The RAPIDS framework is capable of using multiple biometrics (fingerprint, face, and/or iris) to deliver strong authentication to the customers. By storing the registrantâ„¢s biometrics on the ID card, two-factor authentication is achieved by insisting on something they have (ID) and something they are (biometric). Three-factor authentication can be achieved by simply adding a password or PIN (what you know) as part of the verification process. So depending on the threat model, a customer can customize the verification process to meet their specific security and throughput requirements.
2.3 CAPTURE BIOGRAPHIC/DEMOGRAPHIC DATA:
The Data Entry Worker captures the demographic data in an electronic form. The Data Entry Worker verifies any supporting data retrieved from a legacy system, if available. Otherwise, the Data Entry Worker fills in the entire application manually. The following process flow describes how the RAPIDS framework implements the industry best practices:
Fig 2.1: Capture demographics Data Entry Worker Initiate Demographic Capture Compare Existing Application Information Against Supporting Documents Update Information Mark Exception End Demographic Capture Determine Exceptions Between Updated Information and Supporting Documents Enrol ment System Acquire Application Display Application Flag Exception Validate Application Updates Save Application Flag Exceptions Between Legacy Host And Updated Data Highlight and Display Invalid or Incomplete Information Display Updated Application Release Application Application Found? [Yes] Differences? [Yes] Exception Found? [Yes] Validation Successful? [Yes] [No] [No] [No] [No] Capture Demographics 24
Exceptions â€œ These are a mechanism for different users of the system to flag aspects that are not the normal/happy path. This is a best practice motivated by the desire to allow a supervisor/approver visibility downstream into exceptions flagged by the enrollment workers. Again, all exceptions are easily configure
Hooks to Legacy Systems â€œ There are hooks in place to read biographic/demographic information from a legacy system here if desired/required.
o We are using UNICODE for all data stored in the framework repository to enable multi-language support. (If you arenâ„¢t familiar with UNICODE it is a character encoding system designed to support the interchange, processing, and display of all the written texts of the diverse languages of the modern world.) For screen shot see Appendix A.
2.4 CAPTURE PORTRAIT:
The Photo Capture Worker captures the Applicantâ„¢s portrait typically using a digital camera. The system ensures that the portrait meets pre-configured quality thresholds and captures it from a live capture. Sometimes there is a requirement to capture a portrait from a hard-copy photograph. Allow Photo Enhancement. The system provides visual enhancement controls such as brightness, contrast, centering, zoom and framing (auto-cropping). The Photo Capture Worker, if needed, tunes the portrait using visual controls to capture the subject with optimum clarity. The system compresses the selected digital image using configured compression scheme (e.g., JPEG 2000).
The following detailed portrait capture process is covered by RAPIDS and can be easily tailored to a customerâ„¢s needs:
20 Fig 2.2: Capture Portrait Capture Portrait Photo Capture Worker Initiate Portrait Capture Capture Quality Portrait By Using Freeze/Unfreeze Feature Enhance Portrait Using Visual Controls Trigger Release Appli... Determine If Portrait Can Be Captured Enrol ment System Acquire Application Display Application Activate Photo Capture Device And Display Provide Visual Controls To Enhance Portrait Perform Digital Compression Update Portrait Information Display Changed Application Flag As Manual Bypass Provide Freeze/Unfreeze Controls Automatic Portrait Enhancement Release Application Application Found? [Yes] Can Portrait Be Captured? [No] [Facial Biometric not required] [No] [Yes] Capture Facial Biometric [Facial Biometric required]
Offline Mode / Paper Applications â€œ The framework has an offline mode to accommodate environments where there is a requirement to capture enrollment information where there is no network access. The data can be synched with the database later.
Paper Applications â€œ In the case where paper applications are being used, an ICAO- compliant photo would be attached. The photo would be extracted from the high- resolution scanned image.
Auto-centering â€œ The framework allows for the configuration of auto-centering, which would enable certain cameras to Ëœauto-findâ„¢ the face and center the image automatically without intervention from the worker.
Camera LCD â€œ This setting redirects the camera live feed from the screen to the display on the camera.
White Balance â€œ When using a digital camera (such as the Canon G5 in this case), this attribute allows the user to adjust the color balance of the captured image. For screen shot see Appendix A. 28
2.5 CAPTURE FACIAL BIOMETRIC:
The Facial Capture Worker captures the Applicantâ„¢s facial information. The facial biometric information can be captured live or from a form-based application (paper capture). Variability: Some agencies may need to capture facial biometrics from the input provided by an existing repository. The following sub activities are performed while capturing facial biometrics: o Capture an image of the face. o Check the quality of the image meets the pre-configured facial image quality acceptance threshold. o Process the facial image and extract facial templates. o Compress the facial image using industry standard compression scheme. The Facial Capture Worker notes any extraction exceptions (e.g. for a form based application), such as a deviation from standard process, and sets up an exception flag. Below is a diagram of the extraction process:
Fig 2.3: Capture facial biometrics. System Check Image Availability Compare Quality Score against Threshold Compute overall Quality Score Activate Photo Capture Device Capture Live Video Capture Image Find Eye Position Capture Facial Biometric Information Discard Image Process Image Display Image and Quality Score Facial Capture Worker Determine if Facial Image is Acceptable Accept Facial Image Adjust Eye Position(s) Choose to Re... [Image not available] [Image available] [No Quality enhancement] [Previous Image] [Quality Enhancement] [Live Capture] [Unacceptable] [Previous Image] [Live Capture] [Acceptable]
A key part of this process is the enforcement of the quality factors on the Facial Candidate Image. The system processes the Facial Candidate Image to do centering, cropping, and rotating as specified by the Image Processing Rules. The system then computes the overall quality score for the Facial Candidate image based on the facial image quality factors. This is done by using Facial Image Quality Assessment Rules. After the facial biometric template has been extracted, a quality assessment is performed (currently using Identix FaceIt or Aware Preface) and the results are displayed in a popup window. Image Quality Assessment is a test given to a facial image after capture but before the image is permanently stored in the database to verify that the facial image will be useful for facial recognition. This test gives the system operator a chance to take another picture if the quality test fails. Image Quality Assessment tests the following attributes of a found face:
o Resolution - This indicates the degree to which the image is blurry. This may be a result of the camera being out of focus. The operator can manually adjust the focus on the camera or ensure that auto-focus, if available on the camera, is turned on. For auto-focus use, most cameras will focus on what is in the middle of the frame. If the subject is off to the side, auto-focus may not work.
Facial Image Confidence - This variable measures the angle the face is tilted one way or another. There are configuration settings to allow the software to auto-adjust the image to correct any tilt of the head.
o Darkness - This indicates that the subject is under exposed. This may be a result of the subject standing too far from the light source or may be a result of the strength of the light source itself. The operator can reposition the subject or adjust the light source to compensate. Note that it is possible for a subject to be both overexposed and underexposed simultaneously in different parts of the face. For example, a strong light source directly overhead may cause the forehead to be very brightly lit and simultaneously creates dark shadows over the eyes. During implementation we work with clients to control as much as possible the lighting and positioning of the applicants for portrait capture.
o Brightness - This indicates that the subject is over exposed. This may be a result of the subject standing too close to the light source or may be a result of the strength of the light source itself. The operator can reposition the subject or adjust the light source to compensate.
Head size - This indicates whether the subject is too far away from the camera. The operator can reposition the subject or adjust the camera lens to compensate
o Glare free - This indicates that glare is occluding the subjectâ„¢s eyes. Glare is generally due to reflection of illumination off of a subjectâ„¢s glasses. The operator can reposition the subject or adjust the light source to compensate. Note that this is essentially a Boolean test so the value will be -1, 0, or 10. A value of 10 indicates there was no glare found, meaning this is a higher quality image for face recognition. Zero (0) indicates that there was glare found in the image. A value of -1 indicates that the image is not suitable for this test. This test is only valid on images with eye obstructions. If the image passed the Eyes Clear test then this Glare Free test will not be performed and the score here will be -1.
o Cropping - This indicates whether the subjectâ„¢s entire head(face) is in the frame. This can identify problems that are resultant of a taller or shorter subject where
part of the subjectâ„¢s face is cropped because the subject is too close to the camera. The operator can tilt and/or pan the camera to compensate. Note that it is possible for the subjectâ„¢s head to be both too small and simultaneously cropped. For example, the subject could be standing far from the camera and to the side.
o Eyes Clear - This indicates whether or not the subjectâ„¢s eyes are obstructed, potentially because the subject is wearing glasses. For the purpose of face recognition, it is better if the subject does not wear glasses. However, your implementation may make it impossible or impractical to remove the subjectâ„¢s glasses. If this is the case, you should ignore this value. Note that this is essentially a Boolean test so the value will be -1, 0, or 10. A value of 10 indicates that there were no eye obstructions found, meaning this is a higher quality image for face recognition. A value of 0 indicates that there was an eye obstruction, potentially glasses. A value of -1 indicates that the image is not suitable for this test. This test is currently only valid on high-resolution images there this test will be performed if the result you get from the Head Size test is less than approximately 8.5.
o Quality Score - Based on the above attributes an Image Quality Assessment (Face Finding) score is given which represents overall quality of the image. This score indicates the general quality of the face found in an image without concern for the remaining quality issues. This score can be used by the operator to decide whether to acquire another photo of a person if the person is present or whether to add a photo to a database if the person is not present. Cues can be provided that may improve image quality for applications where the person is present. Image Quality can be a very important feature because of the strong dependence of system accuracy on database image quality.
The quality assessment can be performed using softwares like Identix FaceIt or Aware Preface. Identix FaceIt â€œ Identix FaceIt is facial recognition software for a broad range of applications and programs for Identity Management. Aware PreFace - Facial biometric matching is used to verify the identity of individuals attempting access for various border management and access control applications. Facial matching algorithms make use of digital photographs of the face stored in a database or on an ID card. These digital images are captured upon registration into the system, and then compared to a live photo of the individual upon an access attempt in a process called matching. The performance of the matching algorithm can be improvedâ€that is, the occurrence of false matches and false accepts can be reducedâ€if the quality of the facial images can be maximized. For this reason, new standards for biometric facial images specify normative requirements for facial image quality, and also provide best practices for biometric facial image capture. In environments where automated facial matching is not yet in use, it can still be useful to aid human visual matching and automate the process of facial photo capture. It is also useful to locate facial features such as eye locations and store them with the image for future use or for use by recipients of the data.
Awareâ„¢s PreFace software performs several functions to analyze biometric facial images and then either notify an operator of non-compliant features of the image or automatically correct the image where possible. PreFace is intended for integration into enrollment and ID personalization applications to:
o ensure compliance of facial images with ANSI/INCITS 385-2004 and ISO/IEC 19794-5 data interchange format standards
o maximize the visual quality of biometric facial images improve performance of the facial image in matching applications by screening non-compliant images upon capture
o improve operational efficiency of the facial photo capture process PreFace functionality includes:
o Feature location
Â¢ Eyes and mouth
o Quality analysis and assessment
Â¢ Eye contrast
Â¢ Facial brightness
Â¢ Facial dynamic range
Â¢ Background uniformity
Â¢ Background gray %
Â¢ Inter-eye resolution
Â¢ Eye axis
Â¢ Image size
Â¢ Head size
o Image optimization
Â¢ Image dimensions
Â¢ Resolution adjustment
Â¢ Horizontal eye positioning
Â¢ Head orientation and size in frame
Â¢ Background color selection
The system applies the configured business rules to assess the quality of the Facial Candidate Image. If the Facial Candidate Image was provided at the start of this process, and the facial image quality enhancement is not required, then the system captures the facial extract. Note: The facial image quality enhancement is required when the Enrollment Supervisor chooses to adjust eye positions for resolving paper application portrait exception.
2.6 SCAN DOCUMENTS:
The Data Entry Worker scans the application form and all supporting documents to create an electronic copy associated with the application record. Each scanned document is assigned a pre-configured document type.
Below is the diagram that shows the flow of events when documents are scanned:
Fig 2.4: Scan Documents Data Entry Worker Initiate Document Scan Function Select Document Type To Be Scanned Feed Document To Device And Start Scanning Enhance Image As Desired Provide Comment Submit Exception Code Select Whether To Cancel Determine If Additional s Need To Be Scanned Determine If Another Document To Scan Select Scan Or Exception Code Enrol ment System Acquire Application Display Application Display List Of Document Types Selected Earlier Display Scanned Image As Scan Is In Progress Cancel Scan Provide Controls To Enhance Scanned Image Al ow to Scan More s Al ow to Comment the Document Compress Image(s) Associate Image(s) With Application Check If Ful Paper Application Form Capture Ful Paper Application Al ow to Scan More Documents Check If Al Documents Selected Earlier Are Scanned Update The Application Record Release Application Prompt For Comment Code Or Continue To Scan Next Document Activate Document Scanner Device Prompt To Begin Scanning Request Document Scanner To Scan Discard Scanned Image Display Application [Application Found] [Cancel Selected] [Cancel not Selected] [More s] [No More s] [Yes] [No] [More Document(s)] [No More Documents] [Yes] [No] [Submit Exception Code] [Scan Documents] [Application not Found] Ful Paper Application Form? Al Documents Scanned?
Business Rulesâ€œ It the documents indicated are available in the initial creation of the application are expected to be scanned, if not system forces the worker to provide exception reasons. Configuration â€œ The framework allows plug and play with any TWAIN-compliant scanner and further allows the fullest extent of scanner capabilities to expose through the system.
2.7 FINALIZE APPLICATION:
The Registration Worker verifies the completion of all Applicant details, obtains the Applicantâ„¢s consent on all information on the application, and formally finalizes the Applicantâ„¢s request to obtain a new ID document. The following process flow describes the details of this flow:
Fig 2.5: Finalize Application Registration Worker Initiate Capture Live Biometrics Trigger Print Receipt Verify Information With Applicant Notify Applicant Of Missing Information Trigger Capture Signature Choose Error Code Notify Applicant Of Plan To Correct Error Trigger Status Change To Finalized Trigger Application Release System [Yes] [No] [Yes] [No] [Yes] Acquire Application Display Application Information Check For Mandatory Information Print Application Receipt Highlight Missing At ributes Display Application Error Codes Set Status To Finalized Release Application Save Application Capture Applicant Signature [No] Application Found? Mandatory Information Exists? Any Errors?
Purpose â€œ The purpose of this step is to allow for a worker, typically a capture worker, to view all the information that has been captured for the Applicant, before submitting it for approval.
Capture Signature - In many cases, the worker will review the information with the Applicant at this point and have them provide a signature on an electronic signature pad. This digitized signature is not used as a biometric, but is stored with the registration record and can be printed on the card if desired. (If paper applications are used it can be extracted from the application form)
Last step in Ëœcaptureâ„¢ portion of enrollment â€œ Steps that follow this, such as Fraud Investigation, Approve Registration, Print and Issue ID will typically be performed by different workers at different workstations.
Recapture â€œ If the worker sees anything he/she doesnâ„¢t like, they are able to edit demographic data by clicking ËœDemographicsâ„¢ in the tree pane and changing the data inline. For biometrics, the worker can click the ËœRecapture Optionsâ„¢ button to choose one or more biometrics to re-capture. If the workflow is configured such that other workers perform the captures, selecting this re-capture option will put re-capture requests in the appropriate workerâ„¢s queue. The workflow could also be configured to allow the worker finalizing the application to perform the re-capture. For screen shot see Appendix A.
2.8 APPROVE REGISTRATION:
The Approver checks the application and supporting documents for any exceptions that need resolution. If the Approver is unable to resolve the exceptions, the application is rejected. In all other cases, the Approver resolves the exceptions, approves the application, and then queues it for printing. Although not best practice, the approval process may be automatic in cases in which no exceptions are marked.
Fig 2.6: Approve Registration A pprover Initiate Application Approval Adjudicate Application Select Next Exception For Review Choose Comment, Provide Description Choose Comment, Provide Description Review Exception A pprove Resistration Enrol ment System Acquire Application Obtain Supporting Application Information Check If The Process Is Initiated By The System Check For Marked Exceptions Update The Status To 'Approve' Display Application Information Check If Any Exceptions Are To Be Resolved Display Exceptions Check Al Exceptions Are Reviewed Create Registration Record With A Unique Registration & ID Number Populate Registration At ributes Update Application Record with Registration & ID Number Update The Status To 'Reject' Prompt For Comment Release Application Update The Status To 'Suspend' Prompt For Comment Update Application Record Update Application Record Trigger 'Send Notification' Save Registration And Application Records Display Selected Exception Initiated By? Exceptions Found? Resolution required? Approved? Al Exceptions Reviewed? [No] [No] [Approver] [Yes] [No] [Yes] [S ystem] [No] [Yes] Suspended? [No] [Yes] [Yes] [Yes] Application Found? [No]
Different worker/workstation â€œ Now we have shifted once again to a different worker. The approver will process applications that have been finalized and are pending approval. The workflow flexibility that the framework provides allows this to be a separate queue processed by one or more approvers at one or more workstations.
Exceptions â€œ This is the downstream worker who will really want to view any anomalies during the enrollment process. These Ëœexceptionsâ„¢ are laid out for this worker in the tree pane on the left.
Application Details â€œ In addition to viewing exceptions, the approver can view ALL of the details associated with the application, including scanned documents. If the application contains any exception that is not resolved, then the approver will not be able to approve the application. First the approver has to resolve all the exceptions that are listed in the tree structure. The exceptions may be of the form â€œ No Portrait, No supporting documents, Duplicate found etc. The approver has to check on the solutions for those exceptions and mark it resolved. Then only the application can be approved. For screen shot see Appendix A.
2.9 DOCUMENT ISSUANCE:
The Registrant provides the application receipt to the Issuance Worker.
The Issuance Worker verifies that the ID document for the Registrant is indeed available at the Issuance Center.
The Issuance Worker performs 1-1 verification by comparing the Registrant information in the ID document with the information obtained from the Registrant including the biometrics captured. The minimum set that should match is based on business rules.
The Issuance Worker verifies that the ID document is not blacklisted.
The Issuance Worker verifies that the Registrant is not blacklisted (not in scope). If the verification fails at any point, then, based on business rules, the Issuance Worker must decide whether or not to issue the ID document. This process has two major components - Initiate Issuance (search for document and confirm existence) and Issue Document (validate, etc.). To accommodate high-volume assembly line processing, this separation may need to be exploited.
Fig 2.7: Document Issuance
Issuance Worker Initiate Scan Applicant Documents Issuance Perform Visual Verification Provide ID to Smart Card Device Select Comment Code Select Continue or End Issuance Determine If Document Can Be Issued Issue the Document & Record Issuance Select Comment Code Determine If Document Is Faulty Select Reprint Yes/No Retrieve ID Document Notify Registrant Notify Registrant Record Issuance Issuance System Verify Document Availability Verify ID Document Not Blacklisted Prompt for Comment Code Prompt "Continue/End Issuance" Mark Exception Code Unlock the Smart Card Perform 1-1 Verification Activate the Smart Card Prompt for Comment Code Update Document Blacklist Prompt "Recommend Reprint?" Update Registration Record Release Application Acquire Application Notify Of Validation Success Update & Archive Application Record Perform Document Issuance [Document Not Available] [Document Blacklisted] [Verification Failed] [Verification Successful] [Not Faulty] [Application Found] [Application Not Found] [Document Available] [Verification Failed] [End Issuance] [Reprint] [Do not Reprint] [Continue Issuance] [Verification Successful] [Document Not Blacklisted] [Faulty] [Can be Issued] [Can't be Issued]
Different worker/location â€œ This screen is likely being viewed by another worker in another location, as the enrollment, card production and issuance centers are not always co-located.
Compare / Quiz Applicant â€œ This screen gives the worker a chance to visually compare the photo captured during enrollment to the person picking up the ID card. The worker could also quiz the applicant on demographic information if this is the policy or if there is a suspicion of fraud.
2.10 PERFORM 1-1 VERIFICATION:
The RAPIDS framework verifies a citizenâ„¢s identity and immediately authorizes their participation in a government program. For voting, a positive verification takes just seconds to authenticate the ID card and authorize the citizen to vote. Smart cards can also be updated with a voted status to prevent voting again in the same election, which means voters could use any polling place, increasing convenience, leading to greater participation in the electoral process.
The ability to use the same card to access multiple services is another benefit of RAPIDS. For example, you could use the same card for voter registration and as a driverâ„¢s license. Updates can be recorded on the card indicating the driverâ„¢s statusâ€such as when the driver passes the road test and pays any fees. Built-in privacy protection ensures that only authorized data is displayed for each transaction. The Verification Worker obtains the Registrant profile record from the requisition. The Verification Worker then:
Retrieves the Registrantâ„¢s profile from the source (ID document or registration repository).
If the source is an ID document, check if it is blacklisted, if required.
Captures the biometrics if the Registrant is present in person.
Compares the Registrant profile information between the source and the requisition. If the information cannot be captured properly (e.g., using decryption provided by PKI), or if the ID document has been blacklisted, or if any mismatch is detected in the comparison, then the verification process is deemed as having failed.
Fig 2.8: Perform 1-1 Verification
Obtain Registrant Data from Smart Card Decode Registrant Data Decode Successful? Build Registrant Profile Registrant Profile Built Successfully? Compare Demographic Attributes [Yes] Demographic Information Matched? Compare Fingerprints [Yes] Compare Facial [Yes] Fingerprint Information Matched? Facial Information Matched? Notify Successful Verification Request Missing Information [No] Receive Demographic Information Capture Live Biometrics for Verification Log Exception [No] Notify Verification Failure [No] [No] [No] Perform 1-1 Verification
1-1 Verification â€œ The worker will then proceed to perform a 1-1 verification of the applicant comparing the biometrics stored on the card to a live biometric captured at issuance. This step prompts the user to insert the smartcard into a smartcard reader.
Info on card â€œ This window shows the information read from the smartcard.
Capture live biometric â€œ Any biometric can be used to verify identity at the time of issuance. This demo has configured fingerprint to be used for verification and is prompting for the worker to capture the applicantâ„¢s fingerprints to compare against the information from the card.
1-1 Verification Results â€œ The results of the 1-1 comparison will then be displayed. In this case, our applicantâ„¢s live biometrics matched those captured during enrollment.
2.11 FRAUD INVESTIGATION:
The Fraud Investigator initiates the ËœFraud Investigationâ„¢ function. The system displays the first available applicant record from the applicant records with pending fraud disposition. The system displays the list of candidate records for the applicant record. The Fraud Investigator selects a candidate record. The system displays the demographic details, portrait images, fingerprint images and signature images for the applicant record and the selected candidate record. The Fraud Investigator performs a visual comparison of the details of the candidate record, and Ëœacceptsâ„¢ or Ëœrehabilitatesâ„¢ the candidate record. If there are more candidate records, then the Fraud Investigator visually compares the details of all the candidate records (one by one) and Ëœacceptsâ„¢ or Ëœrehabilitatesâ„¢ them. The system records the disposition provided by the Fraud Investigator for every candidate record. The system records the disposition (accept/deny) of the applicant record, after Fraud Investigator has finished investigating all the candidate records. The system denies the applicant if the Fraud Investigator has accepted one or more candidate records as duplicate. The system accepts the applicant if the Fraud Investigator has rehabilitated all candidate records for this applicant record.
Fig 2.9: Fraud Investigation
Fraud Investigator Initiate 'Fraud Investigation' Function Select a Candidate Record Perform Visual Verification Rehabilitate Candidate Record Confirm Duplicate Deposit application record back into Queue Check for Candidate Records with pending Disposition Finish Investigation Choose to Investigate Next Candidate Rec... Enrol ment System Determine Application Disposition Display Applicant Record Details Display Candidate Record(s) Display Comparison Details Al ow zoom and scrol features on images Al ow viewing Fingerprint Minutiae Record Application & Candidate Disposition Acquire Application Release Application Reserve Applicant Record Record Candidate Disposition [No match] [Reserve] [More Candidate Record(s)] [Match] [No more Candidate Records]
CARD ISSUANCE AND QUALITY ASSURANCE:
The RAPIDS framework uses tamper-resistant cards that encrypt personal data, and that are difficult to forge. The solution supports all available card typesâ€from plain cards with printed barcodes containing personal data to sophisticated smart cards that store a citizenâ„¢s personal and biometric data on a chip. RAPIDS also support the leading-edge biometrics and smart card standards.
VISIBILITY FOSTERS FLEXIBILITY:
Each identity card issuance and management system has unique requirementsâ€but custom development can be costly and risky. The RAPIDS blueprintâ„¢s pre-designed components offer core functionality and a secure framework to address many identity management business processes. 3D-Blueprinting helps us reveal the cause-and-effect relationships throughout your organization, so you can see the effects of a change before you make it. We select only the blueprint components that support your business and implement them to reflect your specific work processes, resulting in a faster and more cost effective implementation than a ground-up development. This delivers a system thatâ„¢s exactly right for you, providing a secure environment for your citizenâ„¢s data. We designed RAPIDS to be flexible and responsive to your future needs, as well. Because it supports multiple biometrics from multiple vendors, including facial, fingerprint, and iris recognition, you can easily adapt as technology changes. And we can help you further protect and leverage your existing investment in technology by integrating your existing document issuance systems through Web Services or XML.
SECURE AND RELIABLE IDENTITY MANAGEMENT:
With features like fraudulent document detection and real-time watch list matching, RAPIDS helps make every aspect of your operations more secure. With all personal data maintained on a smart card and encrypted so that only authorized parties can access it, youâ„¢re providing enhanced privacy protection for your citizens. No more hard copy documents or secondary forms of identification that can be lost or stolen. Because our 3D-Blueprinting approach links your business vision, business processes and the IT services that support them, youâ„¢ll be able to see the effects of business process and system changesâ€ such as the impact of a new biometric requirement on application processing and data storageâ€ before they happen. Youâ„¢ll have greater reliability in your ability to plan, budget and implement change.
VENDOR-NEUTRAL TECHNOLOGY EXPERTISE:
If you are not ready for a replacement end-to-end solution today, you can implement individual RAPIDS components now, such as issuance, and add other components later. And we can help you improve and extend the life of your existing systems, and provide project consultancy services to help you evaluate the many smart card technologies available. Or we can help you introduce biometrics and new personalization techniques into your existing business processes. And because weâ„¢re not a card or biometric vendor, youâ„¢ll get an unbiased, objective recommendation for the best technology solution for your program. Our strategic planning services will help you develop an overall strategy, and provide a step-by-step roadmap for your program by identifying your current and future needs, and determining the costs associated with different solution approaches. Whatever your need, youâ„¢ll benefit from our success in delivering some of the worldâ„¢s largest identity management solutions, as well as our experience in positive identification, access control, and border, port and airport security projects worldwide. With the RAPIDS framework and professional services, youâ„¢ll experience enhanced security for your business operations and better service for your citizens. With streamlined business processes that reduce administrative costs and save time for everyone.
The Fingerprint Capture Worker captures the Applicantâ„¢s fingerprint information. Flexibility will be provided in order to allow for the capture of multiple fingerprint instances. The fingerprint information will be captured using a fingerprint capture device.
The following activities can be performed while capturing fingerprint biometrics:
• Capture the fingerprint image(s)
• Process the image and extract fingerprint minutia
• Check the quality and recapture the image(s) if necessary
• Compress the image using industry the standard FBI-certified WSQ Wavelength Compression Scheme.
The Fingerprint Capture Worker notes any capture exceptions, such as a deviation from the standard process, and sets up an appropriate exception flag. A detailed view of the fingerprint capture process is below:
Fig 2.10: Capture Fingerprint
Capture Fingerprint Fingerprint Capture Worker Initiate Fingerprint Capture Detemine Fingerprints Can be Captured Finalize Capture Fingerprint Provide Exception Comments Initiate FingerPrint Function close Detrmine Fingerprint Can be Captured For The Current Finger Provide Exception Comments Enrol ment System Acquire and Display Application Activate Fingerprint Capture Device Determine Fingerprint to Capture based on Fingerprint Scheme Prompt for Fingerprint Capture Process Image Extract Fingerprint Features Check Fingerpirnt Quality Threshold Command Device to Capture Fingerprint Check Rule for Retires Check Fingerprint Capture Scheme Completion Compress Fingerprint Image Save Fingerprint Record Display Changed Application Flag Application for Manual Bypass of Fingerprints Capture Discard Last Captured Fingerprint Display Fingerprint Retry Failure Message Open Fingerprint Capture Function Release Application Obtain Fingerprint from Device Flag Application for Manual Bypass of Cur ent Finger Check for Alternative Finger Check for Alternative Finger Retain Last Captured Fingerprint Flag Application with Fingerprint Scheme Failure Threshold Met? Capture Scheme Complete? Can be Captured? FingerPrint Capture Device Capture Fingerprint Retries Exceeded ? Can be Captured ? Alternative Finger Exists ? [Yes] [No] [No] [No] [Yes] [Yes] [No] [Yes] [Yes] [No] [Yes] [No] [Yes] [No] Alternative Found ?
Configurability â€œ The framework allows for the complete configuration of this process, including:
• number and type of fingers to capture
• order of the fingers
• number of retries permitted for each finger
• threshold for acceptable quality
Manual Bypass â€œ It enables the worker to skip this step or part of this step if necessary, for example if the applicant was missing a finger or hand. These bypasses will automatically be flagged as exceptions for downstream processing and the application provides the ability to capture the userâ„¢s reasons for the bypass.
The Signature Capture Worker captures the Applicantâ„¢s signature. The following attributes need to be considered while capturing the signature:
Â¢ Cropping ratio
Â¢ Aspect ratio
The system enhances the digital signature image with features like centering, zoom, pixelization and cropping on the screen. In case the signature is captured from a scanned document, the Data Entry Worker ensures that the signature feature clarity is suitable.
Fig 2.11: Capture signature
Signature Capture Worker Initiate "Acquire Application" Determine If Signature Can Be Captured Provide Signature Check Against Quality Criteria Initiate Release of Application Enter Exception Comments System Acquire Application Display Application Activate Signature Capture Device Capture Signature Update Signature Information Display Updated Application Release Application Enhance Signature Compress Image Assign Exception Code [Yes] [Yes] [Yes] [No] [No] [No] Application Acquired? Can Signature Be Captured? Quality Criteria Satisfied?
View Signature â€œ This screen allows for the worker to view the signature as it is being captured 2.13.3
Iris capture can be integrated into this framework. Iris capture camera can be used as the iris capture device and leverages Iridianâ„¢s iris 1-N matching algorithm. The number of images captured is configurable. Also, whether both irises are captured simultaneously may vary but usually is based on whether a single or double eye camera is in use. A screen should be displayed that contains a grid with a listing of the images captured. This allows the worker to view each iris that was captured and see the quality score associated with it. If the captured image fails to meet a minimum quality score the message The imageâ„¢s quality score is below the required threshold. Please capture again should be displayed in the Capture Iris panel. Just like fingerprint capture, the number, order, number of retries and quality thresholds are configurable.
2.14 FUNCTIONAL FLOW:
The functional flow of RAPIDS is summarized and shown in the following diagram.
Fig 2.12: Functional Flow
CITIZEN SECURE DOCUMENT PRODUCTION IDENTIFICATION ENROLLMENT ISSUANCE VERIFICATION USAGE 59 53 2.15 PROCESS COMMONALITY: The common characteristics of RAPIDS for various processes are summarized in the following table. Table 2.1: Process Commonality Business Process Domain Enrol Maintain Cancel Blacklist/ Suspend Verify Replace Control Access Citizen ID Y Y Y Y Y Y Worker ID Y Y Y Y Y Y Y Passports Y Y Y Y Y Y Visas Y Y Y Y Y Y Immigration Control Y Driver Licensing Y Y Y Y Y 60
The RAPIDS framework consists of various reusable assets. These assets consist of business architecture, use case models, analysis models, platform-specific models and a foundation software solution. These assets will be the foundation for providing customized RAPIDS solutions to clients on a global basis. The broad objectives that drove the framework were:
Create a re-usable, component-based framework that provides the core building blocks for a specific client engagement
• Base the framework on a service-oriented and event-driven architecture
• Allow flexible assembly of modules on top of the base framework for any customer engagements
• Support multiple (but overlapping) domains (i.e., e-ID, Border Control, Driver and Vehicle Services, Election Services)
• Leverage proven technology-enabling COTS, but focus on integration required to control the end-to-end solution
• Provide a superior alignment to business vision, strategy and requirements The following s describe the architecture for the RAPIDS framework. It provides a comprehensive architectural overview of the system, using a number of different architectural views to depict different aspects of the system. It is intended to capture and convey the significant architectural decisions that have been made in designing the system. It is presented at a level of abstraction that provides sufficient information so that architecture can be analyzed for fitness of purpose and can provide a guiding scale for development activities downstream. The key decisions and rationale for RAPIDS architecture are:
• Product-line architecture
• Tool platform for architecture-based large-scale reuse with a bound set of functional variabil