Identify Security Software Inc.

5000 T-Rex Ave, Suite 160,

Boca Raton, FL 33431
(561) 244-2524
(888) 504-5564
www.identifyss.com
June 2014
ASAD SYED, CISSP-ISSAP, CISM, CISA
CHRIS CHENEY, MBA, PMP
In real life, circumstances and conditions are
rarely ideal. The purpose of this paper is to re-
view current practices and explore new ways to
compensate for the residual inaccuracies of pre-
vailing biometric credentialing methods.





WHITE PAPER


IDENTITY ACCESS MANAGEMENT (IAM)

Why 99.9999% accuracy is not good enough?







Copyright 2014, Identify Security Software Inc. All Rights Reserved.
2
Problem
In a pool of two million employees, 99.9999% ac-
curacy means the process will work for all but two,
and for those two the system cannot differentiate
between them. However, if the conditions are less
than ideal, and the percentage falls to 99.99% ac-
curacy then the number of people unidentified
increases to two hundred people. If the pool is
greater than two million, such as with the TSA, FBI
and other United States government agencies, and
the conditions are less than ideal, then thousands
of people may remain unconfirmed, thus current
methods can be considered only as an aid to final
human confirmation.
Current practices to improve on those odds are the
so called Multimodal credentialing processes. They
direct the user to do a procedural authentication
multiple times in a series of different sensors. The
drawback of this approach is that it expects inter-
active cooperation from the user allowing human
error to corrupt the process.
Most IAM systems are designed to operate within
an ideal set of environmental conditions such as
at border crossings, passport control points, and
the office lobby where designers can tailor the en-
vironment to match the requirements of the IAM
system. However, these systems also need to work
at the most critical locations where the environ-
ment is often less than ideal such as poor or mal-
functioning lighting or when peoples hands are full
or they are moving rapidly as they stream in to
start their work day. In addition, in the real world
some people are trying to avoid identification all
together by blending in with the crowd. In these
challenging situations, the IAM system needs to
work the same, whether in a pristine environment
or under real world challenging conditions. Even
when peoples faces are sweaty and soiled, wear-
ing glasses, face coverings, aging effects, or what-
ever else life throws at it the IAM system needs to
be able to identify the people that challenge it un-
der all environmental domains and conditions it
operates.
Challenge
The key challenge for a legal entity today is to veri-
fy the person requesting access with a high degree
of confidence. It is done via a complex process of
series of Authentication methods referred to as
multiple-factor authentication, until now, where
we are at a point in time that we can use biometric
authentication and achieve this critical task with a
very high confidence and within the prescribed
Privacy Rules and Regulations of different coun-
tries. With 99.9999% we are still going to miss two
or more depending upon the target population
size.

User identification is rightfully expected to be a
transparent and seamless experience for the users
with minimum interaction during the process. The
users are not machines and should not be ex-
pected to act like one. The users expect to be rec-
ognized without fail and allowed to proceed with
their work without any concern about security,
privacy and confidentiality.
Goal
Develop a credentialing system and process which
is potentially superior to all methods currently in
use elevating the level of system confidence above

Copyright 2014, Identify Security Software Inc. All Rights Reserved.
3
current biometric systems, and human face to face
observation.

The process and technology is designing will con-
sequently circumvent human error, opinion, sub-
jectivity and bias toward gender, race and sexual
preferences that could possibly corrupt the pro-
cess.
Solution
Advance the technology from the prevailing pat-
tern recognition practice to true person recogni-
tion. Acquire the full biometric description of a
person by using a combination of mature biometric
technologies, analog life sciences and the passing
of time as a component to confirm the identity of a
known person. A proposed new security platform
iDentifyME (Patent Pending) will operate perpet-
ually in dual mode.
Primary mode:
1. Autonomous scanning while the user is in
sight. Does not require any cooperation or interaction
from the user.
2. Progressively scan multiple biometric charac-
teristics of the user. Cross referencing between
known, historical and statistical data.
3. Conjunctively evaluate correlation between
multiple biometric readings. Confirming digital
data and practical reality.
Secondary mode:
Supplements the primary mode and this function-
ality is available only while the primary mode is in
progress.
1. Scan input from auxiliary devices. Devices the
users can carry on them or stand alone devices.
2. Scan input from external biometric reading
devices. Such as finger, palm and other reading de-
vices.
3. Accommodate static biometric data. Backward
compatible with current existing biometric data in leg-
acy systems.
Advantages iDentifyME brings to
the table
Residual inaccuracies of current practices still allow
for security breach, impersonation, and identity
theft and affect each entity in different ways. In
some cases may be nothing more than an easily
correctable inconvenience, while in some other
cases it can have detrimental effects on the organ-
izations public perception, market valuation, en-
tanglement in litigation and drain on its finances
via penalties.
While we cannot claim that our proposed solution
will permanently eliminate the problems in current
practices in credentialing, we can predict with high
degree of confidence that it will come to as close
to true identity confirmation of a person as tech-
nology allows it while complying with societys pri-
vacy and confidentiality rules and regulations.
Summary
Biometric Authentication is unique to an individual
and it cannot be CLSed meaning Copied, Lost or
Shared. Biometric traits are unique to the user;
and the users do NOT have to remember it. Hence
the users do not need to be reminded to change
their passwords. Moreover, it cannot be easily

Copyright 2014, Identify Security Software Inc. All Rights Reserved.
4
compromised or impersonated. User Biometric
traits cannot be shared or put on a Post-it note
under the keyboard. Biometric traits are an intrin-
sic property of an individual, and we do not have
to worry about losing or compromising those be-
cause you cannot share your makeup of biometric
composition with another person.
However, improvement is needed to deal with life
anomalies that may interfere with the credential-
ing process. Our approach is a major step in that
direction.
Conclusion
Identity has played a critical role as long as human
civilization existed. With the evolution of the in-
dustrialized world, Identity and Access Manage-
ment first took hold in the physical security arena
and evolved. Then we entered into the digital
world with the advent of the Internet and it
evolved again. In 2013, the Worlds ecommerce
was a thriving industry of $1.25 trillion
1,2
and grow-
ing. Digital a.k.a. logical identity and its manage-
ment is one of the backbone factors that have put
trust behind the growth of this industry. Today
IAM has become an inseparable part of enterprise
Regulatory and Compliance processes and an inte-
gral part of Risk Management processes.
IAM comprises of people, processes and technolo-
gy to manage digital identities and access to en-
terprise resources. IAM sub-components could
broadly be classified into 5 major categories:
1. Authentication
2. Authorization (a.k.a. Access Management)
3. User Management or Provisioning

1
http://www.internetretailer.com/2012/06/14/global-e-commerce-sales-will-top-
125-trillion-2013
2
http://www.emarketer.com/Article/Global-B2C-Ecommerce-Sales-Hit-15-
Trillion-This-Year-Driven-by-Growth-Emerging-Markets/1010575
4. Central user repository a.k.a. Enterprise Di-
rectory a.k.a. Source of Truth (SoT)
5. Single Sign-On (SSO)

The ultimate goal of any IAM Framework is to pro-
vide the right people with the right access with the
goal of increasing security and productivity, while
decreasing the cost and eliminating the downtime
to resource access along with making the IAM pro-
cess repetitive.
UserID and associated passwords are one of the
widely used forms of authentication utilized across
the world today. In spite of its limitations, like sto-
len passwords and brute force cracking, yet the
biggest problem today is ID and password man-
agement with its overall management process and
associated costs.

A 2007 study of Web users by Microsoft Research
3

found that an average user has 6.5 Web Pass-
words, each of which is shared across almost four
different websites. In addition, each user has
about 25 accounts that require passwords. That
means if one is compromised then all other sites
that have the same password could also be com-
promised as well. The Microsoft research also
highlighted that out of the average 25 accounts, a

3
http://research.microsoft.com/en-us/um/people/cormac/Papers/www2007.pdf

Copyright 2014, Identify Security Software Inc. All Rights Reserved.
5
normal user has to type the password an average
of 8 times per day.
Various solutions have come up to address the lim-
itations posed by the User-ID and Password as the
users Digital Identity. For example, the use of bi-
ometric authentication, digital certificates, one-
time pass-words, two or multi factor authentica-
tion, use of pass phrases or cognitive questions,
etc. Today the onus to prove ones identity is on
the user and we want to move this burden to the
system with the iDentifyME Platform. In addition,
companies are allowing users to get their own ID
referred to as bring-your-own-identity (BYO-ID)
4, 5

and when the user leaves the company they take
their ID with them.

Another challenge within the IAM realm that en-
terprises are facing today is the need to manage
access to information and applications scattered
across internal and external (Cloud) Systems. As
enterprises are trying to provide the access for the
growing number of identities, both inside and out-
side of the organization, they expend a lot of re-
sources, energy, and cost to keep the digital Identi-
fication process secure, replicable, and cost effi-
cient. iDentifyME Platform was developed in re-
sponse, as a solution to some of these challenges.

4
http://www.ibm.com/developerworks/security/library/se-selfarticle/index.html
5
http://www.isaca.org/Knowledge-
Center/Blog/Lists/Posts/Post.aspx?List=ef7cbc6d-9997-4b62-96a4-
a36fb7e171af&ID=321
About the company
Identify Security Software Inc. is a Florida C cor-
poration established on April 2nd 2013. The com-
pany is privately held by its three principals having
over sixty years of combined experience in rele-
vant computer software, computer security, pro-
ject management and business administration.
Identify Security Software Inc. is a security soft-
ware engineering enterprise. Its first project,
iDentifyME, is targeted at the Identity Access Man-
agement segment of the security space. The com-
pany has already evaluated and qualified a number
of leading and certified vendors in the field of bio-
metrics as vendor/partner collaborators in the pro-
ject. The available expertise from our ven-
dor/partners includes facial and iris pattern recog-
nition, eye tracking, emotion analysis, proof of life
signs, finger and palm print, keystroke dynamics,
voice pattern, and gait and motion recognition.
As of this writing, Identify Security Software Inc.
has begun to invite companies to jointly participate
in the development of this new security platform
and the subsequent development of specific prod-
ucts for their market segments.
For additional information, please contact Chris
Cheney by email at ccheney@identifyss.com or by
phone at 561 244-2524 ext 7.