PRIME IDENTITY
MANAGEMENT CORE
For secure enrollment applications processing and workflow management.
PRIME Identity Management Core provides the foundation for any biometric identification platform. It establishes managed scalable registries vital for the realization of government-initiated services such as electoral census and the fulfillment of individuals’ requests for secure documents.
This scalable platform enables the secure processing and administrative workflow management of PRIME Enrollment applications, and seamlessly interfaces with production and issuance infrastructures.
Its two main components are advanced data handler and workflow applications’ suite.
The advanced data handler is responsible for applications authenticity check, data decryption using customer generated keys, identification and identity uniqueness check, data processing and registries population. The workflow applications’ suite enables role based control and oversight over the biometric identification
management platform and administrative workflow, whilst preserving separation of duties, auditability and accountability.
Most of the key functionalities are built in core services resulting in a complete service oriented architecture that empowers the workflow applications and dependent services.
PRIME Identity Management Core incorporates world-class Automated Biometric/
Fingerprint Identification Systems (ABIS / AFIS) and Public Key Infrastructures.
KEY FEATURES
a Client controlled security
a Multimode solution (offline/online, centralized/decentralized) a Scalable service oriented architecture
a Robust and secure registries a World class AFIS / ABIS a World class PKI
a Highly customizable administrative workflow a Multiple biometrics support
a Compliant with international standards
ADVANCED DATA HANDLER
ADVANCED DATA HANDLER is a collection of highly robust and scalable services capable of substantial data handling, encompassing safe authentication, decryption, processing of enrollment
applications and populating registries.
ADVANCED DATA HANDLER has been developed based on multi- tier service oriented architecture in adherence to international
software development best practices. The services receive encrypted enrollment packages or single enrollment applications through their windows communication framework interface and process them in a highly secure and efficient manner.
Multiple processing stages are implemented to ensure that only authenticated and accurate data is populated into the registries.
FEATURES
a Multi-threaded services that ensure reliability, scalability, and security
a Service oriented multi-tier architecture allowing seamless addition of cluster nodes and automatic load balancing, without any service interruption
a Multimode solution (offline/online, centralized/decentralized) a Modular scalability reducing initial capital investments
a Live clustering capabilities enabling the processing of very high volumes of enrollments and real-time system capacity upgrade
a Complete tracking of received, pending, and processed enrollment applications (in both offline and online modes)
FUNCTIONALITIES
a Decompression of enrollment applications
a Diversified session keys generation and decryption of enrollment applications using client generated root keys
a Application origin authenticity check and anti-cloning mechanisms
a User defined procedures ensuring compliance to pre-defined data policies prior to any registry update
a Interface with AFIS / ABIS to perform:
o Verification through 1:1 fingerprint validation o Identification through 1:N fingerprint validation
o De-duplication through 1:N fingerprint verifications to ensure identity uniqueness and prevent duplicates
a Automated volume processing of application forms utilizing ADF (automatic document feeder) scanners for OCR (optical character recognition), fingerprints extraction, and facial image retrieval
a Compliant with ISO and ICAO standards
a
Functionality and services high availability through software robustness and redundant hardware configurations
a
High network availability designs
a
Complete data protection through hardware (clustering, SAN, and RAID technologies) and advanced data backup solutions BUSINESS
CONTINUITY
MODEL AT
HEART
APPLICATIONS
ENROLLMENT SUPERVISOR
a Comprehensive management of enrollment database without compromising integrity and security
a Complete audit and trace logs for accountability with the capability to roll back and recover past transactions
a Ability to search, view, edit, suspend and cancel enrollment entries
a Broad range of pre-defined reports with the flexibility to create custom reports a Detailed audit reports
FORENSIC INVESTIGATOR
a Retrieval of all records involved in a single duplicate case in order to investigate potential fraud attempts and preserve identity uniqueness
a Availability of advanced forensic tools supporting accurate detection of duplicates
a Complete report generation and auditing capabilities
EXCEPTIONS MANAGER
a Enables smooth management and auditing of exceptional cases whilst preserving operations’ continuity
a Complete management of enrollment applications and exceptions
CONTENTIONS AND CLAIMS MANAGEMENT
a Complete management of claims and contentions in enrollment scenarios where individuals’ enrollment eligibility can be protested such as voting scenarios a Report generation and decision management
APPROVAL PROCESS APPLICATION
a Watch lists check (including biometrics watch list)
a Administrative check (e.g. financial, medical, travelers movements verifications) a Multi-level approval process
ADMINISTRATION APPLICATIONS
a Intuitive administrative dashboard providing real-time information on platform services and transactions
a Role-based remote system administration and control allowing the separation of duties and administrative privileges
FORMS HANDLING APPLICATION
a Enables the processing of paper-based applications for infrastructure-less centers a OCR of text information, retrieval of biometrics (facial image, fingerprints and
signature) and creation of electronic applications
DEPLOYMENT MANAGER
a Comprehensive control over all the deployed enrollment units, whether mobile or fixed
a Central control that manages and tracks mass deployment of enrollment software (serials and keys generation, registration and updates) in an optimal time frame a Easy maintenance, replacement and upgrade operations whilst preventing
cloning attempts
a Fingerprint matching with a high degree of reliability and accuracy, with tolerance to fingerprint translation, rotation, and deformation using advanced adaptive image filtering
a Support for a wide range of standards: WSQ, BioAPI 2.0 (ISO/IEC 19784-1:2006), ISO/IEC 19794-2:2005, ANSI/INCITS
CERTIFIED PUBLIC KEY INFRASTRUCTURE
PRIME Identity Management Core integrates with renowned and certified PKI solutions ranging from enterprise level for administration use to national scale.
a Creation and management of certification authorities
a Real time certificate lifecycle management (approval, issuance, monitoring and revocation of certificates)
a Secure web-based portal for authorized configuration and management
a Complete activities auditing and logging a Comprehensive reporting functionality
FULL SUPPORT AND INTEGRATION
CERTIFIED AUTOMATED FINGERPRINT/BIOMETRICS IDENTIFICATION SYSTEM (AFIS / ABIS)
PRIME Identity Management Core seamlessly integrates with internationally renowned and field proven AFIS / ABIS systems allowing easy and fast deployment of complete end-to-end systems.
a Fault tolerant scalable cluster architecture allowing parallel matching techniques and full redundancy. Live clustering capabilities enabling real-time AFIS / ABIS capacity upgrade without any interruption.
a Each cluster node matches up to 100,000,000 fingerprints per second a Full MINEX Compliance and NIST approval for core biometrics engines
SOFTWARE SECURITY
SSO USER MANAGEMENT
a Comprehensive and advanced user management system deploying Single-Sign-On (SSO) architecture that allows a central user management authority to delegate roles and rights
a Compatible with all PRIME solutions a Multi-login hierarchy
a Role management with override capability to perform user based rights assignment a Password based, card based, and/or biometrics based user authentication
a User authentication and non-repudiation enforcement using cryptography and biometrics
KEY MANAGEMENT SYSTEM (KMS)
a Provides an intuitive graphical user interface to generate and manage cryptographic materials throughout their entire lifecycle (e.g. keys, X.509 certificates, other certificates)
a Support for various cryptographic algorithms (AES, 3DES, SHA-256, RSA, ECC) and control over key sizes and properties
a Integration with hardware security modules (HSM) that are compliant with Federal Information Processing Standard (FIPS 140-2) and Common Criteria (CC ISO/IEC15408)
a Onboard execution of critical cryptographic information involving very secret keys that cannot be exported from the HSM
a Complete responsibility and accountability for all transactions performed on the KMS while employing the N eye methodology for crucial actions such as key import and export or attribute manipulation
a Support for ZMK transfer through key ceremonies executed by different custodians a Integration with certified proprietary or open source PKI solutions
AUDIT AND REPORTING
a Complete transaction auditing and system logging
a Customizable and flexible reporting module to fit clients’ needs a Integrated supervision and administration tools
WORKFLOW
APPLICATIONS’ SUITE
Workflow applications’ suite offers safe, comprehensive and structured control over the processed enrollment applications.
This service oriented workflow applications’ suite allows
the administration of exceptions, contentions, flagged enrollment duplicates, as well as the realization of administration lawful workflow in a safe, logged and audited manner.
This service oriented framework provides the required flexibility during deployments and upgrades.
a Service oriented architecture based on industry standard for large scale systems ensuring scalability, reliability and security
a Configurable workflow enabling custom processes and flow definition
a Multi database technology (e.g. Microsoft SQL or Oracle) to address customer preferences or legacy constraints
a High availability system for service continuity through software robustness and hardware configurations
a Enforced non-repudiation for users’ actions and decisions via cryptography and biometrics
a Enforced security on all communications using advanced encryption techniques and digital signatures
a Full client control over system security and data privacy through client generated keys in certified HSM (hardware security modules)
a Multi-language support
a Built on industry-leading Microsoft .NET, WCF (Windows Communication Framework) and XML
PERSON’S UNIQUE REGISTRY & ELECTRONIC APPLICATION REGISTRY
AFIS
KMS PKI
ADVANCED DATA HANDLER ENROLLMENT SUPERVISOR
SSO FOR AUDITED AUTHORIZED ACCESS CONTROL APPROVAL PROCESS
APPLICATION
ADMINISTRATION APPLICATIONS EXCEPTIONS MANAGER DEPLOYMENT MANAGER FORMS HANDLING
FORENSIC INVESTIGATOR
CONTENTIONS & CLAIMS MANAGEMENT
Features
ABOUT INKRIPT
INKRIPT DELIVERS BESPOKE SOLUTIONS IN THE FIELDS OF SECURITY PRINTING, SMARTCARDS AND TRUSTED IDENTIFICATION.
Established in 1973 as a security print house, we have expanded to become an international provider of secure solutions to governments, telecom operators and financial institutions with a global footprint. This growth was driven by determined dedication to our customers, total commitment to quality and constant investment in state-of-the-art technologies, and leveraged by the inherent accumulated expertise.
Our portfolio of products addresses the ever-evolving needs of our clients; this compels us to constantly enhance our capabilities and offerings to comply with internationally accredited norms, standards and directives.
www.inkript.com
APPLICATIONS
a
National ID cards
a
Biometric passports
a
Visas
a
Resident Permits
a
Driving License
a
Vehicles Registration
a
Health Care Card
a
Biometrics Voters Cards
a
And others
RELATED PRIME SOLUTIONS
a
Enrollment
a
Mobile Enrollment Kit
a
Personalization & Issuance
a
Border Control
a
