IDENTITY MANAGEMENT SOLUTION
Identity management solutions will help Metropolitan police to reduce its operational costs. The best ways the Metropolitan police could opt to use different kinds of identity management solutions which include, CA for CA Identity Manager, Verisign Labs Personal Identity Portal, Oracle Identity Management (IM) and IBM for IBM Tivoli Access Manager for Enterprise Single Sign-On. To increase and enhance security mechanisms within Metropolitan police, they could make use of biometrics. One important Biometric is face or even voice Biometric. Face Biometric will assist in facial identification using the facial features. Voice Biometric could be installed. The role of this will be to use an individual's voice to authenticate or identify an individual. It will authenticate and identify the person speaking as well. A microphone on a criterion PC with software will be required to analyze the specific characteristics of the individual. The role of face biometric system is that it will enable automatic recognition of an individual by the face. The technology functions through analyzing precise features within the face like, the width of the nose distance between the eyes, exceptional shape, jaw line, location of cheek bones, chin, pattern and many others. Other security enhancing mechanisms include securing keys on private networks whereby hardening of private certificate issuance could be opted for.
With the current development in the field of technology, Information Systems can be modeled in such a way that they facilitate the smooth running of operations in organizations. Metropolitan police will be required to come up with systems that will enhance adequate protection of information. An Identity Management Solution within Metropolitan police will in due course impact all the other appliances and systems within the organization. In selecting a solution, it is advisable to look for horizontal totality since it covers heterogeneous systems, vertical comprehensiveness which covers the entire variety of IdM purposely and capacity to be error tolerant and to scale. While applying the solution, attention ought to be paid to employee factors and consequently apply the suitable project (Lambrinoudakis, 2006).
Overview of and identity management system
Verisign Labs Personal Identity Portal
Verisign Labs will avail a beta edition of Personal Identity Portal (PIP). This will provide Metropolitan police with a way of managing their online identity without compromising their privacy. Verisign which is the mother ship will offer Metropolitan police information system with SSL certificates and this will ensure that the web sites at Metropolitan police with suitable trust credentials. With PIP, Verisign will also boost their trust model. Consequently, the staff members will use their identity to access web sites, guard or protect their identity and more importantly it will ensure the staff members will be in a position to share their profile data in a confidential way. The organisation will develop an account with PIP and hence the user name will become a component of OpenID. This means that the Metropolitan police staff will use a user name and password to login to their information systems.
PIP will offer Metropolitan police with Firefox that will make them sing in to their specific sites easily. The plug-in will remember the user name but the staff will be required to avail the password when using it (Lambrinoudakis, 2006).
CA for CA Identity Manager
CA will enable Metropolitan police efficiency by offering an all-inclusive identity administration and user provisioning solution that will be able to manage all kinds of identities, it will cover a wide spread set of target system form main frame to organization's web applications across the complete identity lifecycle which means from establishment to adjustment to removal. It will also improve security through offering an authoritative point of identity administration consequently enforcing consistent identity policies within Metropolitan police and auditing identity connected actions as well. Therefore, this will solve the dual challenge at Metropolitan of availing staff who are the users with well-timed access to important applications while sustaining the security of their resources. CA Identity Manager will automate the procedures for providing access to the users, managing password rest or user access applications and in trailing the suitable approvals (Kawamoto 2008).
CA Identity Manager will deliver Metropolitan police with enterprise scalability and dependability and also offer superior customization means. High user adoption will be sued since it will be very important in identifying management success since the solution will fit the Metropolitan police's unique procedures and support end-user interaction as well in a way the staff members will be comfortable. This will be achieved through several abilities, together with flexible workflow, centralized policy administration and Connector Xpress. This is a wizard-driven utility which will allow the staff to simply build integration to custom applications without the necessity of writing a code. This will also enable the staff within Metropolitan Police to embed functions into applications that users are already comfortable using, like existing Metropolitan police intranet portals or ERP solutions (Lambrinoudakis 2006).
Oracle Identity Management (IM)
Oracle Identity Management (IM) 11gR will avail integrity of large application grids through enabling new heights of security and completeness to address the protection of Metropolitan police resources and management of procedures acting on the resources. Oracle IM 11gR1 will offer improved effectiveness by a higher level of integration, consolidation and automation and raised efficacy in regard to application centric security, risk management, control and database integration. It will improve security and usability by majorly managing the user passwords and security credentials (Oracle AS Certificate Authority Deployment Guidelines, 2005).
Oracle Identity Management
Oracle Identity Management (IM) 11gR will offer Metropolitan police with the following services, improved functionality streamlining Metropolitan police wide deployments: widespread technology infrastructure uptake across the product matching set for essential operational and functional fields which will include installation, configuration, user interface, reporting and workflow as well.
IBM for IBM Tivoli Access Manager for Enterprise Single Sign-On With the increasing number of applications and access points at Metropolitan police, IBM for IBM Tivoli Access Manager for Enterprise Single Sign-On will offer convenient access and also ensure strong security as well. This solution will enable Metropolitan police to ensure that correct users have access to the appropriate data and in a timely way. IBM for IBM Tivoli Access Manager for Enterprise Single Sign-On will thus offer visibility into user activities which means staff's activities and also it will provide solution of control over Metropolitan police procedures and risks. This solution will provide automation of logins, access and work flows. It will increase identity assurance by strong authentication and also offer integrated tracking for user access. IBM for IBM Tivoli Access Manager for Enterprise Single Sign-On will deliver an easy, flexible and full identity and management solution at Metropolitan police (Gartner, 2008).
Identity management solution
Oracle Identity Management
Supports about 10 million users
Verisign Labs Personal Identity Portal
Supports about one million users
CA for CA Identity Manager
Supports about 10 million users
IBM for IBM Tivoli Access Manager for Enterprise Single Sign-On
Supports about 10 million users
The role of face biometric system is that it will enable automatic recognition of an individual by the face. The technology functions through analyzing precise features within the face like, the width of the nose, distance between the eyes, exceptional shape, jaw line, location of cheek bones, chin, pattern and many others. The system entails measuring the eyes, mouth, nose and other features of the face for identification. To amplify accuracy, the systems make compute mouth and lip movement. Face recognition confines traits of the face from either a video or still image and translates specific traits of the face into a set of numbers. The information composed from the face is merged into a sole unit that specifically identifies each individual. At times, face features are analyzed like the partial facial changes while laughing, smiling or reacting to various situation. Individual's entire face or a portion is considered for the identity of an individual. It is extremely multifaceted technology (Standard & Poor's. 2005).
The system will capture the information through video or thermal imaging and the user identity will be confirmed through looking at the screen. The key assistance of using facial recognition as a biometric authenticator is that the staff will get used to presenting their faces to be identified and as a substitute of ID card or photo the technique will identify the specific individual whatsoever. In case an individual face changes either by age or plastic surgery there is facial algorithm which will compute the virtual position of eyes, noses, ears and other facial features and hence identify the exact staff member (Standard & Poor's, 2005).
The role of this will be to use an individual's voice to authenticate or identify an individual. It will authenticate and identify the person speaking as well. A microphone on a criterion PC with software will be required to analyze the specific characteristics of the individual. Telephone based applications will be useful for the technique. Voice authentication will be easy to use since it will not entail great deal of user education. For enrolling, the person will speak a given pass phrase into a microphone or telephone handset. The system will then develop a template based on several characteristics which include the pitch, shape of the larynx and the tone. Typically, the enrolment procedure will take the staff a short time for the user to complete (Zhou, 2006).
The voice recognition will digitalize a profile of each worker's speech into template voiceprint and it will store it as a table of binary numbers. Voice recognition technology will be useful for both authentication and identification. During the authentication, a spoken phrase will be weighed against a formerly stored template. The voice recognition Biometric will identify and authenticate workers basing on the variations in their voices coming from physiological variations and speaking habits. When each staff is enrolled, the system will capture the sample of speech as the worker speaks specified scripted words into a microphone or telephone many times. This pass phrase will then be digitized and typical characteristics like pitch, tone or tempo will be extracted to develop a template. The template will need most data space. This biometric will require less training and it will not be expensive to the organisation and will be non intrusive as well (Henry, 2006).
Face Biometric based on the physical appearance of someone's face
Voice biometric recognition based on study of the way person speaks
Expensive security solution
Expensive security solution
Affected by flu, diseases or aging
Biometric can be affected by diseases or aging
The first factor will be about something Metropolitan police workers know for instance a pin and the second will be about something they are which will involve the use of biometrics for instance the voice or the facial look of each and every staff member. Metropolitan police can make use of password manager pro which has the capability of storing all sensitive administrative passwords of Metropolitan resources in encrypted form within their database. Access to the information can be encrypted by a sole level authentication which is the local authentication of PMP. In order to introduce extra level within Metropolitan police and enable the police and the support staff as well to access the information securely and convenient accessibility, introduction of extra level of security is necessary. PMP will offer two factor authentications (Henry, 2006).
Here, the police officers and the other Metropolitan police users as well will have a two factor authentication. This means that they will have to authenticate using two successive stages to get access to the information. For the first stage, the Metropolitan police users will randomly generate a special password sent by PMP to all the users through their email addresses, which is RSA secure ID one time token which will be changing after every one minute. The second authentication will involve an access control point which could be a door or may any physical barrier within Metropolitan police where granting access will be controlled electrically.
Characteristically, the electronic access control door will have numerous components. At its most essential there is a stand alone electric security device. Normally the security device which is the lock is unlocked using an operator with a switch. To make this lock automatic, the intervention of the operator is replaced with a read whereby the reader could be a biometric reader. Since readers do not normally make an access decision but send the biometric information to an access control point which authenticates the information against an access list of the Metropolitan police users. In order to be in a position to monitor the door location, a magnetic door switch ought to be used (Henry, 2006).
Basically, only entry will be controlled while exit shall remain is uncontrolled. Moreover, since Metropolitan police will not control the exit, an appliance known as a request-to-exit (REX) ought to be used. Request-to-exit appliances can be a pushbutton or a movement sensor. When the button will be pushed or the movement sensor senses movement at the door, the door alarm will provisionally ignored while the door shall open. This is a vital safety feature Oracle AS Certificate Authority Deployment Guidelines (2005).
Access control door
The identification and the authentication will entail the staff members within Metropolitan police identifying themselves as this will make an assertion or their claim of identity and consequently enable them to access the data they need or are authorized to access. This process will presume that there was preliminary validation of the identity of the staff members which is known as identity proofing. The method of validation will offer a reassurance level corresponding with the projected use of the identity within the Metropolitan police data system. Consequently, the staff members will be forced to assert an identity together with an authenticator as a way of validation. The only obligation for the Metropolitan police staff members will be that the validation must be exceptional within its security domain (Henry, 2006).
The role within Metropolitan police would be to offer enhanced storage security for their information. Hardening is supposed to come up with support for authentication and authorization. Thus the staff will be authenticated by the PIN and can be authorized to have access only to certain range of information within the card or perform a certain range of activities with the hardening (Zhou, 2006).
The Metropolitan police users will consequently be able to view contents they should, reset the PINs, replenish certificates and add extra certificates. Moreover, they will be able add new certificates for numerous applications for additional functionality, authenticating the procedure with existing log on certificate. Hardening also improves software based solutions which include strengthened authentication procedures like local logon or application authentication (Salvendy, 2007).
Illustration of hardened" private certificate issuance
Computer capable of running WindowsXP Professional or Windows Vista
Smart card reader device
WindowsXP Professional or Windows Vista
Cryptographic Service Provider (CSP)
Smart card reader device drivers
Smart card user management tools
Active Directory service
Private Key Infrastructure (PKI)
Smart card administration tools
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
Virtual Private Networking (VPN)
Internet Authentication Service (IAS)
A strong, token-based user authentication is a prerequisite for Metropolitan Police Identity management. It will lead to provision of the highest capability within the organization. It is therefore necessary that the technology is deeply looked into An identity management solution within Metropolitan police will help streamline its organizational procedures since if the information is not well managed it can lead to having user information that is uneven and hard to manage centrally. Further compounding the predicament is the organization requirement to make internal applications available to all the employees as this will enable them to access the information more easily, faster and secure the organization information as well.
Bradley, T. (2007). PCI compliance: implementing effective PCI data security standards. New Jersey: Syngress.
<http://books.google.com/books?id=8L1uiaOmD5EC&printsec=frontcover&dq=PCI+co mpliance:+implementing+effective+PCI+data+security+standards&source=bl&ots=WSl Xzu3BVZ&sig=5mrug_kgz0JwOoj5qQGfIACN0wQ&hl=en&ei=A8pgS734GpvUmgPz 1onNDA&sa=X&oi=book_result&ct=result&resnum=1&ved=0CAkQ6AEwAA#v=onep age&q=&f=false>
Henry, K. (2006). Official (ISC) 2 Guide to the CISSP CBK. CRC Press, New York.
Krause, M. (2007). Information Security Management Handbook. New York: CRC Press.
Lambrinoudakis, C. (2006). Trust, privacy, and security in digital business. Sydney: Springer.
<http://books.google.co.ke/books?id=wRmrer6FPv0C&printsec=frontcover&dq=Trust,+ privacy,+and+security+in+digital+business.&source=bl&ots=T3NDPFCCZb&sig=SviU bBY7jfGTjNs- EJlr057aLzA&hl=en&ei=2gJhS7nFHZfsmwO626XEDA&sa=X&oi=book_result&ct=res ult&resnum=3&ved=0CAwQ6AEwAg#v=onepage&q=&f=false>
Mallery, P. (2005). Hardening Network Security. Austria: McGraw-Hill Education.
Salvendy, J. (2007). Human interface and the management of information: Symposium on Human Interface 2007, held as part of HCI International 2007, Beijing, China, July 22- 27, 2007: proceedings, Volume 2. New York: Springer.
Standard & Poor's. (2005). The Standard & Poor's 500 Guide. London: McGraw-Hill Professional.
<http://books.google.co.ke/books?id=qqymC_80B9AC&dq=Human+interface+and+the+ management+of+information:&printsec=frontcover&source=bn&hl=en&ei=ZgNhS5GO GpnymwP5_dDBDA&sa=X&oi=book_result&ct=result&resnum=4&ved=0CA8Q6AEw Aw#v=onepage&q=&f=false>
Zhou, X. (2006). Harbin, China, January 16-18, 2006: proceedings. Peachtree Street: Birkhäuser.< http://www.wikio.com/world/asia/china/harbin>
Gartner. (2008). Tivoli Access Manager for Enterprise Single Sign-On.
Oracle AS Certificate Authority Deployment Guidelines (2005). Oracle® Identity Management Concepts and Deployment Planning Guide.
Kawamoto, D., 2008, CA acquires identity management firm IDFocus
Retrieved January 27, 2008 from <http://news.cnet.com/8301-1009_3-10059831-83.html>