OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

bias message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Use case - financial

Per assignment at the last BIAS meeting, below is a first cut at a financial use case (for online banking).  I am working on 2 others – one for e-Authentication (eGov) and one for employee background check, but I didn’t want to hold this up waiting on the others.

 

Regards,

CT

 

 

BIAS Use Case – Financial

 

#1

 

Service:  Online banking.

 

Description:  A person (Sam) has a bank account at XYZ Bank.  He would like to access his account information and perform transactions related to his account.  The account holder uses his home PC with a biometric device (say an iris camera) installed.  In lieu of a password, the bank has configured their online banking web app to use biometric verification.

 

Setup.  If Sam has not used his biometric device online before (i.e., with his browser), an active-X control (or Java applet) may have to be downloaded before he can use it with the online banking application.  This may be transparent to him (or partially or not at all, depending on his security settings).  It is possible that it may not be required at all, depending on what software came with the device and was loaded when it was installed.

 

Enrollment.  The bank has issued Sam a one-time password to allow him to enroll his biometric into the system.  Sam accesses the online banking site and selects ‘biometric enrollment’.  He enters his account number and one-time password to access this function.  Once verified, the enrollment application is initiated.  Sam follows the steps to capture his biometric data and to perform a local 1:1 match against that data to ensure it will be matchable.  Once suitable data is acquired, it is submitted to the bank as an enrollment. [BIAS: Set Biometric Data]  At this point, Sam’s biometric data has been associated with his identity (account).

 

[Note – enrollment could also be performed in person at the bank, but a similar scenario would apply, less the one-time password.]

 

Access.  Now that Sam is biometrically enrolled, he would like to perform an online transaction.  He accesses the online banking site and enters his account number (if his PC didn’t remember it for him!).  At this point, Sam is challenged to present his biometric (capture his iris).  Sam interacts with the device to capture the biometric data.  This data is then transmitted to the bank for verification. [BIAS: Verify Subject]  If the verification is successful, the bank will provide access to the transaction screens for Sam’s account.

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]