Unified biometric system: how digital authentication works

[Демитрий]

Unified biometric system: how digital authentication works

When authenticating a person, the only inalienable are his biometric data. Their application becomes especially relevant and convenient in the context of the ongoing global and deep digitalization of life. Since July 1, 2018, the government promises to launch the commercial operation of the Unified Biometric System on a federal scale.

Recently, representatives of the Ministry of Communications and Rostelecom publicly demonstrated the first working version of the Unified Biometric System. The technological platform of the system, developed over six months by Rostelecom, will complement the country's Unified Identification and Authentication System (ESIA) with multimodal biometric data of citizens. This will increase the accuracy of legally significant identification and authentication of a person during his electronic interaction (primarily remote) with all kinds of ICT resources and services.

As explained by the vice president of business development at Rostelecom, Alexander Aivazov, the platform is connected to the development of all well-known Russian developers of biometric data recognition technologies. Today, the system uses speech and face recognition. It is assumed that the range of biometric data recognition technologies will be steadily expanding. In the near future - a drawing of the iris, drawing veins of the palm and fingerprints.

According to Alexander Aivazov, the system components and its communication channels are based on secure resources that meet the requirements of the Federal Security Service of the Russian Federation, FSTEC of Russia and other regulators of the information security industry. The system uses domestic cryptographic algorithms specially designed for it.

For pilot testing the system, the banking business was chosen as the most advanced in the field of using information technologies today and ready for innovations in this field. In the framework of the pilot project, together with the Central Bank of the Russian Federation and the Association for the Development of Financial Technologies, the twelve most technologically advanced and largest Russian banks were connected to the system platform in order to immediately test its operation on a large infrastructure landscape. The pilot showed that the system allows saving about 30% of operating expenses for the support of banking services connected to it. It is assumed that in the future the system will be used nationwide in almost all spheres of life - medicine, education, retail, the provision of public services ...

Currently, for initial registration in the system, a citizen should come to some branch of the bank connected to it and, along with traditional (passport) data about himself, upload his voice data and a face image to the system. The procedure takes about three minutes.

Connecting to the system of an individual costs 200 rubles for a bank. After connecting, remote verification (today identification and authentication) becomes accessible for a citizen when accessed using the mentioned biometric data, for example, through a banking application installed on a smartphone when applying for banking services.

Director of Digital Identity at Rostelecom, Ivan Berov, told how it would be possible to increase the security of using vulnerable mobile platforms through the use of Russian cryptography. It is assumed that users will download "empty" applications from official vendor resources intended for legitimate software downloads, and then download Russian cryptography from a trusted source, which will block foreign vendors from interfering with the system. This is time-consuming, primarily for developers, but necessary to ensure the proper level of information security.

As the Deputy Minister of the Ministry of Communications of the Russian Federation Alexei Kozyrev explained, regulatory support for the direction of biometric digital verification in the country will be developed in accordance with the Digital Economy program, which provides for regulatory support for its implementation over a three-year horizon. First of all, this support provides for the expansion and universalization of the application of ESIA, which includes, among other things, the laborious process of changing legislative industry regulation. A normative study, recalled Aleksey Kozyrev, also requires the endowment of ESIA with new functions.

So, for electronic transactions, in addition to identification and authentication, authorization for online authorization verification and a user-friendly electronic signature format on a carrier convenient for them (or even without it) are also necessary. Regulation also extends to the level of quality of services provided on the basis of the ESIA platform (as well as other state information systems).