Established by the French Government’s Ministry of Finance and Economics, the ACCORD project was commissioned to design and implement financial system modernisation. The charter of the ACCORD initiative team, composed of representatives from multiple government ministries, is to architect solutions that enable the French government to manage the finances of the country with the same level of accountability as private sector enterprises. The technology-based infrastructure selected was a smart card solution to confirm and authenticate users across 40 departments.

HID Global’s Identity Assurance software

The systems operated in parallel but could not leverage the benefits of a unified system

AIFE – Agence pour l’Informatique Financière de l’Etat – chose HID Global’s Identity Assurance software coupled with smart cards for the solution.

Ensuring users are ‘who they say they are’ over the course of several decades, individual French government departments had developed separate and distinct applications to manage activities such as budgeting, processing purchase orders, and other accounting activities. The systems operated in parallel but could not leverage the benefits of a unified system.

Enterprise Resource Planning system

With the inception of the ACCORD project, the government committed to streamlining finance management by moving to one system for centralised control of the country’s budgeting and finance operations – with a goal that by 2004, all government central entities will be using the standard Enterprise Resource Planning (ERP) system. The transition to an online application that consolidates financial reporting and transactions requires an organisation to determine how it will identify users with certainty prior to granting them access to the system and to valuable data.

The solution must be easy to use to ensure departmental acceptance of the new application and authentication process. It must also minimise the IT staff time required for day-to-day administration and helpdesk activities for a large population over 7,000 dispersed users. These multiple challenges presented an opportunity to leverage proven digital identification solutions from HID Global.

Smart card-based PKI identification solution

HID Global’s Security Client software solution and smart card readers are key elements for securing the finance system at all user points of entrySmart card-based solution using digital certificates with PKI, The French government-wide implementation securely links multiple departments, such as the Ministries of Education, Justice, Transportation and Housing, and Foreign Affairs, to the unified ERP application, enabling the exchange and ultimate consolidation of digital information.

In 2000, the Ministry of Finance began deploying HID Global’s smart card-based PKI solution. HID Global’s Security Client software solution and smart card readers are key elements for securing the finance system at all user points of entry – any of which could become a source of fraudulent or malicious activity in the absence of strong authentication and confirmation of digital identity. Today, employees regularly use the card with a microchip that holds their unique credentials in the form of an Entrust digital certificate.

HID Global’s Gold Entrust-Ready certification ensures a smooth deployment to large numbers of users, and the combined solution with Entrust TruePass delivers the following benefits:

  • Enhanced Security: HID Global’s multi-factor authentication reinforces the fundamental security and intent of a PKI by requiring something the user has (a smart card) and something the user knows (a PIN code) in order to use the private keys stored on the card. To further enhance security, the key pair is generated on the cryptographic smart card itself, so that the private key is never exposed to the insecure PC environment. The tight integration of HID Global’s client software with Entrust ensures certificate key updates are transparently and automatically made on the card.
  • Non-Repudiation: To support non-repudiation, it is essential that ERP system users provide undeniable proof that they are who they say they are. Keys used for that authentication can never be stored on the potentially vulnerable user workstation. Those sensitive keys must remain under the sole control of the user, and HID Global’s client software ensures private keys are generated on the card and remain in the rightful owner’s possession at all times.
  • User Simplicity: HID Gobal’s Security Client software provides a familiar ATM-like user interface that makes complex digital identity and PKI technologies transparent, so employees can focus on their work responsibilities and financial application activities to easily access the system. HID Global’s commitment to openness and industry standards ensures that the French Government’s initial investment in digital identity products and smart card client software infrastructure is capable of supporting multiple PKI vendors and other forms of identity credentials in the future.
Download PDF version

In case you missed it

Bosch startup SAST addresses need for evolved solutions in security industry
Bosch startup SAST addresses need for evolved solutions in security industry

Security and Safety Things GmbH (SAST) is a new company that has announced its vision for an Internet of Things (IoT) platform for the next generation of security cameras. The Bosch startup plans to build a global ecosystem for the development of innovative security camera applications. Based on the Android Open Source Project (AOSP), SAST provides libraries, an API framework, and codecs for developers to work with. The SAST App Store will allow developers to build and market new applications, similar to today’s app stores for smartphone applications. We presented some questions to Nikolas Mangold-Takao, VP Product Management and Marketing, about the new venture, and here are his responses: Q: Why a new company now? What technology innovations have made this a good time to launch this company? The time is right to bring market needs and technological innovations together on one platform"Mangold-Takao: From a technical perspective we see two main drivers: increasing computing power at the edge and increasing internet connectivity, which will enable devices to directly communicate with each other and bring new technologies such as artificial intelligence also to the security and safety industry. At the same time, we see that this industry and its users are hungry for more innovative solutions – addressing new security needs while at the same leveraging the possibility to improve business operations for specific verticals, e.g. retail and transportation. The time is right to bring market needs and technological innovations together on one platform for this industry. Q: Why does SAST need to be a separate entity from Bosch? Mangold-Takao: SAST is setup as a wholly owned subsidiary of the Bosch Group. We wanted to make sure that SAST is able to underline its role as an industry standard platform across multiple players. SAST is open to get additional investors and is being setup as a startup in its own offices in Munich to foster the environment where speed and innovation can more easily take place. Having said that, several entities of the Bosch Group are very interesting partners for SAST. The SAST App Store will allow developers to build and market new applications, similar to today’s app stores for smartphone applications Q: Please explain your "value proposition" to the industry. Mangold-Takao: We will bring new innovations and possibilities to the security and safety industry by providing an open, secure and standardised Operating System for video security cameras, to also address pressing issues such as cyber security and data privacy concerns. Devices that run then with the SAST operating system will work with an application marketplace provided and operated by SAST. Integrators and users can then use these apps from this marketplace to deploy additional functionality on these devices. With our platform we will be able to build up a community of app developers, including the ones not yet developing for this industry who have expertise in computer vision and artificial intelligence. Q: It seems what you are doing has parallels with the Apple and Android "app" stores. How is your approach the same (and how is it different) than those approaches? We are setting up SAST as a user-centric company and involve selected users very early on in the process"Mangold-Takao: The approach is similar in the way that we plan to generate revenue by operating the application marketplace and thus participate in the app revenue. The difference is that there is much more needed than apps and cameras to create a complete working solution addressing a user problem in this industry – we need to make sure that our own platform as well as the new applications being created will work as a part of an end-to-end solution. Q: "Critical mass" and wide industry participation seem to be requirements for your success. How will you achieve those goals? Will you involve integrators, consultants, or other parties in addition to manufacturers (to drive awareness)? How? Mangold-Takao: SAST is in close exchange with device manufacturers, integrators and consultants, as well as application developers and large end-users at the moment to ensure that we are building the right platform and ecosystem for this industry. We are setting up SAST as a user-centric company and involve selected users very early on in the process. We will run dedicated programs and hackathons to attract app developers, already active and new to our industry. We will also run selected pilots with end-users throughout 2019 to ensure we have all partners involved early on. SAST sees the industry is hungry for more innovative solutions – with the retail vertical market a target for these solutions Q: What timeline do you foresee in terms of implementing these initiatives? Mangold-Takao: While we start with first app development programs and plan our first pilots already for this year, we are planning our commercial launch for end of 2019. Q: How does your new company relate to the new Open Security & Safety Alliance (OSSA)? Mangold-Takao: The Open Security and Safety Alliance has been working very closely with SAST over the past year, defining some important concepts and elements required. One of the most important elements is an open and standardised Operating System, specific to this industry, which will then bring forward new innovative technologies and solutions. SAST is actively working on this Operating System, based on Android Open Source Project (ASOP), but is evolved and hardened with industry-specific features. Q: What's the biggest thing you want the security industry to understand about SAST? What is your "message" to the industry? Mangold-Takao: Our message is simple: let’s build better security and safety systems – together! But for real, innovating an industry is a joint effort, we can only bring new innovation to this industry with partners who share our vision and are excited about new technology. At the same time, we strongly believe that our platform allows every partner to bring forward what they do best but also invite new partners to our industry.

What is the value of remotely monitoring a system's health and operation?
What is the value of remotely monitoring a system's health and operation?

When is it too late to learn that a video camera isn’t working properly? As any security professional will tell you, it’s too late when you find that the system has failed to capture critical video. And yet, for many years, system administrators “didn’t know what they didn’t know.” And when they found out, it was too late, and the system failed to perform as intended. Fortunately, in today’s technology-driven networked environment, monitoring a system’s health is much easier, and a variety of systems can be deployed to ensure the integrity of a system’s operation. We asked this week’s Expert Panel Roundtable: How can remote monitoring of a security system’s health and operation impact integrators and end users?

What is AI Face Search? Benefits over facial recognition systems
What is AI Face Search? Benefits over facial recognition systems

When a child goes missing in a large, crowded mall, we have a panicking mom asking for help from the staff, at least a dozen cameras in the area, and assuming the child has gone missing for only 15 minutes, about 3 hours’ worth of video to look through to find the child. Typical security staff response would be to monitor the video wall while reviewing the footage and making a verbal announcement throughout the mall so the staff can keep an eye out for her. There is no telling how long it will take, while every second feels like hours under pressure. As more time passes, the possible areas where the child can be will widen, it becomes more time-consuming to search manually, and the likelihood of finding the child decreases. What if we can avoid all of that and directly search for that particular girl in less than 1 second? Artificial neural networks are improving every day and now enable us to search for a person across all selected camera streamsWith Artificial Intelligence, we can. Artificial neural networks are improving every day and now enable us to search for a person across all selected camera streams in a fraction of a second, using only one photo of that person. The photo does not even have to be a full frontal, passport-type mugshot; it can be a selfie image of the person at a party, as long as the face is there, the AI can find her and match her face with the hundreds or thousands of faces in the locations of interest. The search result is obtained in nearly real time as she passes by a certain camera. Distinguishing humans from animals and statues The AI system continuously analyses video streams from the surveillance cameras in its network, distinguishes human faces from non-human objects such as statues and animals, and much like a human brain, stores information about those faces in its memory, a mental image of the facial features so to speak. When we, the system user, upload an image of the person of interest to the AI system, the AI detects the face(s) in that image along with their particular features, search its memory for similar faces, and shows us where and when the person has appeared. We are in control of selecting the time period (up to days) and place (cameras) to search, and we can adjust the similarity level, i.e., how much a face matches the uploaded photo, to expand or fine-tune the search result according to our need. Furthermore, because the camera names and time stamps are available, the system can be linked with maps to track and predict the path of the person of interest. AI Face Search is not Face Recognition for two reasons: it protects people’s privacy, and it is lightweight Protecting people’s privacy with AI Face Search  All features of face recognition can be enabled by the system user, such as to notify staff members when a person of interest is approaching the store AI Face Search is not Face Recognition for two reasons: it protects people’s privacy, and it is lightweight. First, with AI Face Search, no names, ID, personal information, or lists of any type are required to be saved in the system. The uploaded image can be erased from the system after use, there is no face database, and all faces in the camera live view can be blurred out post-processing to guarantee GDPR compliance. Second, the lack of a required face database, a live view with frames drawn around the detected faces and constant face matching in the background also significantly reduces the amount of computing resource to process the video stream, hence the lightweight. Face Search versus Face Recognition AI Face Search Face Recognition Quick search for a particular person in video footage Identify everyone in video footage Match detected face(s) in video stream to target face(s) in an uploaded image Match detected face(s) in video stream to a database Do not store faces and names in a database Must have a database with ID info Automatically protect privacy for GDPR compliance in public places May require additional paperwork to comply with privacy regulations Lightweight solution Complex solution for large-scale deployment Main use: locate persons of interest in a large area Main use: identify a person who passes through a checkpoint Of course, all features of face recognition can be enabled by the system user if necessary, such as to notify staff members when a person of interest is approaching the store, but the flexibility to not have such features and to use the search tool as a simple Google-like device particularly for people and images is the advantage of AI Face Search.Because Face Search is not based on face recognition, no faces and name identifications are stored Advantages of AI Face Search Artificial Intelligence has advanced so far in the past few years that its facial understanding capability is equivalent to that of a human. The AI will recognise the person of interest whether he has glasses, wears a hat, is drinking water, or is at an angle away from the camera. In summary, the advantages of Face Search: High efficiency: a target person can be located within a few seconds, which enables fast response time. High performance: high accuracy in a large database and stable performance, much like Google search for text-based queries. Easy setup and usage: AI appliance with the built-in face search engine can be customised to integrate to any existing NVR/VMS/camera system or as a standalone unit depending on the customer’s needs. The simple-to-use interface requires minimal training and no special programming skills. High-cost saving: the time saving and ease of use translate to orders of magnitude less manual effort than traditionally required, which means money saving. Scalability: AI can scale much faster and at a wider scope than human effort. AI performance simply relies on computing resource, and each Face Search appliance typically comes with the optimal hardware for any system size depending on the customer need, which can go up to thousands of cameras. Privacy: AI Face Search is not face recognition. For face recognition, there are privacy laws that limits the usage. Because Face Search is not based on face recognition, no faces and name identifications are stored, so Face Search can be used in many public environments to identify faces against past and real-time video recordings. AI Face Search match detected face(s) in video stream to target face(s) in an uploaded image Common use cases of AI Face Search In addition to the scenario of missing child in a shopping mall, other common use cases for the AI Face Search technology include: Retail management: Search, detect and locate VIP guests in hotels, shopping centres, resorts, etc. to promptly attend to their needs, track their behaviour pattern, and predict locations that they tend to visit. Crime suspect: Quickly search for and prove/disprove the presence of suspects (thief, robber, terrorist, etc.) in an incident at certain locations and time. School campus protection: With the recent increase in number of mass shootings in school campuses, there is a need to identify, locate and stop a weapon carrier on campus as soon as possible before he can start shooting. Face Search will enable the authorities to locate the suspect and trace his movements within seconds using multiple camera feeds from different areas on campus. Only one clear image of the suspect’s face is sufficient. In the race of technology development in response to business needs and security concerns, AI Face Search is a simple, lightweight solution for airports, shopping centres, schools, resorts, etc. to increase our efficiency, minimise manual effort in searching for people when incidents occur on site, and actively prevent potential incidents from occurring. By Paul Sun, CEO of IronYun, and Mai Truong, Marketing Manager of IronYun