Russian Railways will collect biometrics of its employees for their admission to PCs and IT systems. Passwords are not too reliable
| Customers: Russian Railways (RZD) Product: Access control systems projects based on human identification (biometrics) Project date: 2022/01 - 2023/11
Project's budget: 129 247 752 руб.
|
Russian Railways decided to introduce a single corporate automated system of biometric identification and authentication (BSIA) for employees. As of the beginning of December 2021, applications for participation in the competition for the creation of this system with an initial price of 129.2 million rubles are being accepted. [1]
As part of the project, it is required to implement a software interface that allows users to authenticate in all automated workstations (APs) included in the corporate domain, in Russian Railways information systems, in portal and microservice applications using SSO technology (Single Sign-On, single sign-on technology), specified in the terms of reference.
The project involves the creation of biometric profiles of Russian Railways employees based on facial or voice traits, follows from the terms of reference. As part of the BSIA, a specialized workplace should be provided to obtain samples of biometric characteristics and form a reference base of employee profiles.
The system needs to implement mechanisms for assigning specific user accounts with certain roles that regulate the availability of information display and available functions.
For the biometric identification and authentication subsystem of the BSIA, passive liveness validation, protection against camera image substitution, integrity control and authentication of messages containing collected biometric data should be implemented.
The system takes no more than 5 seconds to perform identification/authentication for each call at an intensity of up to 1.5 thousand per minute. At the same time, each attempt of biometric authentication or verification should be stored on the BSIA server in the transaction log with recording of the date, time, workplace of the user and biometric samples. And in the case of several unsuccessful authentication attempts, it is supposed to lock the device for a given time.
BSIA shall meet the requirements of processing of information constituting the trade secrets of Russian Railways, as well as personal data of users. The system will operate only in the Russian Railways data network.
One of the requirements for the system is that it should operate on the basis of imported non-independent software and/or freely distributed open source programs that do not require additional licenses and financial costs from Russian Railways.
The need to create a BSIA in Russian Railways is explained as follows. Effective recognition and verification of the identity of employees for admission to AWS and corporate information systems for the performance of official duties that require the provision of certain rights is of great importance for transport security and IB of Russian Railways. Now the identification of employees when registering on corporate PCs and in automated systems of Russian Railways is carried out by login, and authentication - by the password assigned to the account. But this method is influenced by the human factor: for example, the password may be lost or it may be viewed by an unauthorized person during the input process, the statement of work says.
 | Of the three types of data that can be used for identification and authentication - inherent to the employee (biometric data), known to the employee (pin code, password) and available to the employee (token) - integral, while only the biometric type of data inherent to the employee can be considered reliable - the need to create a corporate biometric system is justified in the task. |  |
However, according to TAdviser in Russian Railways, the project provides that employees of the company whose duties involve the use of automatic workplaces and corporate information systems, in addition to the existing method by using a password, will be able to use the biometric method of access. The introduction of such technology will be carried out gradually.
| | Access of staff who refuse to submit biometric data will be made by the current procedure. The use of biometric data for purposes beyond the functionality of the biometric identification and authentication system is not intended. Biometric data will be protected in accordance with the legislation of the Russian Federation, "added Russian Railways. | |
In April 2020, when Russian Railways reported transferring employees to remote work, there was information that about 240 thousand employees have computerized jobs in the company[2].
The deadline for the completion of work on the project for the development and implementation of BSIA is indicated by November 2023, and Russian Railways plans to summarize the results of the competition on January 18, 2022.
Notes
- ↑ Open competition in electronic form No. 1157/OKE-TI/21 for the right to conclude a work contract on the topic: "Development and implementation of a Unified Corporate Automated System for Biometric Identification and Authentication in Russian Railways (B)."
- ↑ How Russian Railways transferred 110 thousand employees to remote work in a month
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |