a) The Metropolitan Police Service is one UK’s most largest police force and

more than 45,000 people including police officers, staffs and community support officers
which is serving more than 7 million residents over a large area. In the MPS to keep track of
the phone and fax lists which comes up to for almost 45,000 employees is a major task.
Including this, almost all of MPS people need some type of access to their internal systems
and their databases, however by it's using email or logging on to reporting systems. And, a
people of this work size is regularly elaborating, as staff may leave or join, or move to new
posts this means that they need the access to different systems.

Mostly to the police officers and their staff work’s is related to the information
which is very sensitive and it’s important that only the authorised users have to access to it.
The MPS have to make sure that only a particular personnel can only can access the data
they are authorised to view and these permissions must be kept up to date. To manage all the
data was very costly, time consuming and also big administrative headache to the
Metropolitan Police. Because access to all its different sections internal security systems was
controlled autonomously by different sections departments, the MPS staff might regularly
find themselves to have to use dissimilar user names and passwords to access dissimilar aid
on the network. The MPS management has very big problem in handling this critical
solution as it might be very risky because each user was having four identity and the
management might not be knowing which user has which level of access to which
information.

As explained by the Technical Security Manager Vince Freeman of the MPS,

"Before the start of the project, any single employee of MPS could most likely have a
minimum of four different electronic identities. From the user point of view this was not a
major issue but from the management point of view its a very critical issue. So definitely, we
need to make sure that only authorised and authenticated members of staff members should
be able to get access to the information and with four or more identities per user, so to keep
track which user had access to which sections information had become a big issue."

B)Biometrics refers to method for uniquely recognizing humans beings based upon
physical or behavioural Characteristics information technology, especially, identity access
management and access control are form used by the biometrics. It is also used to recognise
singleton in batches that are directed under supervision. There are two types of biometric
techniques physiological which is related to shape and size of the body and behavorial which
belongs to the behaviour of the person. [http://en.wikipedia.org/wiki/Biometrics]

Biometrics play very important role in the MPS to strengthen user aunthentification,
without the biometric the security wont be that much good. Biometrics is considered as a
reliable solution for protecting a particulars identity and rights as it is recognised by unique
featuress. Biometrics techniques are used for mainly two authentication methods they are
Identification and verification.[ BIOMETRICS : A FURTHER ECHELON OF SECURITY
Siddhesh Angle, Reema Bhagtani, Hemali Chheda]

Biometric has many advantages like it increases security to provide additional class of
security, minises the fraud by implementing very tough technologies like minising fraud for
ID cards and by using physical attributes the problems of lost Id cards and forgotten
passwords eliminates and by reducing the administration costs and cost savings in such as
prevention of time and attendance,Also making possible to know automatically to know who
did what when and where. [http://www.questbiometrics.com/]
 Ideally,the biometric chosen by the MPS management should possess characteristics So
that it can limit the need for compromise by any means and enhancing security and
practicality. Significant areas of the practicality are speed , accuracy, cost, size, enrolment
convenience and user acceptance.

According to me the finger vein technology and the hand vascular pattern identification
should be used for the verification of the police officers as these are safer compared to other
techniques.

Finger vein technology in MPS

This technology being an internal biometric invisible it meets the anti-forgery requirement
especially except under special conditions. It should also ensures of presence of live blood
vessels
Because the finger vein patters are very clear and distinct so the accuracy requirement is met.
In patterns there is high degree of variation and the finger vein remains almost same through
adult age, it is insensitive to external factors such as dirt, sweat, injury etc and this is possible.

when the police officers use latex gloves which is its specialised settings. The police
officer only need to put his finger on the scanner if its the authorised user and it matches its
veins then only it is authenticated it has very high accuracy when it is compared with its cost
as it it is very cost effective. From the security point of view fro the police officers it is the
ideal biometric technique.

When the police officer keeps his finger on the scanner an invisible infrared light works
through the finger and this light absorbs the haemoglobin of the blood in veins this unique
method capture the image by the sensor which is placed below the finger.[ Hitachi’s Finger
Vein Technology A White Paper].

In this technique there are 4 steps of authentication process

1. Takes the finger vein image pattern from scanner

2. The image

3. Extracted image from the extracted pattern feature

4. Matching of pattern and the outcome

Below figure 1 show all the above 4 steps

.
Hand Vascular Pattern Identification

In the MPS this pattern is also very usefull as veins will same throughout life an image of
one’s vein pattern will produced by the infrared light on their face, wrist and hand. This
pattern is very difficult to duplicate as it is a computerised comparison of shape n size of the
substantial blood vessel in the back hand. As there is no physical contact is required and the
blood vein is required so it is very secure and performing is excellent and no degradation of
performance even with scars and 0.4sec/person is the speed of the verification of the system
the FAR and FRR is 0.0001% and 0.1% respectively. This pattern is less used at this moment,
it is majorly can be found because it is being used less till now the MPS should use this
technique because of its uniqueness. Only used by some established companies. .[
BIOMETRICS : A FURTHER ECHELON OF SECURITY Siddhesh Angle, Reema
Bhagtani, Hemali Chheda]

C ) Multiple Digital identity is a digital technology which refers to aspects of digital

Technology that is relevant with the intervention peoples own experience with their own
Identity and to identify other peoples things or digital identity are the computerised
Electronic illustration of a person or any organisation important information and help
them to control the information which has been transferred.
[http://en.wikipedia.org/wiki/Digital_identity].
Biological identity is nothing but it is a techniques which includes all biometric
techniques such as iris scan, finger print, DNA, vein, retina voice etc. The biological identity
is very secure compared to the multiple digital identities.

Below table shows some of the difference between biological identity and multiple digital
identity.
Biological Identities Multiple digital identities
More Secure Less secure

Biological identity is slow Multiple identity is fast

Reliable Less reliable

Accuracy is high Accuracy is medium

Cost is high Low cost

User Acceptabilty is high User acceptability is low

Digital identity should always refer to two concepts nyms and partial identities. And every
person has its own identity given by variety of authorities. Examples: passport, ID cards
beyond the physical presentation.

In the MPS the level of security will be different for different department and the access
also. When the police member will be in the police crime unit he will be having information
or access to all the criminal records For the police member who is in crime unit the biological
identity will the perfect secure because its related to physical aspect so that no one can access
his documents kept in his chamber or anywhere whereas if he uses the digital identity like
keeping passwords or keeping some zig zag photos as password an intelligent person can
access it and in case if the police member in crime department forgots his password than its
quite difficult to retrieve whereas in biological identity their is no way to forget his password
as its biological it may be vein, retina, iris etc.

Similarly for the normal police officer when he is not in crime department very high level
of security is needed digital identity will be enough as he wont be having very important
information. consider Swiping of ID cards might be enough for the normal police officers
who acts in particular context. When he will be crime department his security level will be
high because of his access to the crucial information which might be related to national level.
A crime department officer can work as crime officer and as well as normal police officer the
access level to information will be less.

D ) A client and server involves the secure transmission between sender and receiver using
the public and private keys to encrypt and decrypt the messages. Encryption is nothing but a
process of changing the text while sending so that the message should be not easy to read.

When sender and receiver want to use the public key encryption for transmission of
message both the parties will be having a shared key. when the sender sends a message to the
receiver with its shared key the receiver uses its copy of shared key to decrypt the message.
The private key encryption is not safer because anyone who has the copy of the shared key
can encrypt or decrypt it so both the sender and receiver will be watched as both can encrypt
or decrypt.
 When the sender wants to share a secret message with the receiver using the public key
encryption, the sender ask the receiver for its public key,than later sender uses the public key
encryption. In this context only the reciever’s private key can decrypt the message,the sender
sends the message,receiver decrypts the message using its private key.This is reliable because
the receiver can give public key to anyone and and keep the private key as private for
decrypting messages.[ http://tldp.org/REF/INTRO/SecuringData-INTRO 5]

For any security infrastructure the following has to be delivered to trusted transaction
between any client and server
1. Authentication
2. Confidentiality
3. Data integrity
4. Non-repudiation

‘Trust’- but only in a tangible sense! [Digital_certs_MSc_2008 (Tim French ) 6]

PKI is asymmetric encryption, PKI ascertains the use of public key cryptography ,Yes
PKI is unbreakable because In Public Key Infrastructure its very hard ,when the sender
sends a secret message to encryption after asking the receivers public key only the receiver
can decrypt it using its private key. Yes the police should trust the cryptographic techniques
such as RSA which is Impossible to break the code it may take several 100 years to break the
code till than the technology will be very advance and some new technologies could have
been launched. [http://tldp.org/REF/INTRO/SecuringData-INTRO 5 ]
A CA gives the digital certificates those contain a public key and the identification of the
owner. The private key which is not made publicly available, buthas been kept secret by
the reciever who produced the key pair. The public key contained in the certificate belongs to
a particular person or sewrver or mentioned in the certificate.The CA’s main work is to
verify the applicants authorisation so that the users and dpending parties should trust the
information of the CA certificates.The CA is responsible to say that the said person is
genuine. If the user trusts than it can verify the signature of CA and the user can verify that
the public key belongs to the person who is identified by the certificate.
[http://en.wikipedia.org/wiki/Certificate_authority 7]

References
1. BIOMETRICS : A FURTHER ECHELON OF SECURITY Siddhesh Angle, Reema
Bhagtani, Hemali Chheda]

2. http://www.questbiometrics.com

3. Hitachi’s Finger Vein Technology A White Paper Ben Edgington May 2007.

4. http://en.wikipedia.org/wiki/Digital_identity.

5. http://tldp.org/REF/INTRO/SecuringData-INTRO
6. Digital_certs_MSc_2008 (Tim French )

7. http://en.wikipedia.org/wiki/Certificate_authority.