TECH5_T5-IDencode logo

T5-OmniMatch ABIS (1:N)

Automated Biometric

Identification System

T5-OmniMatch ABIS (Automated Biometric Identification System) is a mission-critical multi-biometric platform for Nation level Largescale ID projects that allows “on-the-go” identification of a person by face, fingerprints, and iris. T5-OmniMatch ABIS is designed around secure lifecycle standards and has built-in security. Data at rest and in transit is encrypted and APIs are protected by authentication and authorization.

Application data stores are decoupled by design, allowing for implementation of centralized access to ensure privacy and security. T5-OmniMatch ABIS offers several key benefits. It is cost-efficient because it uses commercial off the shelf infrastructure, has small hardware footprint, and allows for centralized system management. The availability of a REST API as the key interface to T5-OmniMatch ABIS ensures that any required integration is effortless and fast.

T5-OmniMatch ABIS has been successfully used in national scale level projects around the world. Currently more than 400 million active identities are managed in global projects, and more than 300,000 transactions are processed by T5-OmniMatch ABIS every day. T5-OmniMatch ABIS is designed to grow with your expanding needs without an impact on performance, speed and accuracy.

Thanks to built-in redundancy in the T5-OmniMatch ABIS open architecture, single point of failure is avoided, and system downtime is reduced to a minimum.
T5-OmniMatch ABIS is designed to be implemented in a variety of legal and civil sectors requiring accurate identification, recognition and verification including access control, law enforcement, ID management, social inclusion, immigration, and passport control.

T5-OmniMatch ABIS Modules

The number of biometric modalities and functionality of T5-OmniMatch ABIS can be tailored to meet the growth and performance requirements of each customer. The following describes the broad classifications of the modules available for individual solutions.

ENROLMENT

T5-OmniMatch ABIS allows to ensure one person has only one identity in the database and can perform de-duplication across multiple biometric modalities. The Enrolment module allows for enrolment of biometric and demographic data of each individual as per global standards. The data will be processed (finger slap segmentation, iris encoding, face formatting and quality check), checked for quality, and approved by the operator. The lossless images will be packaged and transferred to the backend application.

DE-DUPLICATION

Data from the enrolment stations will be processed by the middleware application via the interfaces and business logic in workflow engine, and then sent to the matching environment for De-duplication. To keep the footprint of the system small and manageable, separate repositories with identical data for De-duplication and Authentication (verification) are proposed. This will keep the traffic separate for these two functionalities each of which has significantly different throughput volumes and process intensity. The De-duplication component will determine unique identities, and the matching environment will use them to populate the authentication repository. In this way the very high volume of authentication with lighter per transaction resources help to keep the overall matching environment small. The middleware application will interface with the Biometric Engine via REST API. The De-duplication engine will process the requests sent via REST API for De-duplication to determine the uniqueness or non-uniqueness of biometric probes. Business logic will drive the decision to search a single or all biometric modalities for the De-duplication task in order to achieve the highest possible accuracy and throughput performances. Matching results up to a certain rank (configurable) will be returned with an individual matching score per ID.

IDENTIFICATION

Search of one identity will be carried out across N already enrolled identities in the database to identify a person and deliver results in real-time using T5-OmniMatch ABIS (1:N). TECH5’s identification platform has proven its efficiency at National ID databases involving millions to billions of records.

AUTHENTICATION

Authentication will be carried out using the TECH5 multi-biometric authentication module T5-OmniMatch ABIS (1:1). If authentication by 1:1 verification fails, business logic can use the same probe to initiate a 1:N search against the De-duplication repository to determine if the individual already exists under another identity or if fraud has occurred.

Architecture

The massive redundancy built into the system architecture ensures that there is no single point of failure and offers the added benefit of supporting concurrency and high throughput, making the system both cost-effective and highly reliable. Redundancy ensures that there is no loss of data and guarantees system availability with minimal reduction in performance until the failed component is repaired. In the event of multiple failures, the system throughput, but not latency of discrete transactions, will be decreased while the matcher faults are offline, ensuring that production is never halted.

 

 

 

T5-OmniMatch ABIS architecture and design principles include:

Icon describing IDencode facial image compression algo
EASY UPGRADABLE BIOMETRIC SDK 
T5-ABIS BE is designed to allow easy upgrades of the underlying core biometric SDK with minimum changes.
ABIS Automated Biometric Identification System
LOCATION INDEPENDENT
The application discovers services dynamically rather than relying on hard-coded dependencies.
T5-ABIS transaction processing template creation and storage AWS
SOA / COMPOSE-ABILITY 
The application consumes and exposes web services with APIs discoverable at runtime. The structure incorporates as much as possible small, stateless components designed to scale out. Services for transaction processing, template creation and storage can be made stateless and launched in AWS auto scaling group.
T5ABIS tech5 legal civil accurate identification
DESIGNED FOR MANAGEABILITY
The application is instrumented and exposes metrics and management interfaces. These are required for performance measurement and tracking. The log format for each component is standardized for log aggregator such as logstash / sumologic that can do the analytics and performance measurements.
ABIS access ensure privacy security
SECURE 
The application is based on secure lifecycle standards and includes built-in security. Data at rest and in transit can be encrypted. APIs are protected by authentication and authorization.
T5-ABIS reduce data breaches.
DECOUPLED DESIGN
Data stores are decoupled by design to reduce the impact of data breaches.
abis CENTRALIZED ACCESS
CENTRALIZED ACCESS 
The system limits/reduces the need for access to all nodes for manageability/operation purposes. For example, centralized configuration management, log aggregation and monitoring hooks reduce the need for accessing individual nodes, thus reducing security risk.
biometric_mobile_offline_QR_barcode_PKI_authentication
COST AND RESOURCE CONSUMPTION AWARE
The design minimizes costs due to bandwidth, CPU, storage consumption, and I/O requests. The model with template creation to the edge reduces central DC infrastructure needs.
ABIS easy fast configuration
CENTRALIZED CONFIGURATION 
Centralized configuration management helps with easy and fast configuration changes reducing the risk of misconfigurations especially when many nodes must be configured. Configuration settings can be versioned and controlled and changes can be audited.
biometric_mobile_offline_QR_barcode_PKI_authentication
INFRASTRUCTURE INDEPENDENT & AGNOSTIC
The application makes no assumptions about the underlying infrastructure, using abstractions in relation to the operating system, file system, database, and so on. T5-ABIS BE incorporates technologies that are platform and OS independent.
Icon describing IDencode facial image compression algo
ALWAYS AVAILABLE 
Resiliency is designed into the application so that failures in the infrastructure are handled fluidly without interruption of service. Failure in components will be handled by redundant components and graceful reduction in capacity vs. interruption. If components are abruptly broken (disappear in case of cloud), new component nodes can be rapidly provisioned using provisioning/deployment tools like Docker/Ansible.
biometric_mobile_offline_QR_barcode_PKI_authentication

SCALABLE ARCHITECTURE
The T5-OmniMatch ABIS principles of distributed computing allow for efficient scaling to meet the performance and availability SLAs. There are considerations for both vertical and horizontal scalability. Special consideration is given to components like matcher nodes that cannot simply follow standard design principles.

T5-OmniMatch ABIS Key Benefits

COST EFFICIENCY

The use of commercial off the shelf infrastructure, small hardware footprint, and centralized system management all contribute to a low cost of ownership.

EASE OF INTEGRATION

The availability of a REST API as the key interface to T5-OmniMatch ABIS ensures that any required integration is effortless and fast.

TOP TIER BIOMETRIC PERFORMANCE

The high accuracy of T5-OmniMatch ABIS is fueled by T5-Finger, T5-Face and T5-Iris core recognition performance, as tested by NIST.

FIELD-PROVEN RELIABILITY

T5-OmniMatch ABIS is successfully used in national scale level projects around the world.