Select Page

ImageWare CloudID®

Cloud-Based Biometric Identity Management

ImageWare CloudID® is a highly modular, software platform that enabled rapid development and deployment of highly secure, yet flexible biometric identity management solutions.

ImageWare CloudID® is easily incorporated into new or existing cloud-enabled environments or integrated as cloud-ready software into traditional networked client server and data center IT infrastructures.

Two innovations differentiate this biometric identity platform:

  • Virtually any biometric modality and algorithm from any vendor can be quickly incorporated into the system.
  • The system can be easily scaled to satisfy the requirements of small organizations or entire counties, providing ultra-scalable real-time solutions.

ImageWare CloudID® Complete Suite

CloudID Server Platform

ImageWare CloudID’s server platform is a set of configurable, server-based software modules designed to add or enhance biometric identity management and credential issuance capabilities to existing applications or support the development of these capabilities in new end-to-end applications. 

The ImageWare CloudID servers include:

  • Card Management Server (CMS): manages card and credentialing
  • Identity Manager Server: manages biographic data
  • Document Manager: manages binary documents and images
  • EBTS Server: manages

CloudID Applications

ImageWare CloudID applications consists of a set of configurable client-based software applications that provides turnkey biometric enrollment, identification, and verification, as well as card printing and encoding capabilities. These applications are designed to enable rapid development and deployment of CloudID. Applications are modular and single-purposed, highly configurable, extensible, easily customized, and integrates directly with both CloudID server products and third-party solutions.

The ImageWare CloudID applications consist of:

  • QuickCapture
  • QuickID
  • QuickBadge
  • EBTS Workstation
  • EPI Builder

CloudID Business Services

ImageWare CloudID business services consists of a set of configurable, business service layer software modules designed to enable existing or new applications to leverage the capabilities of the CloudID server platform. Core business service modules can be replaced or supplemented with third party offerings.

System integrators often rely on an ESB platform to create the business service layers required for the customer solution they develop. ImageWare CloudID is designed to integrate easily within these business service architectures and to achieve optimal performance as part of an ESB platform.

Services can be described as:

  • Workflow, often specific and tailored to a solution
  • External to or integrated into Server Component

ImageWare CloudID® Server Platform

ImageWare CloudID server platform consists of a set of configurable, server-based cloud identity management software modules designed to add or enhance biometric identity management and credential issuance capabilities to existing applications or support the development of these capabilities in new end-to-end applications.

ImageWare’s CloudID server platform consists of the:

With the exception of the ImageWare Biometric Engine, each server module operates independently and can be replaced by or integrated with other third party or custom servers.

ImageWare Biometric Engine

ImageWare Biometric Engine is a real-time (no copying of templates), high-performance, scalable, clusterable, biometric database. It is biometric algorithm agnostic (supports 70+ and growing) and hardware/software scalable to support large populations and multiple modalities.

  • Supports multiple biometric modalities
  • Supports multiple biometric algorithms
  • Real-time high performance biometric template cache
  • Supports multiple biometric query types including 1:1: verification, 1:N identification, X:N watch list, N:N duplicity checking and optional meta-data filtering
  • Supports biometric fusion (combining of multiple biometric modality scores into a single score)
  • Supports SOA interfaces for easy integration with ESB’s, thin, fat and mobile applications
  • Query Router / Query Engine interface
  • Supports distribution of biometrics, matching across multiple machines (both physical and virtual), and computing processors via the Query Router/Query Engine that is scalable to populations in the hundreds of millions
  • Supports data striping and mirroring for optimized distribution of template cache and processing
  • Runs on Windows Server operating systems with plans for porting to Linux
  • Support for Anonymous Biometric Identity Management (patents pending)
  • Persistent data management for backup and restore
  • It’s the Oracle® of biometrics
Doc Server

In terms of the GoCloudID stack, a document is any binary object that needs to be stored and managed:

  • Images from biometric captures (face, finger, iris, etc.)
  • Image scans from document scanners (passport, driver’s license, etc.)
  • Binary documents used in the management of identity information (EBTS transactions, data structures, etc.)

Document management server stores and manages binary documents, associates meta-data with them for rapid search, retrieval, and runs on Windows Server and Linux operating systems. The document management server uses a SQL RDBMS (same as IDMS) to store and retrieve binary documents.

Meta-Data and Documents

Meta-data (name-value pairs) are used to identify each document for later retrieval. Examples of meta-data associated with a document:

  • Biometric modality (left index finger, face, right iris, etc.)
  • Document type (driver’s license, passport, EBTS transaction, etc.)
  • Identity association (unique person identifier)

Meta-data provides flexibility in storing, managing, and retrieving binary objects (documents) from the server.

Replacing the Document Management Server

In the instances where a project has an existing document server we can work with an existing document management solution on the GoCloudID server stack to build custom business service layers (BSL). This allows for the integration of the document management with the other components of the GoCloudID server stack.

Credential Management Server

In terms of the ImageWare CloudID® stack, a credential is any card, badge, or document used as a factor in verifying an identity. Card Management Server creates, encodes (in the case of smart cards), and manages the lifecycle of credentials by using a SQL RDBMS (same as IDMS) to manage all credential information.

Card Management Server integrates with other CloudID Server products including:

  • Biometric Engine, Identity Management Server, Document Management Server, IWS PrintServer
  • Multiple credentials can be associated with a single identity
The IWS Credential Manager
  • Runs on Windows Server and Linux operating systems
  • Integrates with Physical Access Control Systems (PACS)
  • Works with Print Server print and encode credentials, using the EPI Builder and EPI Designer for card layouts, printing, and encoding
  • Uses a RDBMS to store and manage credential/lifecycle data
  • Manages card lifecycle
    • Print, encode, validate, activate, deactivate
    • Manages participation in lists (white list, black list, etc.)
Integration with IWS Print Server
  • Print Server is an add-on to IWS Card Management Server
  • Runs only on Windows Server operating systems
  • Works with multiple card servers to print larger volumes of credentials
  • Highly recommended to sell Print Server only with Card Management Server
  • Uses EPI Builder to:
    • Support multiple card layouts created by EPI Designer (DGN’s)
    • Abstract card printer interfaces
    • Encode smart cards (HSPD-12/PIV/TWIC, Mifare, iClass, etc.)
    • Print credentials with Card Management Server using Print Server
IWS Card Management Server in the CMS Market
  • Card Management Server is an integral part of the IWS CloudID server stack
  • It is designed to be open, configurable, and extensible, which gives it an advantage over our competitors
Replacing the Card Management Server

When we need to integrate with a project that has an existing CMS in place, we can work with the existing document management solution on the IWS CloudID server stack by building a custom business service layer (BSL) to manage the integration of the CMS with the other components of the IWS CloudID server stack.

Electronic Biometric Transmission Specification Server (EBTS)

Electronic Biometric Transmission Specification (EBTS) is the least common denominator transaction format for biometric and biographic identity management. EBTS is a specification controlled by the National Institute of Standards and Technology. It is also used internationally by government and civil organizations to capture (enroll) and share identity information.

It was the descendant of EFTS (fingerprint); created by the FBI to accept AFIS requests and enrollments. Unlike EFTS, which only supports fingerprints, EBTS supports multiple biometric types.

EBTS Server

It’s not an identity management system on its own. It is a gateway for identity management data to go from inactive (file based) to active (searchable and manageable) and it integrates with external services via custom workflow. There’s nothing else like it.

  • Types of EBTS Transactions
  • Transactions can be of different types, as defined by the agency or community that accepts and works with them.
  • Each agency has their own set of ToT’s and each one has a purpose.
  • An EBTS type of transaction (ToT) is a definition of the data and purpose of a given transaction definition
  • Data in a ToT are defined as records:
    • Each record has a specific purpose and type of data that it contains (biographic, iris, face, fingerprint, etc.)
    • The types and number of records define the total structure of the EBTS transaction
Transaction Record Type Examples
  • Type 1: Transaction Information
  • Type 2: Biographic data (agency defined name-values)
  • Type 6: HighRes binary fingerprint image
  • Type 8: Signature data
  • Type 10: Facial and SMT image
  • Type 15: Variable resolution palm-print image
  • Type 17: Iris image
  • Type 99: CBEFF/M1 biometric data record (catch-all)
EBTS Server
  • The EBTS server is part of the GoCloudID® server stack
  • Stores and Manages EBTS transactions
  • Enrolls identity information from EBTS transactions into the GoCloudID Server stack
  • Identity data is enrolled into IWS Identity Management Server
  • Biometrics are enrolled in ImageWare Biometric Engine
  • Biometric images are saved in ImageWare Document Management Server
  • Works with all EBTS ToT’s using OpenEBTS (part of the Open Biometrics Initiative)
  • Manages sending and receiving EBTS transactions to external agency services (AFIS, background check, etc.) with a custom workflow for processing and tracking EBTS transactions and responses
  • Runs on Windows Server operating systems
Problem with most EBTS

Each agency/community can and does define their own ToT’s without a lot of overlap in the biographic data record definitions (type 2). EBTS transactions are files, and contain data/images, which are great for capturing and sharing identity information, but not appropriate for true identity management (it’s not a database).

Biometric Management Engine

Biographic identity relates to data that represents an identity. This is data that is usually intrinsic to the identity and typically contains text, numbers, dates, etc. A common example is first/middle/last names, addresses, birthdate, etc. Biographic identity management relates to the management of biographic data.

In ImageWare CloudID®, biographic data is separated from biometric data and stored in the IWS Identity Management Server (IDMS). The IWS Identity Management Server manages all biographic identity information in the CloudID server stack. It runs on Windows Server and Linux operating systems and uses a relational database for storing, retrieving, and managing all biographic data. This allows IWS to separate biometric data from biographic data.

Biometric Data
  • Needs real-time, optimized storage
  • Matches take place against the actual data, not a copy
  • Supports the use of different biometric matching algorithms
  • Biographic data:
  • Needs optimized storage and retrieval of text, date and numeric data
  • Needs the ability to store and manage data elements defined specific to a project
  • Biographic data is text, numbers, dates, etc. It is perfect for traditional, relational databases (RDBMS)
  • Fast indexing, fast retrieval, clustered processing, etc.
  • Elements vary based on the project requirements
How IDMS supports Biographic Data
  • IDMS supports standard data elements (name, address, birthdate, etc.)
  • IDMS supports several RDBMS’ including Microsoft® SQL Server, Oracle® Database and MySQL
  • IDMS supports variable data through the use of meta-data
  • Uses meta-data as data elements that make up the identity itself
  • Most biographic data elements are common to all identity definitions
  • Meta-data fills the gap by providing variable data element definitions that make up the biographic identity data
  • In the database, Meta data is implemented as name-value pairs, which are data elements that are stored in the database in a non-structured way and can store any type of data necessary
Biographic Meta-Data
  • In standard, relational database theory, data elements are broken down in to named columns inside of a logical construct called a table.
  • Data can be related to each other in 1-to-many relationships with each 1-to-many relationship stored in a table and defined as related. E.g.: each identity can have multiple aliases, addresses, etc.
  • We can’t think of all of the data that will need to be stored and associated with an identity
  • We use meta-data to implement the storage and management of data elements that are specific to an identity management system implementation
  • Meta-data is implemented as name-value pairs. Name-value pairs are data elements that are stored in the database in a non-structured way, and can store any type of data necessary. The data is stored in a native data type (text, number, date, etc.) and a unique name is used as an identifier (similar to a column name)
Meta-Data in IDMS
  • Extends the capabilities of the IDMS to store data that is not standard in the IDMS database
  • Not the same as meta-data in Biometric Engine. In the ImageWare Biometric Engine, meta-data is an index filter that is associated with a template. In IDMS, meta-data are unique data elements that are associated with specific identities and can be used to search and filter
Replacing a Project’s Existing IDMS

Sometimes a project has an existing IDMS in use, such as:

  • Oracle IDMS
  • Microsoft IDMS
  • Custom built IDMS
  • Relate biometric data with biographic data using unique person identifiers (PersonID)
  • Build custom business service layer (BSL) to manage the integration of the biographic component(s) with the ImageWare Biometric Engine
  • We can work with 3rd party IDMS’ on the ImageWare CloudID stack

ImageWare CloudID® Applications

ImageWare CloudID applications are modular and single-purposed, highly configurable, extensible, easily customized, and integrates directly with ImageWare CloudID server products and third-party solutions.

They work independently, or in conjunction, to provide customers with cloud-based identity management and access verification. ImageWare’s highly successful products, EPI Suite® and EPI Builder®, are also part of ImageWare’s CloudID applications.

The ImageWare CloudID applications consist of:

  • QuickCapture
  • QuickID
  • QuickBadge
  • EBTS Workstation
  • EPI Builder

ImageWare CloudID® Business Services

ImageWare CloudID Business Services provide a set of configurable, business service layer software modules utilizing cloud identity management designed to enable existing or new applications to leverage the capabilities of the CloudID server platform. Core business service can be a total or modular solution; components can be replaced or supplemented with third party offerings.

ImageWare CloudID Business Services consists of a set of configurable, business service layer software modules designed to enable existing or new applications to leverage the capabilities of the CloudID server platform. Core business services modules can be replaced or supplemented with third party offerings.

System integrators often rely on an ESB platform to create the business service layers required for the customer solutions they develop. ImageWare CloudID is designed to integrate easily within these business service architectures and to achieve optimal performance as part of an ESB platform.

There are two types of CloudID business services software modules. Best of breed, Commercial Off The Shelf (COTS) software modules developed by ImageWare to address generalized solutions requirements, and customized modules that “stitch” workflow processes together for specialized solutions.

Custom business services software modules can be developed by ImageWare, system integrators, or other identity solution developers. Customized modules developed by ImageWare that have broad market application will be productized to become COTS components of ImageWare CloudID. System integrators and other identity solution providers may also choose to productize their own customized modules to enhance their CloudID based identity solutions.

Contact Sales

Let Us Show You

Request a Demo

Try Our Products

Get a Free Trial