You are here: Resources > FIDIS Deliverables > HighTechID > D3.2: A study on PKI and biometrics > 

D3.2: A study on PKI and biometrics

Current Privacy Research Applied to Biometrics  Title:
 Case Study: Secure Storage Biometric Smart Cards


Biometric Credentials

Access control often relies on authentication. At first a form of authentication takes place and then proper access rights are looked up and granted. The identity of the user can but does not have to be known. Sometimes at first the identity of the user is determined (and verified) and then user rights are based on such known identity of the user. Access rights can also be set pseudonymous or anonymous. For example a shared folder can be protected by a password: anyone who is successfully authenticated by a password obtains relevant access rights.  

Access rights can be also stored in the form of credentials. The user supplied credentials are checked and the access is possibly granted. For example the user presents his/her one day ski pass, the ski pass serial number is looked up in a database and if it is found then the user is granted access to the ski lift. The identity of the skier is not known in this case. Such a ski pass could be used/misused by several people and the system would not be able not stop such a behaviour. We could try to require a password to authenticate the skier. The password would limit the misuse by a random finder but would not stop passing the ski pass deliberately to a friend. Therefore multiple-day ski passes are typically bound to an identity of the skier containing for example a photograph, the name and the birthday of the skier. Then the identity of the skier can be (randomly) checked as an additional security measure.

By using biometric authentication we can omit the use of other personal data. If we add a biometric template (e.g. an IrisCode) to the credentials (in our case to the serial number of the ski pass and then we digitally sign this link) then the skier could be verified automatically by the biometric system. No misuse of the ski pass (either deliberate or unintentional) would be possible and still no other personal data is necessary. Moreover the biometric matching can be completely automated and there is no need of the staff to get into contact with the biometric template (or any other personal data). 

This could be a privacy-enhancing scenario as no data other than biometric template is necessary. On the other side biometric data are important personal data (possibly even sensitive personal data) and can be used to uniquely identify a person. Therefore credentials containing biometric data can in no way be considered anonymous. Some sources claim [e.g. BioVision] that templates that cannot be used for reconstruction of the original data can be seen as pseudonymous data. This could be, however, problematic as the primary purpose of any biometric template is the unique identification of a person. 

Whether to include biometric data in credentials to facilitate the access control or not is a question that depends on the application. There can be situation where this is desirable improvement and in many other cases this will not be a help. 



Current Privacy Research Applied to Biometrics  fidis-wp3-del3.2.study_on_PKI_and_biometrics_03.sxw  Case Study: Secure Storage Biometric Smart Cards
Denis Royer 28 / 40