Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.2: A study on PKI and biometrics
 |
Title: BIOMETRIC CREDENTIALS |
 |
Access control often relies on authentication. At first a form of authentication takes place and then proper access rights are looked up and granted. The identity of the user can but does not have to be known. Sometimes at first the identity of the user is determined (and verified) and then user rights are based on such known identity of the user. Access rights can also be set pseudonymous or anonymous. For example a shared folder can be protected by a password: anyone who is successfully authenticated by a password obtains relevant access rights.
Access rights can be also stored in the form of credentials. The user supplied credentials are checked and the access is possibly granted. For example the user presents his/her one day ski pass, the ski pass serial number is looked up in a database and if it is found then the user is granted access to the ski lift. The identity of the skier is not known in this case. Such a ski pass could be used/misused by several people and the system would not be able not stop such a behaviour. We could try to require a password to authenticate the skier. The password would limit the misuse by a random finder but would not stop passing the ski pass deliberately to a friend. Therefore multiple-day ski passes are typically bound to an identity of the skier containing for example a photograph, the name and the birthday of the skier. Then the identity of the skier can be (randomly) checked as an additional security measure.
By using biometric authentication we can omit the use of other personal data. If we add a biometric template (e.g. an IrisCode) to the credentials (in our case to the serial number of the ski pass and then we digitally sign this link) then the skier could be verified automatically by the biometric system. No misuse of the ski pass (either deliberate or unintentional) would be possible and still no other personal data is necessary. Moreover the biometric matching can be completely automated and there is no need of the staff to get into contact with the biometric template (or any other personal data).
This could be a privacy-enhancing scenario as no data other than biometric template is necessary. On the other side biometric data are important personal data (possibly even sensitive personal data) and can be used to uniquely identify a person. Therefore credentials containing biometric data can in no way be considered anonymous. Some sources claim [e.g. BioVision] that templates that cannot be used for reconstruction of the original data can be seen as pseudonymous data. This could be, however, problematic as the primary purpose of any biometric template is the unique identification of a person.
Whether to include biometric data in credentials to facilitate the access control or not is a question that depends on the application. There can be situation where this is desirable improvement and in many other cases this will not be a help.
| |
   |
|
| Denis Royer | 28 / 40 |
