You are here: Resources > FIDIS Deliverables > HighTechID > D3.2: A study on PKI and biometrics > 

D3.2: A study on PKI and biometrics

Broader Social, Political and Economic Implications  Title:
 Enhancing PKIs using Biometrics


Summary and Conclusions

From the technological perspective biometrics is a promising enrichment for the factors or channels of authentication. In chapter basic terms and established categories of biometric methods were introduced. Five passive (physiological) and two active (behavioural) methods which demonstrate current state-of-the-art techniques were described and investigated with respect to technical strengths and weaknesses as well as privacy aspects. In contrast to the situation two years ago, biometrics are now tested with higher enrolment numbers under operative conditions. Notably there is a gap between high quality of biometrics under laboratory conditions and the limitations observed under practical implementation.

In addition to active and passive biometrics, soft biometrics have been discussed with respect to their current area of application. Currently they are not used for authentication and verification, but have found applications for statistical purposes e.g., the assignment of an individual to a specific group such as an ethnic group (see FIDIS Deliverable 7.2 for further information on group profiling).  

From a technological and economic perspective all biometric methods used today for authentication and verification depend on the following factors: 

  • Quality (low False Acceptance Rates, secure systems with e.g. high tamper resistance and compliance to the privacy criteria of the European Art. 29 Data Protection Working Party (WP 29)) 

  • Convenience (easy and quick enrolment, use and maintenance, low False Rejection Rate) 

  • Costs of the infrastructure 

In this study technological weaknesses with respect to quality and convenience of the methods were analysed. Many of these methods cannot be used by all people, for example iris recognition (e.g. people with aniridia) or genetic fingerprinting (e.g. monozygotic twins). In addition some methods cannot be used in certain environments. This applies to for example fingerprinting (people doing hard labour may have severely worn papillary structures) or face recognition (light conditions are vital for the quality of this method). For these cases alternative methods are needed when used for authentication or verification. Active biometrics is currently not as reliable as passive biometrics. Perhaps the most notable aspect of biometrics is the connection between quality (in this case FAR) and convenience (in this case FRR) – it is not possible to optimise both factors at the same time due to the inherent connection between them. 

Based on an international discussion on biometrics raised in the late 1990s and the work of the European WP 29, privacy criteria for the use of biometrics have been developed and, at least on the European level, well agreed. Implementation of these criteria seems to be possible, in principle, with all of the investigated methods though in some cases it may significantly raise the costs and complexity of the method. Chapter describes a number of current initiatives, projects and available systems regarding the actual implementation of these criteria.

Many questions with respect to implementation of privacy criteria are still open from the perspective of currently available solutions. In some cases it is not known if privacy-critical information e.g., concerning health, can be extracted from templates. This is notably not thoroughly investigated in areas where numerous different algorithms are used to generate templates, e.g. for face recognition. Further research is necessary in this area, however it is expected that this will not be driven by the economic sector due to the lack of economic interest. Most data available today is published by researchers in the public sector (universities and public institutes). But trade secrets and restricted support applied to some of these systems and the underlying algorithms, e.g. face recognition, seem to be an obstacle for efficient research in the public sector [BSI03]. 

Summing up those factors we can characterise biometrics by a “magic triangle” () deriving from a model originally established for project management. This magic triangle is defined through (1) quality, (2) convenience and (3) costs. At least currently it is impossible to optimise all of these factors at the same time – implementations of biometrics seems to be always a compromise with focus on one, at best two of these factors while the remaining factor or factors show significant weaknesses. Most notably, even when optimised with respect to quality, today’s available biometric systems are simply unsuitable for access control solutions with high security requirements.


Figure 4‑: Magic triangle of biometrics


In general we observe a far reaching international standardisation of methods and data formats for biometrics which are used for forensic purposes. This applies especially to fingerprinting and genetic fingerprinting. Other biometric methods suffer from the lack of standardisation; e.g., face recognition and hand geometry. In accordance to the privacy criteria described by the European WP 29, biometrics which offer no common templates for the area of application e.g., international authentication of persons, should not be used. In addition some algorithms and resulting template formats are subject to patents or copyright which will have an influence on the standardisation process. The case study on secure storage of biometric data on smart cards in chapter shows some of the current research and development with respect to standardisation in the area of authentication technologies using biometrics.

Chapter continues with a broader view on social, economic and political implications of the planned introduction of biometrics, e.g. in ID documents such as passports (chapter ). The complexity, the total costs of the introduction of biometrics in large scale projects and the implications on society seem to be underestimated today. More research is therefore required to establish the interaction of such systems pertaining to the implementation of biometric technologies and to consider the potential implications of their deployment to other fabrics of the socio-political sphere which in their own turn will affect the economy. Especially in countries where the implementation of biometrics in ID documents is an opportunity for e-government services or for cooperation between public and private sector, there needs to be more research on how such an implementation will reframe the economic and commercial national and international relations. These aspects will be part of FIDIS Deliverable 3.7 “Study on ID documents”.

Examining current development of biometric techniques themselves, further improvements in the near future are expected. Technological trends will include: 


  • Improvement of sensors e.g. for taking images or aliveness detection 

  • Improvements in algorithms to generate templates 

  • Developments in methods used to discriminate acceptance from rejection 


This will result in improved quality, especially in the accuracy, and hence security of biometric solutions. In addition, further integration of systems e.g., bio-chips for genetic fingerprinting, will lead to improvements of functionality and further areas of application of biometrics. However, it seems likely that implementations of biometric systems will remain a compromise between several factors, and limitations of enrolment and application of certain biometrics to specific groups will remain. 


Broader Social, Political and Economic Implications  fidis-wp3-del3.2.study_on_PKI_and_biometrics_03.sxw  Enhancing PKIs using Biometrics
Denis Royer 31 / 40