Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.6: Study on ID Documents
 |
Title: BIOMETRICS |
 |
Biometrics
This chapter mainly describes biometrics relevant for ID documents, their planned use and technical limitations that will have influence on authentication procedures when using ID documents with biometric data and biometric authentication procedures.
Biometrics as an additional security element for international MRTDs such as passports have been discussed in the ICAO. This resulted in two resolutions that biometric face data on passports are necessary for new passports issued and fingerprint and/or iris recognition may be used as additional biometric data. In addition the ICAO issued a technical report how biometrics in machine readable documents should be deployed (ICAO 2004). The EC Regulation 2252/2004 “on standards for security features and biometrics in passports and travel documents issued by the Member States” states, that biometric face data has to be implemented for new passports issued after mid of 2006. As additional biometric data fingerprints in interoperable formats are recommended for European countries. As a result most European countries currently prefer fingerprints as additional biometrics for the use in passports.
A basic introduction on biometrics including face geometry, fingerprinting and iris scan can be found in the FIDIS Deliverable 3.2 “Study on PKI and Biometrics” (Gasson, Meints, Warwick 2005) in chapter 4.
The ICAO issued standards on how biometric data is to be stored on passports (ICAO 2004, p. 59). These standards foresee biometric raw data using digital photos of the face, the fingertips and the iris. To store those photos the JPEG or JPEG-2000 format are to be used. Resolution and colour schemes are standardised in the following ISO norms:
Face: ISO/EIC CD 19794-5
Fingerprints: ISO/EIC CD 19794-4
Iris: ISO/EIC CD 19794-6
For example the resolution for a face image is according to ISO/EIC CD 19794-5 defined as 413x531 pixels (corresponding to 35x45 mm at 300 dpi) with an inner region of at least 240x320 pixels where compression should be lower than in the outer region. As colour schemes 24-bit RGB, 8 bit monochrome and YUV422 colour spaces are defined. This standard includes a number of rules and examples how pictures should be taken and prepared. The resulting image size should be 8 to 15 Kbyte. The complete CBEFF file includes additional data in the facial record header such as the gender, eye and hair colour, a CBEFF header and a CBEFF signature.
The privacy implications of these standards will be discussed in chapter .
For fingerprints additional ICAO-standards can be used:
Fingerprint minutiae format: EIC/ISO CD 19794-2
Fingerprint pattern format: EIC/ISO CD 19794-3
Most biometric systems are optimised to be used with biometric templates. The German Federal Office for Information Security tested in 2003 to 2004 four pre-selected biometric systems (one for face geometry, two for fingerprinting, one for iris scan) with 2000 participants at Frankfurt airport. There is an ongoing discussion in Germany whether the conditions of these tests were optimistic compared to realistic conditions of future boarder controls ( and Krissler, Kurz 2005). But even if we do not take this into account this study shows a number of problems the planned use of biometrics in passports might encounter.
The quality of the authentication using templates and ICAO-compatible digital photos (BSI 2005) was compared. In general false rejection rates (FRR) were higher when ICAO-compatible digital photos were used as reference data.
An additional result of the BSI-study (BSI 2005) was that fingerprinting systems had the best recognition rates followed by face recognition and iris scan. Configuring the systems towards a False Acceptance Rate (FAR) of 0.1 % resulted in average FRR between 1.8% and 5 % (ibid, p.14). All investigated systems showed differences in the FRR between experienced users using the biometric systems every two weeks and a user using the system rarely (less than ten times within the testing period). Especially for iris scan FRR for users using the system rarely went up to 22%, for face recognition the FRR went up to 5.5% (ibid, p. 13).
Another study concerning the implementation of biometrics in MRTDs was published in 2005 by the Ministry of Interior of The Netherlands (BZK 2005). For this study 14504 test documents were issued and tested at Schiphol airport in Amsterdam. In general the test documents contained digital face data generated from a photo in accordance to the ICAO and ISO standards and digital data of two fingers according to the classes 1, 2 and 3 defined by the (U.S.) National Standards Institute and Technology (NIST) in 2004. Observed FRR for face recognition were ca. 4% (ibid p. 19). For fingerprinting in 7.8% of the initial tests after issuing of the test documents the verification of one or both fingers failed (ibid. p. 21).
In addition the enrolment of biometrics to children was investigated. The study concludes that enrolment for fingerprinting up to the age of 6 is nearly impossible. Up to an age of 6 face recognition shows partially significant error to enrol rates (EER) in the range between 8% and 25% (ibid p. 27).
Another result of the tests in this study is that fingerprinting can not be enrolled to all people. The study concludes that rule on a European level are needed how to proceed in these cases (ibid. p. 29).
Two procedural conclusions can be drawn from these results:
It can be expected, that these FRR will in addition to the time needed to read out RFID and to perform biometric authentication increase the time needed for authentication when using biometric authentication.
To deal with citizen not successfully authenticated when using biometrics (due to the ERR and FRR) internationally standardised and accepted back-up procedures are needed. This will especially be an issue at airports where most of the passengers are tourists that do not authenticate very often using biometrics.
The storage of biometric reference data in databases will be discussed in chapter .
| |
   |
|
| Denis Royer | 10 / 56 |
