Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.10: Biometrics in identity management
 |
Title: OVERVIEW |
 |
Biometric applications can be grouped into five categories or types:
Type I: Government controlled ID model
In this group, a public authority will take the initiative to collect the biometric data because of the identity verification or identification ability of the data, and include the data in an ID application, such as in ID cards, social security cards or passports. Control over the data could be central (Type Ia), divided over more than one organisation but with appropriate agreements in place (Type Ib) or multilateral (without appropriate agreements for the disclosure or transfer of biometric data) (Type Ic).
Type II: Access control model
In this group, a public or private authority takes the initiative to collect the biometric data to secure the access to a physical place or an online application. Control over the data could be central or divided over more than one organisation but with appropriate agreements in place (Type IIa and Type IIb) or divided such that the data subject shares the control (Type IIc).
Type III: Mixed model
In this group, the biometric data collected will be shared / exchanged amongst public and private authorities.
Type IV: Convenience model
In this group, either the data subject solely takes the decision to use biometrics for exclusive private convenience purposes (secure access to his / her house for authorised members) (Type IVa) or an organisation uses biometrics for simplification of an administrative process with central or divided control (Type IVb and IVc).
Type V: Surveillance model
In this group, a public or private authority takes the initiative to collect and process the biometric data for surveillance purposes.
Although most biometric applications will belong to one specific group, it may be that an application falls in two groups, e.g., a biometric system for a school may fall in both Type II and Type IV b or c.
Controlling entity |
Purpose/functional Requirements | Biometric functionality and place of storage |
Examples |
Type of control of biometric system |
Control by Whom? |
Data protection Directive |
Information security | EDPS/WP 29/DPA Opinions /decisions | |||||||
Type I : government controlled ID model Public authority
|
Combating Identity fraud/Theft;
| Identification (1:n) and verification Central and local storage | National eId cards, national social security allowances | Type I a Central Control
Control of biometrics is central and direct | By one organisation | Is applicable | Information security management standards such as ISO 27001 can be applied | Yes | |||||||
(national or local government) | Avoidance of double dipping | Identification (1:n)
Central storage | Eurodac, VIS, SIS II
| Type I b Divided Control with trust
Control is partially indirect via contracts | By one or several organisations jointly | Is applicable | Information security management standards such as ISO 27001 can be applied – recommendations for “outsourcing” can be used | Yes | |||||||
| Combating Identity fraud / Document fraud
Other | Identification (1:n) or Verification
Central or local storage | EU ePassports
| Type I c Multilateral Control
Control is divided amongst multiple Parties (operators and/or data subjects | By several organisations, in some cases with concurring security targets | Is applicable | Information security management standards such as ISO 27001 do not adequately cover this situation (see also Annex 2) | Yes | |||||||
Controlling entity |
Purpose/functional requirements | Biometric functionality and place of storage |
Examples | Type of control of biometric system |
Control By Whom ? |
Data protection Directive |
Information security | EDPS/WP 29/DPA Opinions /decisions /decisions | |||||||
Public authority
government) | Securing online access / Identity management for internal or external online network (intranet ; e-government or commercial web service) | Identification (1:n) or Verification
Central or local storage (e.g., on card, token) | E-government applications such as Tax-on-Web in future? (Belgium) Pay per Touch | IIa Central Control or II.b Divided with trust
| By one or several organisations | Is applicable | Information security management standards such as ISO 27001 can be applied | ? Yes | |||||||
| Securing physical access to government or corporate buildings (identity control or use of card control) | Identification (1:n) or Verification) (1:1) Central or local storage | Time and Attendance) US Department of Defence Common Access Card |
| By one or several organisations | Is applicable | Information security management standards such as ISO 27001 can be applied | Yes | |||||||
| Securing online access / Identity management for internal or external online network | Identification (1:n) or Verification Locale storage on token | Encapsulated biometrics (Swiss banks)
| IIc Divided control with data subject | By one or several organisations ànd the data subjects | Is applicable | Information security management standards such as ISO 27001 can be applied | ?
| |||||||
Type II :Access control model (physical or online) for employees, customers or citisens by government or private organisation)
.2: Type II : Access control model
Controlling entity |
Purpose/functional requirements | Biometric functionality and place of storage |
Examples | Type of control of biometric system |
Control By Whom ? |
Data protection Directive |
Information security | EDPS/WP29 /DPA opinions/ decisions |
Type III : Mixed model Public/privatePartnership | Security, border control
| Identification or Verification | Privium |
| By several organisations from public/private sector | Same as above | ? |
Sub-table5.3: Type III : Mixed model
Controlling entity |
Purpose/functional requirements | Biometric functionality and place of storage |
Examples | Type of control of biometric system |
Control By Whom ? |
Data protection Directive |
Information security | EDPS/WP29 /DPA opinions/ decisions |
Type IV : Convenience model Data
| Private purposes: security / access control / convenience | Identification or Verification Central or local Storage | Home PC, home access, personalised car use, | Type IV a Control Purely private purposes Private system used and controlled by natural person for purely personal or household activities
| Full control by data subject | Is NOT applicable | Information security standards, especially ISO 15408 (Common Criteria) and partly ISO 27001 can be applied | ? |
Public authority or Private organisation
| Convenience Administration | Identification or Verification Central or local storage | Home protection Administration of school meals | Type IV b Central or IV c Divided Control with trust | By one organisation | Is applicable | Information security management standards such as ISO 27001 can be applied | Yes |
Sub-table 5.4: Type IV : Convenience model
Controlling entity |
Purpose/functional requirements | Biometric functionality and place of storage |
Examples | Type of control of biometric system |
Control By Whom ? |
Data protection Directive |
Information security | EDPS/WP29 /DPA opinions/ decisions |
Public authority (civil or criminal) Type V Surveillance model model or Private organisations
| Surveillance Tracking & Tracing | Identification | Central or Divided ontrol with trust Superbowl Florida | Type Va Central or V b Divided Control with trust Central or Divided Control with trust |
| Is applicable unless Art. 3.2 Directive applies (public security, State security,..)
| Information security management standards such as ISO 27001 can be applied | Yes |
Sub-table 5.5: Type V : Surveillance model
Table 5: Different control models and types of biometric systems
From the perspective of the European data protection framework, private ICT and biometric systems which are only used for purely personal or household activities by a natural person without any other (central) controller are out of scope as data protection legislation does not apply (Article 3, al. 2, §2 of the Privacy Directive). An example is the use of biometrics for access control to a home PC purchased and used for purely private reasons by an individual. Another example is the purchase and use of a biometric home access control system. For this reason they are not discussed further.
Concluding remarks on Chapter 3
Chapter 3 described various features and technical characteristics of biometric systems. For this purpose, the general reference model was used as a starting point and it was completed with a detailed explanation on the biometric evaluation process, including several definitions of quality parameters derived from the measurement statistics in biometric systems. This description should allow the understanding of quality factors which are often stressed in the evaluation of biometrics systems, such as the statistical error factors. It has to be clear that all purely statistic quality factors do not give any clue on the security against dedicated impostor attacks with forged biometric characteristics.
The technical characteristics and limitations of biometric systems are rarely taken into account in the legislation and regulation of biometrics. They are relevant because there seems to be a tendency that biometrics become an important key in the various information systems, starting with VIS and SIS II. Furthermore, biometric technologies should be put in the right context of security and data protection schemes. Chapter 3 proposes finally to use five categories to classify biometric systems, which should facilitate further discussions about risks and advantages of biometrics in real world applications. In such debate, it is equally important to use an accurate and appropriate vocabulary on biometrics, as argued in Chapter 3 as well.
| |
   |
|
| 14 / 40 |
