Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.10: Biometrics in identity management
Biometric characteristics are tightly bound to a physical person. In most cases, an individual is even unable to influence his biometric characteristics without harming himself. It is therefore difficult to deny or to hide biometric properties. For governments and identity management system operators, biometrics offer the unique possibility to authenticate individuals that are uncooperative and even to prove to an impostor his true identity (negative authentication). Biometrics is the only authentication concept with this quality. In a world where identity theft becomes a serious threat for whole populations, biometric properties become the crucial factor for secure authentication.
On the other hand, the use of biometrics inherently holds some risks for the privacy and the social life of a user. The lifetime of a typical identity credential should be shorter or at least not exceed the lifetime of a typical identity record in an IMS of a biometric system. For biometric templates used as identity credentials, this is clearly not the case. Most biometric characteristics remain identical for a long time and some of the characteristics even remain unchanged for a full lifetime of a person. In addition, individuals have to use the same biometric characteristic as a biometric credential in many different authentication situations.
Therefore, a corrupted biometric credential can severely harm a person. There is naturally no revocation list for corrupted or out of date biometric characteristic and properties. Therefore biometric data should never run the risk of corruption or disclosure to non-authorised entities. The usual concept of a central repository for the storage of identity credentials is not adapted to this request. States and large organisations collect and store huge amounts of biometric data from their citizens or members in large databases. Nobody can guarantee that such data will not be abused for privacy violating profiling or fall in the hands of an external attacker. A further drawback of centralised databases is the limitation on scalability (see section ). Depending on the technology, biometric template databases have collisions between individual templates already with a few hundred or thousands of Biometric Information Records (BIRs). This can lead to confusion of persons with potentially dramatic consequences for innocent people.
Especially face pictures can be used to identify data subjects outside the biometric system directly if analysed by people who know the person on the picture. This identity information then can be used to link additional information from publicly and not publicly available sources such as the internet or databases from the police or national security agencies. Based on these linked information items profiling can be done.
Civil liberty organisations warn with good arguments of such dangers and the population is still reluctant to accept biometric authentication within such boundary conditions. Neither the measurement of biometric data nor the comparison with a stored reference template should be done outside a highly protected and user-controlled infrastructure. There is no good reason to measure, store or compare biometric data in a centralised architecture. In most cases it is sufficient that the result of biometric identity verification is transmitted in a secure way to the IMS.
20 / 40 |