Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.10: Biometrics in identity management
 |
Title: INTEGRATING BIOMETRICS IN IDENTITY DOCUMENTS |
 |
Template-on-card
In order to increase the protection of the biometric reference template, it is possible to store it on a secure token like a smart card. This is called a template-on-card architecture, which avoids the use of databases containing large amounts of reference templates. These databases are considered to be worse than storage on a secure token because the latter rules out the possibility of using the biometric reference templates, which in fact should be regarded as unique identifiers, as keys in databases to increase linkability of personal data, from which different partial identities belonging to the same entity can be deduced (see also above, section ).
Irrespective to the discussion of linkability, implementing relations between personal data and biometric database keys should be avoided, because this would require extensive processing of biometric data. This is negatively assessed by Rodotà, who bases his argument on Directive 95/46/EC of the European Parliament, because “the data subjects will have no possibility to object to the processing of their biometric data”.
Database keys should be generated independently of biometric data so that it remains possible to use different keys for databases from distinct parts of a large organisation. For example, when government administrations store personal information electronically, it might be favoured not to use the same key for the linking of personal data stored by all authentic sources. This would allow the linking of pieces of information that is not justified by the presupposed purpose stated at the time of collection of the personal data. This purpose should be communicated clearly and not be violated afterwards.
In this architecture, the only thing the token provides for the biometric recognition process is the template. It is communicated through a secure channel to the reader’s side where collection, extraction and matching takes place. The storage of the reference template on a secure token depends on the application and the identity document being used. When a user looses a card, a tamperproof smart card provides better protection of the reference template than a simple memory card.
The biometric matching is performed off-card, by the card reader or by a software module or middleware, and therefore the reference template has to leave the card. To prevent identity fraud, the reference template should be digitally signed to ensure the integrity and authenticity of the template. At home, a user may trust her card reader or the system where the matching is performed, hence biometrics bring more convenience to the user (Convenience model - Type IV a). However this is not the case when the system is not under control of the user. This limits the use of biometrics to off-card recognition - in this system biometrics cannot be used to unlock the card’s functionality.
| |
   |
|
| 32 / 40 |
