Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.10: Biometrics in identity management
Although template-on-card already diminishes privacy concerns reasonably, these concerns can be further diminished with the matching on card of the freshly collected biometric template and the reference template. Although it is not required to combine match-on-card with storage-on-card, both implementations re-enforce each other’s security and usually go together.
Most often in literature when the term match-on-card is used, also storage-on-card is implied and we adopt the same terminology. Collection and feature extraction is still performed on the reader’s side, external to the card, but matching as well as storage of the reference template is now performed on the card. In this way, in the biometric recognition process, only the freshly collected template is being communicated outside the card and the reference template as well as the matching process stays in the secure environment of the card.
A match-on-card architecture is a more secure solution for biometric verification then just a storage-on-card architecture, but the freshly collected template still needs to be communicated. Obtaining this freshly collected template might be just as useful for an attack as obtaining the reference template. The user still has to trust that the reader and the system not to store any templates.
A drawback of this architecture is the lack of computational power in current smart cards to perform the matching on the card, although this will not be a hindrance in the near future.
An advantage of this system is that it can be used to unlock the card’s functionality. However a general note on the security of biometrics is in place here. As mentioned earlier on, people leave their biometrics wherever they go and it is often possible to reconstruct fake samples, e.g., from latent fingerprints. eID card issuers should keep this in mind when deciding for what applications biometrics will be used. Most eID cards are capable of creating two types of electronic signatures; for authentication of the user and for creation of legally binding signatures. It is generally not a good idea to use biometrics for the latter. Nonetheless, with the match-on-card architecture it is possible to have a secure solution with increased convenience for its holder and since the card is issued by the government, the application is implicitly controlled by the government (Type IVb).
33 / 40 |