Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.10: Biometrics in identity management
 |
Title: USER SIDE IDENTITY MANAGEMENT SYSTEM – ENCAPSULATED BIOMETRICS |
 |
The biometric comparison process is far more complex than a password or PIN code check. It always includes physical measurement processes. Biometric authentication systems therefore all need some locally installed infrastructure to perform at least the capture process to which the data subject has to have physical access. This fact constrains the possible architectures of biometric systems. It is not possible to concentrate all processes in a physical completely secured environment; there are always points with immediate interaction with the outside world.
Drawbacks of traditional centralised biometric system architecture
Today’s biometric systems often work within architectures with central controlled components (see figure 16 and discussion about control types in section ). The server or the server controlled peripherals collect biometric data from the individuals through the capture devices. The further processing is done under the sole control of a centralised biometric application infrastructure which keeps the biometric information of all enrolees in an central and operator controlled database (most of Type I,II and III systems). Even if the centralised equipment is well protected, at least the capture devices are weak points in the system. In addition, the specific biometric characteristic may be expressed in very different forms from human to human. General purpose measurement equipment may fail to make an optimal raw data recording over the full population. As a consequence the requested features may not be reconstructed by the feature extraction algorithm for a substantial fraction of the population or the resulting query templates may be to far away for a unique and reliable result in the comparison step.
In addition centralised control systems bear all the dangers to the security and the privacy of the enrolled individuals that have been discussed in the previous chapters.
Figure : Architecture of a traditional centralised system. The box illustrates the security and control range of the operator.
User-side biometric process for added robustness
The storage of a biometric reference template, the measurement and the comparison process should be under the sole control of the user and then be linked in a secure way to a digital credential that does not disclose any biometric information. There are two alternative architectures that provide such a more robust biometric model with no single point of attack to threat the biometric data. These are:
The concept of reference template on card.
Through the distribution of the reference templates to the enrolees with a smart card as carrier, the problem of large scale stolen biometric data can be solved. Still problematic is the fact that the processing system captures the biometric query samples without any possibility for the individual biometric data provider to control the further treatment of this data.
The concept of encapsulated biometrics.
This new system is a consequent continuation of the distributed control approach (Type II c) where the full processing and storage of the biometric data is distributed to the enrolled individuals in the form of a tamper resistant token (system architecture see figure 17). The token hardware and its integrated functions are produced by the system operator and no one can change these functions at reasonable costs. In this sense, the operation functionalities are controlled by the operator. On the other hand, the delivery, the storage and the use cases are controlled by the user who decides if he wants to use his token. The user especially also controls the physical device with the stored biometric data. Such a concept has been developed and will be described in D3.14. The key component of such a biometric authentication system is an autonomous personal token with sufficient computing, electrical power and hardware resources to perform the full biometric processing in the token. The token provides cryptographically secure communication channels with the central authentication system. Only digital identity credentials without any biometric information can leave the token to confirm a successful verification of the identity claim of the user. The whole implementation is protected in a tamper resistant processor on the token. Such an implementation reduces to a great extent the above discussed threats to a biometric system.
Figure : The encapsulated biometric system is a realisation of the previously defined multilateral control model (Type II c). The biometric system is defined and provided by the operator and enclosed in a highly secure and tamper resistant implementation (e.g. sealed token). The user as data subject has the full control over the use of the device.
| |
   |
|
| 35 / 40 |
