120 likes | 585 Views
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27. Myung Geun Chun Chungbuk National University Korea Dec. 7 2010 This work was supported by th e ICT Standardization program of MKE(The Ministry of Knowledge Economy) .
E N D
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 Myung Geun Chun Chungbuk National University Korea Dec. 7 2010 This work was supported by the ICT Standardization program of MKE(The Ministry of Knowledge Economy). Addressing security challenges on a global scale
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 • ISO/IEC JTC 1/SC 27 WGs Addressing security challenges on a global scale
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 • ISO/IEC JTC 1/SC 27/WG 5 Major Works Addressing security challenges on a global scale
Biometric Information Protection Standard in ISO/IEC JTC 1 SC 27 Data Storage Subsystem Individual Identity Reference Identity Claim DBIR Identity Registration IR Claim Identity Request IR & BR Association BRClaim Comparison Subsystem Comparison DBBR DecisionSubsystem Biometric Reference Comparison Score(s) Signal Processing Subsystem Data Capture Subsystem Biometric Features Match? Candidate? Biometric Reference Presentation Reference Creation Threshold Biometric Characteristics Biometric Features Match/ Non-match (Candidate List) Sensor Quality Control Feature Extraction Segmentation Verified? Identified? Decision Policy Verification Outcome Identification Outcome Captured Biometric Sample Enrollment Verification Identification • ISO/IEC 24745 “Biometric Information Protection” Addressing security challenges on a global scale
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 • ISO/IEC 24745 “Biometric Information Protection” • analysis of the threats to and countermeasures inherent in biometric system application models; • security requirements for securely binding a biometric reference with an identity reference • biometric system application models with different scenarios for the storage of biometric references and comparison; and • guidance on the protection of an individual’s privacy Addressing security challenges on a global scale
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 . Name . Social security number . Driver license’s number . etc Identity reference . Fingerprint image . Face image . Ordered set of fingerprint minutiae . etc Biometric reference • Biometric reference: one or more stored biometric samples, biometric templates or biometric models attributed to a biometric data subject and used for comparison • Identity reference: an identifier with a value that remains the same for the duration of the existence of the entity in a domain Addressing security challenges on a global scale
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 • Security Requirements for biometric systems • Confidentiality: protect biometric information against unauthorized access or disclosure • Integrity: safeguardthe accuracy and completeness of biometric information • Renewability and revocability: provide the means to resolve compromised biometric references, and not for compromised biometric characteristics. A major security and privacy concern for biometric systems relates to the compromise of biometric references Addressing security challenges on a global scale
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 • Architecture for renewable biometric Addressing security challenges on a global scale
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 • Biometric information privacy requirements and guidelines • Irreversibility: biometric data shall be processed by irreversible transforms before storage -> Encryption/psedonymous identifier • Unlinkability:Stored biometric references should not be linkable across applications or databases. ->Encryption with different keys/diversification process • Confidentiality: To protect biometric references against access by an unauthorized outsider resulting in a privacy risk, biometric references shall be kept confidential. -> Data separation/encryption of biometric references Addressing security challenges on a global scale
Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 Subject Decision Subsystem Data Capture Subsystem Signal Processing Subsystem IR Verification BR Identity Claim Token Comparison Subsystem BR Client Verification Outcome Server • Application Models: Security and privacy issues Addressing security challenges on a global scale