Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27 - PowerPoint PPT Presentation

Slide1 l.jpg
Download
1 / 11

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27. Myung Geun Chun Chungbuk National University Korea Dec. 7 2010 This work was supported by th e  ICT  Standardization program of MKE(The Ministry of Knowledge Economy) .

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Biometric information protection standard in iso iec jtc 1 sc 27 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

Myung Geun Chun

Chungbuk National University

Korea

Dec. 7 2010

This work was supported by the  ICT 

Standardization program of MKE(The Ministry of Knowledge Economy).

Addressing security challenges on a global scale


Biometric information protection standard in iso iec jtc 1 sc 273 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

  • ISO/IEC JTC 1/SC 27 WGs

Addressing security challenges on a global scale


Biometric information protection standard in iso iec jtc 1 sc 274 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

  • ISO/IEC JTC 1/SC 27/WG 5 Major Works

Addressing security challenges on a global scale


Biometric information protection standard in iso iec jtc 1 sc 275 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1 SC 27

Data Storage Subsystem

Individual

Identity Reference

Identity Claim

DBIR

Identity Registration

IR Claim

Identity Request

IR & BR

Association

BRClaim

Comparison Subsystem

Comparison

DBBR

DecisionSubsystem

Biometric Reference

Comparison Score(s)

Signal Processing Subsystem

Data Capture Subsystem

Biometric Features

Match?

Candidate?

Biometric Reference

Presentation

Reference

Creation

Threshold

Biometric Characteristics

Biometric Features

Match/ Non-match

(Candidate List)

Sensor

Quality Control

Feature Extraction

Segmentation

Verified?

Identified?

Decision Policy

Verification Outcome

Identification Outcome

Captured

Biometric

Sample

Enrollment

Verification

Identification

  • ISO/IEC 24745 “Biometric Information Protection”

Addressing security challenges on a global scale


Biometric information protection standard in iso iec jtc 1 sc 276 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

  • ISO/IEC 24745 “Biometric Information Protection”

    • analysis of the threats to and countermeasures inherent in biometric system application models;

    • security requirements for securely binding a biometric reference with an identity reference

    • biometric system application models with different scenarios for the storage of biometric references and comparison; and

    • guidance on the protection of an individual’s privacy

Addressing security challenges on a global scale


Biometric information protection standard in iso iec jtc 1 sc 277 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

. Name

. Social security number

. Driver license’s number

. etc

Identity reference

. Fingerprint image

. Face image

. Ordered set of fingerprint minutiae

. etc

Biometric reference

  • Biometric reference: one or more stored biometric samples, biometric templates or biometric models attributed to a biometric data subject and used for comparison

  • Identity reference: an identifier with a value that remains the same for the duration of the existence of the entity in a domain

Addressing security challenges on a global scale


Biometric information protection standard in iso iec jtc 1 sc 278 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

  • Security Requirements for biometric systems

    • Confidentiality: protect biometric information against unauthorized access or disclosure

    • Integrity: safeguardthe accuracy and completeness of biometric information

    • Renewability and revocability: provide the means to resolve compromised biometric references, and not for compromised biometric characteristics. A major security and privacy concern for biometric systems relates to the compromise of biometric references

Addressing security challenges on a global scale


Biometric information protection standard in iso iec jtc 1 sc 279 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

  • Architecture for renewable biometric

Addressing security challenges on a global scale


Biometric information protection standard in iso iec jtc 1 sc 2710 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

  • Biometric information privacy requirements and guidelines

    • Irreversibility: biometric data shall be processed by irreversible transforms before storage

      -> Encryption/psedonymous identifier

    • Unlinkability:Stored biometric references should not be linkable across applications or databases.

      ->Encryption with different keys/diversification process

    • Confidentiality: To protect biometric references against access by an unauthorized outsider resulting in a privacy risk, biometric references shall be kept confidential.

      -> Data separation/encryption of biometric references

Addressing security challenges on a global scale


Biometric information protection standard in iso iec jtc 1 sc 2711 l.jpg

Biometric Information Protection Standard in ISO/IEC JTC 1/SC 27

Subject

Decision

Subsystem

Data

Capture

Subsystem

Signal

Processing

Subsystem

IR

Verification

BR

Identity Claim

Token

Comparison

Subsystem

BR

Client

Verification Outcome

Server

  • Application Models: Security and privacy issues

Addressing security challenges on a global scale


  • Login