Signed Biometric Storage + Transport Specification

From IIW
Jump to: navigation, search
Signed and Revocable Biometrics
Tuesday 4I

Convener: Jonathan McHugh

Notes-taker(s): Jonathan McHugh


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Problem

  • Easily pirated and/or stolen raw biometric data
  • Inability to revoke data if breached

Definitions

  • Template versus raw biometric data
    • Template - representation of biometric data
    •  ??Raw - actual biometric data
  • Identification versus authentication
    • Identification- confirming the person in front of you is that person
    • Authentication - confirming the entity attempting access is that entity

Discussion

  • Defining whether we are talking about biometrics for identification versus authentication
  • Whether biometrics are too easily breached or mimicked to be useful
  • Methods for revoking biometric data
  • uPort on Ethereum using smart contracts for revocation versus traditional methods mentioned as an alternative
  • The mass breach at OPM was mentioned as an example of why this can be an issue
    • Those biometrics as well as a good deal of other PII is now in the wild without a means of revoking it

Conclusions

  • Need for multiple factors for authentication
  • Signed revocable biometrics are still untested and new
  • In order to get highly reliable biometrics, use of retinal scans mentioned
    • Very expensive
    • Somewhat invasive
    • Technology not there yet