BS ISO IEC 24745:2011 pdf – lnformation technology-Security techniques-Biometric information protection.
diversification process in a technology-neutral manner, the concept of pseudonymous identifiers is used in this International Standard. In the approach descnbed in this International Standard. renewable biometric references consIst 01 two data elements: a pseudonymous Identifier (P1) and corresponding auxiliary data (AD). Both data elements are generated dudng enrolment and must both be stored because both elements are required during a verification or Identificahon process.
An overview of the architectural aspects of renewable biometric references is provided in Figure 5. An arrow ii the figure represents a flow of information. During enrolment, a feature extraction stage generates biometric feature data from the captured biometric sample. Subsequently, a pseudonymous identifier encoder (PIE) generates a renewable biometric reference consisting of a pseudonymous identifier (P1) and auxiliary data (AD). When the RBR is generated, the captured biometric sample and the extracted features can be securely disposed of. The RBR is stored on a suitable storage medium (e.g.. a (smart)card or electronic database), P1 and AD may be separated physically or logically from each other.
During verification, a feature extraction stage processes the probe biometric sample. Subsequently, a pseudonymous identifier recoder (PIR) constructs a pseudonymous identifier (Pl) based on the provided auxiliary data and the extracted features. Subsequently, the comparison subsystem compares the P1 generated during enrolment and PI and returns a similarity score representing the similarity between P1 and P. A more extensive overview of the pseudonymous identifier creation arid verification process, as well as Its lifecycle. is provided In Annex C.
— Scenario 3 Raw IR and authenticated BR are stored. Only integnty of BR is provided.
Scenario 4: Raw lR and authenticated-encrypted form of BR are stored. Both confldentlabty and integrity are provided on BR.
— Scenario 5: Encrypted IR and raw BR are stored. Confidentiality on IR is provided. A weak form of integrity may be provided on lR depending on the mode of operation of encryption.
Scenario 6: Authenticated IR and raw BR are stored. Only integrity of IR is provided.
Scenario 7: Authenticated-encrypted form of lR and raw BR are stored. Confldentiahty and integrity are provided only on lR
— Scenario 8 Raw IR and raw BR are encrypted and then stored. Confidentiality on both IR and BR is provided. A weak form of Integrity may be provided on both IR and BR depending on the mode of operation of encryption.
— Scenario 9: Raw IR and raw BR are authenticated and then stored. Integrity on both IR and BR is provided
Scenario 10: Authenticated-encrypted forms of IR and BR are stored. Confidentiality and integrity are provided on both IR and BR.
Scenario 11: Raw IR and authenticated BR are encrypted and then stored. Confidentiality is provided on both IR and BR. Integrity is provided on BR A weak form of integrity may be provided on lR depending on the mode 01 operatIon of encryption.
— Scenario 12. Raw IR and encrypted BR are authenticated and then stored. Integrity is provided on both IR and BR. Confidentiality Is provided on BR only.
Scenario 13: Authenticated IR and raw BR are encrypted and then stored. Confidentiality is provided on both IR and BR. Integrity is provided on 1R A weak form of integrity may be provided on BR depending on mode of operation of the undertying cryptographic algorithm.
ScenarIo 14: Encrypted IR and raw BR are authenticated arid then stored. Integrity is provided on both IR and BR. Confidentiality is provided on IR only.
ScenarIo 15: Raw IR and diversified BR are stored. Renewability and revocability are provided on BR. as well as limited confidentiality and Integrity on BR.
Scenario 16: Raw IR and diversified BR are authenticated and then stored. Integrity on both IR and BR is provided. Renewability and revocability on BR are also provided.
Scenario 17 Authenticated-encrypted forms of IR and diversified BR are stored, Integrity and confidentiality are provided on both IR and BR Renewability and revocability are provided on BR.
Scenario 18: Raw lR and diversified BR are encrypted and then stored, Confidentiality on both IR and BR is provided. A weak form of integrity may be provided on both IR and BR depending on the mode of operation. Renewability and revocability are provided on BR
Scenario 19: Raw IR and encrypted, diversified BR are authenticated and then stored. Integrity is provided on both IR and BR. Confidentiality, renewability and revocability are provided on BR only.
The described scenarios and related security considerations are summarized in Table 3.