Another day and another claim: next successful case of stealing biometric data. But question remain – how can be possible to steal data already exposed to public? Because everything disclosed every day to public can’t be secret. Your face, fingerprints, iris and even DNA is exposed to public and can be easily captured.
Such misunderstanding of biometrics and privacy is common and originate from very wrong assumption: person and his/her unique characteristics remain private in public place. Yes, wearing burqa, gloves and Ray-Ban together can minimize exposure but it will send very clear message to other persons about possible intentions.
Same way like national identity numbers, SSN’s, tax ID’s etc. All such data isn’t secret or public. And clear rules must exist to handle data.
All that information is unique for each person and can be used for identification if there are trustworthy way to verify connection between person and data. Only one major difference – when unique digital identificators are representing always one-to-one type relation, then biometric data is analogue and therefore unlimited quantity of datasets can be exist simultaneously as many-to-one relation.
Finally we will approach to the most important point of this article. Using biometric data for identity verification or authentication. Most important rule – there must be trustworthy way to verify relation between person and biometrical data. In biometrics frequently used term „liveness detection“. Good implementation of liveness detection reduces greatly risks of physical presentation attacks.
Apple engineers succeeded to realize 2 principles: confidentiality and integrity. But non-repudiation remains challenge because lack of good liveness detection in cheap mobile fingerprint sensors.
Another coffin nail – both sides of modern mobile phones are great fingerprint magnets. In many cases there are no need to try capture Ursula’s fingerprints, all required latents are already on top of her phone!
POST IS WRITTEN BY
Head of IT architecture with 12 years experience in banking and public sector.
Broad expertise in e-banking, biometrics, identity management, telecommunication, software development management, security architecture.
Learn more about electronic identity and document signing trends and how you can get the support for your business by contacting SignWise Services team now.