Template integrity and confidentiality are distinctly different

Template integrity and confidentiality are distinctly different issues related to template
data though similar solutions may be employed to deal with both problems. Template
integrity is concerned with threats to the authentication process caused by planted or
modified templates, whereas template confidentiality relates to the legal and privacy
issues around the template data and the way in which the data could be misused.
Integrity
The integrity of the authentication process depends, among other factors, on the
integrity of the template. If either the reference template or the “live” biometric sample
is untrustworthy, the resulting authentication will be untrustworthy. Untrustworthy
templates could occur for one or more of several different reasons:
· Accidental corruption due to a malfunction of the system hardware or software;
· Intentional modification of a bona-fide template by an attacker;
· The insertion of a biometric template corresponding to the attacker to substitute for
the reference template of an authorised enrolee.
· The addition of a biometric template corresponding to the attacker to create a bogus
“enrolment” on the system.
· The substitution of a biometric sample corresponding to that of an authorised
enrolee in place of the live sample of the attacker.
Confidentiality
Biometric templates contain data that can be used to identify living persons. This
means that their processing and storage on a biometric system are subject to legal
constraints imposed by the European Data Protection Directive and its enactment in
national legislation (the 1998 Data Protection Act in the UK). Other regulatory
Biometric Security Concerns produced for the UK Biometric Working Group. Last updated September
2003
10
mechanisms (e.g. Human Rights Act and Health and Safety legislation) may also be
relevant. The primary concern is the privacy and protection of personal data and
biometric applications will need to include adequate protection to comply with the legal
requirements.
[It should also be noted that other stored or processed biometric data is also subject to
legal constraint, e.g. biometric images]

Related posts

• Biometrics should only be stored on smart-cards (2)
• Will I know when and how my biometric has been used? (0)
• Valuable assets are traditionally protected by secrecy (0)
• The biometric system must be able to detect and reject the use of a copy of (0)
• Does using biometrics increase likelihood of capture, coercion or (0)