Difference between revisions of "Biometric Factor"

From MgmtWiki
Jump to: navigation, search
(Context)
(Context)
Line 8: Line 8:
 
*So the human characteristics can be considered to be a [[Credential]].
 
*So the human characteristics can be considered to be a [[Credential]].
 
*The measurements of the characteristic are compared against a template of the characteristics using some [[Assurance]] level to produce a [[Validated]] claim.
 
*The measurements of the characteristic are compared against a template of the characteristics using some [[Assurance]] level to produce a [[Validated]] claim.
* There are two major use cases for [[Biometric Factor]]s during [[Authentication]]:
+
* There are two major use cases for [[Biometric Factor]]s during [[Authentication]] (including step-up authentication that starts after the session is already in progress):
 
# Is the person on the device the one that owns the credentials presented
 
# Is the person on the device the one that owns the credentials presented
 
# Is the person that started the connection still at the device (aka liveness).
 
# Is the person that started the connection still at the device (aka liveness).

Revision as of 11:16, 19 July 2023

Full Title or Meme

Biometric Attributes of the biologic phenotype of a User may be used as an authentication factor to Identify that user.

Context

  • Biometric Attributes are taken to be exclusively the measure of human characteristics like fingerprint, facial and behavior patterns.
    • Some authentication processes may allow the holder to enter some sort of code if the biometric device (e.g. the camera) is not currently available.
  • The human characteristics are another factor that can be a part of Multi-factor Authentication (aka Something you are).
  • So the human characteristics can be considered to be a Credential.
  • The measurements of the characteristic are compared against a template of the characteristics using some Assurance level to produce a Validated claim.
  • There are two major use cases for Biometric Factors during Authentication (including step-up authentication that starts after the session is already in progress):
  1. Is the person on the device the one that owns the credentials presented
  2. Is the person that started the connection still at the device (aka liveness).

Problems

  • Biometric Attributes attached to official documents may inadvertently become Biometric Identifiers which invade the user's privacy. This wiki page Biometric Identifier has user cases where that has damaged a user's life.
  • In 2022 Europe Is Building a Huge International Facial Recognition System which sounds like huge over kill, but typical of all European governments.[1] Lawmakers are advancing proposals to let police forces across the EU link their photo databases—which include millions of pictures of people’s faces. Pictures of people’s faces shouldn’t be combined in one giant central database, the official proposal says, but police forces will be linked together through a “central router.”
  • In a case described in the New York Times Magazine[2] an emigrant from Haiti had her fingerprints taken on several occasion while applying for citizenship. One of those forms was used to apply for citizenship for a differently named person. When that case was abandoned, a judge issues a deportation order. The emigrant was later granted citizenship. Many years later the government digitalized all the fingerprint records, found the fraudulent earlier application and used the fingerprints on the fraudulent form to charge with new citizen with a felony in spite of no evidence that she had filed the fraudulent form.

Categories

Solutions

  • Use of Biometric Identifiers can be crucial in cases where no other identity documents are available, such as refugees or homeless people, but their use without evidence of intent, or contemporaneous binding to a document, is fraught with the potential for severe privacy violations.
  • Biometric Factors can be of great help when used with other factors. As an example Windows Hello and most Smartphones us them to unlock access and provide liveness section.
  • See Vittorio's paper[3] for examples

References

  1. Matt Burgess, Europe Is Building a Huge International Facial Recognition System Wired 2022-04) https://www.wired.com/story/europe-police-facial-recognition-prum/?esrc=AUTO_PRINT&source=EDT_WIR_NEWSLETTER_0_DAILY_ZZ&utm_brand=wired
  2. Seth Freed Wessler, Denaturalized. (2018-12-30) New York Times Magazine p. 36ff
  3. Vittorio Bertocci, A Tale of Two Biometrics Styles Auth0 (2023-03-10) https://auth0.com/blog/a-tale-of-two-biometrics-styles/

Other Material

  • Also see wiki page ISO/IEC 27533 for standardization of Biometric Factors.