Difference between revisions of "Biometric Attribute"

From MgmtWiki
Jump to: navigation, search
(Solutions)
(References)
 
Line 25: Line 25:
  
 
==References==
 
==References==
 +
<references />
 +
===Other Material===
 +
* See the [https://kantarainitiative.org/confluence/display/PEMCP/Biometric+Pre+Check Biometric Pre-Check use case] on the Kantara Privacy Enhanced Mobile Credential Work Group wiki (2202-02)
  
 
[[Category: Glossary]]
 
[[Category: Glossary]]

Latest revision as of 11:52, 22 February 2022

Full Title or Meme

Biometrics are literally the measures of the biologic phenotype of a User.

Context

  • Biometric Attributes are taken to be exclusively the measure of human characteristics like fingerprint, facial and behavior patterns.
  • The human characteristics are another factor that can be a part of Multi-factor Authentication.
  • So the human characteristics can be considered to be a Credential.
  • The measurements of the characteristic are compared against a template of the characteristics using some Assurance level to produce a Validated claim.

Problems

  • False positives typically come from either relaxed testing, environmental noise or obsolete technology.
  • False negatives infuriate Users which is why false positives are tolerated.
  • Attacks against the sensor capabilities. Various movie and television plots have shown the attacks like taking someone's eyeball, or using a thin-film replica of a fingerprint to complete an Authentication which Authorizes access.
  • Attacks against the sensor processor. The device that does the validation of the biometric using the human evidence must be trusted to both securely store the biometric template and accurately compare that to the live human evidence, which is usually an image of some sort.
  • Attacks against the template store. Access to the Authentication data store can often be the simplest attack as it is based on known techniques.
  • Biometric Attributes attached to official documents may inadvertently become Biometric Identifiers which invade the user's privacy. See the wiki page Biometric Identifier for user cases where that has damaged a user's life.
  • Liveness proofs require some indicator that the image presented is that of a live human who is present at the sensor. The continued presence of the human may also be required in some long-lived interactions.

Solutions

References

  1. Planet Biometrics, FaceTec notes achievement in anti-spoofing test. (2018-09-23) http://www.planetbiometrics.com/article-details/i/7463/desc/facetec-notes-achievement-in-anti-spoofing-test/

Other Material