Biometric Information Protection
Standard in ISO/IEC JTC 1/SC 27
Myung Geun Chun
Chungbuk National University
Korea
Dec. 7 2010
This work was supported by the ICT
Standardization program of MKE(The Ministry of Knowledge Economy).
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
2
Biometric Information Protection Standard
in ISO/IEC JTC 1/SC 27
ISO/IEC JTC 1/SC 27 WGs
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
3
Biometric Information Protection Standard
in ISO/IEC JTC 1/SC 27
ISO/IEC JTC 1/SC 27/WG 5 Major Works
Project
Number
Status
Title
24760: 1-3
FCD, WD,
WD
A Framework for Identity Management
29100
FCD
Privacy Framework
29101
CD
Privacy Reference Architecture
24745
FDIS
Biometric information protection
29115
CD
Entity Authentication Assurance(ITU-T SG17 Q.6)
29146
WD
A Framework for Access Management
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
4
Biometric Information Protection Standard
in ISO/IEC JTC 1 SC 27
ISO/IEC 24745 “Biometric Information Protection”
Individua
Identity Claim
l
Data Storage
Subsystem
Identity Registration
IR & BR
Association
IR Claim
BR Claim
Comparison
Subsystem
Comparison
DBBR
Data Capture
Subsystem
Presentation
Biometric
Characteristics
Sensor
Identity Reference
DBIR
Biometric
Referenc
e
Biometric
Referenc
e
Signal
Processing
Subsystem
Decision
Subsyste
m
Comparison
Score(s)
Biometric
Features
Match?
Reference
Creation
Biometri
c
Quality Control
Features
Feature Extraction
Segmentation
Match/
Nonmatch
Candidate?
Threshol
d
(Candidate
List)
Verified?
Identified?
Decision
Policy
Captured
Biometric
Sample
Geneva, 6-7 December 2010
Enrollmen
tVerificatio
Identification
n
Addressing security challenges on a global scale
Verification
Outcome
Identification
Outcome
5
Biometric Information Protection Standard
in ISO/IEC JTC 1/SC 27
ISO/IEC 24745 “Biometric Information Protection”
analysis of the threats to and countermeasures
inherent in biometric system application models;
 security requirements for securely binding a
biometric reference with an identity reference
 biometric system application models with different
scenarios for the storage of biometric references and
comparison; and
 guidance on the protection of an individual’s privacy

Geneva, 6-7 December 2010
Addressing security challenges on a global scale
6
Biometric Information Protection Standard
in ISO/IEC JTC 1/SC 27
Biometric reference: one or more stored biometric samples, biometric
templates or biometric models attributed to a biometric data subject and
used for comparison
Identity reference: an identifier with a value that remains the same for the
duration of the existence of the entity in a domain
Geneva, 6-7 December 2010
. Name
. Social security number
. Driver license’s number
. etc
Identity
reference
. Fingerprint image
. Face image
. Ordered set of fingerprint
minutiae
. etc
Biometric
reference
Addressing security challenges on a global scale
7
Biometric Information Protection Standard
in ISO/IEC JTC 1/SC 27
Security Requirements for biometric systems


Confidentiality: protect biometric information against
unauthorized access or disclosure
Integrity: safeguard the accuracy and completeness of
biometric information
 Renewability and revocability: provide the means to
resolve compromised biometric references, and not for
compromised biometric characteristics. A major security
and privacy concern for biometric systems relates to the
compromise of biometric references
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
8
Biometric Information Protection Standard
in ISO/IEC JTC 1/SC 27
Architecture for renewable biometric
Signal processing
Subsystem
RBR
PI
Comparison
Subsystem
PI
Pseudonymous
Identifier
Encoder
(PIE)
AD
PIC
Signal processing
Subsystem
PI*
Pseudonymous
Identifier
Recoder
AD

Geneva, 6-7 December 2010
Captured
Biometric
Probe
Sample

Discard
PI:
AD:
PIC:
(PIR)
Feature
Extractor
Feature
Extractor
Captured
Biometric
Sample
Verification
Storage
Enrolment
Discard
Pseudonymous Identifier
Auxiliary Data
Pseudonymous Identifier Comparator
Addressing security challenges on a global scale
9
Biometric Information Protection Standard
in ISO/IEC JTC 1/SC 27
Biometric information privacy requirements and guidelines
 Irreversibility: biometric data shall be processed by
irreversible transforms before storage
-> Encryption/psedonymous identifier
 Unlinkability: Stored biometric references should not be
linkable across applications or databases.
->Encryption with different keys/diversification process
 Confidentiality: To protect biometric references against
access by an unauthorized outsider resulting in a privacy
risk, biometric references shall be kept confidential.
-> Data separation/encryption of biometric references
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
10
Biometric Information Protection Standard
in ISO/IEC JTC 1/SC 27
Application Models: Security and privacy issues
Storage
Server
Server
Client
Distributed
Token
A
G
B
H
Client
Comparison
C
D
E
Token
F
IR
Subject
BR
Identity Claim
Token
Verification
BR
Data
Capture
Subsystem
Signal
Processing
Subsystem
Comparison
Subsystem
Decision
Subsystem
Client
Verification Outcome
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
Server
11