АНАЛИЗ ВОЗМОЖНОСТЕЙ ПРИМЕНЕНИЯ БИОМЕТРИЧЕСКИХ ТЕХНОЛОГИЙ ДЛЯ РЕАЛИЗАЦИИ ПРОЦЕДУР ОБЕЗЛИЧИВАНИЯ ПЕРСОНАЛЬНЫХ ДАННЫХ

Abstract

The paper focuses on the problem of using biometric methods for the depersonalization of personal data. The analysis of the existing Russian and international legislative and regulatory framework for depersonalization has been carried out, and inconsistencies in the weakening of this concept have been revealed. In particular, it was found out that depersonalization of the personal data is not currently considered as a measure of their protection, personalized personal data are not treated as a category of personal data, depersonalization is considered a protection measure that is not directly related to measures to ensure the security of personal data, but not will disrupt the properties of their security. The analysis of requirements and methods for the depersonalization of personal data was carried out. There have been identified 5 necessary properties of impersonal data; 4 basic methods of depersonalization (introduction of identifiers, changes in composition and semantics, decomposition, mixing), and 3 main characteristics for the methods of depersonalization related to the security of personal data. The analysis elicited the presence or absence of the listed characteristics in each method of depersonalization of personal data. The problem of storing personal data has been considered, and the procedure of using a two-factor authentication based on biometric methods for working with personal data bases has been proposed. A method of depersonalization of personal data based on biometric procedures not supposing supply of confidential information via communication channels using cryptography has been proposed. To demonstrate the efficiency of the method there was given an example of reversible depersonalization using biometric techniques.