Abstract
A biometric system may be viewed as a composition of various segments; i.e., unit(s) capturing biometric samples, unit(s) preprocessing captured samples into formats from which biometric data can be extracted, or unit(s) matching biometric samples with enrolled signature(s). Various vendors may provide these components. Traditionally, once a unit is chosen from a vendor, the user is restricted in their choice of interfacing units. This restriction stems from the burden of building a custom interface and the pool of available vendors who offer units compatible with the chosen unit. The BioAPI consortium, an organization of various industry leaders, has recently developed the ISO/IEC 19784-1:2005 (also known as BioAPI 2.0) standard to address the interoperability issue. The BioAPI 2.0 framework provides a common interface for biometric systems to subscribe services of standard compliant units made available by various vendors. This allows one to pick and choose between vendors or swap units from different vendors with minimal overhead. Thus, if someone develops a more efficient/accurate matching unit, the existing matching unit can be essentially “hot swapped” with minimal interruption in service; no longer is one limited to continue using a less desirable system because of expensive migration costs. BioAPI provides an excellent framework for interoperability, but lacks provisions for the security or privacy of biometric data. To illustrate this point, consider a typical scenario: A biometric based authentication or credentialing system requires an individual to enroll their biometric data (e.g., fingerprint) so that the biometric data can be stored for future comparison purposes. For authentication, user A presents their biometric data to be compared against enrolled biometric template(s). User A must present their biometric data to a remote matching engine for it to compare with the enrolled biometrics. In this case, user A is forced to reveal their biometric data to another party. Various approaches exist to ensure privacy and security in biometric systems. These approaches fall into two general categories: lossy (Newton 2005) and lossless (Yao 82, Sy 2009). The problem with a lossy approach is that the anonymization of biometric data is data dependent and may not be extendable from one application to another. On the other hand, lossless approaches such as secure computation (Yao 82) are practical only on a limited set of functions characterized by linear arithmetic operations. At the time of this writing, secure
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
