Re: Certificate profile for Biometrics information.

["Phillip H. Griffin" <phil.griffin@xxxxxxxxx>]

Ebbe and Steve,

Ebbe Hansen wrote:
> Steve,
>
> I would consider storing of a biometrics "digest" (sometimes also called a
> template) to be the minimum biometrics information that could be included in
> a certificate (possible in an Attribute Certificate). Type of biometrics
> (finger, iris, facial, etc), "digest/template" algorithm, etc. could also be
> useful. I just learned the XML working group already has a draft out (Ref.
> http://www.oasis-open.org/committees/xcbf/#documents).
This contains exactly the same types being defined in the X9.84 revision
that it is my turn to edit this week. The text states (for now):

Additional mechanisms can be used to provide integrity protection to 
biometric information, when it is being conveyed with other data (e.g., 
a financial transaction).  Biometric templates in the form of 
EncodedBiometricObjects
can be bound to a public key associated
with a private key in a digital certificate. 

This standard supports biometric certificate extensions that can be 
incorporated into values of types Certificate and
AttributeCertificate,
as defined in the Directory series of standards, and type
DomainCertificate
as defined in X9.68 [???]. Biometric certificate extension values can be
encoded
in either the Distinguished Encoding Rules (DER) or the canonical variant
of the 
XML Encoding Rules (cXER):

biometricTemplates
EXTENSION ::= {
   SYNTAX         EncodedBiometricObjects  -- DER or cXER --
   IDENTIFIED BY  x509-biometricTemplates
}

domainBiometricTemplates
PRIVATE ::= {
   NAME  oid : x968-biometricTemplates 
   TYPE  EncodedBiometricObjects  -- DER or cXER --
}
> For individuals and/or organizations that are concerned about privacy
> issues, one could consider support of an encryption option where selected
> "trusted readers" could be enabled using specific session-key tokens,
> possibly included (under user or organization control) on the same
> smart-card that holds the certificate(s) with the biometrics extension(s).
Privacy objects are already available in X9.84 and XCBF and rely on
the familiar EnvelopedData
and EncryptedData, and
a named variant of
EncryptedData.
But biometric information is public, not private. It's in your
hair left on the brush in the hotel, in your prints left on the glass at
dinner, and
by anyone who wishes to scan or photograph for the purpose of trying to mimic
another. 

Tracking the fameous girl in Afganistan on the cover of National Geographic
to
a woman some twenty years later was done by iris scan analysis of the eyes
in
the photographs. So, biometric information in most cases is just public data
that
when used in open networks needs to have integrity and to be authenticated
in
order to be trusted and relied upon. 

So rather than opt for creating a certificate extension payload from a value
of
type BiometricSyntaxSets,
I decided that the encoded value of a series of 
biometric objects was probably enough. Some communities of course will
need privacy, but the general public will not. Authentication will likely
do for
templates.

Biometric information seems destined to become the financial identifier that
one
 day replaces the social security number. There's much interest in using
it to try
 to combat identity fraud, said to be the fastest rising crime. On another
front,
 a DOD pilot is to use a biometric extension in a smart card certificate.

The BiometricObject
in X9.84 and XCBF contains a 'hole' that can carry an
arbitrary payload relevant to an application. There are many things this
might 
be, the blinded hash of a customer PAN as used in SET for cardholder common
names, an encrypted smart identifier, etc. This type can also carry the biometric
processing algorithm and matching method needed by a relying party. And most
importantly, a set of these can carry multiple occurances of a biometric,
say three
fingerprints, or sets of mutiple biometric types, say ten fingerprints and
two iris
images. 

Phil

> Ebbe
>
> -----Original Message-----
> From: Stephen Kent [mailto:kent@xxxxxxx]
> Sent: Monday, November 04, 2002 10:34 AM
> To: Ebbe Hansen
> Cc: ietf-pkix@xxxxxxx
> Subject: Re: Certificate profile for Biometrics information.
>
> > I am looking for biometrics profile-definitions on how biometrics reference
> > information may be encoded and embedded into X.509 certificates (Public Key
> > Certificates as well as Attribute Certificates). The only
> > "biometrics-data-extension" I have found so far is included in RFC 3039 as
> > the "biometricInfo" extension.
> >
> > Are there other biometrics profiles that have been defined at this time?
> >
> > Regards Ebbe Hansen
> >   
>
> Ebbe,
>
> Many sorts of biometric info are inappropriate to place in a cert,
> due to concerns about disclosure of that info, e.g., to enable off
> line guessing attacks. This, in part, is why we don't have any
> extension defined for this purpose. Could you explain in more detail
> what sort of biometric info you envision storing in certs, and how it
> would be used?  That might help us better understand what might be
> appropriate.
>
> Thanks,
>
> Steve