[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New proposed solution to the QC biometric issue

To: ietf-pkix@xxxxxxx
Subject: New proposed solution to the QC biometric issue
From: Stefan Santesson <stefan@xxxxxxxxxxx>
Date: Wed, 14 Apr 1999 12:57:35 +0200
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

All,

The long debate regarding biometric data in Qualified certificates ended
with the conclusion:

"For bio-metric data to be included in the QC, the list has to provide an
agreeable solution that can enhance interoperability in some meaningful
way. Until then this issue will not be addressed in the profile."

Well, since then I have had a lot of off list discussions ending up in a
new conclusion:

1) It could be valuable to include support for biometric data aimed for
human verification (not machine verification), e.g. human verification of
picture image or signature image. In fact face recognition and signature
recognition are regarded as the two major implementations which justify
this proposed expansion of the draft. 

2) The supported solution should only address storage of a hash value of
biometric data. This would provide all necessary functionality for
authenticating bio-data without loading the certificates to much.

3) Storage of bio-data-hash should NOT be done in the PersonalData field
since this data is conceptually different from id-attributes. Further,
since bio-data need storage of 2 parameters (OID + hash), those values
can't be stored in a single predefined attribute. Instead a new optional
extension should be defined for this purpose.

Petra Glöckner has prepared a proposal for this new extension in QC as
follows:

Extension ::=  SEQUENCE {
  extnId              OBJECT IDENTIFIER,
  critical            BOOLEAN DEFAULT FALSE,
  extnValue           OCTET STRING }

biometric 	EXTENSION ::= {
  SYNTAX            BiometricSyntax
  IDENTIFIED BY     id-qext-biometric }

id-qext-biometric    OBJECT IDENTIFIER  ::= {id-qext xx}

BiometricSyntax  ::=  SEQUENCE OF BiometricData

BiometricData	::=	SEQUENCE {
  typeOfBiometricData  OBJECT IDENTIFIER
  biometricDataHash    OCTET STRING }



So with this concrete proposal I would like to reopen the issue for
comments on this.
Consequently I will move this issue to the unsettled topics on the QC web (
http://www.accurata.se/QC/ ) 

/Stefan
-------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systemsäkerhet AB      http://www.accurata.se
Slagthuset                      Tel. +46-40 108588              
211 20  Malmö                   Fax. +46-40 150790              
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------

Follow-Ups:
- Re: New proposed solution to the QC biometric issue
  - From: Stephen Farrell
- Re: New proposed solution to the QC biometric issue
  - From: Denis Pinkas

Prev by Date: RE: CA vs. EE cert processing
Next by Date: Re: CA vs. EE cert processing
Previous by thread: Double quotes in DNs
Next by thread: Re: New proposed solution to the QC biometric issue
Index(es):
- Date
- Thread