[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New proposed solution to the QC biometric issue

To: Stefan Santesson <stefan@xxxxxxxxxxx>
Subject: Re: New proposed solution to the QC biometric issue
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Wed, 14 Apr 1999 17:16:45 +0200
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Bull
References: <>
Sender: owner-ietf-pkix@xxxxxxx

Stefan,

I welcome and support your proposal in general.

> All,
>
> The long debate regarding biometric data in Qualified certificates ended
> with the conclusion:
>
> "For bio-metric data to be included in the QC, the list has to provide an
> agreeable solution that can enhance interoperability in some meaningful
> way. Until then this issue will not be addressed in the profile."
>
> Well, since then I have had a lot of off list discussions ending up in a
> new conclusion:
>
> 1) It could be valuable to include support for biometric data aimed for
> human verification (not machine verification), e.g. human verification of
> picture image or signature image. In fact face recognition and signature
> recognition are regarded as the two major implementations which justify
> this proposed expansion of the draft.

I would propose that we limit our goal, for the time being, to these two
biometric features which seem indeed enough.

> 2) The supported solution should only address storage of a hash value of
> biometric data. This would provide all necessary functionality for
> authenticating bio-data without loading the certificates to much.

Correct.

> 3) Storage of bio-data-hash should NOT be done in the PersonalData field
> since this data is conceptually different from id-attributes. Further,
> since bio-data need storage of 2 parameters (OID + hash), those values
> can't be stored in a single predefined attribute. Instead a new optional
> extension should be defined for this purpose.

I agree.

> Petra Glöckner has prepared a proposal for this new extension in QC as
> follows:

I have several minor concerns with this following ASN1  proposal, but I will
wait a little bit to see other responses before commenting any further.

Thanks again for your efforts for trying to find a consensus,

Regards,

Denis

> Extension ::=  SEQUENCE {
>   extnId              OBJECT IDENTIFIER,
>   critical            BOOLEAN DEFAULT FALSE,
>   extnValue           OCTET STRING }
>
> biometric       EXTENSION ::= {
>   SYNTAX            BiometricSyntax
>   IDENTIFIED BY     id-qext-biometric }
>
> id-qext-biometric    OBJECT IDENTIFIER  ::= {id-qext xx}
>
> BiometricSyntax  ::=  SEQUENCE OF BiometricData
>
> BiometricData   ::=     SEQUENCE {
>   typeOfBiometricData  OBJECT IDENTIFIER
>   biometricDataHash    OCTET STRING }
>
> So with this concrete proposal I would like to reopen the issue for
> comments on this.
> Consequently I will move this issue to the unsettled topics on the QC web (
> http://www.accurata.se/QC/ )
>
> /Stefan
> -------------------------------------------------------------------
> Stefan Santesson                <stefan@accurata.se>
> Accurata Systemsäkerhet AB      http://www.accurata.se
> Slagthuset                      Tel. +46-40 108588
> 211 20  Malmö                   Fax. +46-40 150790
> Sweden                        Mobile +46-70 5247799
>
> PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
> -------------------------------------------------------------------

References:
- New proposed solution to the QC biometric issue
  - From: Stefan Santesson

Prev by Date: RE: New proposed solution to the QC biometric issue
Next by Date: Re: New proposed solution to the QC biometric issue
Previous by thread: New proposed solution to the QC biometric issue
Next by thread: Re: New proposed solution to the QC biometric issue
Index(es):
- Date
- Thread