Re: New proposed solution to the QC biometric issue

[Petra Gloeckner <Petra.Gloeckner@xxxxxxxxxxxxxxxx>]

I'm forwarding the following comment on behalf of Bruno Struif who 
is involoved in biometric technologies and algorithms at GMD:

Comment to "Biometrics in Qualified Certificates"

1. The only biometric data which may have some relevance to qualified
certificates is  a "certificate holder portrait image" (i.e. a foto) in
a defined coding scheme.
2. If the foto is too big (about 2 kbytes in a compressed version), the
hash value of the foto may be used.
3. If the hash value is used then the hash algorithm has to be denoted
and the reference where the foto from which the hash value was derived
is located. A verifier has to fetch the foto, to hash it and to compare
the computed hash value with the hash value presented in the qualified
certificate.
4. The rationale as it stands is wrong from my point of view: There are
no "biometric comparing algorithms" involved which have to compare
reference data with actually measured verification data taken from the
person to be authenticated. An acceptable wording would be: "The
rationale for supporting biometric data (i.e. a certificate holder
portrait image) would be to support biometric data in a qualified
certificate in the sense of a certified attribute of the certificate
holding person."

Bruno Struif
e-mail: bruno.struif@darmstadt.gmd.de