Re: New proposed solution to the QC biometric issue

[tgindin@xxxxxxxxxx]

     Wouldn't a better syntax for URIorOIDsyntax be

   URIorOIDsyntax ::== CHOICE {
      uri            IA5String,
       biometricType    [0] IMPLICIT OBJECT IDENTIFIER
   } ?

     You could add a third choice value as:
      stdBiometricType [1] IMPLICIT StdBiometricType
   StdBiometricType ::= INTEGER {
     PICTURE_GIF (0), HANDWRITTEN_SIGNATURE_GIF(1)      -- more to follow
   }
     I think you have to specify both the format and the interpretation of
a graphic for pictures and manual signatures.

          Tom Gindin


Petra Gloeckner <Petra.Gloeckner@darmstadt.gmd.de> on 04/15/99 11:54:36 AM

To:   Denis Pinkas <Denis.Pinkas@bull.net>
cc:   ietf-pkix@imc.org (bcc: Tom Gindin/Watson/IBM)
Subject:  Re: New proposed solution to the QC biometric issue





Denis Pinkas wrote:
>
> >From these examples, it can be seen that a URI is not mandatory, but the
> name of the corresponding file would be usefull as well as the type of
> biometric information. As far as the typeOfBiometricData is concerned I
> would prefer an integer instead of an OID: it is shorter (when
> certificates are stored in smart cards) and we could expand the list of
> integers as needed. At the time being, two integers seem sufficient
> (picture or manual signature).
>

Denis,

why would you like to include the name of the corresponding file in
the certificate as well?

Without this name I'd suggest the following structure considering the
comments of Stephen and you:

   BiometricData ::= SEQUENCE {
         URIorOID         URIorOIDsyntax,
         hashalgorithm        AlgorithmIdentifier,
         biometricDataHash    OCTET STRING }

   URIorOIDsyntax ::== CHOICE {
      uri            [0] IA5String
         typeOfBiometricData  [1] INTEGER }

with the following types of biometric data defined so far:
     0    picture
     1    manual signature

Best regards - Petra