Data Protection Laws and Biometrics
Data privacy is high on the global agenda. Over 80 countries and independent territories, including nearly every country in Europe and many in Latin America and the Caribbean, Asia, and Africa, have now adopted comprehensive data protection laws. In the wake of data protection, ensuring the integrity of personal data is an increasingly pertinent subject. This is a governmental and corporate policy reflection of the fact that our lives are moving increasingly online and, with it, our personal data is facing new and increased threats.
For all access to private data or services, we must be authenticated – this is the basis of privacy in the online world. But as PINs and passwords are increasingly viewed as insufficient to tackle this new reality, the world is looking to stronger authentication solutions, such as biometrics.
When implemented in the right way, biometrics will bring multiple User-driven authentication( e-KYC , Direct Benefit transfer etc )via our phones and tablets is already by far the largest application of biometrics in the world, with figures in the billions that dwarf government-led identification schemes such as India’s Aadhaar.
Crucially though, it is a privacy and security measure that users have the power and choice to implement. And as third parties, such as financial services, health care and enterprise organizations, increasingly accept biometrics authentication for their services, supporting the market’s continued adoption is an important and timely topic. But first, as biometrics creates its own sensitive personal data, there are a few points to clarify and discuss.
Undeniably, the success of existing applications of biometrics is based on the advantages they offer the users. Just look at the penetration and use of fingerprint biometrics in various applications. But the success of future adoption will be determined by how confident users continue to feel in new situations. We’re frequently reminded not to use the same password or PIN multiple times, so it’s only natural consumers are beginning to feel concerned of their biometrics integrity as they start to utilize their fingerprint on multiple devices and apps: their phone, tablet, card, USB dongle.
User device authentication utilizes a "privacy by design" approach that inherently protects end-user biometric data with an on-device authentication approach – where biometric data is enrolled 9 in encrypted format), stored and managed all on the central Database.
For example, it is a common misconception that biometric data, such as fingerprints, are stored as images. And in turn, if this image is accessed, the corresponding fingerprint is permanently compromised and unable to be restored or used securely on other applications. You would have heard the argument about biometrics, that “I can change my password any time, but I only have ten fingerprints; what happens if they’re all hacked?”
In fact, data from a biometric sensor is captured and stored as a template in binary code – or encrypted 0s and 1s. This mathematical representation makes hacking basically pointless, because even if fraudsters could access the template, they cannot do anything with it. Template code cannot be reverse engineered into the original fingerprint image, nor can it be linked to other services and, in turn, other personal data. Moreover, this template is unique to the device it is on, making it impossible to reuse between devices, even if the same fingerprint has been enrolled.
This neatly leads on to our next point regarding storage. In Enterprise authentication use cases, information is stored solely in the database of the central server on which the template was created, remaining physically in control of the user.
Implementing Biometric Solution
Precision has developed a holistic solution suite comprising of biometric hardware and software modules that can suit all common usage scenarios across industry segments. The modular design of the InnaIT™ framework provides flexibility – the organization may choose the specific modules that are needed and expand as the user base grows. The solution not only the algorithm detects authentication spoof, replay attacks and database attacks.
The InnaIT™ framework also simplifies the implementation - eliminating the need for complex integration of multiple security solutions. Additionally, the entire solution is provided by one solution provider, Precision Biometric, so you do not have to coordinate with multiple vendors.
The attributions for the blog are:
- Fingerprints.com, In consumer biometrics we trust authentication for the data privacy age
- Your story.com, Biometrics for Aadhaar Authentication in Government Schemes
- Paymentsjournal.com, In Consumer Biometrics We Trust: Authentication for the Data Privacy Age
- Norton.com, Biometrics and Biometric data: what is it and is it secure?