FB pixel

Trust Stamp CSO argues for biometric binding with fuzzy tokens in EAB talk

Categories Biometric R&D  |  Biometrics News  |  Trade Notes
Trust Stamp CSO argues for biometric binding with fuzzy tokens in EAB talk
 

Trust Stamp Chief Science Officer Dr. Norman Poh presented a system for biometric binding which gains privacy benefits from asymmetric key encryption and fuzzy tokens in a European Association for Biometrics (EAB) lunch talk.

The webinar focused on the context and technical details of moving ‘Towards building a resilient digital identity system with strong biometric binding.’

Poh described how Trust Stamp creates its Irreversibly Transformed Identity Token (IT2) by injecting a secret code into the biometric template, and how cryptographic keys are bound to users’ biometric templates. This approach allows the biometric sample to be revoked, as well as avoiding the risk of GDPR fines.

He also notes that the same method can be used to tokenize any kind of personally identifiable information (PII).

If the sample does need to be revoked, the credential can be recovered by re-enrolling the biometric and combining it with a new secret.

Any biometric data can be used, with error rates reduced by capturing more than one sample of the given biometric.

The frightening risk of the Taliban using biometric data to find victims among Afghanistan’s population is an example Poh provides of where a system with an application-specific key could prevent the misuse of biometrics that are stored on a device, rather than in the cloud where the data can be deleted remotely. Revoking the application-specific key severs the link between the template and the token derived from it.

An alternative approach is being used with many COVID-19 vaccination certificates, many of which are not bound to the individual with biometrics. This eliminates the risk of biometric data theft through the credential, but has also contributed to the proliferation of counterfeits and forgeries, Poh says. While rudimentary document fraud can be discovered in various ways, Poh points out that legitimate-seeming credentials issued illegitimately by inside actors, such as healthcare workers, present a challenging problem.

Similar problems are presented by synthetic identity fraud and other attacks against financial services that are not protected with digital ID bound to biometrics.

Poh outlined the eKYC process, and how biometrics can be used to match individuals to established identities, such as those presented by government-issued ID documents. He also shared some of the fraud-prevention gains Trust Stamp’s clients have realized, both in terms of preventing fraud and unblocking legitimate users.

He compared the binding methods of the FIDO protocol with that of Trust Stamp, and discussed additional security considerations. The technical details of verification processes were outlined, and the level of assurance it provides.

The device where the software runs is also important, Poh says, as it acts as a second authentication factor, including in offline environments.

EAB’s next virtual lunch talk will be held on September 21, and address ‘deciphering and generating faces.’

Article Topics

 |   |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics firms pitch privacy in age assurance ahead of US court battle

The U.S. is facing its first constitutional debate connected with age verification in 20 years: The Supreme Court will have…

 

Permira finalizes $1.3B majority stake acquisition of BioCatch

Permira Growth Opportunities has completed the acquisition of a majority position in behavioral biometrics and fraud prevention business BioCatch, four…

 

ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat

A recent report highlights the growing threat of account takeover (ATO) attacks, which surged by 24 percent in the second…

 

EU AI pact sets new standards for ethical AI use across Europe

By Tony Porter, Chief Privacy Officer at Corsight AI The European Union’s AI Pact marks a crucial step towards forming…

 

Deepfake detection challenge, integration to protect content integrity unveiled

A new deepfake detection competition has been announced with the intention of advancing “next-generation deepfake detection and localization systems” development….

 

Utah judge blocks age verification requirement for social media

A federal judge in Utah has ruled in favor of tech lobby group NetChoice and against the state’s new law…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events