Combining Biometric Authentication with Privacy-Enhancing Technologies

  • Konstantin Hyppönen
  • Marko Hassinen
  • Elena Trichina
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)

Abstract

Although state of public research in privacy-enhancing technologies (PET) is reasonably good, they are not yet widely used in common electronic documents. We argue that low acceptance of PET is due to a large gap between ordinary paper-based documents and new e-ID schemes. We show how to make the gap narrower by introducing a mobile electronic identity tool with privacy-preserving biometric authentication scheme.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management – a consolidated proposal for terminology. version v0.29 (2007)Google Scholar
  2. 2.
    Pfitzmann, A.: Multilateral security: Enabling technologies and their evaluation. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 1–13. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    CEN/ISSS Workshop eAuthentication: Towards an electronic ID for the European Citizen, a strategic vision. Brussels (2004) (accessed 10.10.2007), http://europa.eu.int/idabc/servlets/Doc?id=19132
  4. 4.
    The European Parliament and the Council of the European Union: Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. Official Journal L 013, 0012–0020 (2000)Google Scholar
  5. 5.
    Witteman, M.: Attacks on digital passports. Talk at the What The Hack conference (2005) (Accessed 10.10.2007), http://wiki.whatthehack.org/images/2/28/WTH-slides-Attacks-on-Digital-Passports-Marc-Witteman.pdf
  6. 6.
    Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-passports. In: Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference, pp. 74–88 (2005)Google Scholar
  7. 7.
    Hoepman, J.H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.: Crossing borders: Security and privacy issues of the european e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    FIDIS - Future of Identity in the Information Society: Budapest declaration on machine readable travel documents (MRTDs) (2006) (Accessed 10.10.2007), http://www.fidis.net/fileadmin/fidis/press/budapest_declaration_on_MRTD.en.20061106.pdf
  9. 9.
    The Royal Academy of Engineering: Dilemmas of privacy and surveillance: Challenges of technological change. The Royal Academy of Engineering, 29 Great Peter Street, London, SW1P 3LW (2007)Google Scholar
  10. 10.
    Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. The MIT Press, Cambridge (2000)Google Scholar
  11. 11.
    Li, J., Li, N.: A construction for general and efficient oblivious commitment based envelope protocols. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 122–138. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Camenisch, J., Herreweghen, E.V.: Design and implementation of the idemix anonymous credential system. In: CCS 2002: Proceedings of the 9th ACM conference on Computer and communications security, pp. 21–30. ACM, New York (2002)CrossRefGoogle Scholar
  13. 13.
    Java Community Process: Contactless Communication API, JSR 257, v. 1.0. Nokia Corporation, Espoo, Finland (2006) (Accessed 10.10.2007), http://www.jcp.org/en/jsr/detail?id=257
  14. 14.
    Java Community Process: Security and Trust Services API (SATSA) for JavaTM2 Platform, Micro Edition, v. 1.0. Sun Microsystems, Inc., Santa Clara, CA, USA (2004) (accessed 10.10.2007), http://www.jcp.org/en/jsr/detail?id=177
  15. 15.
    Santesson, S., Polk, W., Barzin, P., Nystrom, M.: Internet X.509 public key infrastructure qualified certificates profile. Network Working Group, Request for Comments 3039 (2001) (accessed 10.10.2007)Google Scholar
  16. 16.
    Boudot, F.: Partial revelation of certified identity. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) CARDIS. IFIP Conference Proceedings, vol. 180, pp. 257–272. Kluwer, Dordrecht (2000)Google Scholar
  17. 17.
    Trusted Computing Group: TCG mobile trusted module specification, version 1.0, revision 1. TCG published (2007)Google Scholar
  18. 18.
    von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Petitcolas, F.A.P., Steinebach, M., Raynal, F., Dittmann, J., Fontaine, C., Fates, N.: Public automated web-based evaluation service for watermarking schemes: StirMark benchmark. In: Wong, P.W., Delp III, E.J. (eds.) Security and watermarking of multimedia contents III: SPIE proc. ser., vol. 4314, pp. 575–584. SPIE (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Konstantin Hyppönen
    • 1
  • Marko Hassinen
    • 1
  • Elena Trichina
    • 2
  1. 1.Department of Computer ScienceUniversity of KuopioKuopioFinland
  2. 2.Spansion International Inc.MunichGermany

Personalised recommendations