Privacy

Biometric data is increasingly used in authentication and identification of individuals, replacing password-based security systems. Identification and authentication refers to two different tasks: finding the identity of a person given the biometric versus verifying the identity given the biometric data and the claimed identity.

There are two approaches to a biometric authentication system. In one alternative, enrolled users’ biometric data is kept at a

central repository and authentication is done by verifying the test data against the reference at the central repository. In the second alternative, a user carries a smart card containing his/her biometric data, and verification is done against the sample in the smart card. There are disadvantages associated with both of these two approaches. In particular there is increased concern over the loss of privacy and potential misuse of biometric data held in central repositories. Biometric data which can uniquely identify a person (e.g. fingerprints, iris patterns) can be used to track individuals, linking many separate databases (where the person has been, what he has purchased etc.). There is also fear that the central databases can be used for unintended purposes. For instance, latent fingerprints can be used to search for information about a person in a central database, if such databases are compromised. The association of fingerprints with criminals raise further concerns for fingerprint databases in particular. Similarly, biometric data may reveal certain rare health problems, which raises concern about possible discriminatory uses of central databases.

On the other hand, keeping biometric data in smart cards has its own disadvantages. In particular, forgers can claim that their card is broken and avoid biometric verification altogether. Since a smart card may become damaged legitimately, such a situation would need to be solved by non-biometric authentication or by resorting to a central database.

"Combining Multiple Biometrics to Protect Privacy", Berrin Yanikoglu and Alisher Kholmatov, Proceedings of ICPR-BCTP Workshop, Cambridge, England, Aug. 2004.

In this work we propose a biometric authentication framework to address these privacy concerns. In particular, two biometric features (e.g. fingerprints) are combined to obtain a non-unique identifier of the individual and stored as such in a central database. While the combined biometric ID is not a unique identifier, relieving concerns of privacy, we show that it can still be used in authenticating a person’s identity. As a particular example, we demonstrate a fingerprint verification system that uses two separate fingerprints of the same individual to form a combined biometric ID.

With the proposed method, a person can give two fingerprints for one application (e.g., passport application), and two other fingerprints for another one (e.g., bank), creating two separate biometric IDs. While the person can still be authenticated for either application, it is impossible to link the two databases. Similarly, searching for a person using latent fingerprints is difficult, as one would need to try many such combinations of latent fingerprint pairs.

Two fingerprints A and B are combined to give the combined fingerprint minutiae on the right. The minutiae points are marked so as to indicate the source finger, but this information is not stored in the database.

(for details please refer to the paper...)

Related publications:

"Combining Multiple Biometrics to Protect Privacy", Berrin Yanikoglu and Alisher Kholmatov, Proceedings of ICPR-BCTP Workshop, Cambridge, England, Aug. 2004.

TÜBİTAK Project (No: 105 E 165 Duration: 6/2006-6/2008): “Privacy Protecting Biometric Authentication Systems”.