16,773 research outputs found

    Privacy-Aware Processing of Biometric Templates by Means of Secure Two-Party Computation

    Get PDF
    The use of biometric data for person identification and access control is gaining more and more popularity. Handling biometric data, however, requires particular care, since biometric data is indissolubly tied to the identity of the owner hence raising important security and privacy issues. This chapter focuses on the latter, presenting an innovative approach that, by relying on tools borrowed from Secure Two Party Computation (STPC) theory, permits to process the biometric data in encrypted form, thus eliminating any risk that private biometric information is leaked during an identification process. The basic concepts behind STPC are reviewed together with the basic cryptographic primitives needed to achieve privacy-aware processing of biometric data in a STPC context. The two main approaches proposed so far, namely homomorphic encryption and garbled circuits, are discussed and the way such techniques can be used to develop a full biometric matching protocol described. Some general guidelines to be used in the design of a privacy-aware biometric system are given, so as to allow the reader to choose the most appropriate tools depending on the application at hand

    Anonymous subject identification and privacy information management in video surveillance

    Get PDF
    The widespread deployment of surveillance cameras has raised serious privacy concerns, and many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. Of equal importance are the privacy and efficiency of techniques to first, identify those individuals for privacy protection and second, provide access to original surveillance video contents for security analysis. In this paper, we propose an anonymous subject identification and privacy data management system to be used in privacy-aware video surveillance. The anonymous subject identification system uses iris patterns to identify individuals for privacy protection. Anonymity of the iris-matching process is guaranteed through the use of a garbled-circuit (GC)-based iris matching protocol. A novel GC complexity reduction scheme is proposed by simplifying the iris masking process in the protocol. A user-centric privacy information management system is also proposed that allows subjects to anonymously access their privacy information via their iris patterns. The system is composed of two encrypted-domain protocols: The privacy information encryption protocol encrypts the original video records using the iris pattern acquired during the subject identification phase; the privacy information retrieval protocol allows the video records to be anonymously retrieved through a GC-based iris pattern matching process. Experimental results on a public iris biometric database demonstrate the validity of our framework

    Actual Harm Means it is too Late: How Rosenbach v. Six Flags Demonstrates Effective Biometric Information Privacy Law

    Get PDF
    Technology is rapidly advancing, and the law is trying to keep up. While this challenge is not new, technological advancements are impacting privacy rights in unprecedented ways. Using a fingerprint to clock in at work or face identification to unlock a smartphone provides ease and convenience, but at what cost? Currently, there is no federal law that regulates the collection, use, and storage of biometric information in the private sector. On a local level, three states have enacted laws that specifically address biometrics. Of those, the Biometric Information Privacy Act (BIPA) in Illinois provides the strongest protections for consumers, who are entitled to a private right of action under the statute. Since the enactment of BIPA about a decade ago, hundreds of plaintiffs have brought legal action against companies operating in Illinois. This Comment explains how the Illinois Supreme Court properly applied the state’s biometric information privacy statute and why the ruling in Rosenbach v. Six Flags should be a model for analyzing biometric information privacy rights. Part II will provide a brief history of privacy law in the United States and how the ubiquitous collection and use of biometric information threatens privacy rights. Next, Part III will describe the facts, issue, and holding of Rosenbach v. Six Flags. Part IV will analyze the court’s examination of statutory language and legislative intent and explain how those findings lay the foundation for future regulation of biometric information. Finally, this Comment will conclude with a recommendation for legislators to rely on Rosenbach as an example of how biometric privacy regulation should apply in states and, one day, nationwide

    Investigating Users’ Perception about Biometric Security Mechanism: The Case of Ethiopia Banking Sector

    Get PDF
    Biometric identification is poised to gradually replace traditional approaches, such as passwords and PINs as a way of identifying and authenticating a person’s access to services that require identity verification. Despite benefits such as increased security and convenience for users concerns such as vulnerability to identity theft, and concerns about privacy and the security of biometric information may inhibit uptake. Drawing on Protection Motivation Theory (PMT) and using data collected from online banking users, this study will reports on the relative impacts of perceptions about biometric identification (i.e. its detractors and its benefits) on attitude towards biometric use. Implications for practice and future research will also be discussed

    Putting a Finger on Biometric Privacy Laws: How Congress Can Stitch Together the Patchwork of Biometric Privacy Laws in the United States

    Get PDF
    The use of biometric identification in the consumer industry has grown immensely over the last decade and is projected to continue growing at an even faster rate. As private entities abandon password-based security systems and opt for the more secure, convenient, and cost-effective method of using biometric data, individuals are worried how that information will be protected. Although the right to privacy has always been valued in the United States, Congress has yet to specifically address biometric privacy. This note sets the legal landscape of privacy law, through the lens of biometric privacy, by surveying four categories of privacy law: (1) Federal privacy laws in general; (2) state privacy laws in general, specifically the California Consumer Privacy Act (CCPA); (3) state biometric-specific privacy laws; and (4) a federal biometric privacy law. The fourth category is what is missing from the current regulatory scheme. This note identifies issues with state biometric privacy laws, including unclear definitions of biometric privacy and Article III standing. Ultimately, this note concludes that a federal biometric privacy law should be modeled after the CCPA, but narrowed to biometric information

    Embedded system for individual recognition based on ECG biometrics

    Get PDF
    Biometric recognition is emerging has an alternative solution for applications where the privacy of the information is crucial. This paper presents an embedded biometric recognition system based on the Electrocardiographic signals (ECG) for individual identification and authentication. The proposed system implements a real-time state-of-the-art recognition algorithm, which extracts information from the frequency domain. The system is based on a ARM Cortex 4. Preliminary results show that embedded platforms are a promising path for the implementation of ECG-based applications in real-world scenario

    Avoiding terminological confusion between the notions of 'biometrics' and 'biometric data':An investigation into the meanings of the terms from a European data protection and a scientific perspective

    Get PDF
    This article has been motivated by an observation: the lack of rigor by European bodies when they use scientific terms to address data protection and privacy issues raised by biometric technologies and biometric data. In particular, they improperly use the term ‘biometrics’ to mean at the same time ‘biometric data’, ‘identification method’, or ‘biometric technologies’.Based on this observation, there is a need to clarify what ‘biometrics’ means for the biometric community and whether and how the legal community should use the term in a data protection and privacy context.In parallel to that exercise of clarification, there is also a need to investigate the current legal definition of ‘biometric data’ as framed by European bodies at the level of the European Union and the Council of Europe.The comparison of the regulatory and scientific definitions of the term ‘biometric data’ reveals that the term is used in two different contexts. However, it is legitimate to question the role that the scientific definition could exercise on the regulatory definition. More precisely, the question is whether the technical process through which biometric information is extracted and transformed into a biometric template should be reflected in the regulatory definition of the term

    Deep Learning-based Anonymization of Chest Radiographs: A Utility-preserving Measure for Patient Privacy

    Full text link
    Robust and reliable anonymization of chest radiographs constitutes an essential step before publishing large datasets of such for research purposes. The conventional anonymization process is carried out by obscuring personal information in the images with black boxes and removing or replacing meta-information. However, such simple measures retain biometric information in the chest radiographs, allowing patients to be re-identified by a linkage attack. Therefore, there is an urgent need to obfuscate the biometric information appearing in the images. We propose the first deep learning-based approach (PriCheXy-Net) to targetedly anonymize chest radiographs while maintaining data utility for diagnostic and machine learning purposes. Our model architecture is a composition of three independent neural networks that, when collectively used, allow for learning a deformation field that is able to impede patient re-identification. Quantitative results on the ChestX-ray14 dataset show a reduction of patient re-identification from 81.8% to 57.7% (AUC) after re-training with little impact on the abnormality classification performance. This indicates the ability to preserve underlying abnormality patterns while increasing patient privacy. Lastly, we compare our proposed anonymization approach with two other obfuscation-based methods (Privacy-Net, DP-Pix) and demonstrate the superiority of our method towards resolving the privacy-utility trade-off for chest radiographs.Comment: Accepted at MICCAI 202

    The Electronic Passport and the Future of Government-Issued RFID-Based Identification

    Get PDF
    Passports and other identification documents may be enhanced using recent advancements in technology. Various national and international bodies are pursuing machine-readable approaches with biometric information. In particular, the international civil aviation organization (ICAO) has adopted standards whereby passports can store biometric identifiers. Countries that participate in the visa waiver program (VWP) began issuing electronic passports in 2006. However, the selection of technologies remains questionable due to privacy and security concerns. This paper examines policy regarding these electronic approaches and developments toward electronic data storage and transmission. Radio-frequency identification (RFID) devices for electronic passports and other existing identity documents are discussed
    • …
    corecore