Using a central data repository for biometric authentication in passport systems
Breedt and Olivier
2004
Citation information
M. Breedt and M. S. Olivier. “Using a central data repository for biometric authentication in passport systems”. In: Proceedings of the Fourth Annual Information Security South Africa Conference (ISSA2004). Published electronically. Midrand, South Africa, June 2004Abstract
Passports and visas are currently undergoing a rapid change due to legislation being passed by authorities such as the US requirement that they should have machine readable biometrics embedded within them. What the governments are trying to accomplish is to positively link individuals to these identity documents. But if an impostor is capable of forging a passport, complete with embedded biometric, the document could still pass the biometric authentication step. To prevent the system from being compromised in this manner, a central repository of biometric templates could be incorporated. Then the system could compare its ‘live’ biometric reading with the remote repository, rather than relying solely on the authenticity of the biometric embedded within the identity document.
Using a central repository raises certain questions. Firstly, how will the system know which repository to query? How can the system be sure the passport is not fraudulent and referring queries to a fake repository? How will the repository know it is communicating with a valid port system and not just wasting time with fraudulent queries performing a denial of service attack?
This paper proposes a model for the construction of a passport system that employs a set of national repositories for biometric identification that addresses these issues.
Full text
A pre- or postprint of the publication is available at https://mo.co.za/open/biopass.pdf.BibTeX reference
@inproceedings(biopass,author={Morn∖’e Breedt and Martin S Olivier},
title={Using a central data repository for biometric authentication in passport systems},
booktitle={Proceedings of the Fourth Annual Information Security South Africa Conference (ISSA2004)},
address={Midrand, South Africa},
month=jun,
year={2004},
note={Published electronically} )