ISO 24745 “Biometric Information Protection”
GenKey’s BioHASH® technology is fully compliant with the ISO/IEC 24745 standard for Biometric Information Protection, which is the most advanced standardization guideline to address the privacy and security requirements for biometric deployments. It specifies amongst others:
- Irreversibility and confidentiality: prevent identity theft by protecting the biometric information in an irreversible way using the highest key-less cryptographic security standards.
- Renewability: allow for a widespread usage of the same fingerprint by using renewable and revocable biometric templates.
- Unlinkability: prevent “function creep” by making it impossible to link biometric data across different applications.
Biometric system architecture proposed by ISO/IEC 24745 (Source: ISO/IEC 24745:2011 Information technology -- Security techniques -- Biometric information protection)
BioHASH® architecture conforms to the architecture proposed by ISO/IEC 24745
- During enrollment, a BioHASH® template is generated from a biometric sample (a fingerprint image or a minutiae template), resulting in two components; a Pseudonymous Identifier (PI) and Auxiliary Data (AD). The PI information is protected with a SHA-256 cryptographic hash function, whereas the AD contains random salting information to allow for renewable anonymous templates. In addition to the biometric information, also other information like biographic information, application identifiers, terminal identifiers etc. may be included in the hash-protected version of PI.
- In the verification process, the live fingerprint measurement is combined with the Auxiliary Data to derive a candidate PI*, again protected with a SHA-256 (possibly combined with other information that is included in the hash). If the PI from the enrollment and the PI* in the verification are identical, there is a positive match.
ISO 19794 – Template Format
ISO 19794 is a standard that describes data exchange formats for fingerprints. BioHASH® can work with standardized Image data (ISO 19794-4), as well as with minutiae templates (ISO 19794-2) in Fingerprint Minutiae Record (FMR), Fingerprint Minutiae Card (FMC), or Fingerprint Compact Card (FCC) format. BioHASH® also complies with MINEX II, which is a subset of the ISO minutiae template format.