ISO and IEC Publish Biometric Authentication Standard

Monday, August 15, 2011



The International Organization for Standards (ISO) and the International Electrotechnical Commission (IEC) have together published a new standard for governing the use of biometric authentication technology.

The newly issued standard, designated as the ISO/IEC 24745:2011, Information technology – Security techniques – Biometric information protection, is designed to provide guidance for the implementation of biometric technology to further protect sensitive online transactions.

“As the Internet is increasingly used to access services with highly sensitive information, such as eBanking and remote healthcare, the reliability and strength of authentication mechanisms is critical. Biometrics is regarded as a powerful solution because of its unique link to an individual that is nearly or absolutely impossible to fake," said Myung Geun Chun, Project Editor of ISO/IEC 24745.

“And the technology has come of age. The cost of biometric techniques has been decreasing, while their reliability and popularity have been growing. But biometric identification raises unique privacy concerns," Chun continued.

The privacy concerns center around the need to collect, process, and store sensitive biometric information from users of such systems.

Unlike other authentication systems, the breach of biometric data is difficult to remedy. Users can not simply alter the authenticating data used to access secure networks, as one would with usernames and passwords - the data is permanently and uniquely identifiable to the individual user.

“While the unchanging and distinct association with an individual on the one hand, provides strong assurance of authentication, this binding which links biometrics with personally identifiable information on the other hand, carries some risks, including the unlawful processing and use of data. ISO/IEC 24745 is an invaluable tool for addressing those risks," Chun stated.

According to the ISO website, the new standard specifies:

  • Analysis of threats and countermeasures inherent in a biometric and biometric system application models
  • Security requirements for binding between a biometric reference and an identity reference
  • Biometric system application models with different scenarios for the storage and comparison of biometric references
  • Guidance on the protection of an individual’s privacy during the processing of biometric information.
Possibly Related Articles:
Network Access Control
Biometrics Privacy Authentication Access Control Headlines Security Personally Identifiable Information ISO Standards ISO IEC 24745
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked