Page 30

EETE DEC 2015

Biometrics & Authentication Private ID as a service leverages smartphone-enabled biometrics By KJulien Happich icked-off in July last year, the PIDaaS (Private Identity as a Service) project aims to leverage today’s smartphone sensors’ capabilities (camera, microphone) to carry out secure user authentication through their biometrics while preserving their privacy. Co-funded under the ICT Policy Support Programme of the European Union as part of the Competitiveness and Innovation Framework Programme (CIP) and is scheduled to run until December 2016. It shares some similarities with the terminated TAS3 project (Trusted Architecture for Securely Shared Services) co-funded by the European Union some years ago, in the sense that identity management would be user-centric, enabling smartphone users to authenticate themselves to access different services online without giving out their ID credentials (i.e biometric data) and without having to enrol with every new service they use. Indeed, while every new online service typically wants to collect unique user data upon registration (and we have all been accustomed to creating avatars through multiple emails), users may be reticent to let just any new service online exploit irrevocable biometric samples which are strongly linked with their identity. Creating avatars is a form of ID management, but how much guessing is there left in biometrics? The PIDaaS project focuses precisely on the preservation of biometric data during the authentication process, adding biometric template protection schemes (BTPS) so users can create multiple pseudo-bio-identities from the same biometric trait, with the possibility of revoking, renewing and reissuing them. This prevents users from having to go through multiple enrolment processes, with the uneasy feeling that their biometric data is getting dispersed and growing out of control on the cloud. As well as a biometric template protection scheme, the PIDaaS platform also relies on voice and face recognition verification technology as used in the IdForMe authentication application, a backend, and a Life Management Platform (LMP). The PIDaaS Mobile application allows users to manage their identity, personal data and biometric templates (digital reference of characteristics that have been extracted from a biometric sample) and to be authenticated through speaker and face recognition. This user-centric ID management lets users authorize which action is performed in their name on any website and decide what information they allow to access to Website, Mobile apps, online purchasing, etc. A preliminary mockup PIDaaS App has been developed for the project partners to work with. The PIDaaS Backend provides mobile application and service providers a gateway to access to the PIDaaS platform services, asking for login authentication services. And for what is probably the most critical enrolment part (which would probably only be performed by a governmental entity once for all), the PIDaaS Life Management Platform is responsible for storing the information about PIDaaS users, service providers and for monitoring the users’ activities within the PIDaaS platform. It store the biometric templates (verification data) and offers a mechanism for sharing personal data between the user and the services in a secure way while providing users control over those templates and their personal data. While biometric data would be the main factor of authentication, it would be paired with other metadata (relating to hardware, software and network) to better ensure the certainty of each authentication request. The PIDaaS project will soon be at a pilot stage, with several trials due to start mid-february next year to evaluate use cases in several environments such as e-Commerce, e-Health and E-citizenship. The PIDaaS solution will be integrated on the platform of one of the biggest e-shops in Finland, the company F9 Distribution OY to be used by real customers. A preliminary mockup of a PiDaaS application interface. 30 Electronic Engineering Times Europe December 2015 www.electronics-eetimes.com


EETE DEC 2015
To see the actual publication please follow the link above