IEEE Std 2410-2019 pdf download

IEEE Std 2410-2019 pdf download.IEEE Standard for Biometric Open Protocol.
5.2 Background
Security considerations include the security policies in place and unambiguously defined levels of security. One of the HOPS’ main functions is to provide authentication instead of authorization in such a way that the server does not retain the client information but rather recognizes one client from another. The key components of security considerations include identification and liveness.
This standard further enhances the security model to mitigate recently uncovered vulnerabilities. Security itself is a constant game of “cops” and “robbers.” The more sophisticated the adversarial robbers become. the more powerful the security model or cop needs to be. This standard raises the bar in all areas of biometric security with a diligent focus on authentication and privacy. Additionally, we tackle the difficult problem of biometric identification with the maintenance of privacy.
5.3 Identity assertion
The BOPS implementation helps provide continuous protection to resources and assurance of the placement and viability of adjudication and other key features. Accountability is the mechanism that shall help provide a service- level guarantee of security.
The BOPS implementation identity assertion helps confirm that named users are who they claim to be. The identity assertion implies reliance on human biometrics; however, the HOPS is an interoperable standard and shall incorporate any identity asserter or a number of different asserters associated with the same named user.
6. BOPS interoperability
The BOPS implementation allows systems to meet security needs by using theAPi. The HOPS implementation does not need to know whether the underlying system is a machine learning model, an RDBMS. or a search engine. The BOPS implementation functionality otTers a “point-and-cut” mechanism to add the appropriate security to the production systems as well as to the systems in development. The architecture is language neutral, allowing representational state transter (REST), JavaScript object notation (JSON), and secure socket layer (SSL) to provide the communication intertlice.
A Client Application is responsible for the following:
Creation of the biometric feature vector
Making an API call to enroll
Making an API call to predict
Making an API call for liveness
The BOPS server is responsible for the following:
Saving Personally Identifiable Information (P11) data during enrollment process for subsequent predict API calls
Retrieving P11 data to support the predict API call
Retrieving the probability that the liveness data and result match
The processing rules are as follows:
Only transmit biometric data as ciphertext
6.1 Enrollment
Enrollment occurs through the enroll API endpoint. Enrollment takes in a finite amount of P11 data and any number of Euclidean Measurable Feature Vectors. In the case of biometrics, these feature vectors are composed of a select number of anthropometric points based on the tbrmat of input data collected. Enrollment establishes the identity of the individual and links the P11 data. One embodiment of Enrollment shall use l:M neural networks to provide a client mechanism to retrieve feature vectors as well as a mechanism to support subsequent predict API calls.
6.2 Homomorphic encryption
Current biometric techniques require the use of plaintext search for matching, which means the biometric is visible at some point in the search process. It would he beneficial to instead conduct matching on an encrypted dataset. Encryption is typically done using one-way encryption algorithms, meaning that given the encrypted data, there is no mechanism to get to the original data. Common one-way encryption algorithms are MD5 and SIIA-512. However, these algorithms are not homomorphic, meaning that there is no way to compare the closeness of two samples of encrypted data, and thus no means to compare. The inability to compare renders any form of classifying model in machine learning untenable.
homomorphic encryption is a tbrm of encryption that allows computations to be carried out on ciphertexi. thus generating an encrypted match result. Matching in the encrypted space using a one-way encryption oilers the highest level of privacy. Vith the payload of feature vectors one-way encrypted, there is no need to decrypt and no need for key management.
A promising method of homomorphic encryption on biometric data is the use of autonomous or machine learning models to generate feature vectors. For black-box models, such as neural networks, these vectors shall not be used to recreate the initial input data and are, therefore, a form of one-way encryption. This process allows for biometric data to be homomorphically encrypted.