Trusted BWI: Privacy and trust enhanced biometric web identities

Trusted web identities, which strongly associate a person with a digital identifier or certificate, are an area where biometrics should play a critical role. Balancing usability, security, and privacy is an important issue for any system that captures/stores users´ information, especially for any biometric-based technology. To support biometric web services, the Biometric Identity Assurance Services (BIAS) standard was developed and recently approved. BIAS aims to establish standard biometric web services in order to improve interoperability and platform independence. Because they involve biometric data, the deployment of BIAS (and biometric web services in general) faces many challenges in terms of privacy, trust and security. They also face compatibility issues with widely-deployed systems that combine biometric sensors and Trusted Platform Modules (TPM). In order to address these obstacles, we propose an enhanced design of the recently introduced Biocryptographic Key Infrastructure (BKI). The original BKI enhanced the privacy and trust of remote biometric transactions, but, like most existing biometric systems, ignores the trust issues associated with remote enrollment. Our enhanced BKI design addresses this problem of trusted remote biometric enrollment. In addition, the enhanced design also extends the BKI to support biometric sensors with cryptographically secured on-chip biometric matching. Leveraging the new enhanced version of BKI, we propose the Trusted Biometric Web Identities (Trusted-BWI), as privacy and trust-enhanced biometric web services.