10 Dec How Biometric Data is Stored
You may use your own biometric data several times a day, every single day, without consciously recognising that it’s your unique genetic makeup that is enabling you access. Maybe you enter work via facial recognition or clock-in with your fingerprint. Perhaps you authorise payments with your fingerprint when using mobile banking. If you’re a smartphone user, it’s likely that you’re accessing this device and its many applications daily through your own biometric data too, as 67% of smartphones bought worldwide in 2018 use fingerprint ID technology. So have you ever questioned where this personalised data is being held and how?
The aim of using highly-personalised biometrics as verification and identification data is to bolster security and decrease the risk of data breach. When you take an identifiable piece of information that relates specifically to one particular person (data subject), compared to a simple user ID and password verification process, the scope for those who shouldn’t have access, such as cybercriminals, to gain access is significantly reduced.
Biometric data is one of the safest methods of identification, it is almost impossible to replicate a piece of biometric data as the image itself is discarded and a mathematical representation of it is used for the verification process. Once a piece of biometric data is captured, unlike a password, it obviously cannot be amended. You can forget a password but you can’t ‘forget’ your fingerprint, and so this data needs to be handled very sensitively.
When storing, processing and using biometric data for authentication, the person’s data first needs to be captured. The data is then analysed and converted into a mathematical file, known as a biometric template. A biometric template is a digital reference of the specific characteristics of a biometric sample. Therefore, although the individual’s biometric data is initially recorded, it is copied into a more secure format and the data used is not actually the original sample, but a converted version.
There are five main ways to securely store biometric data:
Hardware-Based Recognition System (control board)
A hardware-based recognition system is whereby the data is stored on a specific piece of hardware and works with the device to recognise the data, without storing the data on the device itself. This offers a fast response during user authentication as the biometric templates are stored locally and the recognition system does not require any external response.
ievo readers and registration units use this method with the ievo control board, as we believe this to be the most secure and accessible storage system. ievo control boards are installed on the secure side of an entry point and no data is stored on an ievo reader head device. This makes this method of biometric data storage one of the most secure without compromising on the functionality and process of authorised recall of the data, which keeps things simple for both the business and the end-user.
ievo sensors extract data to create biometric templates using an algorithm which identifies specific features of a fingerprint called minutiae. Minutiae points are the identifiable elements of a fingerprint categorised into different groups such as ridge endings and line bifurcations.
During the registration process, once an ievo reader scans a fingerprint, it will send an image of the fingerprint to the ievo control board where the cutting-edge algorithm will identify different minutiae features and convert this data into a template for storage. Once the template has been generated, the original fingerprint image is discarded safely and the data stored cannot be reverse-engineered to recreate the original fingerprint.
Templates are stored on an ievo control board in a unique proprietary template format for security measures and are only cross-referenced by the ievo fingerprint reader when matching data for identification purposes.
This method refers to an individual’s biometric data being stored on a portable token, such as a fob or smart card. This means that their data, such as a fingerprint, will be captured and a template of this biometric will then made and stored on the token. The benefits of storing biometric data on a portable token is that it doesn’t need to be transferred over a network for verification purposes, and so this reduces the risks that can come with network-related vulnerabilities. When using this method, the user will need to present their card or fob and then their biometric data as a two-step authentication process.
Biometric data can also be stored on the end-user’s device. This is most commonly the case on smartphones that use touch ID fingerprint sensors, such as Apple’s ‘Secure Enclave’. On-device storage can be used to store biometric data through a chip that holds the data separately to the device’s network. When storing the data on the authentication device itself, the organisation implementing the biometric verification process doesn’t have control over it.
Biometric Database Server
A biometric database server is one of the more cost-effective methods of biometric data storage, although it is more susceptible to cyber threat due to the network-based approach. It is also part of the national infrastructure however, so can be considered a highly secure facility. As the data is held on an external server, one of its benefits is that it allows for a multi-location verification process. To reduce the risk of the data being breached, it should be encrypted when transferring over the network. The issue with encryption is deciding where encryption keys will be stored and who will be trusted with access. With the recent implementation of GDPR, there are increased responsibilities of managing and storing data with the potential for penalties should the data become compromised. This method puts businesses fully in control of the end-user data, which can be helpful for data controllers (those who determine the purposes and means of processing personal data) to ensure all data is compliant with the regulation, and for data processors (those who are responsible for processing personal data on behalf of a controller) to maintain records of all processing activities.
Distributed Data Storage
This method stores the biometric templates both on a server and a device to offer a double-backed solution. The biometric data will be broken up into smaller, encrypted files and stored separately on the server and the storage centre of the authentication device. Implementing this system makes it more difficult for the data to become compromised as a cybercriminal would need to access both points. This way, businesses can maintain control over its biometric data, while also allowing the end-user to store their own data.
Interested in implementing a biometric data identification system in your business? We’d be happy to help, get in touch with us today.
Share this story: