Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Safe storage required for biometric data in citizen ID program

TSSI Systems : 08 October, 2009  (Technical Article)
TSSI Systems comments on the UK citizens ID program and the potential vulnerability of biometric data if stored on the CIS database
"The UK government is in danger of jeopardising millions of UK citizens' identities if they store biometric data on the scandal-hit Customer Information Service (CIS) database," said John Barker, managing director, TSSI.

"Storing personal biometric data on a database which is accessible to 140,000 users would have spelled disaster for the UK public," continued John. "It would present an open invitation to anybody wanting to impersonate the IDs of millions of people. Only recently has it been revealed that council staff accessed the database to look up personal records and if they had access to biometric data as well, they would have been able to replicate these people's identities. If the biometric data is stored in the same place as other personal information a hacker can simply join the dots and match this to the personal data and clone a person's ID in one hit."

"What is needed if the ID card scheme is to work, is firstly, a belt and braces approach. Storing citizens' biometric data in a separate place to other personal information, ie not on the CIS, and as an algorithmic encryption makes it impossible for even the most sophisticated fraudster to read or substitute. Even authorised council personnel - and therefore any successful hackers or corrupt employees - would only be able to view binary code, and not the finger, iris or facial data itself. They would also be unable to replicate the algorithm to clone the card."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo