I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
190<br />
8.4.1.2 Improve trust in biometric devices<br />
We need to have robust technologies that make systems or solutions much harder to spoof or fool by building in<br />
enhanced security measures such as liveness detection and anti-spoofing measures such as heartbeat detection. Ideally<br />
we would need to be able to create biometric models specific for a given need and to ensure proper policy management<br />
so that issued “identities” can be updated, revoked and reissued. The research should aim at enhancing the accuracy and<br />
robustness of biometric devices.<br />
To reach this goal, many potential solutions should be explored:<br />
Development of secure biometric acquisition systems<br />
Evaluation of non zero eff ort attacks (internal and external) on biometrics systems<br />
Development of new and innovative biometric sensors able to operate under critical conditions that are typically found at<br />
a disaster scene<br />
Acquisition devices and system certifi cation<br />
User behaviour and postural recognition, promoting “person identifi cation” beyond biometric traits and avoiding<br />
identity theft<br />
Create biometric model-specifi c to a use<br />
Investigate multi-biometric traits application benefi ts and increased performance<br />
8.4.2 Systemic needs<br />
8.4.2.1 Combating identity theft<br />
No coherent approach to address this threat is currently in place. It requires a concerted eff ort involving signifi cant advances<br />
in processes and technology. The current lack of solutions costs companies, countries and citizens billions of Euros in fraud<br />
and theft and undermines global and fi nancial security. The problems come from a lack of joint approach, a lack of trusted<br />
authentication and enrolment processes, and an ongoing and increasing lack of trust.<br />
In order to effi ciently fi ght these frauds, systems and technologies should perform mutual recognition between regional,<br />
national and/or <strong>European</strong> systems. Standards and retro-compatibility management should also be developed and agreed at<br />
the Union level.<br />
Privacy management of stored data should also be handled appropriately. Systems and architectures should allow the<br />
management of diff erent electronic ID in diff erent contexts (public vs. private, region vs. Europe, etc.). <strong>Final</strong>ly, on the legal<br />
aspects, responsibility and liability matters for fraud should be addressed at national and international levels.<br />
The solution to overcome these challenges would be:<br />
Development of agreed processes and standards<br />
Use of strong authentication processes and technologies<br />
Development of secure enrolment processes and technologies<br />
Solutions to provide for secure on-line transactions (secure payment on the Internet based on eID and banking smart cards)<br />
Education and training for all stakeholders and users on the threats and preventive measures<br />
Harmonise the security level of all identity documents; i.e. have the same requirements in term of technical requirements<br />
and proof (security evaluation criteria and security targets)<br />
Harmonise national legislation between all EU Member States for all applications where eID is mandatory (travel, e-Services,<br />
driving licenses, eHealth, etc.)<br />
8.4.2.2 Mobile identity checks<br />
As mobility of people is becoming a central factor of behaviour and life, the use of new identification technologies<br />
to support and improve law enforcement should contribute to ensuring the security of society. In the same manner,<br />
the growing need for flexibility generates a need for appropriate technologies and processes to achieve the required<br />
security level.<br />
<strong>ESRIF</strong> FINAL REPORT - PART 2 • Working Group: Identifi cation of People and Assets