Section: New Results

Biometric Systems Private by Design: Reasoning about privacy properties of biometric system architectures

Participant : Daniel Le Métayer.

The goal of this was to show the applicability of the privacy by design approach to biometric systems and the benefit of using formal methods to this end. Starting from a general framework to define privacy architectures and to formally reason about their properties, we have described its adaptation to biometrics. The choice of particular techniques and the role of the components (central server, secure module, biometric terminal, smart card, etc.) in the architecture have a strong impact on the privacy guarantees provided by a biometric system. In the literature, some architectures have already been analysed in some way. However, the existing proposals were made on a case by case basis, which makes it difficult to compare them and to provide a rationale for the choice of specific options. In this work, we have described, on different architectures providing different levels of protection, how a general framework for the definition of privacy architectures can be used to specify the design options of a biometric systems and to reason about them in a formal way.