Data security and cyber security have come knocking (and pounding) on the PACS door and rightfully so. In the world of biometrics, concern over biometric data security has long existed. After all, you've only got two irises and 10 digits, those get compromised and it's a problem. But in the case of face recognition, do you think we can hold biometric face data to a lower standard? Is a standard even necessary? People do not have a reasonable right to privacy in a public area and can be made to comply in the workplace (e.g., photo badge). Our faces are fully exposed every day, everywhere and to everyone. So forget about reverse engineering a biometric face template to reveal the root image data. It's already out there. Do you think in the unique case of this biometric, that a different standard may apply to the securing, safeguarding and transferring of biometric data?
Face Recognition Data Security
Thought scenario: If an entry point is design to authenticate and authorize personnel from entering/exiting an area utilizing biometric data as one of the authentication layers. Then the authentication methods should be enhanced, perhaps a triple certificate transaction. If I the beholder of this biometric face should also have a unique encrypted identifier bound to a device that I wear to support this technology. This could be a smartwatch and or lapel badge. The communications between myself and the authentication device could be a combination of RFID, IR and Biometric with all three holding pieces of an encrypted certificate. As most phone apps sync periodically, this system can push/pull-sync/upload data to my credential as often as needed. In order to import/export my biometric data to a 3rd party system I would then need to verify enrollment by participating in a session with an enrollment station. This could be stationed in the corporate environment or one day found to be integrated with the local ATM or Amazon locker locations. A real time status could be displayed on the watch showing whether or not we have access to a door/area prior to authenticating. The unification of this type of service could help change the ACAMS world into an every day world. No more controllers, head ends full of splices and silly integrations to make you phone apps work together for a annual cost. Just as your ATM Debit and Credit Card are accepted world wide, a new ACAMS with Biometrics has to be slated for the future. BTW, ATM and CC swipes are not free.
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.