TURBINE is currently involved in standardization activities under ISO/IEC JTC1 subcommittee 27 (SC27) workgroup 5 (WG5), which encompasses standardization topics including identity management and privacy protection technologies in the area of IT security techniques.
The topics related to the TURBINE objectives are developed in WG5 as project ISO/IEC 24745 “Biometric Template Protection”, which aims at a standard for cryptographic guidance to protect biometric data. This project is now progressing towards Committee Draft in June 2009.
TURBINE, via Norwegian standards, started to be involved in the project ISO/IEC 24745 from the SC27 Limassol (Cyprus) meeting in October 2008. TURBINE partner Gjøvik University College (GUC) submitted comments and drafted a proposal to the 3rd Working Draft, emphasizing the TURBINE’s core concepts of “renewability” and “pseudo identity” for biometric references. On the Limassol (Cyprus) meeting, consensus was achieved that “renewability” should be incorporated into the security and privacy requirements for biometric templates in the 4th Working Draft, based on the basic data security requirements formulated in the 3rd Working Document, and “pseudo identity” could be the corresponding solution to prevent invertibility and linkability of the protected biometric templates.
After the Limassol (Cyprus) meeting, concepts of “renewability” and “pseudo identity” were successfully incorporated into the 4th Working Document as the most significant update to the 3rd Working Document. On the recent Beijing (China) meeting in May 2009, TURBINE’s biometric template protection reference architecture based on pseudo identity was re-confirmed.
The Committee draft is now under preparation. At the same time, terms harmonization were intensively discussed in the Beijing meeting and the new term “pseudonymous identifier” will replace the previous term “pseudo identity” in order to harmonize with other SC27 standardization projects.