09/01/2008

German Healthcare Export Group e.V. / GHE e.V.

Secure electronic authentication for applications in the Internet and the real world by GHE-member Sagem Orga

TURBINE for securely identifying users by fingerprints (SXC)
PADERBORN. The TURBINE project (TrUsted Revocable Biometric IdeNtitiEs) was launched to lay the groundwork for electronic authentication of different applications in both the Internet and the real world.

The activities associated with TURBINE, under the leadership of Sagem Orga's parent company Sagem Sécurité, are expected to take three years; they have financial support from the EU. Initial results have been presented to the TURBINE Advisory Board.

The TURBINE project deals with identity management. Specifically, it involves work on a solution for securely identifying users by means of fingerprints, in which the biometric data used is protected by highly developed cryptographic technology.

In this way, existing obstacles to the use of biometric solutions can be removed. For the first time, the level of security in authentication on the service provider side will no longer be ensured to the detriment of the level of security in protection of the consumer's personal data and vice versa.

The cryptographic methods developed in the project ensure that data that is generated from the fingerprint for authentication purposes cannot be used to reconstruct the original fingerprint. In addition, users will be able to create several "pseudo identities" – each for a different application – with the same fingerprint and revoke identities if desired, i.e. declare them invalid.

With the proposed identity management solutions, users will be able to manage their identities on their personal secure token (e.g. a smart card). The identities may be legally effective identities that are used for central e-government applications, as well as for electronic transactions for local administration. In addition, pseudo identities can be administered for Internet services, bonus programs, etc. All identities of a user can be derived from the same biometric feature without a third party (such as the service provider) being able to create a link between the identities.

Integration of the smart card as a personal token for managing identities is Sagem Orga's main job in the TURBINE project. "As part of the project, we intend to advance the technology to get it ready for the market soon," says Didier Sérodon, Chief Technology Officer at Sagem Orga. All the results will be presented in a real-world way by means of live simulations.

The technology developed by TURBINE could be implemented in a wide range of applications in the real and virtual worlds. To ensure that the developments meet the needs of the various potential market segments and comply with European and national regulations on data protection, the consortium is obtaining advice from data protection experts from various European institutions and representative market segments, such as banking, e-health, e-government and airport security.