The Turbine project (TrUsted Revocable Biometric IdeNtitiEs) was launched to lay the groundwork for electronic authentication of different applications in both the Internet and the real world.
The activities associated with TURBINE, under the leadership of Sagem Orga's parent company Sagem Sécurité, are expected to take three years; they have financial support from the EU. Initial results have been presented to the TURBINE Advisory Board.
The TURBINE project deals with identity management. Specifically, it involves work on a solution for securely identifying users by means of fingerprints, in which the biometric data used is protected by highly developed cryptographic technology.
In this way, existing obstacles to the use of biometric solutions can be removed. For the first time, the level of security in authentication on the service provider side will no longer be ensured to the detriment of the level of security in protection of the consumer's personal data and vice versa.
The cryptographic methods developed in the project ensure that data that is generated from the fingerprint for authentication purposes cannot be used to reconstruct the original fingerprint. In addition, users will be able to create several "pseudo identities" - each for a different application - with the same fingerprint and revoke identities if desired, i.e. declare them invalid.
With the proposed identity management solutions, users will be able to manage their identities on their personal secure token (e.g. a smart card). The identities may be legally effective identities that are used for central e-government applications, as well as for electronic transactions for local administration. In addition, pseudo identities can be administered for Internet services, bonus programs, etc. All identities of a user can be derived from the same biometric feature without a third party (such as the service provider) being able to create a link between the identities.
Integration of the smart card as a personal token for managing identities is Sagem Orga's main job in the TURBINE project. "As part of the project, we intend to advance the technology to get it ready for the market soon," says Didier Sérodon, Chief Technology Officer at Sagem Orga. All the results will be presented in a real-world way by means of live simulations.
The technology developed by TURBINE could be implemented in a wide range of applications in the real and virtual worlds. To ensure that the developments meet the needs of the various potential market segments and comply with European and national regulations on data protection, the consortium is obtaining advice from data protection experts from various European institutions and representative market segments, such as banking, e-health, e-government and airport security.
An advisory body consisting of the potential users of the technology will regularly have the chance to learn more about the results and contribute their own needs. Martin Bergen, department system integration at the advertising- and sales-association of German pharmacists TMG, summarizes the impressions he had of the first meeting of the Advisory Board end of April:
"Wherever telematics infrastructures are built, additional services emerge sooner or later, building on this infrastructure and presenting an enormous added value at a fraction of the initial cost. One example is the Internet and the value added services we are now used to, such as e-mail, portals and webshops. The risk that user profiles can be generated without the user wanting them to be generated does pose a latent problem. The convenient use of various pseudo identities is an interesting approach to solving the problem of widespread undesired profile generation. I think the TURBINE project promises to bring important impulses in this regard."