scholarly journals A Privacy-Preserving Fully Homomorphic Encryption and Parallel Computation Based Biometric Data Matching

2020 ◽  
Author(s):  
Ferhat Ozgur Catak ◽  
Sule Yildirim Yayilgan ◽  
Mohamed Abomhara
Keyword(s):  
Privacy Preservation ◽  
Homomorphic Encryption ◽  
Practical Implementation ◽  
Fully Homomorphic Encryption ◽  
Biometric Data ◽  
General Data Protection Regulation ◽  
Data Matching ◽  
General Data ◽  
Encryption Method ◽  
Border Controls

One of the most reliable methods of authentication used today is biometric matching. This authentication process, which is done by using biometrics information such as fingerprint, iris, face, etc. is used in many application areas. Authentication at border gates is one of these areas. However, some restrictions have been introduced to storing and using such data, especially with the General Data Protection Regulation (GDPR). The main goal of this work is to find the practical implementation of fully homomorphic encryption-based biometric matching in border controls. In this paper, we propose a biometric authentication system based on hash expansion and fully homomorphic encryption features, considering these restrictions. One of the most significant drawbacks of the homomorphic encryption method is the long execution time. We solved this problem by executing the matching algorithm in parallel manner. The proposed scheme is implemented as proof-of-concept in the SMILE, and its advantages in privacy preservation has been demonstrated.

scholarly journals Legal and Technical Feasibility of the GDPR’s Quest for Explanation of Algorithmic Decisions: of Black Boxes, White Boxes and Fata Morganas

2020 ◽  
Vol 11 (1) ◽  
pp. 18-50 ◽  
Author(s):  
Maja BRKAN ◽  
Grégory BONNET
Keyword(s):  
Decision Making ◽  
Interdisciplinary Approach ◽  
Practical Implementation ◽  
General Data Protection Regulation ◽  
Legal Limits ◽  
Black Boxes ◽  
General Data ◽  
The Subject ◽  
The Right ◽  
Automated Decision Making

Understanding of the causes and correlations for algorithmic decisions is currently one of the major challenges of computer science, addressed under an umbrella term “explainable AI (XAI)”. Being able to explain an AI-based system may help to make algorithmic decisions more satisfying and acceptable, to better control and update AI-based systems in case of failure, to build more accurate models, and to discover new knowledge directly or indirectly. On the legal side, the question whether the General Data Protection Regulation (GDPR) provides data subjects with the right to explanation in case of automated decision-making has equally been the subject of a heated doctrinal debate. While arguing that the right to explanation in the GDPR should be a result of interpretative analysis of several GDPR provisions jointly, the authors move this debate forward by discussing the technical and legal feasibility of the explanation of algorithmic decisions. Legal limits, in particular the secrecy of algorithms, as well as technical obstacles could potentially obstruct the practical implementation of this right. By adopting an interdisciplinary approach, the authors explore not only whether it is possible to translate the EU legal requirements for an explanation into the actual machine learning decision-making, but also whether those limitations can shape the way the legal right is used in practice.

scholarly journals La responsabilidad proactiva de las Administraciones Públicas en la protección de datos personales.

2020 ◽  
pp. 138-153
Author(s):  
Aritz ROMEO RUIZ
Keyword(s):  
Public Administration ◽  
Data Protection ◽  
Main Idea ◽  
Personal Data ◽  
Practical Implementation ◽  
Organizational Changes ◽  
General Data Protection Regulation ◽  
The Public ◽  
General Terms ◽  
General Data

Laburpena: Lan honen helburua da administrazio publikoak datu pertsonalen tratamenduan duen erantzukizun proaktiboaren printzipioaren analisia eskaintzea, eta ikuspegi juridikoa ematea praktikan errazago aplikatzeko. Lana lau ataletan egituratuta dago. Lehenengoan, datu pertsonalen babesa arautzen duen esparru berriaren aurkezpen orokorra egiten da; hau da, Datuak Babesteko Erregelamendu Orokorrak (EB) ezartzen duen araudi berria aurkezten da. Bigarren atala erantzukizun proaktiboari buruzkoa da, administrazio publikoek datu pertsonalak tratatzeko oinarrizko printzipio gisa. Hirugarrenak proposatzen ditu administrazio publikoek praktikan erantzukizun proaktiboaren printzipioa betetzeko kontuan har ditzaketen hainbat neurri. Azkenik, laugarren atalak gogoeta egiten du antolamendu-aldaketak egiteko beharrari buruz, Erregelamendu Orokorraren printzipioak betetzen dituztela ziurtatzeko eta herritarrek eskubideak balia ditzaten ziurtatzeko; horrez gain, aipamen berezia egiten dio datuak babesteko ordezkariaren figurari. Ondorioztatzen den ideia nagusia da garrantzitsua dela administrazio publikoek datuak babesteko politika bat diseinatzea, lehenetsita aplikatuko dena, eta ez bakarrik erantzukizun politikoak dituztenei, baizik eta sektore publikoan lan egiten duten pertsona guztiei eragingo diena. Resumen: El presente trabajo tiene como objetivo ofrecer un análisis del principio de responsabilidad proactiva en el tratamiento de datos personales por parte de la administración pública, y pretende aportar una visión jurídica para facilitar su aplicación en la práctica. El trabajo está estructurado en cuatro apartados. En el primero de ellos se presenta, en términos generales, el nuevo marco regulador de la protección de datos personales, que es consecuencia del Reglamento (UE) General de Protección de Datos. El segundo apartado está dedicado a la responsabilidad proactiva como principio básico del tratamiento de datos personales por las administraciones públicas. El tercero propone una serie de medidas que las administraciones públicas pueden tener en cuenta para cumplir con el principio de responsabilidad proactiva en la práctica. Finalmente, el apartado cuarto aporta una reflexión sobre la necesidad de introducir cambios organizacionales para asegurar el cumplimiento de los principios del Reglamento General de Protección de datos y del ejercicio de derechos por la ciudadanía, con una especial mención a la figura del delegado o delegada de protección de datos. La principal idea que se concluye es la importancia de que las administraciones públicas diseñen una política de protección de datos que se aplique por defecto, e implique, no sólo a quienes ejercen responsabilidades políticas, sino a todas las personas que trabajan en el sector público. Abstract: The present work aims to offer an analysis of the principle of proactive responsibility in the treatment of personal data by the public administration, and aims to provide a legal vision to facilitate its practical implementation. The work is structured in four sections. The first of these presents, in general terms, the new regulatory framework for the protection of personal data, which is a consequence of the General Data Protection Regulation (EU). The second section is dedicated to proactive responsibility as a basic principle of the processing of personal data by public administrations. The third proposes a series of measures that public administrations can take into account to comply with the principle of proactive responsibility in practice. Finally, the fourth section provides a reflection on the need to introduce organizational changes to ensure compliance with the principles of the General Data Protection Regulation and the exercise of rights by citizens, with special reference to the figure of the Data Protection Officer. The main idea that is concluded is the importance for public administrations to design a data protection policy that is applied by default, and involves not only those who exercise political responsibilities, but also all those who work in the public sector.

scholarly journals FORENSIC DATABASES IN POLAND. LEGAL ISSUES RELATED TO RIGHT TO THE PROTECTION OF PERSONAL DATA AND RIGHT TO PRIVACY

2021 ◽  
pp. 285-305
Author(s):  
Dariusz Wilk
Keyword(s):  
Personal Data ◽  
The European Union ◽  
Right To Privacy ◽  
Biometric Data ◽  
General Data Protection Regulation ◽  
Law And Policy ◽  
Detection And Identification ◽  
Criminal Justice Systems ◽  
General Data ◽  
Data Subject

Forensic databases are crucial resources in criminal justice systems, which allow for detection and identification of offenders. General Data Protection Regulation and Police Directive about processing of personal data were enacted in the European Union in 2016, which implied changes in national law and policy in processing genetic and biometric data by law enforcements. Therefore, current development of DNA and fingerprint databases in Poland were revealed and compared to other European countries. Changes in the law related to processing of genetic and biometric data were analysed. Issues related to the distinction between different categories of data subject and retention time of personal data were especially commented in the view of right to the protection of personal data and right to privacy.

scholarly journals Information Security in Cloud Computing utilizing Fully Homomorphic Encryption Techniques

2019 ◽  
Vol 8 (6S2) ◽  
pp. 679-683
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Distributed Computing ◽  
Homomorphic Encryption ◽  
Fully Homomorphic Encryption ◽  
Encryption Method ◽  
The Web

Flowed enlisting gives a course to the business to deal with the figuring assets on the web. The term has made over late years, and can be utilized to outline the utilization of a pariah for your capacity and figuring needs.The mechanical improvement of distributed computing has helped the business to develop as well as the wellbeing of information has turned into a noteworthy issue. Numerous encryption procedures are utilized as a part of information security in cloud. They are especially powerful when the information is away state and in transmission state. Be that as it may, in handling state the information must be unscrambled so that the operations can be performed. Once the information is unscrambled it is accessible to the cloud supplier henceforth these customary encryption systems are insufficient to secure the information. The information will be protected if the operations are performed in the decoded information. This can be accomplished if the information is encoded utilizing homomorphic encryption strategies. This paper examines about the homomorphic encryption method, its disadvantages and future improvements. [19],[20],[21]

scholarly journals Analysis of Biometric Data Under the General Data Protection Regulation

2019 ◽  
Vol 8 (2) ◽  
pp. 88-111 ◽  
Author(s):  
Ján Matejka ◽  
Soňa Matochová ◽  
Josef Prokeš
Keyword(s):  
Data Protection ◽  
Biometric Data ◽  
General Data Protection Regulation ◽  
General Data

scholarly journals Online Behavior Recognition: Can We Consider It Biometric Data under GDPR?

2018 ◽  
Vol 12 (2) ◽  
pp. 161-178 ◽  
Author(s):  
Alžběta Krausová
Keyword(s):  
Behavior Analysis ◽  
Data Protection ◽  
Electronic Devices ◽  
Legal Interpretation ◽  
Online Behavior ◽  
Biometric Data ◽  
General Data Protection Regulation ◽  
Future Behavior ◽  
Biometric Template ◽  
General Data

Our everyday use of electronic devices and search for various contents online provides valuable insights into our functioning and preferences. Companies usually extract and analyze this data in order to predict our future behavior and to tailor their marketing accordingly. In terms of the General Data Protection Regulation such practice is called profiling and is subject to specific rules. However, the behavior analysis can be used also for unique identification or verification of identity of a person. Therefore, this paper claims that under certain conditions data about online behavior of an individual fall into the category of biometric data within the meaning defined by the GDPR. Moreover, this paper claims that profiling of a person can not only be done upon existing biometric data as biometric profiling but it can also lead to creation of new biometric data by constituting a new biometric template. This claim is based both on legal interpretation of the concepts of biometric data, unique identification, and profiling as well as analysis of existing technologies. This article also explains under which conditions online behavior can be considered biometric data under the GDPR, at which point profiling results in creation of new biometric data and what are the consequences for a controller and data subjects.

scholarly journals Specifics of nature of the biometric data definition in law of the European Union

2021 ◽  
pp. 160-167
Author(s):  
Y. V. Smirnova
Keyword(s):  
Personal Data ◽  
The European Union ◽  
Legal Doctrine ◽  
Biometric Data ◽  
General Data Protection Regulation ◽  
Legal Definition ◽  
Data Definition ◽  
General Data ◽  
Definition Of

The article offers analysis of the approaches in Russian and European legal doctrine to the definition of “biometric data”, as well as the evolution of the legal definition formation of biometric data in the legislative acts of the EU. The article analyzes the role of biometric data in the personal data system, their characteristics, and the determination of a list of key features that allow an individual's data to be classified as biometric data. Special attention is paid to the list of characteristics that fall under the category of biometric data in accordance with existing scientific approaches on personal data, as well as the provisions of the General Data Protection Regulation. The article highlights the main problems of interpretation of the category of biometric data in legal sources, and also suggests the author's legal definition of biometric data that meets, in the author's opinion, the main criteria that characterize specific data of an individual as biometric.

scholarly journals An improved Framework for Biometric Database’s privacy

2021 ◽  
Vol 13 (3) ◽  
Author(s):  
Ahmed EL-YAHYAOUI ◽  
Fouzia OMARY
Keyword(s):  
Homomorphic Encryption ◽  
Security And Privacy ◽  
Fully Homomorphic Encryption ◽  
Sensitive Data ◽  
Biometric Data ◽  
Java Programming ◽  
Biometric Systems ◽  
Database Privacy ◽  
Security Module ◽  
New Framework

Security and privacy are huge challenges in biometric systems. Biometrics are sensitive data that should be protected from any attacker and especially attackers targeting the confidentiality and integrity of biometric data. In this paper an extensive review of different physiological biometric techniques is provided. A comparative analysis of the various sus mentioned biometrics, including characteristics and properties is conducted. Qualitative and quantitative evaluation of the most relevant physiological biometrics is achieved. Furthermore, we propose a new framework for biometric database privacy. Our approach is based on the use of the promising fully homomorphic encryption technology. As a proof of concept, we establish an initial implementation of our security module using JAVA programming language.

Sign in / Sign up

Export Citation Format

Share Document