Biometric authentication as a service for enterprise identity management deployment: a data protection perspective

Abstract

Biometric Authentication as a Service is an innovative approach for strong authentication in web environments based on the Software as a Service model. However, both the adoption of SaaS systems and biometric technologies negatively correlate with perceived privacy and data protection risks. We specify a list of evaluation criteria for BioAaaS systems from a data protection point of view including elements specific to both biometrics and SaaS. We further apply these criteria on a prototypical implementation of a SaaS-compliant biometric authentication service based on keystroke dynamics for enterprise deployment. The assessment shows that for the most part the prototype conforms to technical data protection requirements. At the organizational level the selection and control of a trust-worthy provider and the conclusion of the service agreement remain.