Now at ATMs you can see an encouraging inscription that soon machines with money will recognize us by our faces. Wrote about it recently .
Great, you'll have to queue less.
The iPhone again distinguished itself with a camera for taking biometric data.
The Unified Biometric System (UBS) will serve as the foundation for making these milestones of the future a reality.
The Central Bank rolled out from which operators working with biometric personal data must be prepared to protect customers, and in February introduced to eliminate hazards.
The next set of rules should minimize the following risks:
- Risks that arise when collecting biometric data.
- Risks that arise when processing people's requests and working with their personal data.
- Risks arising from remote identification.
For this they offer:
- Register every sneeze operators.
- Use only certified products.
- Issue electronic signature keys to operators.
- Inform the Central Bank of all incidents.
Let's go back a little to the history of the issue. 10 years after the first legislative movements in this area, Russia began to issue passports that could legally contain electronic media.
Over time, the 152nd federal law was only supplemented. In the 11th article of the law, it was prescribed that biometrics is information that characterizes the physical (then added that biological) features of a person, on the basis of which it is possible to establish his identity. Then they added that operators use biometric data to identify a person, and the processing of this data is possible only with the written consent of the client.
The exception will be only if it is discovered that the client is a terrorist.
Decided that such data should be protected:
- From unauthorized or accidental access to them.
- From destruction or change.
- From blocking.
- From copying.
- From granting access to them.
- From distribution.
The next step was standardization to the world level. She touched on fingerprints, facial images, DNA data. In 2008, the requirements for material media and storage technologies outside the personal data information system were filed.
Media refers only to devices that the robot can read without scanning. Paper materials do not count.
The requirements are the following:
- Ensuring access only to authorized persons.
- The ability to identify the system and its operator.
- Prevent overwriting outside the information system and unauthorized access.
It will need to be provided:
- Using a digital signature or other means to preserve the integrity and immutability of the data.
- Checking whether there is a written consent of the subject of personal data.
The Unified Biometric System is based on federal law 149. It links it to the Unified Identification and Authentication System. Operators identify a person with his consent and in his presence. And then send the data to the EBS.
The government determines how to collect, transfer, process data and appoint an overseer for all this. Now Rostelecom has become responsible for the development of regulations.
In addition, it controls and supervises the FSB and the FSTEC.
The FSB demands crypto protection from banks in the first place. In addition, a bank that insures deposits has the right to enter Biometric Data into the EBS and remotely identify it for basic services, unless it is a terrorist or something like that.
As always, life makes its own adjustments to everything that the state regulates. In particular, during the test purchase, the Central Bank revealed shortcomings both in the system itself and in remote identification during the provision of services.
Many Duck banks have traditionally reported formally, but in fact they did not even work out interaction with customers.
Time moves forward, preparing the legislative ground for cyborgs to recognize us. And we are ready to provide a cloud infrastructure that meets all such laws.
Source: habr.com