Biometric identification


  

ANF AC, in order to reinforce the "non-repudiation" attribute, has initiated a technological renewal plan of its AR Manager application. AR Manager has been equipped with all the necessary technology to:

 

-            Subscriber's image capture.

-            Subscriber's fingerprints capture.

 

In the development of this technical and legal improvement, it has been taken into account:

 

Spanish Organic Law 15/1999, of December 13th, on the Protection of Personal Data,

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Spanish Law 59/2003, of December 19th, on Electronic Signature

• Regulation (EU) 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

 

This process is done during the course of requesting electronic certificates. The objective is to obtain evidence of the personal presence of the subscriber who processes the petition, as required by current legislation. The interested party must give explicit consent.

 

Biometric identification is a measure that reinforces the legal certainty of the trust certification service provided by ANF AC. It enables:

 

·         Persons, whose identity has been supplanted with false documents, to have legal evidence on which to base their claim;

·         Relying parties have an evidence that guarantee "non-repudiation";

·         The RA Operator to have an evidence that the subscriber physically appeared before him/her, as required by the applicable legislation and ANF AC's CPS.

 

The AR Manager, at the moment of the capture, proceeds to encrypt the information, and its safe storage in the computer systems, and the local equipment in which the data capture was performed, no biometric information is stored. This information is not used for any purpose other than that expressed, there is no univocal identification process, nor any categorization.

 

“Article 24 
Requirements for qualified trust service providers
1.a) by the physical presence of the natural person or of an authorised representative of the legal person…”
 
“Article 13
Verification of identity and other personal circumstances of applicants for a recognized certificate.
1. The identification of the natural person who requests a recognized certificate will require his personation before the person in charge of verifying it …”