New information technologies change the way society lives. This is why the tax authorities cannot remain outside such changes. Since the year 2005 the Tax Administration System (SAT Servico de Administracion Tributaria), which is the Mexican IRS, has been introducing and applying new information technologies with the objective of a better, faster and safer way of fulfilling its obligations with taxpayers.
One of the most controversial tools the SAT started using is the Electronic Signature (FIEL Firma Electronica). Since the year 2000 it is an authentication system that allows the taxpayer to access, through the SAT website, to his tax record, to fill tax forms, and in general to perform any action or modification regarding its tax record.
What makes the electronic signature so controversial is that it has the same value as a hand written signature. An electronic file signed with the electronic signature, legally, is as good as a document signed by hand. Also, another characteristic is that it uses biometrics recognition. It is a powerful tool, that when misused, can cause a lot of trouble. Naturally a couple questions come to mind: How safe is to use the electronic signature? Is my privacy kept?
Privacy, security and biometrics
There are two main fields of study regarding the use of electronic signature. The technological and the legal aspects are fusion together, and both have several challenges. Both sides will be covered in this paper and how do they are managed together.
Security and privacy have been important research areas in computing for a long time. Data needs to be protected. That is why methods and techniques have been developed to protect it from attacks. Security and privacy considerations have increased dramatically due to open internet environment and new business practices. Traditional models and techniques for characterizing and analyzing security and privacy are ill-equipped to deal with the much higher social complexity that is implicit in this new internet-based setting. (Liu, 2003)
We live in a new Web-enable world, and reliable user authentication has become everyday more important. Insecure authentication systems can be catastrophic, especially in a corporate environment. Not to mention on the government environment. Loss of confidential information and compromised data integrity are just some examples.
Based on the need of a more secure method of authentication, biometrics gives an easy, fast and safe solution. But what is biometrics? Biometrics is an automatic personal recognition based on physiological or behavioral characteristics. The term comes from the Greek words bios (life) and metrikos (measure) (Prabhakar, 2003).
Biometrics relies on who you are to make a personal recognition and authentication. It focuses on who you are and not what you know. A biometric property is an intrinsic property of a person; it is difficult to duplicate or share. And ID card or a NIP number can be easily transfer, a...