Biometric authentication, i.e. verifying the claimed identity of a person based on physiological characteristics or behavioral traits, has the potential to contribute to both privacy protection and user convenience. From a security point of view, biometric authentication offers the possibility to establish physical presence and unequivocal identification. However from a privacy point of view, the use of biometric authentication also introduces new problems and user concerns. Namely, when used for privacy-sensitive applications, biometric data are a highly valuable asset. When such data are available to unauthorized persons, these data can potentially be used for impersonation purposes, defeating the security aspects that are supposed to be associated with biometric authentication. In this paper, we will systematically unveil critical sections based on the two generic biometric flow models for enrolment and authentication respectively. Based on these critical sections for biometric dat...