This story is from the category Augmenting Organics
Date posted: 31/07/2009
A system that allows biometric data to be used to create a secret key for data encryption has been developed by researchers in South Africa. They describe details of the new technology in the International Journal of Electronic Security and Digital Forensics this month.
If a user, a web customer say, wishes to send a message or other data to another user, an online shop, over an unsecured network, the message must be encrypted to avoid interception of sensitive information such as passwords and credit card information.
Encryption relies on authentication being symmetric to work. In other words, the user's password or PIN must match the password or PIN stored by the online shop to lock and unlock the data. This is because encryption systems use the password or PIN to produce, or seed, a random number that is used as the cipher for encrypting the data. If the passwords do not match exactly then the seed will be incorrect, the random number different and the decryption will fail.
One way to avoid users having to remember endless, complicated passwords is to use biometrics, including fingerprints, iris pattern, face recognition. However, biometrics is not a symmetric process. The initial recording of biometric data samples only a limited amount of the information, the pigment patter in one's iris, for instance. The unlocking process then compares the iris pattern, or other biometric "token", being presented for access with the sample stored in the database. If the match is close enough, the user can gain entry.
The reason for this asymmetry is that any biometric system takes only a digital sample of data from the fingerprint or iris, for instance. Moreover, even the legitimate user will not be able to present exactly the same biometric data repeatedly. The close enough aspect of biometrics does not make biometrics insecure, provided that the closeness is very precise, but it does mean that biometric tokens cannot be used to create a secret key for an encryption algorithm.
Bobby Tait and Basie von Solms of the University of Johannesburg, Gauteng, South Africa, explain how biometrics can nevertheless be used to make a consistent secret key for encryption.
See the full Story via external site: www.physorg.com
Most recent stories in this category (Augmenting Organics):
03/03/2017: Adjustable Smart Desks join the Internet of Things