How to safely use fingerprints, iris pattern as digital signatures

Subscribe to Oneindia News

Washington, August 1 (ANI): Researchers in South Africa have come up with a system that allows biometric data to be used to create a secret key for data encryption.

Describing the new technology in the International Journal of Electronic Security and Digital Forensics, Bobby Tait and Basie von Solms of the University of Johannesburg have shed some light on how biometrics-fingerprints, iris pattern, etc.-can be used to encrypt and decrypt data, so that Internet users do not have to remember endless, complicated passwords.

The researchers say that they have used the so-called BioVault infrastructure to provide a safe and secure way for "Alice" and "Bill" to share biometric tokens, and so use their fingerprints, iris pattern, or other biometric to encrypt and decrypt their data without their biometrics being intercepted.

As to how the BioVault encryption system works, the researchers say that Alice first identifies herself to the authentication server, and indicates that she wants to send an encrypted message to Bill and requests Bill's biometric key from the server.

The server then retrieves a random biometric key from Bill's stored biometric keys.

Alice later uses the biometric key to encrypt her message and sends it to Bill.

Finally, Bill receives the message sent by Alice, and decrypts the message by testing the biometric keys in his database against the received cipher text.

Given that each biometric key is unique, the researchers believe that the BioVault system can irrevocably identify and authenticate users through their keys and detect fraudulent use of biometric keys.

Tait says that the same approach could also be used to digitally sign electronic documents, files, or software executables using biometrics.

He will be presenting the team's results on this aspect of their work in the UK at the beginning of September.

"If passwords or tokens are used for authentication, only the password or token is proven as authentic - not the user that supplied the token or password. Biometrics authenticates the user directly - this was one of the drivers behind the BioVault development," he says. (ANI)

Please Wait while comments are loading...