info on a biometric id utilizing crypto techniques. ------- Forwarded Message Date: Fri, 31 May 1996 16:34:40 -0700 (PDT) From: Phil Agre <pagre@weber.ucsd.edu> To: rre@weber.ucsd.edu Subject: biometric encryption [A Canadian company called Mytec is marketing a biometric encryption system that, as far as anybody can tell, is an important step forward for privacy protection. It is based on fingerprint recognition, but it does not produce a representation of the fingerprint or recover the identity of the fingerprint's owner. Instead, it uses an optically transformed version of the fingerprint to decrypt a text string that could be, for example, the private key for a public-key cryptographic system such as RSA. Provided that one trusts the Mytec box, this would be a way to overcome many of the pragmatic hassles that would otherwise accompany the privacy-enhancing technologies that David Chaum and others have described. For example, they have built their device into a computer mouse, so that the computer will only generate your digital signature, or permit your mail to be read, if you are holding the mouse (or, I suppose, if you have been holding it very recently). In this message, the president of Mytec responds to some common concerns about his company's technology that arose in response to a query that I sent to the Computer Privacy Digest. He provides the company's web URL for those who wish to know more.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help@weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Fri, 31 May 96 11:06:44 EST From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu> To: Comp-privacy@uwm.edu Subject: Computer Privacy Digest V8#044 Computer Privacy Digest Fri, 31 May 96 Volume 8 : Issue: 044 - - ---------------------------------------------------------------------- Date: 29 May 1996 09:42:54 -0400 (EDT) From: gtomko@noc.tor.hookup.net (George Tomko) Subject: Re: Biometric Encryption Dear Mr. Levine: Subject: Biometric Encryption I have noticed a number of communications in your news group regarding Biometric Encryption, especially some concerns about its use. As one of the developers of this technology, I would appreciate if the attached response could be posted in the news group to provide people with some answers and also to obtain feedback and discussion. Kind regards. George J. Tomko, Ph.D. Several people commented on four concerns in using a finger pattern for biometric encryption, namely: 1. It's easy to get someone's fingerprints since they are left on a vast number of everyday objects, such as drink cans and door handles; 2. Muggers would start cutting off people's fingers when stealing their cards; 3. The crooks would forcibly hold down an individual's finger against the biometric encryption authentication device to extract the string coded by the individual's Bioscrypt; and 4. If the finger used to code the Bioscrypt is damaged or destroyed, then an individual will not have access to the files associated with the Bioscrypt. I will try to answer these concerns in order. But, first, let me define a Bioscrypt. A Bioscrypt is a two-dimensional image of a string or set of characters which can represent a PIN, encryption key or pointer and which has been coded (encrypted) by the two-dimensional information in a fingerprint pattern. It has the following properties: - - - it has no resemblance to the original fingerprint. - - - it cannot be reconverted to the original fingerprint. - - - if an optical image of the correct live fingerprint is transmitted through the Bioscrypt, then the output light beam uniquely represents the coded number. By successfully decoding their Bioscrypt, the person also confirms who they claim to be. For purposes of the discussion below, it is important to note that the optical authentication device is a coherent system and uses the phase information in a finger pattern (complex domain) as a discriminating parameter. 1. "Picking up latent prints from door handles, etc." To perpetrate a masquerade using a latent fingerprint of a legitimate user is very difficult for the following reasons: * The system requires a three-dimensional reconstruction of the legitimate user's fingerprint because the height of the various fingerprint ridges can modify the two-dimensional complex optical image which is the input to the authentication device. There is little information in a two-dimensional latent print about the depth and the height of grooves and ridges of the actual fingerprint. * The three-dimensional reconstruction of the legitimate user's fingerprint from a latent print would also need to duplicate the approximate oil and moisture content of the skin, since this is one of the factors which affects (modulates) the two-dimensional image read by the system. Quantifying this information from a latent print is very difficult. Even if it were, the three-dimensional reconstruction would have to be made from a synthetic material which had the same oil and moisture properties as the legitimate user's skin. To use an oil/water based solution to place on the input scanning window would be useless since this would frustrate all of the light bouncing off the window and would convey little or no useful information to the optical system. * The reconstructed fingerprint would also need to be made from a material with approximately the same elastic properties as the legitimate user's finger skin. During enrollment, and subsequently on authentication attempts, the user slides a finger over the input scanning window. This action warps the skin and the corresponding fingerprint pattern based on the elastic properties of the skin. Within the population, warping can vary significantly based on age, dryness of skin, etc. and is thus another unique aspect of the individual's finger pattern. 2. "Severing the finger to obtain access." As already mentioned in some of the previous communications in this newsgroup, measuring the temperature, humidity, pulse rate and even heart rate to verify a live finger can be accomplished. One of the key factors, though, is after the finger is severed the elastic properties of the skin change rapidly and thereby would not warp in the same manner as a live finger pattern. This would make a cadaverous finger useless after a period of time. (Can't find subjects to do a double blind study though). 3. "Crooks would forcibly hold down the finger." By forcibly sliding an individual's finger against the biometric encryption authentication device (reading device), the string coded by the Bioscrypt can be extracted. The string coded by the individual's finger pattern Bioscrypt could then be used for a one-time access for whatever purposes the string was intended. However, assuming that the individual is freed, he can then use his finger pattern to code a completely different string to prevent repetitive access. The system is robust in that it is very easy to change PINs, encryption keys or computer pointers. It was suggested in some of the messages that a pass phrase be used in conjunction but, again, if an individual is holding your finger down forcibly, to extend that to pointing a gun to your head to divulge the pass phrase is not an extreme assumption. There is no perfect security system out there and I doubt one will ever be designed since it has to work with real human beings. I suggest that the goal is to provide privacy-enhancing technology that handles the majority of the infringement cases and that, for exceptional circumstances where extreme privacy and security must be guaranteed, we combine the biometrics (something you are) with the pass phrase (something you know) and a token (something you have). If the combination of those three doesn't do it, then at this stage of technological evolution, nothing will cut it. 4. "Losing or damaging a finger with the result of not being able to access the Bioscrypt and related files." One of the properties of optical processing is that composite patterns can be made and thereby used to make the Bioscrypt. Accordingly, more than one finger could be used or a finger and a proprietary pattern (which one keeps hidden away somewhere). Of course, there is a penalty. The more patterns one uses, the smaller the signal to noise ratio of the system. The system is currently designed to give signal to noise ratios in the order of 10 to 12 dB and thereby significant degradation can still occur which would allow comfortably two to three patterns to be superimposed in the same Bioscrypt. If you are interested, more information can be gained by accessing Mytec's web page at http://www.mytec.com. - - -- George J Tomko Mytec Technologies Inc. Toronto, Ontario - - ------------------------------ End of Computer Privacy Digest V8 #044 ****************************** - ------- End of Forwarded Message ------- End of Forwarded Message