Biometric Encryption is the process of using a characteristic of the body as a method to code or scramble/descramble data. Physical characteristics such as fingerprints, retinas and irises, palm prints, facial structure, and voice recognition are just some of the many methods of biometric encryption being researched today. Since these characteristics are unique to each individual, biometrics are seen as the answer to combat theft and fraud, particularly when dealing with commerce over the internet. The reason that this new technology is believed to be superior to the use of passwords or personal identification numbers (PINs) is that a biometric trait cannot be lost, stolen, or recreated, at least not easily. As one industry expert put it, "Unless criminals are going to start cutting off peoples fingers to gain access to their accounts, biometric encryption is an excellent method for controlling access to those who should have it."
History of Biometrics
Today's biometric encryption process was derived as a natural offshoot from some common uses of biometrics in the past. Possibly the most well known biometric was the use of fingerprinting by law enforcement agencies for identification of criminals, children, and for licensing of people employed in federally regulated careers such as security brokers. This process, however, began as a highly manual function where individuals would spend weeks or months trying to match the hard copy fingerprints that were on file with those obtained elsewhere. In many cases matches were difficult if not impossible to make, and it was not uncommon for misidentifications to occur. With the advancements made in computer technology, some agencies began to construct archives electronically that could allow that matching process to occur much faster and with a much lower error rate as the computer could distinguish better than the naked eye the subtle traits that occurred in the fingerprints. The next step in the evolutionary process of biometric encryption came from the desire not only to match an individual's data with the individual, but also to restrict access to that person's information to those who should have such access. It was at this point that biometric encryption technologies began to be used to ensure that only the people who should have access, those with the biometric key, were able to unlock the information contained in the code.
How Does Biometric Encryption Work?
Encryption is a mathematical process that helps to disguise the information contained in messages that is either transmitted or stored in a database, and there are three main factors that determine the security of any crypto system; the complexity of the mathematical process or algorithm, the length of the encryption key used to disguise the message, and safe storage of the key, known as key management.
The complexity of the algorithm is important because it directly correlates to how easy the process is to reverse engineer. One would think that this is the area of encryption that is the easiest to break, however most crypto systems are extremely well constructed and these are the least of the three factors that are vulnerable to attack.
The length of the encryption key used to disguise the message is the next important piece of the encryption process. The shorter the encryption key length, the more vulnerable the data is to a "brute force" attack. This term refers to an individual trying to improperly access data by trying all combinations of possible passwords that would allow access to the account. In non-biometric encryption processes such as passwords or PIN numbers, depending on the length of the key, the information may be vulnerable to access by unauthorized users. For example, a key that is three characters long would be much more prone to attack than one that is ten characters long because the number of possible permutations that must be run to find the right key are much higher in the key that contains ten characters. With current computer power, it is estimated that it would take four hundred years to find the right access combination for a sixty-four character key. Biometric encryption makes standard character encryption obsolete by replacing or supplementing the normal key characters with a personal identifier of the user that there can only be one perfect match for. Without this biometric key the information is inaccessible.
Safe storage of the key is the most vulnerable area in the encryption process. What would seem to be the easiest to manage becomes the most difficult because passwords or PINs can be lost or stolen. Good encryption keys are much too long for normal individuals to remember easily so they are usually stored on paper, smart cards, or diskette which makes them accessible to non-authorized users. Biometric encryption systems allow the user to transport the access key around without the need to make it vulnerable to be lost or stolen.
There are two broad categories of encryption systems; single key (symmetric) sytems and two key (public) systems. Symmetric systems utilize a single key for both the sender and receiver for the purpose of coding and decoding data. In 1972, IBM developed DES (Data Encryption Standard) which was adopted worldwide by 1977 as the most common single key system in the banking and financial sectors. The process of transmitting this type of key over such networks as the Internet is one of the major failures due to the vunerability of a single key system to interception. Electronic commerce requires that transactions be conducted over open networks instead of dedicated networks and single key systems do not offer a high enough level of security for such transmissions. This issue of security is why public key systems have been developed. Two-key systems use a public key to encrypt the data and a private key to decrypt the data. The public key systems allows better encryption than single key systems, however certification of the recipient of messages becomes an issue, which causes a hierarchy of certification to be developed resulting in a much slower processing time. Biometrics can aid in this process due to the inherent nature of using a physical trait of the desired recipient to decipher the message. It is this issue that has caused biometric encryption techniques to be valued for electronic commerce.