TMCnet News
Using Biometrics to Securely Check Virtual Identities By linking biometrics with cryptographic authentication, the VIPBOB IST project has developed a new and more secure method of verifying a person's unique identification number using an old-fashioned, but proven method - the fingerprint.Biometrics refers to the measurement of certain properties of the human body, such as the ridges on the fingertip, the structure of this iris or the pattern of speech. Many of these properties are truly random - they are different even for genetically identical twins. As a result, biometrics is the only authentication method that can verify the identity of a person. Conventional biometrics compares a biometric trait with a stored sample, or template. VIPBOB's 'virtual PIN' (Personal Identification Number) maps a user's biometric trait to a unique number, thus avoiding the need to store the template. Because the trait is never stored, it can never be attacked. In addition, because the virtual PIN is calculated using biometrics, it may be chosen freely and changed as often as desired. Project partners worked on solving compatibility and privacy issues. An obstacle to existing biometric methods is that they are incompatible with existing infrastructure, such as Automated Teller Machines. VIPBOB's virtual PIN is obtained by mapping a vector from a biometric trait such as a fingerprint or an iris onto a unique value using error correcting codes. The result is an advanced fingerprint authentication technology that can be built into almost any device. This split-second identification process can be applied to mobile phones or databases and integrated into well-established authentication protocols. Project manager Ullrich Martini, Giesecke & Devrient GmBH, Munich, explains that using VIPBOB technology, it is possible to create a biometric database that does not infringe on the privacy of the people enrolled in it: "Creating a database of biometric traits raises privacy concerns. The technology developed enters biometrically encrypted data. Instead of matching the biometric trait of a new applicant, the system decrypts the stored data." For example, a database of visa applicants whose data is stored using biometrics could detect a person attempting to enter a country several times using a false passport or visa because the digital print is contained in an electronic chip in the document. A mobile phone application would be straightforward. There is no PIN to enter; the phone is activated by biometrics - a simple touch of the finger. Although the two-year VIPBOB project ended February 2004, the partners are continuing their collaboration to optimise an iris biometrics application. |