Re: Biometric encryption

From: John Elsbury (johne_at_neveryoumind.co.nz)
Date: 05/20/03 

Date: Tue, 20 May 2003 00:17:00 GMT

On 19 May 2003 13:22:12 -0700, mjnews@mljenkins.com (Matt) wrote:

>I have been wondering about this for a while now... Many companies
>are selling products which claim to encrypt files, passwords, ...
>using biometrics. Do these systems actually encrypt against the
>biometric template, or are they using a key that is stored somewhere
>with the template and given only when a correct match is given.

I think the advertising claims are a (over?) simplification.

What I suspect happens is that there is an encryption key stored
somewhere, and that the biometric component is used to authenticate
access to the stored key. If I were designing such a product I would
also make provision for a master password, somewhere, to override the
inevitable problems when the bio's metric changes.
>
>How can you encrypt against a biometric when the given match template
>is not always the same? If these systems are simply storing a key
>with the template, couldn't someone obtain the key from the database
>and use it to gain access to whatever is being protected? Or is there
>a way to ensure the key is never given unless the correct template is
>supplied? I can only think of two ways to do this. The first is to
>encrypt the data to be protected (or a key) against the biometric
>reference/enrollment template. The second would be to only allow the
>data (or key) to be decrypted by the program that verifies the match
>and reference template.
>
>Any thoughts?

Good biometric systems would track variations between stored and
current values, plot trends, and maintain a sort of "validity window"
in the middle of the stored parameter range, then calculate a new
window every time the authentication is successful. This takes care
of drift / change over time.

As in so many other instances, encryption merely moves the problem to
the key management space. Given that the PC platform is inherently
insecure, you are only going to get a moderate level of security
using a PC.

>Matt

Relevant Pages

  • Biometric encryption
    ... are selling products which claim to encrypt files, passwords, ... ... using biometrics. ... with the template and given only when a correct match is given. ... reference/enrollment template. ...
    (comp.security.misc)
  • Re: Biometric encryption
    ... :are selling products which claim to encrypt files, passwords, ... ... :using biometrics. ... :with the template and given only when a correct match is given. ... For each datapoint, have an associated ...
    (comp.security.misc)
  • Re: 2007 File New intercept Encrypt Password
    ... because the macros are encrypted in 2007 - except that it seems they are ... run' and the template in a trusted location, ... Password 2007 Word feature but after I select a template the Encrypt ... Password is asked for and it also disables the macros in the template ...
    (microsoft.public.word.vba.general)
  • Re: 2007 File New intercept Encrypt Password
    ... My first guess would have been that it was because the macros are encrypted in 2007 - except that it seems they are visible in the VBE, just disabled, and I cannot immediately see how to enable them. ... The more I look and the more I change settings, the more frustrated I become with this - even with 'allow all macros to run' and the template in a trusted location, they are still disabled. ... I wanted to use the Prepare Encrypt Password 2007 Word feature but after I select a template the Encrypt ... Password is asked for and it also disables the macros in the template even if you give the password onscreen. ...
    (microsoft.public.word.vba.general)
  • RE: EFS and biometrics? Other options?
    ... Subject: EFS and biometrics? ... he is using this for laptops. ... individual like this the authority to change the template, ... >> and skin from my index finger fingertip while working on a computer. ...
    (Security-Basics)
Loading