Biometric encryption guards your electronic identity

 

For Assistant Professor Stark Draper, identity theft means much more than a lost credit card number. Draper is developing a novel type of encryption for biometric data — such information as fingerprint and iris scans, DNA profiles and the like. His research may add an extra layer of protection to your identity.

 

Now, for example, if your credit card information is stolen or the credit card company’s database is broken into, the company simply issues a new card with a new number. “But since you’ve only got ten fingers, if that happens to your fingerprint, you’ve got a problem,” says Draper.

 

He studies a type of data encryption that prevents burglars from retrieving original biometrics from the data stored in a database or security program, while allowing the legitimate owner of the biometric data to verify his or her identity.

 

For example, a user could set up a fingerprint-scan lock on his or her computer. Using Draper’s “secure biometrics” approach, the computer would be able to verify the user’s fingerprint based
on stored data. “But if someone broke into your computer and looked at the data stored there,
they couldn’t replicate your fingerprint,” says Draper. “That’s different from how current biometric systems work. Right now they just store your biometric in a recognizable form.”

 

The underlying ideas have applications beyond biometrics. The ideas also can be used in wireless ad-hoc networks to derive encryption keys from natural phenomena in an eavesdropper-proof manner, and even form the basis for reliable communication across the backbone of the Internet.