Article: BioVault: biometrically based encryption Journal: International Journal of Electronic Security and Digital Forensics (IJESDF) 2009 Vol.2 No.3 pp.269 - 279 Abstract: Biometric-based token authentication is an asymmetric (von Solms and Tait, 2005) authentication technology. This means that the reference token generated during the enrolment process and stored in the biometric database, will never match any freshly offered biometric token exactly (100%). This is commonly accepted due to the nature of the biometric algorithm (Wayman et al., 2004) central to the biometric environment. A password or pin on the other hand, is a symmetric authentication mechanism. This means that an exact match is expected, and if the offered password deviates ever so slightly from the password stored in the password database file, authenticity is rejected. Encryption technologies rely on symmetric authentication to function, as the password or pin is often used as the seed for a random number that will assist in the generation of the cipher. If the password used to encrypt the cipher is not 100% the same as the password supplied to decrypt, the cipher will not unlock. The asymmetric nature of biometrics traditionally renders biometric tokens unfit to be used as the secret key for an encryption algorithm. This article introduces a system that allows biometric tokens to be used as the secret key in an encryption algorithm. This method relies on the BioVault infrastructure. For this reason, BioVault will briefly be discussed, followed by a discussion of biometrically based encryption. Inderscience Publishers - linking academia, business and industry through research

Title: BioVault: biometrically based encryption

Authors: B.L. Tait, S.H. Von Solms

Addresses: University of Johannesburg, Kingsway Avenue, Auckland Park 2006, Gauteng, South Africa. ' University of Johannesburg, Kingsway Avenue, Auckland Park 2006, Gauteng, South Africa

Abstract: Biometric-based token authentication is an asymmetric (von Solms and Tait, 2005) authentication technology. This means that the reference token generated during the enrolment process and stored in the biometric database, will never match any freshly offered biometric token exactly (100%). This is commonly accepted due to the nature of the biometric algorithm (Wayman et al., 2004) central to the biometric environment. A password or pin on the other hand, is a symmetric authentication mechanism. This means that an exact match is expected, and if the offered password deviates ever so slightly from the password stored in the password database file, authenticity is rejected. Encryption technologies rely on symmetric authentication to function, as the password or pin is often used as the seed for a random number that will assist in the generation of the cipher. If the password used to encrypt the cipher is not 100% the same as the password supplied to decrypt, the cipher will not unlock. The asymmetric nature of biometrics traditionally renders biometric tokens unfit to be used as the secret key for an encryption algorithm. This article introduces a system that allows biometric tokens to be used as the secret key in an encryption algorithm. This method relies on the BioVault infrastructure. For this reason, BioVault will briefly be discussed, followed by a discussion of biometrically based encryption.

Keywords: biometrics; BioVault; cipher; data protection; data security; encryption; key management; privacy enhancing technology; secret key; Cdryptography; token authentication; biometric tokens.

DOI: 10.1504/IJESDF.2009.027522

International Journal of Electronic Security and Digital Forensics, 2009 Vol.2 No.3, pp.269 - 279

Published online: 28 Jul 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: BioVault: biometrically based encryption

Keep up-to-date