Today conventional technologies using biometric data encrypts information require that the biometric data be used as-is when retrieving confidential data resulting confidential data to send the biometric data through the network, raising issues of the network’s security.
Now, Fujitsu Laboratories has developed a technology that uses randomized numbers, each different, to convert biometric data into a cryptographic key for use in encryption and decryption. This makes it possible to simply and securely manage an individual’s confidential data using biometric data, while preventing the unconverted biometric data from passing through the network.
Fujitsu Laboratories anticipates that using this technology will make easier and more convenient to carry out biometric authentication to verify the identity of a person accessing confidential data managed on the Internet.
Technology to protect biometric data using error-correcting codes and random numbers
In encryption, confidential data is converted with an error-correcting code, and a random number is added to the whole. That data is then further converted using an error-correcting code, the feature code(1) extracted from the biometric data is added to generate the encrypted data, and this encrypted data is then registered in the server.
A decryption code is used as the key when decrypting encrypted data. For decryption, the decryption code, after being converted into secure data, is sent from the device to the server. The decryption code is generated by first converting a random number using an error-correcting code, and then adding the feature code extracted from the biometric data. As different random numbers are used for encryption and decryption, a different, secure decryption code can be generated.
Confidential data recovery technology using two-stage error-correcting technology
Variations in one’s motion or position when inputting biometric data can generate slight discrepancies. This leads to discrepancies when calculating the feature code for decryption from the feature code for encryption, but the discrepancy can be absorbed because it is converted using an error-correcting code in advance. Moreover, the discrepancy caused when calculating the random number used in decryption from the random number used in encryption will similarly be corrected when using error-correcting code 2, enabling recovery of the confidential data.
In this way, as the biometric data input for encryption and decryption are similar sufficiently, so long as they are both from the same person, the confidential data can be retrieved from the encrypted data using error-correcting technology.
Using this newly developed technology, the cryptographic key management that had been needed for existing encryption technologies becomes unnecessary. Furthermore, because the biometric data used for encryption and decryption are converted with random numbers, it is now possible to simply and securely manage an individual’s confidential data using biometric data, while preventing the unconverted biometric data from leaking over the network. This means that the use of encryption technology using biometrics, which had previously been generally limited to use within a personal device, such as a PC, can now expand to cloud services across open networks.
Fujitsu Laboratories will continue to improve the speed of decryption processing and expand the types of information that can be encrypted, while also examining this technology’s applicability to a number of potential use cases such as the Social Security and Tax Number system in Japan, with the goal of commercialization during fiscal 2017. It will also examine the development of the feature code, and work to expand the types of applicable biometrics, such as fingerprints.
In conjunction with Kyushu University and Saitama University, the technology will be showcased at the 8th International Symposium on Foundations & Practice of Security (FPS 2015), to be held in Clermont-Ferrand, France, starting Monday, October 26th.