Biometrics + Cryptography

Keeping your passwords safely in the palm of your hand (electropages)

…[C]ontactless palm vein recognition technology is nothing new and was first demonstrated back in 2002 and is widely used. It works by extracting feature data from biometric data. With previous technologies, confidential data was encrypted with this feature data, but when decrypting, the feature data extracted from biometric data would usually be matched with the encrypted data. This does not present a problem when used in a personal device, such as a laptop or smartphone, but when used via an open network such as in the cloud, a more secure decryption technology is necessary to prevent leaks of biometric data.

The article discusses encryption within biometric templates using Fujitsu’s palm vein technology, but the idea would seem to be applicable across biometric modalities.

True cybersecurity requires a conceptual shift

The user knows nothing: Rethinking cybersecurity

This position — that the adversary knows your system as well as you do, if not better, as soon as it is stood up — while extreme, led to the creation of large number factorization, the basis for all modern encryption, from PGP to RSA tokens. Under these encryption schemes, as long as the key is kept private, someone can know everything about how the security system works and still not be able to crack it.

To get to a place of true cybersecurity, another stark innovation in thinking is needed. What is needed is an Inverse Shannon’s Maxim: the user knows nothing.

Coincidentally, our CTO and I were having a conversation along these lines just yesterday. It’s a thrill a minute at SecurLinx!