This application relates to encryption, in particular, to elliptic curve encryption and public key encryption.
Background: Certificate Authorities
One of the problems of electronic communication is the difficulty in ensuring the integrity of a message, i.e., that the message has not been tampered with and that it originated with the presumed transmitter. To solve this problem, authentication codes or certificate authorities have been developed to provide authentication of messages.
Background: Public Key Encryption
Public key encryption is a method by which two people may communicate secretly over insecure channels without having agreed in advance on a key for encrypting and decrypting their messages. The idea in public key encryption is to use a "phone book" of encryption keys. This "phone book" makes everyone's encryption key public knowledge. Each person also has a decryption key which is known only to that person. Thus, the encryption and decryption keys are separate keys. To transmit a message, a sender has only to look up the receiver's encryption key in the "phone book" and use it to encrypt their message and then transmit the encrypted message. The receiver then uses his secret decryption key to decrypt the message and read it. For this system to work it must have the property that using the secret key to decrypt the public key encrypted message must yield the uncrypted message for every possible message. This is a fundamental cryptographic property. Furthermore, each pair of secret and public keys must be distinct and deriving the secret key from knowledge of the public key must be as hard as reading the encrypted message. These two conditions provide the security of the system. Finally, to make the system feasible to use, both the secret key and the public key must be easy to compute.
RSA Public Key Cryptosystem
The most popular public-key algorithm over the past twenty years has been RSA. The security of RSA comes from the difficulty of factoring large numbers. The public and private keys are functions of a pair of large prime numbers. These numbers may be 100 or 200 digits or even larger. Recovering the message from the public key and the encrypted message is thought to be equivalent to factoring the product of the two prime numbers.
Recently, however, with the advent of faster computers, RSA has become susceptible to brute force attacks. A brute force attack on an encryption system such as RSA means that every possible combination is tried until the correct solution to the problem is achieved. Therefore, new systems are needed to maintain the security of private information. One new method for encryption to solve this problem is called elliptic curve encryption.
Elliptic Curve Encryption
An elliptic curve is a set of solutions to an equation of the form y.sup.2 +a.sub.1 xy+a.sub.3 y=x.sup.3 +a.sub.2 x.sup.2 +a.sub.4 x+a.sub.6. An example of an elliptic curve is shown in FIG. 3. It has been discovered that elliptic curves over finite fields (some examples of fields include real numbers, complex numbers, fractions, and integers) can be used to implement key passing schemes. Using elliptic curves to implement these schemes results in equivalent security as existing public key schemes, but with shorter key lengths. Short key lengths means that smaller bandwidths and memory are required for implementation of the scheme. This can be crucial for some applications such as smart card systems, where both memory and processing power is limited.
One of the major drawbacks with ECC is the definition of the ellipse. Currently, this is accomplished using pure mathematical calculations which is costly in terms of time and computer power. Furthermore, the ellipse must be protected, that is the ellipse must be calculated and then stored in a secure (secret) location.
Background: Biometrics
Biometrics can be defined as the use of unique physiological or behavioral characteristics for identification purposes. Biometrics represents one of the most secure and reliable ways of verifying the identity of a particular individual.
Physiological characteristics include handwritten signatures, fingerprints, the filaments of the eye, or the spatial features of a face. Of the various physiological characteristics that can be measured, the fingerprint is recognized as one of the most reliable, unique, undeniable, and unchanging characteristic for identifying persons.
The advantages of biometrics as a security device have caused an increasing demand for use of fingerprints and other physiological features for identification and access purposes. The use of a fingerprint as a means of identifying an individual requires that a reference fingerprint (or "template") first be obtained. The template must be taken of an identified individual to ensure that an identification made years later is accurate. The Federal Bureau of Investigation (FBI) has created a standard for the digitization of the template in order for automatic electronic comparisons of fingerprints to take place. This standard uses an approach known as wavelet transform/scaler quantization (WSQ). WSQ allows fingerprint information to be encoded for later recognition in a compact manner (e.g., with around 1 megabyte of computer storage space per print).
Elliptic Curve Encryption Using Biometrics to Define Components
The present application describes a method for defining the elliptic curve used in elliptic curve encryption. The elliptic curve is defined by a fingerprint or other biometric such as the curvature of the iris. Doing so allows for the creation of a totally random ellipse-like shape which is predefined in space and guaranteed to be unique for each individual. The security advantage of this method is that the ellipse and/or curve are different for each user. This is accomplished faster, and easier than with the current method of pure mathematical calculations whose time varies depending on a multitude of parameters varying from five minutes to an infinite amount of time. This is an improvement over the current method of implementing elliptic curve encryption because the elliptic curve can be generated much faster, the elliptic curve is guaranteed to be unique, and the elliptic curve is less likely to be guessed. These improvements create a much stronger solution to the problem of defining the elliptic curve than do the current methods.