Mobile devices have made a revolutionary impact on the way we live, work and socialize. The development of applications or Apps on mobile devices has been increasing exponentially over the past few years due to the popularity of smartphones and tablets. The features and functions of mobile devices have extended far beyond just emailing and web browsing. They are often used to take/post photos and videos, texting, audio and video calls, group chatting, access social media, access financial accounts, play games, stream music and movies, and run various custom applications. Along with their great convenience and efficiency, there are growing security challenges in protecting the privacy of the users and the sensitive data stored in these mobile devices.
There are two types of encryption: symmetric and asymmetric. 1). Symmetric encryption, such as, Advanced Encryption Standard (AES), uses the same key for encryption and decryption. 2). RSA (by Ron Rivest, Adi Shamir, and Leonard Adleman) asymmetric encryption, uses different keys, both public and private. Encryption is a process of protecting data confidentiality by converting the data into an unreadable format, using an encryption key. Conversely, decryption is the reverse process of encryption to uncover the encrypted data, using a decryption key, possibly different from the encryption key. The cryptographic keys are usually long and random, not practical for human to memorize. For example, the Advanced Encryption Standard (AES) key is 128 bits long, in accordance with federal information processing standards publication 197, National Institute of Standards and Technology (NIST), 2001. Such cryptographic keys are usually stored in a location, where an alternative authentication, e.g., a PIN or a password is required to release the key, in order to avoid the risk of losing or forgetting the cryptographic key.
Biometric patterns including human physiological or behavioral characteristics can be used to authenticate mobile device users. These patterns usually include biometrics, such as, face, fingerprint, iris, signature, and voice, among many others. They are either permanent or unchangeable for a long period of time. In the past, the use of such biometrics has been focusing on authentication of PC and network access, physical assess, time and attendance applications. They are often used in conjunction with other security technologies, such as authentication tokens and smart cards.
One solution is to use the emerging biometric encryption technology, which uses biometric information as the cryptographic keys. With biometric encryption, rather than storing the cryptographic keys in the system, the biometric information is serving as the cryptographic keys to encrypt the data, or binding the keys to the biometric information, so that only the biometric-encrypted data is stored. Among the existing works associated with biometric encryption, the major efforts are focusing on two biometric modalities, iris and fingerprints according to the papers written by Clancy R. C., Kiyavash N., and Lin D. J., “Secure Smart Card based Fingerprint Authentication,” Proceedings of ACM SIGMM Workshop on Biometrics Methods and Applications, pp. 45-52, 2003; Uludag U., Pankanti S., and Jain A., “Fuzzy Vault for Fingerprints,” Proceedings of International Conference on Audio and Video based Biometric Person Auth., pp. 310-319, 2005; and Yang S., and Verbauwhede, I., “Secure Fuzzy Vault based Fingerprint Verification System,” Proceedings of ASILOMAR Conference on Sig., Sys., and Comp., Vol. 1, pp. 577-581, November 2004.
Other papers on biometric encryption include, Hao F., Anderson R., and Daugman J., “Combining Crypto with Biometric Effectively,” IEEE Trans. on Computers, vol. 55, no. 9, pp. 1081-1088, 2006; Wu X., Qi N., and Wang K., Zhang D., “A Novel Cryptosystem based on Iris key Generation,” 2008 IEEE Computer Society. Fourth international conference on natural computation; and Kanade S., Camara D., Krichen E., Petrovska-Delacretz D., and Dorizzi B., “Three Factor Scheme for Biometrics based Cryptographic Key Regeneration using Iris” Telecom & Management SudParis Evry, France.
There are also several works on biometric encryption using facial images by Wang Y., and Plataniotis K. N., “Fuzzy Vault for Face based Cryptographic Key Generation,” in Proc. Biometrics Symposium 2007, September 2007; and Martin K., Lu H., Bui F., Plataniotis K. N., and Hatzinakos D., “A Biometric Encryption System for the Self-exclusion Scenario of Face Recognition,” IEEE Systems Journal, 2009.
While the above works are focused on modifying or improving the algorithms of encryption, one of the objectives of the present invention is focused on developing an App for secure mobile device data communication by utilizing such biometric encryption. With such an App, only the recipient of the data will be able to access the content upon one or more successful biometric feature authentication with the integral biometric detector of the mobile device.
Table 1 below shows the various mobile device, e.g. smartphone, operation system markets for the last two years in accordance to Gartner, Inc., a leading information technology research and advisory company.
As can be seen from the table, the Android market share reaches as high as 78.4% in year 2013, gaining a 12% growth as compared to year 2012, way ahead of other markets. The sales of Android phones will predict to approach one billion units in the year 2014, and the Android operating system will continue to benefit from this growth.
TABLE 1Worldwide Smartphone Sales to End Users by Operating SystemsOperating2013 Units2013 Market2012 Units2012 MarketSystem(Thousands)Share (%)(Thousands)Share (%)Android758,719.978.4451,621.066.4iOS150,785.915.6130,133.219.1Windows30,842.93.216,940.72.5BlackBerry18,605.91.934,210.35.0Other OS8,821.20.947,203.06.9Total967,775.8100.0680,108.2100.0
Messaging Apps, such as, WhatsApp, WeChat, Line, Facebook messenger, Tango, and Skype, etc., are very popular mobile Apps for communication. These Apps share similar basic functions, one-to-one chatting, group chatting, sending or sharing files, and video chatting, etc. However, many of these Apps do not utilize any encryption for data protection, not to mention biometric encryption. They are usually installed on the device without any protection. As a result, once an unauthorized user gains access to the device, he/she will gain access to these popular mobile Apps without any effort.