Information (e.g., data, messages, etc.) that is sent from a sender to a receiver in a communications environment is often encrypted to camouflage the plain text of the information. When the receiver receives the encrypted information, the receiver decrypts the information to obtain the plain text. In one example, mathematics are used in the encryption/decryption processes, and this is referred to as cryptography. In cryptography, at least one key is used to encrypt/decrypt the information. For instance, in public key cryptography, a pair of keys is used, including a public key and a private key. The public key is public, but the private key is secret. The private key is not transmitted or shared with anyone but the user. One example of a public key system is described in U.S. Pat. No. 5,604,801 entitled “Public Key Data Communications System Under Control of a Portable Security Device,” issued Feb. 18, 1997, which is hereby incorporated herein by reference in its entirety.
In public key communications environments, such as a public key cryptography system (PKCS), if a user's private key is lost or stolen, the new possessor of the key can use it to extract information sent to the user using the user's public key. Similarly, the possessor of the key can send information to others pretending that the true owner of the private key has sent the information. This can continue until a new private/public key pair is generated by a key generating authority. The time required, however, in revoking the old keys may be sufficient for intruders to perform drastic offenses.
Private keys are traditionally protected using passwords. However, password usage is not a safe approach as they themselves may get lost. Another approach already in use is the usage of fingerprints as private keys. However, this makes the revocation of keys less feasible as the fingerprints are mapped to private keys using fingerprint key generating software. In such cases, the fingerprints technique may need to be changed whenever the key is lost.