Data encryption is a fundamental tool for the protection of electronically-mediated data, and involves the use of encryption keys. Different systems operate in different ways, typically a communication involves the exchange of public keys which are employed to encrypt data subsequently decrypted by private keys. These encryption systems cannot necessarily protect against fraudulent data manipulation when the security of the private encryption keys cannot be absolutely guaranteed.
In conventional encryption systems, using public and private keys, a user needs to store their private key for use during the communications procedure, to enable it to be retrieved and exchanged during communications. It is this storage of the private key which can give rise to security implications.
Biometric security systems are becoming of increasing interest, in which biometric data (such as fingerprints, retina scans, written signatures, voice profiles) are used as a means for verifying user identity.
Systems using such data of course need to maintain a database of the profiles of the valid users, in the form of biometric templates encapsulating data relating to the given biometric for each required user. Access to the biometric templates by an unauthorised user or system administrator may be used to obtain the data necessary for circumventing the security afforded by the biometric system.
The stored data is also personal to the users, and there may therefore be some user reluctance to provide biometric samples which will be used to generate templates to be stored within a system.