The present protocol of Internet does not have an adequate secured communication network mechanism for concealing the contents of date/information to be transmitted. Data/information exchange is being performed in a plain text format, which virtually has no protection from interception, tapping, forging, and hijacking.
Plain text may be encrypted with a predetermined key before transmission. However, this scheme does not intend to secure the contents of data/information but it secures the communication line. The predetermined key is an alphanumeric code, which is vulnerable to theft. Anyone may use it to decode the encrypted text if the person has the key.
For fully securing the contents of communication, the following two conditions are very important:
1. Confidentiality to secure the contents from tapping transmission—Data integrity to prevent the data from tampering; and
2. Authentication of user involved in the communication—Non-repudiation to prevent transmission or reception from being denied by a sender or by a receiver, respectively.
Thus, utilizing encrypting technology alone is inadequate in order to establish a complete security scheme of data/information communication. Even if an extremely powerful encrypting method would be developed and a communication terminal, e.g., a personal computer, has a correct communication address of a sender and/or a receiver, a fully secured communication would not be guaranteed without user authentication to verify that the sender is the actual individual of the sending address and also the receiver is the actual individual of the receiving address.
In the prior art, a symmetric encryption key method, a public key infrastructure (PKI) method, and a non-symmetric encryption key method have been developed and some of them are being applied commercially. The first method uses a single pre-determined “key” for an encryption algorithm which both parties concerned exchange and share, whereas the last two methods use different “keys” for encryption algorithms for encoding and decoding.
These encryption methods may be applied to overcome the technological issue of security of a communication line. However, they are inadequate to guarantee the security of information exchange without verifying the individuals involved in the communication.
In law enforcement fingerprinting has been used for identifying an individual for a long time. Several encryption methods utilizing a fingerprint as the “key” were disclosed (Japanese Patent Applications 9-274431, 8-171535, and 11-282983).
However, there are some disadvantages of the fingerprint methods disclosed in the prior art. It is also well known to those skilled in the art that a fingerprint image is not always reproducible perfectly even from the same finger because acquired fingerprint images have subtle variations due to the variation of the stamping position of the finger, the physiological condition of fingerprint such as perspiration, dryness, and physical condition affected by injury and skin disease on the finger surface. By this reason, automating fingerprint identification remains as one of the most difficult tasks in this field.