The present invention relates to the field of biometric identification, and in particular to methods and apparatus for deriving encryption keys from biometric data.
Numerous techniques have been proposed in the literature to deal with the problem of identity theft. Any such scheme tries to establish that a person is who she/he claims to be. Passwords, (long) private keys, and camouflaging are some of the approaches used for this purpose. Since human beings cannot remember long keys, private keys often tend to be stored in a wallet encrypted by possibly a small password. Unfortunately, all of these schemes have the property that someone who carries these credentials (such as the right keys and passwords) will be accepted as the right person even if these credentials have been stolen from others.
As a biometric is a biological characteristic (such as a fingerprint, the geometry of a hand, Retina pattern, iris shape, etc.) of an individual, conventional biometric techniques have been used by the security industry as an additional verification factor as biometrics are usually more difficult to obtain than other non-biometric credentials. Biometrics are often used for identification, as well as authentication.
Generally, biometrics in the context of identification and authentication are utilized in a two stage process. The first stage is generally referred to as enrollment. In the enrollment stage samples of appropriate biometric(s) are collected from an individual. These biometrics are analyzed and processed to extract features (or characteristics) present in each sample. The set of features present in the biometric of an individual constitutes a template for the person. These templates are then stored to complete the enrolment stage. In the second stage the same biometric of the individual is measured. Features from this biometric are extracted just like in the enrollment phase to obtain a template. If the goal is identification, then this template is searched for in the database of templates generated in the first phase. If a match occurs, the identification of the individual is revealed, otherwise identification fails. If the goal is authentication, then the template generated in the second stage is compared with the template generated in the first stage for the claimed person. If a match occurs, authentication is successful, otherwise authentication fails.
The industry has also attempted to generate cryptographic keys using biometric data. Generating a cryptographic key from biometric information is a beneficial idea because only the owner of the biometric information can recover the key. Additionally, the key does not have to be stored anywhere, and provides the “what-you-are factor” in user authentication.
Many have tried to develop a way to reliably generate a key from biometric information. Examples of current Biometric encryption disclose linking biometric information to generation of a cryptographic key. Such conventional approaches rely on mathematical characteristics of biometric information to generate the cryptographic key. Unfortunately, conventional techniques to obtain a cryptographically strong cryptographic key (e.g., 128 bit symmetric key or 1024 bit asymmetric key) require a significant amount of biometric data, or greater details from biometric samples is required. Requiring a significant amount of biometric data burdens a user with submitting many biometric samples. Requiring greater details from biometric samples requires fine-grained, precise feature extraction from a biometric sample, which is a difficult task employing conventional technology.
Therefore, what is needed is a method and apparatus capable of generating a cryptographic key using biometric data in an easy to implement but effective manner.