Protection of Biomertric Information
Necessity of Biomertic Information Protection
Since biometrics authentication uses perspnal characteristics of individuals,
it has the following advantages: there is no possibility of being lost such as
cards for authentication using possessions, and of being forgotten such as passwords
for authentication using memory of individuals.
On the other hand, it has the disadvantage that information for authentication can not be changed.
If the biometric information is stolen and known to a third party,
it becomes impossible to perform biometric authentication using that information.
Also, if the same information is used in multiple services, leakage of biometric information in a certain service also affects other services.
With the spread of biometric authentication, how to protect biometric information has become important.
Although biometric information is kept encrypted in preparation for information leakage,
there is a risk of leakage of information when information is decrypted at the time of authentication.
Therefore, a technique called “cancelable biometric authentication”
has been developed that uses encrypted biometric information during authentication, not to decrypt.
Since the original biometric information is not restored, even if the encrypted information is leaked,
the system can change so that authentication can not be performed using the leaked information by changing the key for encryption.
As methods for realizing cancelable biometric authentication, several methods such as using homomorphic encryption are proposed.
Retention of Biometric Information within User’s Possessions
In addition, a method of storing biometric information in the user’s possessions is put to practical use.
By storing biological information in a tamper resistant module, information leakage is prevented.
Cash card for bank ATM in Japan is typical example, where biometric information is stored.
Also, in mobile biometric authentication, biometric information is stored in the smartphone.
In regard to this point, the standard protocol called UAF (Universal Authentication Framework) was formulated
at FIDO Alliance (Fast IDentify Online Aliance) which was established in 2012 to standardize new authentication technology,
and it has been adopted by many smart phones and is becoming standard.
In recent years, cases of personal information leakage are increasing due to unauthorized access from the outside and so on.
Perhaps there as people who are uneasy concerning leakage of biological information when using biometric authentication.
However, by introducing the above technology, sufficient countermeasures are taken for many services.
When we compare the risks of creating fingerprints and face forgery and breaking biometric authentication,
we believe that the risk of biometric information leakage is very small.
Author of this article
General Manager, Technology Promotion
About the Author
Yutaka Deguchi is a General Manager of mofiria Corporation, Japanese company providing finger vein authentication technology.
Yutaka joined in 2013 from Toshiba corporation where he was responsible for the technology and product development in voice recognition and synthesis, and now is reponsible for the technological development including the management of intelectual property and collaboration with some research institutes.