Say Goodbye to Cryptographic Keys! Now There Is an Easier Way to Secure Your Data

Increasing Number of Secrets to Be Memorized

The proliferation of Internet services has brought with it a bewildering array of different IDs, passwords, credit card numbers and other details that we are expected to commit to memory. There are popular formats for encrypting information, such as AES.* Conventional encryption technology requires cryptographic keys for encryption and decryption, which are typically stored on an IC card or password authentication system. What is required is a secure means of storing cryptographic keys that involves encrypting data with a biometric key acting as a unique identifier.

* Advanced Encryption Standard, a new specification for data encryption established by the U.S. National Institute of Standards and Technology (NIST).

Is My Data Safe on an Open Network?

In 2003 Fujitsu Laboratories developed the world’s first contactless authentication system based on palm vein recognition technology. Palm vein authentication has been adopted throughout the world in a wide variety of applications such as ATM machines, computers and physical access control. Individual biometric information can similarly be used to encrypt confidential data without the need for a cryptographic key. Palm vein authentication offers a more secure and more convenient way to prevent access to confidential data.

Biometric authentication typically involves extracting a particular type of data from biometric data, such as palm vein patterns, and using this to encrypt confidential information. The same biometric data is used for decryption. This means that data in transit over an open network such as the cloud is potentially vulnerable to unauthorized access.

Using Random Numbers for Encryption and Decryption

Fujitsu Laboratories has developed a secure encryption system for confidential information such as IDs and passwords using biometric (typically palm vein) data to create a cryptographic key. Randomized numbers are used to convert the biometric data into the key at the encryption and decryption stages, meaning that unconverted biometric data is not transmitted over the network at any time. This system provides a simple yet secure way to protect confidential information.

The secure encryption system allows confidential information such as biometric data, which is normally limited to devices such as computers and credit card details used for online shopping, to be managed securely in cloud services that use open networks. It has considerable potential for other applications such as using an encrypted “My Number” (the Japanese equivalent to a social security number) to access government services and linking authentication with that My Number.

The technology will be expanded to include other forms of usable biometric data such as fingerprints, with a view to commercialization during FY2017. Fujitsu is also exploring feature codes with the aim of broadening the scope of usable biometric data such as fingerprints.