Securely turn biometric data into a cryptographic key

Conventional technologies that use biometric data to encrypt information require that the biometric data be used as-is when retrieving confidential data. This means that for confidential data managed in a cloud service, for example, it would be necessary to send the biometric data through the network, raising issues of the network's security.

Now, Fujitsu has developed a technology that uses randomised numbers, each different, to convert biometric data into a cryptographic key for use in encryption and decryption. This makes it possible to simply and securely manage an individual's confidential data using biometric data, while preventing the unconverted biometric data from passing through the network. As a result, confidential data can be encrypted and decrypted just with the user's biometric data, obviating the need for cryptographic key management.

The company applied widely used error-correcting codes for the encryption method as the technology to compensate for errors that are typically generated in the transmission route. The system randomly determines different random numbers for encryption and decryption, which protects both the confidential and biometric data.

Fujitsu Laboratories anticipates that using this technology will make it easier and more convenient to carry out biometric authentication to verify the identity of a person accessing confidential data managed on the Internet. Details of this technology will be presented, in conjunction with Kyushu University and Saitama University, at the 8th International Symposium on Foundations & Practice of Security (FPS 2015), to be held in Clermont-Ferrand, France, starting 26th October.