From: "Vladimir Z. Nuri" <vznuri@netcom.com>
Date: Wed, 5 Jun 1996 13:02:23 +0800
To: cypherpunks@toad.com
Subject: biometric id
Message-ID: <199606042000.NAA14595@netcom19.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



info on a biometric id utilizing crypto techniques.

------- Forwarded Message

Date: Fri, 31 May 1996 16:34:40 -0700 (PDT)
From: Phil Agre <pagre@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: biometric encryption

[A Canadian company called Mytec is marketing a biometric encryption
system that, as far as anybody can tell, is an important step forward
for privacy protection.  It is based on fingerprint recognition, but
it does not produce a representation of the fingerprint or recover the
identity of the fingerprint's owner.  Instead, it uses an optically
transformed version of the fingerprint to decrypt a text string that
could be, for example, the private key for a public-key cryptographic 
system such as RSA.  Provided that one trusts the Mytec box, this
would be a way to overcome many of the pragmatic hassles that would
otherwise accompany the privacy-enhancing technologies that David Chaum
and others have described.  For example, they have built their device
into a computer mouse, so that the computer will only generate your
digital signature, or permit your mail to be read, if you are holding
the mouse (or, I suppose, if you have been holding it very recently).
In this message, the president of Mytec responds to some common concerns
about his company's technology that arose in response to a query that
I sent to the Computer Privacy Digest.  He provides the company's web
URL for those who wish to know more.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date:       Fri, 31 May 96 11:06:44 EST
From: Computer Privacy Digest Moderator  <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject:    Computer Privacy Digest V8#044

Computer Privacy Digest Fri, 31 May 96              Volume 8 : Issue: 044

- - ----------------------------------------------------------------------

Date: 29 May 1996 09:42:54 -0400 (EDT)
From: gtomko@noc.tor.hookup.net (George Tomko)
Subject: Re: Biometric Encryption

Dear Mr. Levine:

Subject:        Biometric Encryption

I have noticed a number of communications in your news group regarding
Biometric Encryption, especially some concerns about its use.  As one
of the developers of this technology, I would appreciate if the
attached response could be posted in the news group to provide people
with some answers and also to obtain feedback and discussion.

Kind regards.

George J. Tomko, Ph.D.

Several people commented on four concerns in using a finger pattern for
biometric encryption, namely:

1.      It's easy to get someone's fingerprints since they are left on
a vast number of everyday objects, such as drink cans and door handles;

2.      Muggers would start cutting off people's fingers when stealing
their cards;

3.      The crooks would forcibly hold down an individual's finger
against the biometric encryption authentication device to extract the
string coded by the individual's Bioscrypt; and

4.      If the finger used to code the Bioscrypt is damaged or
destroyed, then an individual will not have access to the files
associated with the Bioscrypt.

I will try to answer these concerns in order.  But, first, let me
define a Bioscrypt.  A Bioscrypt is a two-dimensional image of a string
or set of characters which can represent a PIN, encryption key or
pointer and which has been coded (encrypted) by the two-dimensional
information in a fingerprint pattern.  It has the following
properties:

- - -       it has no resemblance to the original fingerprint.
- - -       it cannot be reconverted to the original fingerprint.
- - -       if an optical image of the correct live fingerprint is transmitted
through the Bioscrypt, then the output light beam uniquely represents the
coded number.  By successfully decoding their Bioscrypt, the person also
confirms who they claim to be.

For purposes of the discussion below, it is important to note that the
optical authentication device is a coherent system and uses the phase
information in a finger pattern (complex domain) as a discriminating
parameter.

1.      "Picking up latent prints from door handles, etc."

To perpetrate a masquerade using a latent fingerprint of a legitimate
user is very difficult for the following reasons:

* The system requires a three-dimensional reconstruction of the
legitimate user's fingerprint because the height of the various
fingerprint ridges can modify the two-dimensional complex optical image
which is the input to the authentication device.  There is little
information in a two-dimensional latent print about the depth and the
height of grooves and ridges of the actual fingerprint.

* The three-dimensional reconstruction of the legitimate user's
fingerprint from a latent print would also need to duplicate the
approximate oil and moisture content of the skin, since this is one of
the factors which affects (modulates) the two-dimensional image read by
the system.  Quantifying this information from a latent print is very
difficult.  Even if it were, the three-dimensional reconstruction would
have to be made from a synthetic material which had the same oil and
moisture properties as the legitimate user's skin.  To use an oil/water
based solution to place on the input scanning window would be useless
since this would frustrate all of the light bouncing off the window and
would convey little or no useful information to the optical system.

* The reconstructed fingerprint would also need to be made from a
material with approximately the same elastic properties as the
legitimate user's finger skin.  During enrollment, and subsequently on
authentication attempts, the user slides a finger over the input
scanning window.  This action warps the skin and the corresponding
fingerprint pattern based on the elastic properties of the skin.
Within the population, warping can vary significantly based on age,
dryness of skin, etc. and is thus another unique aspect of the
individual's finger pattern.

2.      "Severing the finger to obtain access."

As already mentioned in some of the previous communications in this
newsgroup, measuring the temperature, humidity, pulse rate and even
heart rate to verify a live finger can be accomplished.  One of the key
factors, though, is after the finger is severed the elastic properties
of the skin change rapidly and thereby would not warp in the same
manner as a live finger pattern.  This would make a cadaverous finger
useless after a period of time.  (Can't find subjects to do a double
blind study though).

3.      "Crooks would forcibly hold down the finger."

By forcibly sliding an individual's finger against the biometric
encryption authentication device (reading device), the string coded by
the Bioscrypt can be extracted.  The string coded by the individual's
finger pattern Bioscrypt could then be used for a one-time access for
whatever purposes the string was intended.  However, assuming that the
individual is freed, he can then use his finger pattern to code a
completely different string to prevent repetitive access.

The system is robust in that it is very easy to change PINs, encryption
keys or computer pointers.  It was suggested in some of the messages
that a pass phrase be used in conjunction but, again, if an individual
is holding your finger down forcibly, to extend that to pointing a gun
to your head to divulge the pass phrase is not an extreme assumption.
There is no perfect security system out there and I doubt one will ever
be designed since it has to work with real human beings.  I suggest
that the goal is to provide privacy-enhancing technology that handles
the majority of the infringement cases and that, for exceptional
circumstances where extreme privacy and security must be guaranteed, we
combine the biometrics (something you are) with the pass phrase
(something you know) and a token (something you have).  If the
combination of those three doesn't do it, then at this stage of
technological evolution, nothing will cut it.

4.      "Losing or damaging a finger with the result of not being able
to access the Bioscrypt and related files."

One of the properties of optical processing is that composite patterns
can be made and thereby used to make the Bioscrypt.  Accordingly, more
than one finger could be used or a finger and a proprietary pattern
(which one keeps hidden away somewhere).  Of course, there is a
penalty.  The more patterns one uses, the smaller the signal to noise
ratio of the system.  The system is currently designed to give signal
to noise ratios in the order of 10 to 12 dB and thereby significant
degradation can still occur which would allow comfortably two to three
patterns to be superimposed in the same Bioscrypt.

If you are interested, more information can be gained by accessing
Mytec's web page at http://www.mytec.com.

- - --
George J Tomko
Mytec Technologies Inc.
Toronto, Ontario

- - ------------------------------

End of Computer Privacy Digest V8 #044
******************************


- ------- End of Forwarded Message


------- End of Forwarded Message