You are in the: Small Business Computing Channel

» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

www.ecommerce-guide.com/news/trends/article.php/126141

Back to Article

Your Body IS Your PIN! By Mark Merkow, CCP, CISSP June 17, 1998 In our first column, Electronic Keys For a Digital Tomorrow, we looked at some uses of cryptography to authenticate people, secure their communications, and assure the integrity of their messages upon arrival. In this column, we look at a complementary technology that can offer even higher levels of user authentication. Someday soon you may find yourself staring into a camera or slipping your finger into a reader before you''re able to complete an online sales transaction using your credit card. Biometrics -- the measurement of human traits -- is rapidly becoming both more reliable and less expensive. As the quest for better ways to identify people continues, biometrics in combination with cryptography, offers a more complete solution than either approach alone. Fingerprints Make For Good Random Numbers Based on the premise that certain human characteristics are both random (they do not occur often within a population) and are stable (do not change over time), it''s natural to pursue their uses rather than rely on easily-forgotten passwords, IDs, or external devices, such as tokens or SmartCards. Fingerprints, for example, offer an image that can be transformed into a digital representation that''s unique but consistently regenerated when the same fingerprint is encountered. Recognition software transforms data about the coordinates where ridges terminate or where loops converge, which scientists call minutiae. These minutiae may contain up to seven characteristics that are found to be unique. Human fingers contain about 70 minutiae points, making it possible to arrive at 490 data elements that can be recorded. Some recognition systems combine minutiae points with other information (e.g., the distance between points, direction, etc.). Once captured, this digitized information is stored for later comparison purposes, often in template forms using 1KByte or so of memory. Instead of using pseudorandom number generators to create public-private key (PPK) pairs, it''s possible to use fingerprint information as the basis for private keys. This is appealing since the images can''t be shared, stolen, or easily forged. You''ll never have to rely on your memory, your browser, or your electronic wallet to protect your private key again. Just don''t lose any fingers ! Future applications of biometrics may combine the security of SmartCards for storing your public key (contained in your digital certificates) along with the information that''s needed to match your fingerprint to assure the highest form of identity matching.

Go to page: 1  2  3  Next