This action might not be possible to undo. Are you sure you want to continue?
Enabling Secure Transactions without Storage of Unique Biometric Information
BY: Michael (Micha) Shafir, Cofounder and CTO, Innovya R&D
"The computer, with its insatiable appetite for information, its image of infallibility, its inability to forget anything that has been put into it, may become the heart of a surveillance system that will turn society into a transparent world in which our home, our finances, our associations, our mental and physical condition are laid bare to use most casual observer." (Prof. Arthur Miller. "Statement to Sub-Committee of US Senate on Administrative Practice
and Procedure" March 14th, 1967)
As with many rapidly expanding technologies that affect social life, biometrics has in a justifiable manner come under attack by civil libertarians. Privacy advocates argue that biometrics will lead to an even deeper erosion of personal privacy in both the real world and cyber-space. In this paper we study the many privacy concerns which have emerged following the increase in use and the popularity of biometric systems for identification and authentication purposes in digital and physical environments. We will argue that contrary to critics' arguments, Innovya’s traceless biometrics solution is in fact completely traceless and noninvasive with regard to personal privacy. Further, we hold that if these new traceless biometric systems are used in conjunction with existing security mechanisms (such as public-key algorithms), they can provide almost foolproof protection for electronic transactions and other operations in smart environments. The key element however, is that government intervention, in the form of a set of standards for how the new traceless biometric solution will be adopted, is an absolute necessity for complete privacy protection. Our goal is to demonstrate how traceless non-unique biometric systems can themselves be advocates of privacy. We do so by answering the following questions: 1) How can traceless biometric systems be designed so as not to intrude into personal data sets? 2) How can government intervention through legislation guarantee privacy protection of users by adopting and enforcing the new traceless biometric authentication and identification systems? 3) In the absence of government regulation, how much reliance can users of biometric systems have on self-regulation for privacy protection? We start off by examining the authentication and identification requirements of networked digital environments, as well as the privacy requirements of such environments. This is followed by a review of how traceless biometric systems are compatible with privacy requirements. We will close by looking at how the possible implications of regulation of the biometrics industry, both from government and the technical community may affect today's digital world. Innovya Research & Development, an Israeli startup, has developed a new Traceless Biometrics Solution that clearly authenticates users’ identity without
All content copyright © 2006 Innovya R&D Ltd. All rights reserved. For more information please contact Mr. Ronen Blecher: Ronen@Innovya.com
requiring the storage of any unique biometric information. Furthermore, the solution does not need to link, write, or bind any unique information to an external device, smart card, or network of any kind. The solution’s method is able to positively recognize and identify biometric identity in real-time without violating the user’s privacy and without leaving any intrinsic traces. The company was founded in 2006 by Michael (Micha) Shafir and Ronen Blecher, both experienced entrepreneurs from the network security devices industry. The company owns a revolutionary patented platform and method for Traceless Biometric Identification. Innovya is in the process of developing and providing a method for identifying an individual through a biometric identifier that is designed to be non-unique. Innovya has created an amorphous biometric identifier agent, or ‘BIdToken’ (Nonunique Biometric Identifier Token), which is designed to be biometrically traceless, so that an exact image or copy of the biometric information is not maintained. Instead, the one directional BIdToken refers to an incomplete identifier obtained from biometric information, which is non-unique. By ‘incomplete’ we mean that the biometric information itself cannot be reconstructed from the BIdToken even with the device that originally allocated the biometric token identifier. Using this method, the individual has to be present during the identification process since the (secret) token identifier itself has no true value except in a particular biometric identification transaction. This is important in order to avoid an association with recorded values or any other unique characteristic. ATM/debit card fraud in the U.S. generated losses of $2.75 Billion: Gartner, Inc. the leading provider of research and analysis on the global information technology industry estimates that in the 12 months ending May 2005, ATM/debit card fraud in the U.S. generated losses of $2.75 billion, with an average loss of more than $900. Criminals secretly obtain consumer banking account and password information by online ‘phishing’ and keystroke logging attacks, and armed with this information, hack into consumers' ATM accounts. Gartner also claims that "Most of the losses were covered by banks and other financial institutions that issued the specific ATM/debit cards exploited by thieves." Systems cannot determine the identity of actual user: News stories of Internet privacy threats are commonplace these days. The Internet was designed as an inherently insecure communications vehicle. • Hackers have easily penetrated the most secure facilities of the military and financial institutions. • Internet companies have designed numerous ways to track Web users as they travel and shop throughout cyberspace. ‘Cookie’ is no longer a word associated solely with sweets. It is now associated with cyber-snooping. • Identity thieves are able to shop online anonymously using the credit-identities of others. • Web-based ‘information brokers’ sell sensitive personal data, including Social Security numbers, relatively cheaply. A long-time goal of computer scientists, specifically those specializing in Artificial Intelligence, has been to create computer systems that are able to simulate human
All content copyright © 2006 Innovya R&D Ltd. All rights reserved. Highly Confidential – Limited circulation only
intelligence. At the same time, researchers have continually been concerned with improving the identification and authentication methods used for access to computer systems and networks. Biometric authentication systems are a natural extension (to computers) of the recognition methods that humans have used since the beginning of time. In these systems, physical or behavioral characteristics of the person to be authenticated determine whether he is indeed who he declared himself to be - this is analogous to how people recognize each other (i.e. how they identify others and verify that the person is who he appears to be) by examining physical features that are essentially unique to the other person, like his face. Security is a fundamental requirement of any digital environment: One key security principle that must be included in any security policy of a system in such an environment is accountability - someone must be responsible for each action that takes place in the digital space. Accountability therefore, necessitates identification. Furthermore, the system must be able to verify a user's claim to Identity X. In other words, identification necessitates authentication. Knowledge-based authentication is the most commonly used method for verifying a user's identity to a computer system. Indeed, authentication by knowledge has several advantages: it is easy to implement, users can protect their knowledge typically a password - easily, the knowledge is portable, and it can be simply changed if it is compromised. At the same time however, authentication based on knowledge of a password is often insufficient in preventing unauthorized access to computer systems. Password-based authentication systems are vulnerable to offline dictionary attacks, and exhaustive-search attacks. In an offline dictionary attack, the attacker will steal a password file which stores a number of encrypted passwords, and then encrypt each word in a dictionary to see if any of them match the encrypted password(s) on the file. In an exhaustive-search attack, all possible passwords of the minimum length are encrypted and compared against the encrypted password in the system. Another problem with password-based authentication schemes is that it is difficult for users to come up with strong passwords. "A good password is easy to remember and hard to guess ... Something is easy to remember if it is meaningfully related to other things one knows. These same relationships make it easy to guess." The prevailing techniques of user authentication, which involve the use of either passwords and user IDs (identifiers), or identification cards and PINs (Personal Identification Numbers), have several limitations. Passwords and PINs can be illicitly acquired by direct covert observation. Once an intruder acquires a user ID and password, the intruder has total access to the user's resources. In addition, there is no way to positively link the usage of the system or service to the actual user; that is, there is no protection against repudiation by the real ID owner. For example, when a user ID and password is shared with another individual such as a friend, family member or colleague, the system cannot determine the identity of the actual user, which can be particularly problematic in case of fraud or other criminal acts, or when payment may be made.
Credit card fraud:
All content copyright © 2006 Innovya R&D Ltd. All rights reserved. Highly Confidential – Limited circulation only
A similar situation arises when a transaction involving a credit card number is conducted on the Web. Even though the data are sent over the Web using secure encryption methods, current systems are not capable of assuring that the transaction was initiated by the rightful owner of the credit card, since both the real owner and the counterfeiter are using the same transaction initiation process which is, the entry of a credit card number and expiration date to the payment system. Indeed, for such transactions even the card itself does not need to be physically present, further increasing the potential scope of fraud and deceptive use of credit card information.
Biometrics contradictions: Fortunately, automated biometrics in general and fingerprint technology in particular, can provide a much more accurate and reliable user authentication method. There are three classic bases for authentication: (1) something the user knows (a password), (2) something the user has (a key, a smartcard), (3) something the user is or does (biometrics). Biometrics is a rapidly advancing field that is concerned with identifying a person based on his or her physiological or behavioral characteristics. Examples of automated biometrics include fingerprint, face, iris, and speech recognition. However, deploying biometric systems without sufficient attention to their dangers makes them likely to be used in a way that is dangerous to civil liberties because of the inherent property of biometric data, which is that it forms part of the person. There are two main phases in biometric authentication. In the enrollment phase, the user's intrinsic characteristic is measured. This may be a physical characteristic such as his fingerprint, hand geometry, retina vein configuration, iris pattern, face, or DNA, or a behavioral characteristic like his voice or signature dynamics. The main problem is; the data that is being collected in the enrollment phase is then analyzed to build a unique template. To authenticate a person with identity X, the characteristic must be measured again in the same manner, and then compared with the so called ‘trusted’ stored template. The person is then authenticated depending on how closely the freshly measured characteristic compares with the retrieved template. Turning the human body into the ultimate identification card is extremely dangerous. A fingerprint, a retinal or iris print, a face or other physical information used for the biometric data are part of the individual. They cannot be changed at all or can only be changed somewhat. Therefore, if the biometric information is used abusively and/or is distributed to third parties such as law enforcement agencies for example, the individual has little or no recourse, and cannot change the situation. The problem with the biometrics enfacement scheme is not merely the collection of biometrics, it is that the scheme is conceptualized to act as a means of collation of all government data, and indexing all significant civil transactions through a central database. Who will be responsible or compensate for lost, stolen and reconstructed unique biometric characteristics collections? People want to be able to draw a boundary circle around information about themselves and how they behave. They feel entitled to the ability to control all that falls inside this circle and they want to be able to regulate how, to whom, and for what reasons the information within the circle is disseminated. A life less monitored and less searchable is a life more private. Many countries are dependent on electronic data storage mechanisms. As
All content copyright © 2006 Innovya R&D Ltd. All rights reserved. Highly Confidential – Limited circulation only
this reliance continues to increase the question becomes one of safeguarding electronic information against misuse. There are thousands of databases of less permanent information about people on computers, often servers connected to the Internet. Names, addresses, credit card and bank account numbers are just some of the personally identifying information that is being stored by independent information traders, including state and federal governments. We all must be aware that biometrics exposure may take a long period of time to recover (actually a lifetime period). Can anybody implant ‘new’ biometrics in case of exposure? Anything can be faked but, if someone owns your biometrics he practically owns your identity. Exposing or losing biometric property is lost for life. Biometric Technology Not Popular In US ATMs "In the case of ATMs, the PIN will be here for a long time," said Jim Block, Diebold's director of global advanced technology. "Part of the reason stems from the PINs popularity. Consumers can access ATMs nearly anywhere in the world by simply inserting their card and punching in a secret four-digit number. Biometrics are not universally used because there is no standard for storing the data."
Source: ‘Payment News’ Posted: May 6, 2006 at 06:08 AM Pacific
Other forms of identification are less permanent: Other forms of identification are much less permanent. For example, many if not most individuals in the modern world have a UserID (such as a user name), one or more passwords and one or more Personal Identification Numbers (PINs), which are all different types of information. Since they do not form a permanent part of the individual, if this information is stolen, it can be changed. Most individuals in the modern world also have cards, badges and keys, which may be combined with the above information for accessing one or more resources that require identification and authentication. For example, an individual typical has and knows an ATM card and an associated PIN. Only the combination of the two items, which is card owning and knowing the PIN, permits the individual to conclude successful transactions with ATM machines. When a PIN and/or PIN plus card are shared with another individual such as a friend, family member or colleague, there is no way for the system to ‘know’ who the actual card owner is. It means that currently there is no way for the system to know if the previously described items that are defined as 'knowing' and 'having' have been shared willingly, duplicated, lost or stolen. As described previously, biometrics can be used to overcome these problems but with severe potential privacy drawbacks. Privacy and security are not the same: Roger Clarke of the Faculty of Engineering and Information Technology at the Australian National University explains privacy as "the interest that individuals have in sustaining a 'personal space', free from interference by other people and organizations." Clarke defines several dimensions to this interest. The two that are most relevant to this White Paper are: 1) Privacy of personal communications. "Individuals claim an interest in being able to communicate among themselves using various media without routine monitoring of their communications by other persons or organizations." 2) Privacy of personal data. "Individuals claim that data
about themselves should not be automatically available to other individuals and organizations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use." In other words, users of computer systems (especially those in networked environments) expect that those who store their personal information will not abuse it. They expect too that wherever their personal information is being stored, it is safe, so even if a hacker were to succeed in breaking into the computer or server on which this data were stored, it would be protected. Users expect also to be able to communicate anonymously. This is especially important for those who want to criticize the government, or an employer without having to worry about victimization. Biometrics violating privacy and is harmfully traceable: In the context of biometrics, privacy is a central issue because any biometric information about a person necessarily falls within the boundary of the privacycircle. Hence, individuals are concerned about how any biometrically identifying information about them is controlled. Biometric properties from the perspective of traces or permanent storage can lead to undesired identification and tracing of the activities of an individual. Even if the biometric data is stored in an altered form that requires a complex algorithm to decipher, the uniqueness of the biometrics specimen, the speed and computational power available today makes any such protection scheme irrelevant. Biometrics must benefit third-party trust: If unique biometric properties are stored somewhere, for example on a smart card or on a computer system, even if it is stored in an encoded, scrambled or ciphered form, it is still a unique biometric identifier. Once a unique biometric identifier has being stored anywhere, at any time, on any external media (including media that is associated with the boundaries of the individual, such as a smartcard held by the individual), the privacy of that biometric property owner is violated. As noted previously, exposing or losing biometric property is a permanent problem for the life of the individual, since there is no way to change the physiological or behavioral characteristics of the individual. Biometric technology is inherently individuating and interfaces easily to database technology, making privacy violations easier and more damaging. Who can you trust? It may seem that one of the issues that plagues card-based ID systems the security or integrity of the card itself -- does not apply for biometric systems, because ‘you are your ID.’ But the question of the reliability of the card is really a question about trust. In an ID card system, the question is whether the system can trust the card. In a biometric system, the question is whether the individual can trust the system. If someone else captures an individual’s physiological signature, fingerprint, or voice print for instance, abuse by others is difficult to prevent. Any use of biometrics with a scanner run by someone else involves trusting someone's claim about what the scanner does and how the captured information will be used.
Constitutional Provisions Though there is no clearly defined right to privacy in the U.S. Constitution, privacy rights are implied in several of the amendments. The right to privacy is rooted in the 4th Amendment, which protects individuals from unreasonable search and seizure; the 5th Amendment, which protects individuals from selfincrimination, and the 14th Amendment, which gives the individual control over his personal information.
What remains to be determined is the following: 1. Can the biometric information be collected, stored, or retrieved? 2. Can the biometric information collected be used both for criminal and noncriminal searches and suspicionless searches? 3. Can the system give the individual full control over his abandoned personal intrinsic information? The following fact remains: there are no legal restrictions on biometrically identifying information, or biometric authentication systems. However: there are severe restrictions on collecting, creating, maintaining, using, or disseminating records of identifiable personal data. One immediate conclusion that we should draw is that biometrics authentication must be traceless. The Case against Biometrics Critics argue that biometric authentication methods present a serious threat to privacy rights. These arguments have been broken down into three categories: 1) anonymity, 2) tracking and surveillance, 3) data matching and profiling. Privacy advocates argue that individuals lose their anonymity in any system or digital environment that uses biometric authentication methods. Many people claim the option of anonymity in the marketplace (for electronic purchases) and in the political arena (for voting) as part of their expectation of privacy. Critics of biometrics feel that if this traceable technology were to gain widespread acceptance and proliferate further into daily life, then much of our anonymity, when we use different services, and move from place to place will fade. Privacy advocates envision traceable biometrics as being able to foster ‘BigBrother’ monitoring of citizens by the State. This idea stems from the fact that traceable biometric measures can be used as universal identifiers for individuals because each biometric measure is unique. Consider having a driver's license with a magnetic strip that stored one's fingerprint. One could imagine being pulled over by a traffic policeman for a trivial traffic violation, and being subject to harsh treatment because after scanning your fingerprint in, the police officer has access to your entire criminal record and knows all of your past offenses. Governments have used technology to intrude into the interior of individuals' privacy-circle. Critics of traceable biometrics argue that there is no reason to expect that the State will use traceable biometric technologies any differently. Isolated identifying and non-identifying information in different databases can be used to create extensive records that profile peoples’ shopping and spending habits. The biggest danger of traceable biometrics according to privacy advocates, is that traceable biometric identifiers can be linked to databases of other information that
people do not want dispersed. The threat to privacy arises from “the ability of third parties to access this data in identifiable form and link it to other information, resulting in secondary uses of the information, without the consent of the data subject.” This would be a violation of the Code of Fair Information Practices, since the individual would no longer have control over the dissemination of his personal information. People have generally frowned on biometrics, in particular fingerprints, because of the long association with criminal identification, and more recently because of its use in State welfare schemes to prevent recipients from making double claims on their benefits. The argument is that people are reduced to mere codes and are subject to inanimate, unjust treatment. A similar argument against the use of biometrics is that traceable biometric identifiers are an "example of the state's using technology to reduce individuality." This type of identification corrupts the relationship between citizen and state because it empowers the state with control over its citizens. Religious groups argue that traceable biometric authentication methods are “the mechanism foretold in religious prophecy” (e.g. the Mark of the Beast). Further religious objections are based on the premise that individuals must give up themselves, or part of themselves, to a symbol of authority which has no spiritual significance. Though there are no documented cases of biometric technologies causing actual physical harm to users, certain methods are considered as invasive. For example, retina scanning requires the user to place his eye as close as three inches away from the scanner so that it can capture an image of his retina pattern. Fingerprint recognition devices too are deemed as invasive because they require the user to actually touch a pad. The Case for Biometrics Biometrics by itself cannot be blamed for anonymity loss. In today's world the problem is in the data collection and the intrinsic traces. There are larger social and technological forces that have caused this. If a single advancement had to be blamed for the erosion of anonymity, it would have to be the computer. The computer and computer networks like the Internet make it incredibly easy to collect and store information about people, and to disperse this information to a large number of people. The Internet hosts a vast wealth of resources about many people, and the search capabilities that exist make it relatively simple for adversaries to get personal information about anyone. The Internet provides many resources for identity theft (e.g. search engines, genealogy databases). In the physical world, people have access to others' credit reports, and for a small fee, employers can perform checks on their employees through services provided by companies like Informus (http://www.informus.com/) and Infoseekers (http://www.infoseekers.net/). There is no need for a universal identifier in order to link identifying and non-identifying information from separate databases. Similarly, there is a great need for biometrics in order for ‘Big-Brother’ surveillance to take place. There are satellites which can track a person's movements with extreme detail. Video surveillance cameras in department stores and on the streets, online electronic transactions, and email sniffing are just three means by which others can keep track of one's digital identity. John Woodward poses three arguments that establish biometrics as a friend of privacy. Woodward's first argument is that biometrics protects privacy by safeguarding identity and integrity. Biometric authentication systems provide very
secure protection against impersonators. Criminals in the real world and cyberspace commonly exploit weaknesses in token-based and knowledge-based authentication systems in order to break into an individual's bank account. Using a biometric identifier for access to systems makes it much more difficult for such compromises to occur. Second, Woodward argues that biometrics is a friend to privacy because it can be used to limit access to information. Finally, he proposes that biometrics is a privacy-enhancing technology. Innovya traceless biometric algorithms use biometric characteristics to construct non-unique biometrics with a unique identifier code that can be reconstructed only with a particular identifier. This means the person's actual physical characteristics are not stored by the system. These types of biometric systems can be used to create PINs for users, thus providing a form of anonymous verification. HOW DO WE MAKE BIOMETRIC SYSTEMS COMPATIBLE WITH PRIVACY CONCERNS? There are many different forces acting on biometrics, including industry and law. The only way biometric systems can address privacy concerns is if the two forces propose and implement a mechanism that simultaneously accomplishes the following: • Eliminates intrusiveness into personal data sets. • Establishes obligations about how biometrics by itself without any harmful traces can be used and disseminated both in the public and the private sector and does not stifle traceless technology. Separate efforts by each of these forces will not work because they conflict. In industry, engineers want to design biometric systems with lower and lower false rejection rates. Policy makers are concerned with wider public interests. It would not be surprising if they were to lay down laws that would rightfully ban the use of traceable biometric systems (at least in the private sector). In March 1999, the International Biometric Industry Association (IBIA) announced a set of principles to protect personal information collected by biometric authentication systems. In this announcement, the IBIA stressed that it is very concerned with the issues of privacy and use of personal information. The principles they propose as guidelines to manufacturers, integrators, customers and users are: Traceable biometric data is electronic code that is separate and distinct from personal information, and provides an effective, secure barrier against unauthorized access to personal information. Beyond this inherent protection, the IBIA recommends safeguards to ensure that biometric data is not misused to compromise any information, or released without personal consent or the authority of law. Traceless biometrics will put end to this concern. In the private sector, the IBIA advocates the development of policies that clearly set forth how biometric data will be collected, stored, accessed and used, to preserve the rights of individuals and to limit the distribution of data beyond the stated purposes. In the public sector, the IBIA believes that clear legal standards should be developed to carefully define and limit the conditions under which national security and law enforcement agencies may acquire, access, store, and use biometric data. In both the private and public sectors, the IBIA advocates the adoption of appropriate managerial and technical controls to protect the confidentiality and integrity of databases containing biometric data.
This is a first step toward privacy protection for users of biometric systems, but it is lacking. First, it suggests only self-regulation for the private sector. This means there would be no legal way to punish corporations for misuse of biometric information. This would leave the current state of affairs as is. It is imperative that database managers be accountable for how they handle people's information. Second, it is hard to keep track of who is adhering to these principles and who is not. There are many companies that do not audit how information is used and disclosed. Businesses commonly sell information to each other in order to use data mining algorithms to discover consumer trends, and send them targeted advertising material. Third, it makes no mention of what sorts of technological solutions can be used to deal with the privacy problem. Engineers need to come up with different methods so individuals can have more control over their personal information. Innovya's Traceless Biometric technology which uses a non-unique biometric identifier to create a PIN is an example of how industry can design safer and more secure systems. Government policy-makers and industry need to collaborate to ensure that there are legal prohibitions against the selling, collecting or exchanging of biometric identification databases to third parties: • That there is legislation to ensure that electronic storage of biometric identifiers will not be carried out in the same manner as companies' other information. It must not be there in the first place. • That there are legal prohibitions against the use of peoples’ biometric characteristics for identification purposes without their consent. • That there are legal prohibitions against using traceable biometric identifiers for discriminatory purposes either by law enforcement agencies or the private sector. Industry and governments need to set up and fund a research organization (or extend the research scope of the government-funded Biometric Consortium) to design traceless biometric authentication systems that fall in the realm of privacyenhancing technology. The implications of such collaboration could eliminate the privacy problems created by security solutions that use biometric identifiers. This would also provide a model for how to approach the wider privacy issue which is a consequence of the ubiquitous presence of computers and the wealth of information available on the Internet. Conclusion: The digital evolution that we are witnessing today is leaning ever more strongly toward smart environments where humans and computers are in symbiosis. Unless governments establish strict oversight of traceable systems, many innocent individuals are likely to be apprehended. There must be limits on the kinds of uses that can be made of traceable biometric technologies by government and law enforcement authorities, as well as clear-cut and expeditious procedures to handle cases of erroneous identification. Traceless biometric identification and authentication schemes are the first step toward this, since they cloud the line between an individual's claim to an identity and his means of verifying this claim. Privacy advocates worry that sensitive traceable biometric information used for authentication will provide yet another opportunity for both private and public
sector information traders to exploit individuals. Their stance is that biometrics will lead to an even deeper erosion of personal privacy in both the real world and cyberspace; that it will foster Big-Brother monitoring of citizens by the government; and that individuals will lose their anonymity whenever they use traceable biometric devices to authenticate themselves. In the absence of adequate legislation to regulate how such information is deployed and used, some of the predictions of the critics of biometrics may well materialize. What is needed is for policy makers (who represent the ethical interests of individuals) and engineers of biometric systems (who represent the technological interests of individuals), to collaborate so that a well-defined legal framework within which traceless biometric technologies can safely operate and advance is established. Innovya Research and Development has already begun designing and implementing traceless biometric systems tailored toward giving the user as much control as possible over his information. It is now time for policy makers to look more closely into what contributions they can make to accommodate the privacy interests of individuals. Innovya’s solution: When designing a security system, it is best not to make it too powerful. If an intruder manages to gain access, he has more power over you. If however, the security system is simpler, the intruder’s success is more limited. Innovya’s technology overcomes these disadvantages by using its patented traceless biometrics for identifying an individual with a biometric identifier that is designed to be non-unique. Innovya uses an amorphous and non-unique biometric identifier agent called ‘BIdToken’ (Biometric Identifier Token) that is designed to be biometrically traceless, so that an image or copy of the biometric information does not need to be maintained. Instead, the BIdToken refers to an incomplete and nonunique identifier obtained from the biometric information. By ‘incomplete’ we mean that the biometric information itself cannot be reconstructed from the BIdToken, because the necessary information is discarded during processing of the biometric information. Representing application – an example: Innovya’s BIdToken is not stored on any database such as a bank, government, or any other system. Instead, the user securely provides the BIdToken and thus maintains control over it. For example, a secured BIdToken can replace the PIN associated with an ATM card. Only the combination of physically possessing the ATM and Innovya’s Biometric Identifier (BIdToken), permits the individual to complete a transaction at the ATM machine. In this situation when a PIN and/or PIN and card are shared with another individual or is stolen, the identity of the individual using the card can be determined, allowing only the true owner to use the card. The method for determining the BIdToken is kept secure and therefore it is not possible to determine the non-unique BIdToken or its generation from the fingerprint or other unique biometric identifier by an unauthorized party (reverse engineering). However, a BIdToken can be replaced by another one and still be associated with the real biometric owner. Innovya's solution neutralizes the obligation requirements for trust by third parties and significantly reduces identity theft.
Author: Michael (Micha) Shafir – Cofounder seasoned entrepreneur (RadWare, MagniFire, CrossID) Email: micha@Innovya.com Direct: +972 54 4837900