Encryption & Biometrics

Encryption is a mathematical process that helps to disguise the information contained in messages that is either transmitted or stored in a database. There are three main factors that determine the security of any crypto system; the complexity of the mathematical process or algorithm, the length of the encryption key used to disguise the message and safe storage of the key known as key management. 

The complexity of the algorithm is important because it directly correlates to how easy the process is to reverse engineer. One would think that this is the area of encryption that is the easiest to break, however most crypto systems are extremely well constructed and these are the least of the three factors that are vulnerable to attack.

The length of the encryption key used to disguise the message is the next important part of the encryption process. The shorter the encryption key length, more vulnerable is the data to a "brute force" attack. This term refers to an individual trying to improperly access data by trying all combinations of possible passwords that would allow access to the account. For example, a key that is three characters long would be much more prone to attack than one that is ten characters long because the number of possible permutations that must be run to find the right key are much higher in the key that contains ten characters. Biometric encryption makes standard character encryption obsolete by replacing or supplementing the normal key characters with a personal identifier of the user for which there can only be one perfect match. Without this biometric key the information is inaccessible.

Safe storage of the key is the most vulnerable area in the encryption process. What would seem to be the easiest to manage becomes the most difficult because passwords or PINs can be lost or stolen. Good encryption keys are much too long for normal individuals to remember easily so they are usually stored on paper, smart cards, or diskettes, which may make them accessible to unauthorized users. Biometric encryption systems allow the user to transport the access key around without making them vulnerable to loss or theft.

There are two broad categories of encryption systems; single key/double key (symmetric) systems and two key (asymmetric) systems. Symmetric systems utilize similar keys for both the sender and receiver for the purpose of coding and decoding data. In 1972, IBM developed DES (Data Encryption Standard) which was adopted worldwide by 1977 as the most common single key system in the banking and financial sectors. The process of transmitting this type of key over such networks as the Internet is one of the major failures of symmetric encryption. Electronic commerce requires that transactions be conducted over open networks instead of dedicated networks and symmetric key systems do not offer a high level of security for such transmissions. This is why public key systems have been developed. These two key systems use a public key to encrypt the data and a private key to decrypt the data. The asymmetric key system allows better encryption than symmetric key systems, however certification of the recipient of messages becomes an issue, which causes a hierarchy of certification to be developed resulting in a much slower processing time. Biometrics can aid in this process due to the inherent nature of using a physical trait of the desired recipient to decipher the message. It is this issue that has caused biometric techniques to be valued for electronic commerce.