Fujitsu Laboratories has developed a technology that turns biometric data, such as palm veins, into a cryptographic key, enabling simple management of confidential data without need for managing keys. Conventional technologies that use biometric data to encrypt information require that the biometric data be used as-is when retrieving confidential data. This means that for confidential data managed in a cloud service, for example, it would be necessary to send the biometric data through the network, raising issues of the network's security.

Now, Fujitsu Laboratories has developed a technology that uses randomized numbers, each different, to convert biometric data into a cryptographic key for use in encryption and decryption. This makes it possible to simply and securely manage an individual's confidential data using biometric data, while preventing the unconverted biometric data from passing through the network.

Fujitsu Laboratories anticipates that using this technology will make it easier and more convenient to carry out biometric authentication to verify the identity of a person accessing confidential data managed on the Internet.

Fujitsu Laboratories will continue to improve the speed of decryption processing and expand the types of information that can be encrypted, while also examining this technology's applicability to a number of potential use cases such as the Social Security and Tax Number system in Japan, with the goal of commercialization during fiscal 2017. It will also examine the development of the feature code, and work to expand the types of applicable biometrics, such as fingerprints.

How it works

Fujitsu Laboratories applied widely used error-correcting codes for the encryption method as the technology to compensate for errors that are typically generated in the transmission route. The system randomly determines different random numbers for encryption and decryption, and using this protects the confidential data and biometric data.

A decryption code is used as the key when decrypting encrypted data. For decryption, the decryption code, after being converted into secure data, is sent from the device to the server. The decryption code is generated by first converting a random number using an error-correcting code, and then adding the feature code extracted from the biometric data. As different random numbers are used for encryption and decryption, a different, secure decryption code can be generated.

Variations in one's motion or position when inputting biometric data can generate slight discrepancies. This leads to discrepancies when calculating the feature code for decryption from the feature code for encryption, but the discrepancy can be absorbed because it is converted using an error-correcting code in advance. Moreover, the discrepancy caused when calculating the random number used in decryption from the random number used in encryption will similarly be corrected when using error-correcting code 2, enabling recovery of the confidential data.

In this way, as the biometric data input for encryption and decryption are similar sufficiently, so long as they are both from the same person, the confidential data can be retrieved from the encrypted data using error-correcting technology.