The technology uses different randomized numbers that convert the biometric information, in this case the veins in the palm of the hand, into a cryptographic key for encrypting and decrypting personal data on each side of the communication.
At the end of the data transfer, a user’s randomized code representing their biometrics is compared with the number generated at the start as a means to verify the person. This would remove the need for managing encryption keys for accessing your encrypted data, according to the researchers.
Fujitsu adds that it used error-correcting codes to compensate for any minor errors, such as slight movements of the hand, during data transmission. It claims that this will be a more robust way of protecting personal information as there is a reduced chance of the biometric data being intercepted on a network and it could expand the use of biometrics to cloud services in a more secure way.
That last point is important. Currently, biometric data is generally used only for accessing local devices because the data might be intercepted in transit over a network. Fujitsu’s technology could bring this from of login to cloud storage, social networks, and other online services.
The company says it is currently working on improving the time it takes to decrypt the data and is aiming to commercialize the system by 2017 as well as exploring potential use cases such as Japan’s recently updated tax and social security number system.
Fujitsu has been working alongside Kyushu University and Saitama University in Japan to develop the technology and presented their findings at a security conference in France this week.
It’s not too surprising that Fujitsu is focusing on the security of biometrics. The Japanese company has been investing heavily in biometrics research and its use in payments and authentication, including a recent pilot with payments provider JCB.
