Secure Signature Means No One Can Steal Your Id
A new biometric identification system now exists that can link a person to an ID card without having to match biometric characteristics to data stored on the card or in a central database. This system could quiet many of the criticisms about ID card plans, such as the national plan proposed by the U.K. government.
Security experts fear that stolen biometric data could be used illegally, but Generics Group’s Gavan Duffy has invented a technique that removes the variability from an iris or fingerprint scan, “enhancing its stability,” he says. His technique provides an “offset” value for each data point in a scan, to put the value of the scan in the middle of its range, so that variations in subsequent scans are less likely to come back different.
The reference template can be combined with data on the card to create a user-unique digital signature, which can be irreversibly encrypted for protection. The offset data can be stored on the card, useful only to the owner. Any subsequent scans can be combined with the offsets to create a template, which can be combined with the personal data on the card to create a fresh signature; if it matches the stored signature, the user is genuine.
Ian Brown of the Foundation for Information Policy Research, a group that opposes ID cards, nevertheless says the system “looks like a good solution” since the cards only store “information that needs the iris or fingerprint to be present for the offset information to be any use.”
Abstracted by the National Law Enforcement and Corrections Technology Center(NLECTC) from New Scientist (05/22/04) Vol. 182, No. 2448, P. 23; Graham-Rowe, Duncan .