One or more computing devices may use an encrypted feature vector to verify an individual person (1:1 verify) or identify an individual in a datastore (1:many identify) without storing, sending or receiving plaintext biometric data within or between computing devices or any other entity.
Private biometrics are constantly evolving based on the changing nature of privacy needs, identity theft, and biotechnology.
Biometric security strengthens user authentication but, until recently, also implied important risks to personal privacy.
This decrypt requirement made large-scale search across encrypted biometrics (“1:many identify”) infeasible due to both significant overhead issues (e.g. complex key management and significant data storage and processing requirements) and the substantial risk that the biometrics were vulnerable to loss when processed in plaintext within the application or operating system (see FIDO Alliance, for example).
Biometric security vendors complying with data privacy laws and regulations (including Apple FaceID, Samsung, Google) therefore focused their efforts on the simpler 1:1 verify problem and were unable to overcome the large computational demands required for linear scan to solve the 1:many identify problem.
[2] Today, private biometric cryptosystems overcome these limitations and risks through the use of one-way, fully homomorphic encryption.
Matching in the encrypted space offers the highest levels of accuracy, speed and privacy and eliminates the risks associated with decrypting biometrics.
Specifically, the private biometric feature vector is produced by a one-way cryptographic hash algorithm that maps plaintext biometric data of arbitrary size to a small feature vector of a fixed size (4kB) that is mathematically impossible to invert.
[9] It is mathematically impossible to reconstruct the original plaintext image from a private biometric feature vector of 128 floating point numbers.
[11] The first one-way encryptions were likely developed by James H. Ellis, Clifford Cocks, and Malcolm Williamson at the UK intelligence agency GCHQ during the 1960s and 1970s and were published independently by Diffie and Hellman in 1976 (History of cryptography).
In this posting, Mandel used a Frobenius 2 distance function to determine the closeness of two feature vectors and also demonstrated successful 1:1 verification.
Mandel did not offer a scheme for 1:many identification as this method would have required a non polynomial full linear scan of the entire database.
On the client device, Private.id transforms each reference biometric (template) into a one-way, fully homomorphic, Euclidean-measurable feature vector using matrix multiplication from the neural network that may then be stored locally or transmitted.
If the feature vector is stored locally, it may be used to compute 1:1 verification with high accuracy (99% or greater) using linear mathematics.
No other cryptosystem or method provides operations on rested encrypted data, so passive encryption—an unfulfilled requirement of the TCSEC since 1983, is no longer an issue.
Private biometrics, as implemented in a system that conforms to IEEE 2410-2018 BOPS III, comply with the standards of the Multiple Independent Levels of Security/Safety (MILS) architecture.
MILS builds on the Bell and La Padula theories on secure systems that represent the foundational theories of the US DoD Standard Trusted Computer System Evaluation Criteria (TCSEC), or the DoD “Orange Book.” (See paragraphs above.)
Private biometrics’ high-assurance security architecture is based on the concepts of separation and controlled information flow and implemented using only mechanisms that support trustworthy components, thus the security solution is non-bypassable, evaluable, always invoked and tamper proof.
A promising method of homomorphic encryption on biometric data is the use of machine learning models to generate feature vectors.
For black-box models, such as neural networks, these vectors can not by themselves be used to recreate the initial input data and are therefore a form of one-way encryption.
Indeed, the matrix multiplication from the neural network then becomes the vector of the face, is Euclidean measurable but unrecognizable, and cannot map back to any image.
[16] Three years later, Ruud Bolle, Nilini Ratha and Jonathan Connell, working in IBM's Exploratory Computer Vision Group, proposed the first concrete idea of cancelable biometrics.
[23] Indeed, it was first claimed that the BioHashing technique had achieved perfect accuracy (equal error rates) for faces, fingerprints and palm prints, and the method gained further traction when its extremely low error rates were combined with the claim that its biometric data was secure against loss because factoring the inner products of biometrics feature and TRN was an intractable problem.
[24][25] These researchers also reported that the non-invertibility of the random hash would deteriorate the biometric recognition accuracy when the genuine token was stolen and used by an impostor (“the stolen-token scenario”).
However, the method was vulnerable to data loss due to the existence of secret keys that were to be managed by trusted parties.
Widespread adoption of the approach also suffered from the encryption schemes’ complex key management and large computational and data storage requirements.