Encrypting Biometric Data Over the Network

Posted on 2006-04-11
Last Modified: 2010-04-11
I am looking for theoretical information on an Encryption system that would encrypt Biometric data before it is sent over a network to a central processing pc. Once the encrypted data is received, it is decrypted, and matched against existing biometric templates - the system then responds according to the results of the matching system?

I am not looking for existing commercial Biometric systems that are advertised, rather, I need theoretical information on how this would work (if there is a commercial company that shows you how this works then that is fine). Also, I would rather it be a simple encryption system, something that is widely available, simple to use and implement and has stood the test of time.

Thanx in advance
Question by:khubli
    LVL 1

    Expert Comment

    LVL 38

    Accepted Solution

    Data is data... 0's and 1's ... and if you have an onboard chip in the Bio-metric sending unit, or software on that unit, it seems pretty simple. You'd use a pre-shared key, cert, or passphrase on the sending unit, so the recieving unit could decrypt it with the proper pass, cert or key. There are plenty of IC chips that a biometric manufacturer could choose from, as well as software.

    Author Comment


    Thanks for your reply, I think I understand what you mean - could you provide me with links so I may research this further?

    zero byte

    I think you have misunderstood me, you have provided me with links that give info on creating crypotgraphic keys from Biometric information, I am looking for encrypting the data at the sending unit and decrypting it at the receiving unit purely for the purposes of secure transmission over the network. Presumably this is already employed in secure environments, I just need some information in regards to what cryptographic techniques can be employed and how they work?

    Thanks in advance
    LVL 1

    Assisted Solution

    Sorry for the confusion so you basicaly are concerned with protecting the data during transmission. You may want to look into TPM (Trusted Platform Modules) as a hardware type solution to this or you could use strong cryptography and encryption techniques such as Secure Sockets Layer (SSL), Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPSEC) to safeguard sensitive biometric data during transmission over the network.

    LVL 4

    Expert Comment

    Why reinvent the wheel?  Use HTTPS -- the same way credit card numbers are sent over the Internet.

    LVL 5

    Assisted Solution

    It depends what you want to do. Do you want to make sure that the data is secure while in transit? Or do you want to encrypt the data to prevent interception while in transit over unsecure pathways?

    Basically, I'm asking are you encrypting it because you don't trust your network, or just for the sake of encrypting it? Either way, I would use an SSH tunnel *how to set one up, I'll leave as an exercise for the reader!* The tunnel will be encrypted, and protected from end to end, the data will be safe from the point of origin to destination. Even if it was to be intercepted, you can't tell the tunnel data from the real data.

    Oh, and SSH is free, extremely secure, and takes about 15, no maybe 20 seconds to setup.
    LVL 7

    Assisted Solution


    A useful site on Biometric and secuirty which you can reference more for your project
    Technology Reports : XML Common Biometric Format (XCBF)

    September 16, 2003] "XML Common Biometric Format (XCBF) Ratified as OASIS Standard." - "The OASIS standards consortium today announced that its members have approved the XML Common Biometric Format (XCBF) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. XCBF provides a standard way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry. XCBF can be used in applications as varied as homeland security, corporate privacy, law enforcement, and biotechnical research. It will assist in identifying citizenship, measuring attendance, controlling access to documents, facilitating non-repudiation in commerce, and many other functions. Tyky Aichelen of IBM, chair of the OASIS XCBF Technical Committee, stated, "XCBF bridges the gap between the worlds of biometrics and Web services, making it possible to have a common, standardized, secure way to define, store, manage, and exchange biometric information with greater interoperability between systems." "Traditional biometric standards are based on binary encoding formats, which severely limit their use in XML-enabled systems and applications," explained John Messing, American Bar Association representative to OASIS. "By providing a standard way for biometric information to be exchanged using XML, XCBF literally redefines biometrics as a practical solution for a Web-based environment."

     "Biometrics are measurable physical characteristics or personal behavioral traits that can be used to recognize the identity of an individual, or to verify a claimed identity. This specification defines a common set of secure XML encodings for the patron formats specified in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529). These CBEFF formats currently include the binary biometric objects and information records in two ANSI standards. These XML encodings are based on the ASN.1 schema defined in ANS X9.84:2002 Biometrics Information Management and Security. They conform to the canonical variant of the XML Encoding Rules (XER) for ASN.1 defined in ITU-T Rec. X.693, and rely on the same security and processing requirements specified in X9.96 XML Cryptographic Message Syntax (XCMS). Values of the Biometric Information Record (BIR) defined in ANSI/INCITS 358-2002 - Information technology - BioAPI Specification can be represented in the X9.84 biometric object format can also be represented using XML markup and secured using the techniques in this standard. This standard defines cryptographic messages represented in XML markup for the secure collection, distribution, and processing, of biometric information. These messages provide the means of achieving data integrity, authentication of the origin, and privacy of biometric data in XML based systems and applications. Mechanisms and techniques are described for the secure transmission, storage, for integrity and privacy protection of biometric data."

    Related Resources
    XML Encryption
    "XML Encryption is a method whereby XML content can be transformed such that it is discernable only to the intended recipients, and opaque to all others. There are many applications for such a specification given the increasing importance of XML on the Internet and Web including the protection of payment and transaction information. The proposed work will obviously address how to encrypt an XML documents including elements. The XML Encryption Syntax and Processing Recommendation was produced by members of the W3C XML Encryption Working Group, chartered "to develop a process for encrypting/decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the (1) encrypted content and (2) information that enables an intended recipient to decrypt it. The XML Encryption Recommendation "specifies a process for encrypting data and representing the result in XML. The data may be arbitrary data (including an XML document), an XML element, or XML element content. The result of encrypting data is an XML Encryption EncryptedData element which contains (via one of its children's content) or identifies (via a URI reference) the cipher data. When encrypting an XML element or element content the EncryptedData element replaces the element or content (respectively) in the encrypted version of the XML document. When encrypting arbitrary data (including entire XML documents), the EncryptedData element may become the root of a new XML document or become a child element in an application-chosen XML document. This specification implements features outlined in the XML Encryption Requirements document, which "lists the design principles, scope, and requirements for XML Encryption. It includes requirements as they relate to the encryption syntax, data model, format, cryptographic processing, and external requirements and coordination."


    XML Encryption Syntax and Processing. W3C Recommendation 10-December-2002.
    XML Encryption Requirements. W3C Note 04-March-2002.
    W3C XML Encryption Working Group
    W3C XML Encryption Working Group Charter
    JSR 106: XML Digital Encryption APIs
    XML and Encryption. Local reference document.
    LVL 4

    Expert Comment

    My contribution was negligible, please give the points to others.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now