Encrypting Biometric Data Over the Network

I am looking for theoretical information on an Encryption system that would encrypt Biometric data before it is sent over a network to a central processing pc. Once the encrypted data is received, it is decrypted, and matched against existing biometric templates - the system then responds according to the results of the matching system?

I am not looking for existing commercial Biometric systems that are advertised, rather, I need theoretical information on how this would work (if there is a commercial company that shows you how this works then that is fine). Also, I would rather it be a simple encryption system, something that is widely available, simple to use and implement and has stood the test of time.

Thanx in advance
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
Data is data... 0's and 1's ... and if you have an onboard chip in the Bio-metric sending unit, or software on that unit, it seems pretty simple. You'd use a pre-shared key, cert, or passphrase on the sending unit, so the recieving unit could decrypt it with the proper pass, cert or key. There are plenty of IC chips that a biometric manufacturer could choose from, as well as software.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
khubliAuthor Commented:

Thanks for your reply, I think I understand what you mean - could you provide me with links so I may research this further?

zero byte

I think you have misunderstood me, you have provided me with links that give info on creating crypotgraphic keys from Biometric information, I am looking for encrypting the data at the sending unit and decrypting it at the receiving unit purely for the purposes of secure transmission over the network. Presumably this is already employed in secure environments, I just need some information in regards to what cryptographic techniques can be employed and how they work?

Thanks in advance
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Sorry for the confusion so you basicaly are concerned with protecting the data during transmission. You may want to look into TPM (Trusted Platform Modules) as a hardware type solution to this or you could use strong cryptography and encryption techniques such as Secure Sockets Layer (SSL), Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPSEC) to safeguard sensitive biometric data during transmission over the network.

Why reinvent the wheel?  Use HTTPS -- the same way credit card numbers are sent over the Internet.


It depends what you want to do. Do you want to make sure that the data is secure while in transit? Or do you want to encrypt the data to prevent interception while in transit over unsecure pathways?

Basically, I'm asking are you encrypting it because you don't trust your network, or just for the sake of encrypting it? Either way, I would use an SSH tunnel *how to set one up, I'll leave as an exercise for the reader!* The tunnel will be encrypted, and protected from end to end, the data will be safe from the point of origin to destination. Even if it was to be intercepted, you can't tell the tunnel data from the real data.

Oh, and SSH is free, extremely secure, and takes about 15, no maybe 20 seconds to setup.

A useful site on Biometric and secuirty which you can reference more for your project
Technology Reports : XML Common Biometric Format (XCBF)

September 16, 2003] "XML Common Biometric Format (XCBF) Ratified as OASIS Standard." - "The OASIS standards consortium today announced that its members have approved the XML Common Biometric Format (XCBF) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. XCBF provides a standard way to describe information that verifies identity based on human characteristics such as DNA, fingerprints, iris scans, and hand geometry. XCBF can be used in applications as varied as homeland security, corporate privacy, law enforcement, and biotechnical research. It will assist in identifying citizenship, measuring attendance, controlling access to documents, facilitating non-repudiation in commerce, and many other functions. Tyky Aichelen of IBM, chair of the OASIS XCBF Technical Committee, stated, "XCBF bridges the gap between the worlds of biometrics and Web services, making it possible to have a common, standardized, secure way to define, store, manage, and exchange biometric information with greater interoperability between systems." "Traditional biometric standards are based on binary encoding formats, which severely limit their use in XML-enabled systems and applications," explained John Messing, American Bar Association representative to OASIS. "By providing a standard way for biometric information to be exchanged using XML, XCBF literally redefines biometrics as a practical solution for a Web-based environment."

 "Biometrics are measurable physical characteristics or personal behavioral traits that can be used to recognize the identity of an individual, or to verify a claimed identity. This specification defines a common set of secure XML encodings for the patron formats specified in CBEFF, the Common Biometric Exchange File Format (NISTIR 6529). These CBEFF formats currently include the binary biometric objects and information records in two ANSI standards. These XML encodings are based on the ASN.1 schema defined in ANS X9.84:2002 Biometrics Information Management and Security. They conform to the canonical variant of the XML Encoding Rules (XER) for ASN.1 defined in ITU-T Rec. X.693, and rely on the same security and processing requirements specified in X9.96 XML Cryptographic Message Syntax (XCMS). Values of the Biometric Information Record (BIR) defined in ANSI/INCITS 358-2002 - Information technology - BioAPI Specification can be represented in the X9.84 biometric object format can also be represented using XML markup and secured using the techniques in this standard. This standard defines cryptographic messages represented in XML markup for the secure collection, distribution, and processing, of biometric information. These messages provide the means of achieving data integrity, authentication of the origin, and privacy of biometric data in XML based systems and applications. Mechanisms and techniques are described for the secure transmission, storage, for integrity and privacy protection of biometric data."

Related Resources
XML Encryption
"XML Encryption is a method whereby XML content can be transformed such that it is discernable only to the intended recipients, and opaque to all others. There are many applications for such a specification given the increasing importance of XML on the Internet and Web including the protection of payment and transaction information. The proposed work will obviously address how to encrypt an XML documents including elements. The XML Encryption Syntax and Processing Recommendation was produced by members of the W3C XML Encryption Working Group, chartered "to develop a process for encrypting/decrypting digital content (including XML documents and portions thereof) and an XML syntax used to represent the (1) encrypted content and (2) information that enables an intended recipient to decrypt it. The XML Encryption Recommendation "specifies a process for encrypting data and representing the result in XML. The data may be arbitrary data (including an XML document), an XML element, or XML element content. The result of encrypting data is an XML Encryption EncryptedData element which contains (via one of its children's content) or identifies (via a URI reference) the cipher data. When encrypting an XML element or element content the EncryptedData element replaces the element or content (respectively) in the encrypted version of the XML document. When encrypting arbitrary data (including entire XML documents), the EncryptedData element may become the root of a new XML document or become a child element in an application-chosen XML document. This specification implements features outlined in the XML Encryption Requirements document, which "lists the design principles, scope, and requirements for XML Encryption. It includes requirements as they relate to the encryption syntax, data model, format, cryptographic processing, and external requirements and coordination."


XML Encryption Syntax and Processing. W3C Recommendation 10-December-2002.
XML Encryption Requirements. W3C Note 04-March-2002.
W3C XML Encryption Working Group
W3C XML Encryption Working Group Charter
JSR 106: XML Digital Encryption APIs
XML and Encryption. Local reference document.
My contribution was negligible, please give the points to others.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.