Changeable Fingerprint
If someone steals your fingerprint, “cancelable biometrics” software from IBM can issue a new one.
Your fingerprints are yours and yours alone, and that makes them a useful tool for confirming the identity of people doing things like conducting secure banking transactions or passing through corporate security checkpoints.
Trouble is, it’s theoretically possible for a hacker to break into the software of, say, an employer, steal a copy of your stored fingerprint, and later use it to gain entrance.
So researchers at IBM have come up with “cancelable biometrics”: if someone steals your fingerprint, you’re just issued a new one, like a replacement credit card number.
This story is only available to subscribers.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.
Subscribe now
Already a subscriber?
Sign in
You’ve read all your free stories.
MIT Technology Review provides an
intelligent and independent filter for the
flood of information about technology.
Subscribe now
Already a subscriber?
Sign in
The IBM algorithm takes biometric data and runs it through one of an infinite number of “transform” programs. The features of a fingerprint, for example, might get squeezed or twisted. A bank could take a fingerprint scan when it enrolls a customer, run the print through the algorithm, and then use only the transformed biometric data for future verification.
If that data is stolen, the bank simply cancels the transformed biometric and issues a new transformation. And since different transformations can be used in different contexts – one at a bank, one at an employer – cross-matching becomes nearly impossible, protecting the privacy of the user.
Finally, the software makes sure that the original image can’t be reconstituted from the transformed versions. IBM hopes to offer the software package as a commercial product within three years.
