Breakthrough in biometric token replay

August 2003 Access Control & Identity Management

The RAU-Standard Bank Academy for Information Technology recently achieved a breakthrough in the replay of biometric tokens. One of the major problems of sending any biometric token over a network, and specifically a public network like the Internet, is that if the token is intercepted (sniffed), it can be replayed even if the token had been encrypted.

This possibility of replaying such a token, of course gives rise to serious risks, because the user cannot replace the token or choose a new one - the specific biometric token is uniquely linked to the user. If a user's right thumb biometric token is compromised he cannot choose another right thumb - the token is permanently compromised.

To date it was not possible to recognise a replayed biometric token as such. This is one of the main reasons why biometric tokens (fingerprints, iris prints, retinal prints, palm prints, etc) are not yet used as widely as the technology of biometrics deserves. The Academy's system, known as BioVault, aims to solve this inherent problem. A recent product demonstration showed how a biometric token, in this case a fingerprint, was sent over a network, and compromised by being intercepted (sniffed) during transmission without the knowledge of the user.

The intercepted biometric token was then replayed. When this sniffed token was replayed with BioVault switched off, the replayed (masquerading) token was accepted as an original. When BioVault was switched on, the replayed (sniffed) token was immediately rejected as a replay.

The RAU has taken out a provisional patent on the underlying algorithm used in BioVault. At least two advanced post graduate projects are presently active to thoroughly test the characteristics of BioVault, and then to expand its use.

For more information contact Prof Basie von Solms, RAU, 011 489 2843,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A contact-free hotel experience
Issue 7 2020, Technews Publishing , Access Control & Identity Management
Check-in and go straight to your room without stopping at the reception desk at Hotel Sky in Sandton and Cape Town.

AI digitises coronavirus management
Issue 7 2020, NEC XON , Access Control & Identity Management
NEC XON is using NeoFace Watch and specialised thermography cameras to measure temperature and identify employees and visitors.

Combining visual and IR face recognition
Issue 7 2020, Suprema , Access Control & Identity Management
The FaceStation F2 offers face recognition and anti-spoofing performance.

Anviz unveils FaceDeep5
Issue 7 2020, ANVIZ SA , Access Control & Identity Management
Anviz Global has unveiled its new touchless facial recognition identity management and IoT biometric device.

Touchless biometric options
Issue 6 2020, Entry Pro , Access Control & Identity Management
When it comes to estate access control management, the foremost topic of conversation at the moment seems to be the importance of touchless biometrics.

Fast access to Kevro production facilities
Issue 6 2020, Turnstar Systems , Access Control & Identity Management
Employee and visitor access at Kevro’s Linbro Park premises in Gauteng is controlled through eight Dynamic Drop Arm Barriers from Turnstar.

Know your facial recognition temperature scanner
Issue 6 2020, ViRDI Distribution SA , Access Control & Identity Management
Facial recognition with temperature measurement is, for the most part, available in one of two technologies – thermopile and thermography/IRT.

Suprema integrates with Paxton’s Net2 access control
Issue 6 2020, Suprema , Access Control & Identity Management
Suprema has announced it has integrated its devices with Paxton’s access control system, Net2.

Contactless check-in at hotels
Issue 6 2020 , Access Control & Identity Management
Onity has delivered the DirectKey mobile access solution to hotel chains around the globe, which allows for contactless check-in and property access.

UFace facial recognition now in SA
Issue 6 2020, Trac-Tech , Access Control & Identity Management
Trac-Tech has secured the distribution rights to the UFace range of contactless biometric facial recognition and identity management IoT devices.