printer friendly version

Breakthrough in biometric token replay

The RAU-Standard Bank Academy for Information Technology recently achieved a breakthrough in the replay of biometric tokens. One of the major problems of sending any biometric token over a network, and specifically a public network like the Internet, is that if the token is intercepted (sniffed), it can be replayed even if the token had been encrypted.

This possibility of replaying such a token, of course gives rise to serious risks, because the user cannot replace the token or choose a new one - the specific biometric token is uniquely linked to the user. If a user's right thumb biometric token is compromised he cannot choose another right thumb - the token is permanently compromised.

To date it was not possible to recognise a replayed biometric token as such. This is one of the main reasons why biometric tokens (fingerprints, iris prints, retinal prints, palm prints, etc) are not yet used as widely as the technology of biometrics deserves. The Academy's system, known as BioVault, aims to solve this inherent problem. A recent product demonstration showed how a biometric token, in this case a fingerprint, was sent over a network, and compromised by being intercepted (sniffed) during transmission without the knowledge of the user.

The intercepted biometric token was then replayed. When this sniffed token was replayed with BioVault switched off, the replayed (masquerading) token was accepted as an original. When BioVault was switched on, the replayed (sniffed) token was immediately rejected as a replay.

The RAU has taken out a provisional patent on the underlying algorithm used in BioVault. At least two advanced post graduate projects are presently active to thoroughly test the characteristics of BioVault, and then to expand its use.

Share this article:

Further reading: