Innovya Traceless Privacy Friendly Biometrics Technology

They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.

Franklin’s Contributions to the Conference on February 17 (III) Fri, Feb 17, 1775

Trampling human privileges cannot be considered as an instrument that protects the nation. Biometric collection is a compulsive tail-chasing – The bigger the privacy violation the more progress it makes away from its real goals - (Michael (Micha) Shafir)  

Biometric collection(s) – “Catch 22

PROVIDING ANONYMITY IS ONE OF THE CENTRAL THEMES OF PRIVACY PROTECTION: THE CRIMINALS NEW JOY WITH BIOMETRICS IS, ONCE YOU’VE FOOL THE SYSTEM, YOUR FAKED FINGERPRINT IS MADE OF THE SAME STUFF AS FRUIT PASTILLES, SO YOU CAN SIMPLY DRESS THE EVIDENCE ON OTHER INNOCENT VICTIM, WITHOUT LETTING THE VICTIM ANY CHANCE TO HOLD HIMSELF BLAMELESS.

Although it looks or sounds obvious, the technology and systems behind Biometric authentication are not well understood by most people, apparently not by the governments and as it appears, not even by the Biometric solution providers themselves. The ONLY reason for using Biometrics (Body Parts Identifiers) is to bridge the verification gap between humans and machines.

Biometrics authentication system should as it name offers: Authenticate You, NOT Recognize you! without keeping any unique or personal Biometric identifications, or  templates, or tokens in any storage system namely, to be biometrically traceless, such that an exact image or copy of the biometric information is not maintained.

Perhaps no form of identification has been more significant in recent history, than the use of fingerprints in the criminal justice system. Since their first official recorded use in the solving of a murder case by Juan Vucetich, a statistician and the head of the Argentine Bureau of Anthropometric Identification in 1892, fingerprints have been used by police forces around the world to identify criminals and place them at crime scenes, bringing countless numbers of criminals to justice. As a result of this first recorded case, in 1896 Argentina became the first country to file criminal records using fingerprint classification. Previous to this, anthropometric records, which listed some of the unchanging dimensions of the adult human body (such as finger length and head width), had often been used for identification purposes

Automatic systems should NEVER ask you as an innocent “Who are you?”… Automatic Biometric authentication system should only verify that your presented credentials belong to you “Is it really your ID?” (ID document(s), username/password, etc.).  Innocent people need to prove who they are with authenticated ID’s. Innocent people should NOT be recognized “automatically” by their “body parts copies” stored in “Private” or “National” databases…

Today, most Biometric Systems are designed to work specifically in place where they are located, like office buildings (Bars in Australia…) or hospitals. Once identical information is stored outside of governmental boundaries, the potential of using it commercially is huge, especially by hostile governments that might be willing to pay a lot for these otherwise indiscoverable information elements. Above all the advantages and disadvantages this technology, we will unintentionally be creating ripples in the field of security and privacy.

The Biometric Databases are virtually free from government regulation as biometrics are not covered by privacy laws, meaning that the handling of details are left to the discretion of technology vendors.

The best secrets are secrets that are never shared. Storing invasive Biometric secrets on a readable electronic card from which any simple RF dump reader can extract that information, in the same way as international border readers do, or storing your personal information together with your biometric characteristics on a readable electronic device is like sticking a label with your PIN on the back of your ATM card!

People want to be able to draw a circle around their personal information, and do not want parts of their body electronically stored in databases. Our system of government tells us that we are entitled to control all that falls inside this circle; we ought to be able to regulate how, to whom, and for what reasons the information within this circle is disseminated. Privacy advocates imagine a world in which companies/vendors will sell biometric data of innocents’ body parts the way they sell email addresses and phone numbers.

People may also wonder whether a huge database will exist somewhere that contains vital information about everyone in the world, and whether that information would be safe there.

“Break the Passport chip with a hammer”

The US State Department is backpedaling like crazy from their earlier statement that the RFID-enabled passports are safe and secure. [ Bryce Longton – BlackBook Magazine]

The Biometrics Paradox: Are we planning to carry as many biometric smart cards as we currently carry credit and ID cards? The private sector, the public sector and governments (e.g. border control) separately are collecting and extracting the same information from the same Biometric resources. Where the invasive Biometric templates are going to be stored?  Who is going to control its access? Logical Conclusion: Encryption is becoming useless… Privacy is getting demolished in any case…

 

What is a Digital Passport?

A digital passport, also called Biometric Passport or ePassport is the same as the traditional passport with the addition of a small integrated circuit or chip embedded in the back cover.

Biometric Chip - Security risk and a Single Point of Failure

The Digital passport contains a microchip which contains the same information as on the picture page and a biometric photograph in addition to a machine readable zone. The chip is based on the “WORM” technology which stands for “Write Once, Read Many”. Or as hackers like to call it “Write Once, Clone Many”… These passports are designed to identify the bearer more securely but have ended up achieving exactly the opposite of what they were designed for, in the first place: The ability to clone passports has become much easier. With the old passport, we knew where we stood. If you lost it you knew you had lost it, but with the new, machine readable passports the story is very different. When you take a digital photo the image is, in fact, a code, which means that however many prints you make they are all exactly the same. With a simple RFdump, a hacker can easily download the passport’s data to his computer and then onto a blank chip. Logically we might conclude that (democratic) countries are not going to giveaway their own citizen’s Body Parts secrets to third parties. Namely the “only giveaway” information is the (sensitive) stored information on that cloneable chip… When the cloned ePassport is read and compared to the original one it behaves exactly the same.

Encrypted Biometric (“A piece of yourself”) will not protect your privacy

An identity card with your own private Biometric information on it (raw or encrypted),  will not protect you against misuse of your body parts details or your privacy, since you give this sensitive information away every time you use the card with your body (Biometric) Information on it, at any modern public entrance or when you travel abroad. It can be argued that using an ID card with your cloned Biometric information on it, will prove it is not faked, but this will involve having your unchangeable body parts scanned (Fingerprints, Eyes etc.) whenever you use the ID card… how innocents will be able to keep their own body information undisclosed, if every foreign reader can totally expose it and/or save this sensative information for unknown “future use”? – This is logically and legally impractical. Much of the ‘security’ provided by biometric ID cards and passports is aimed at proving the card/ePassport is genuine, however, this offers no protection against a genuine card (or the ‘phished’ biometric and PIN) being used fraudulently.

All Biometrics Are Vulnerable to Spoofing by Fake Copies

  • Gummy fingerprints in latex
  • Tape recording of a person’s voice
  • Mask or photograph of a person’s face
  • Contact lens or photograph of a person’s iris pattern
  • Some iris cameras can be spoofed
  • Lab creates fake DNA evidence

 

No Biometric pattern should be considered a secret

 

Spoofing Hand Geometry Systems
Spoofing Hand Geometry Systems

Tsutomu Matsumoto is a Japanese mathematician, a cryptographer who works on security, and he decided to see if he could fool the machines which identify you by your fingerprint. This home science project costs about £20.

Tsutomu Matsumoto is a Japanese mathematician, a cryptographer who works on security, and he decided to see if he could fool the machines which identify you by your fingerprint. This home science project costs about £20. Take a finger and make a cast with the moulding plastic sold in hobby shops. Then pour some liquid gelatin (ordinary food gelatin) into that mould and let it harden. Stick this over your finger pad: it fools fingerprint detectors about 80% of the time. The joy is, once you’ve fooled the machine, your fake fingerprint is made of the same stuff as fruit pastilles, so you can simply eat the evidence…..

____________________________________________________________________________________________

Obama on Cyber Attack – What you can store; I can steal

____________________________________________________________________________________________

The Innovya Corporate Mission is to apply Innovative Privacy Friendly Authentication Technology to eliminate ID fraud by binding the ID Document Holder to the ID Document Owner and thus increase safety of  traveling and the ability to conduct business securely

__________________________________________________________________________________

Biometrics is a generic term that refers to a wide range of measures of Human Body Parts. Biometric methods have been used in cryptography for so called “keeping innocents privacy”.  We point out that as long the decryption of the “Encrypted Biometric information” can be used to point on a unique person, it is actually a faked cover-story for “privacy protection”, or in other words – an illusion of a pseudo-privacy protection. Traceable or stored biometric information in Database(s) or “Smartcard” is a computerized invasive method that able to simulate human attendance by mimicking the adaptability of the living persons using their enduring physical or behavioral characteristics, as a result of the fact that biometrics offer irrefutable evidence of one’s identity. Biometric properties from the perspective of traces or permanent storage can now lead to undesired identification via attendance simulation or tracing of the activities of an individual by Governments (they certainty have the encryption keys), because of the power of computers. The “pseudo state of a person being presence” made by the biometric simulation system is able to mimic the living persons attendance even if the legitimate owner of the enrolled biometrics information, is not aware of this process or not physically present in front of the biometric system. This fact by itself provse unconditionally that collectable (Traceable) Biometric technologies have extremely serious implications for human rights in general, and privacy in particular. There is no better security for Biometric data than not collecting it or cloning it on external devices in the first place. And when data is no longer needed, the best security for it is to destroy it.

Another privacy problem with common biometric systems is that the most effective way to achieve maximum system matching is to compare biometric images to a template by using raw data, seeing that:  Biometric Encryption is the process of using a characteristic of the body as a method to code or scramble/descramble data. Since these characteristics are unique to each individual, the biometric information readers, cameras and sensors must all yield identical results, which is not the case for worldwide biometric information readers, because scanned biometric that are getting encrypted are reappears and vary from one reading to the next, syndrome codes are applied to compensate incorrectness biometric vectors to accelerate unmatched scrambled ciphers, that naturally affecting the performance characteristics of the algorithm. Most biometric authentication systems use a similarity score as an internal variable, whereby if enough numbers of starting points are given, it is possible to find the highest point without being trapped by local minima. However, different readers, cameras and sensors, manufactured by different manufacturers, generate ever so slightly different biometrics results. Varying starting results, when encrypted alike, will not yield the exact same decrypted result. This will force the solution providers to cheat the system or the public and use or transmit over the lines invasive private cloneable raw data….

Technology Benefits

The innovative technology ensures that Innovya Traceless Biometrics have the following benefits:

  • Inexpensive – no need to change the current documents nor the structure
  • Able to authenticate innocent strangers anywhere around the globe
  • Able to authenticate strangers, even if they’re not known to the system without information submission
  • No need to  submit (spread) invasive information, stored on electronic chips to other foreign countries
  • Does not require infrastructure (can work offline)
  • No need for proprietary scanners/readers (any mix fits)
  • No need for central databases, no storage, no Smart Cards, no templates
  • Privacy friendly – non unique nor clonable and must be traceless
  • Cancelable Biometrics – Letting the subject cancel/change his own biometric mark by himself anytime anywhere
  • Standard without secrets give-away – Easy integration with foreign applications without changing their core procedures (transparent)
  • Can be spread anywhere (no single key) without risk of breach
  • Fast, reliable, anonymously, mobile, non-unique, irreversible, accurate, unidirectional, high entropy
  • Able to authenticate anywhere across the globe! (Even in the desert or high seas) without communication

Biometric storage (Unconcealed or Encrypted, Database or Smartcard) is dangerous

Traceable Biometric storages, such as fingerprint identification, iris and retina scanning, face recognition and hand geometry, is becoming increasingly common in the public and private sectors. This fact by itself is creating a huge concern and a logical conflict between government’s interests to keep their own citizens private (invasive) information under their own supervision. Wild duplication of Biometric data storages will open new opportunities to trade with this valuable information. Innocent people and privacy advocates might wonder whether companies will sell biometric data of innocent’s body parts, the way they sell email addresses and phone numbers. People may also wonder whether a huge database will exist somewhere that contains vital information about everyone in the world, and whether that information would be safe there.

_____________________________________________________________________________________

“The computer, with its insatiable appetite for information, its image of infallibility, its inability to forget anything that has been put into it, may become the heart of a surveillance system that will turn society into a transparent world in which our home, our finances, our associations, our mental and physical condition are laid bare to use most casual observer.” (Prof. Arthur Miller. “Statement to Sub-Committee of US Senate on Administrative Practice and Procedure” March 14th, 1967)

_____________________________________________________________________________________

As with many rapidly expanding technologies that affect social life, biometrics has in a justifiable manner come under attack by civil libertarians. Privacy advocates argue that biometrics will lead to an even deeper erosion of personal privacy in both the real world and cyber-space.

Traceable or stored biometric information is a computerized invasive method that able to simulate human attendance by mimicking the adaptability of the living persons using their enduring physical or behavioral characteristics, as a result of the fact that biometrics offer irrefutable evidence of one’s identity. Biometric properties from the perspective of traces or permanent storage can now lead to undesired identification via attendance simulation or tracing of the activities of an individual, because of the power of computers. The “pseudo state of a person being presence” made by the biometric simulation system is able to mimic the living persons attendance even if the legitimate owner of the enrolled biometrics information, is not aware of this process or not physically present in front of the biometric system

Innovya‘s goal is to demonstrate how traceless non-unique biometric systems can themselves be advocates of privacy. We do so by solving the following issues:

  1. How can traceless biometric systems be designed so as not to intrude into personal data sets?
  2. How can government intervention through legislation guarantee privacy protection of users by adopting and enforcing the new traceless biometric authentication and identification systems?
  3. In the absence of government regulation, how much reliance can users of biometric systems have on self-regulation for privacy protection?

In our solution we are examining the authentication and identification requirements of networked digital environments, as well as the privacy requirements of such environments. This is followed by proving how traceless biometric systems are compatible with privacy requirements, and we show how the possible implications of regulation of the biometrics industry, both from government and the technical community may affect today’s digital world.

ePassport

ePassport

Call (Free) Directly to the company founder: Michael (Micha) Shafir

Michael [Micha] Shafir

Skype Me™!

Skype call to Michael (Micha) Shafir

Patent: SYSTEM AND METHOD FOR TRACELESS/ANONYMOUS BIOMETRIC IDENTIFICATION

Certificate of innovation patentCertificate of innovation patent

 

TRACELESS BIOMETRIC PATENTCertificate of innovation patent
http://www.Innovya.com
TEQ*CORNER 1616 Anderson R
Virginia/Washington DC, VA USA 22102
Phone: 1 (617) 466-9105
Fax: 1 (646) 351 0834

Share on Facebook
Post to Google Buzz
Bookmark this on Yahoo Bookmark
Bookmark this on Digg
Bookmark this on Google Bookmarks
Buzz This
Share on LinkedIn
Bookmark this on Digg