CertainID

CertainID™ Enables biometric authentication of individuals and information over a network, while ensuring the security and privacy of each user's biometric signature.

In conventional network based biometric systems, biometric templates are stored online in one or more databases and accessed remotely in order to verify a user’s identity. This process presents major privacy and security risks if the database is hacked, since biometric signatures (i.e. fingerprints, retina scans and facial features) are permanent and cannot be changed. Once compromised, harm is permanent. The stolen biometric template can be used by maliciously to claim the identity of the victim – in perpetuity. DNA-based biological features cannot be changed as they are stored in each of the 100 trillion cells of the human body. These challenges make biometrics-based security solutions (e.g., authentication, confidentiality and digital signature) risky for both users from whom these features are extracted, and organizations which extract and store these features. 

What is needed is a way to secure devices and transactions so that the authorised user can be authenticated, without the need for biometric templates to be exposed to the internet. Kollakorn has developed and patented a design specification to address this issue and ensure that biometric templates are not exposed on the internet and authorized users are authenticated

CertainID uses biometric information to lock and unlock revokable security keys, store only encrypted security keys and use these keys to secure (i.e., sign or encrypt) application transactions. Hence, CertainID eliminates the need for storage of any biometric information. The biometric information is used to create a revokable master key and the master key is used to encrypt a set of randomly generated private keys. Users present their biometric features to unlock a private key for signing (or decrypting) a transaction. Verification of signed transactions can be done by using the public key available to anybody.

Similarly, a transaction that should be viewable only by the user can be encrypted by anybody using the public key of the user. The user has the freedom to revoke and renew these public/private keys at any time. Even when an adversary obtains these encrypted keys, they can extract no information on the users' biometric features.

CertainID solves the problem of biometric information being stored on unsecure devices. 

CertainID helps remove the security key management burden and associated risks both from individuals and organizations. Users can safely present their biometric information knowing that this sensitive information will not be stored on any devices. Organizations only need to store encrypted security keys which can be revoked in the worst-case scenario. CertainID will allow technology vendors to comply with security and privacy regulations. This is achieved while ensuring that an individual’s mass biometric data is not lost or compromised. If the device storing CertainID data is lost or compromised, no sensitive information associated with individuals can be hacked off the device. CertainID improves cyber security in all digitally enabled domains. 

CertainID is applicable to any internet activity that requires secure, reliable identification of a person, rather than just a device. Examples of applications include:

• Biometric authentication of the sender and recipient of sensitive or classified information

• Biometric authorisation of any financial transactions, either web-based or in-store

• Ensuring the privacy and security of on-line personal records such as student records, medical records, and Government records

• Ensuring the privacy and security of contractual documents

• Securely identifying participants on social networking sites

• Protection against identity theft

• Thwarting internet predators

A collaboration of Industry Leaders in Cybersecurity:

The development of CertainID is a joint collaboration between CSIRO’s Data61, the digital and data science arm of Australia’s national science agency, and Kollakorn Corporation Ltd. Our aim is to make it safer for users to supply their biometric information and for organizations to build user-friendly solutions composed of strong biometrics-based security. A link to the CSIRO Data 61 CertainID Project Report can be found here.

Kollakorn also collaborates with Infinity Optics Pte Ltd (Infinity), a Singapore based Australian Company that develops advanced Biometric Cryptography and Biometric Solutions. The underpinning biometric input algorithm solution is Infinity’s Quantum Crypt (TM) technology which provides a unique biometric key management system that identifies the person without storing any biometric information. The technology platform enables most physiological biometric to generate a unique code dynamically when scanning your biometrics. The matching code generated and stored is revocable at any time. Traditionally, all this was not possible. This technology can be used with iris scanning, fingerprint scanning, facial scanning and any other form of biometric input, and with CertainIDTM provides an end-to-end solution resolving many pain points related to Privacy Protection and Cloud-Based Digital ID solutions and provides a secure enclave on how personal data is managed and stored.

For more information on Infinity Optics Pte Ltd visit: http://www.infinityoptics.com.sg

CSIRO Project Report - Click Here