William J. Lawson, Ph.D.
Technical PM/Advisory Board, ICDRI
AT&T Global Network Services
August 19, 2003
A potential application of conjecture would be the function of biometrics to protect the copyright privileges of music, movies, e-books, and software creators from being stolen or shared (as illustrated by the Napster peer-to-peer file sharing saga). It is my hypothesis that a biometric algorithm could be employed to encrypt and decrypt media stored on a multitude of mediums (e.g. CD-R/RW, DVD-R/RW, flash memory, etc.). The end result would be that only the legitimate owner of the copyright material might access the work of art.
WHAT IS ENCRYPTION?
Encryption is not a new concept, for as long as the human race has sought to secure communications encryption has existed. An encryption is nothing more than the application of a mathematical algorithm to information in order to camouflage the information (data/message) that is either transmitted or stored in a database.
Biometric Encryption is the process of using a characteristic of the body as a method to scramble or unscramble data. Physical characteristics such as fingerprints, retinas and irises, palm prints, facial structure, and voice recognition are just some of the many methods of biometric encryption being researched today.
Biometric encryption makes standard character encryption, such as passwords, PINs, or tokens obsolete by replacing or supplementing standard characters with a biometric key. The biometric key is a data string that has been derived from a biological trait (e.g. fingerprint, voice print, etc.) that is unique to the user/owner. Since these characteristics are unique to each individual, biometrics is seen as the answer to combat theft and fraud of electronic copyrighted material.
STORAGE OF KEY
What would seem to be the easiest to manage becomes the most difficult because passwords or PINs can be lost or stolen. Good encryption keys are much too long for normal individuals to remember easily so they are usually stored on smart cards, RFIDs, diskettes, within a file on a computer, or worst yet the keys are written to paper. The aforementioned storage methods allow the keys to accessible to non-authorized users. Therefore, safe storage of the key is the most vulnerable area of the encryption process.
Biometric keys are not vulnerable to unauthorized users, because they do not have to be remember or stored in the same fashion as a password or PIN. Biometric key cannot be lost or easily stolen, as the key is the user’s body. Some may pose that question, “If someone cuts off my finger can they use it?” With the biometric technologies of today the answer is no. Embedded in the processes of today’s biometric technologies is what has been deemed as a liveness test. A liveness test uses things like the presence of pores, oxygen in the blood, and heat to determine the authenticity of the presented biometric. Without this biometric key the information is inaccessible.
With the availability of CD-RW drives, DVD-RW drives, flash memory of MP3 players the BECT can be easily deployed by following a few simple registration procedures (steps).
1. Copyrighted media can be purchased just as it is today, from stores and/or online.
2. Once purchased, the consumer must register the copyrighted media using a fingerprint or another acceptable biometric. Registrations can be accomplished at stores that sell the material or via the consumer’s home computer. (Note: For the home computer the consumer must have a biometric scanner).
3. The biometric is used as an encryption algorithm of the data and will be embedded to the storage medium as a certificate fashion. It is important to note that the biometric key is not and must ever be communicated to any entity; the biometric key must only be stored to the consumer’s media storage medium and/or playback device.
Playing or accessing the media requires that playback device (portable CD/DVD players, car CD/DVD players, home computers, PDAs, cell phones, and home entertainment systems) has a biometric scanner embedded into the device or attachable via a USB port. An advantage to this is that the playback device can also serve as a biometric scanner when attached to a computer via a USB port. Execution of playback is easy:
1. Load storage medium (CD, DVD, flash memory, etc.) into playback device.
2. Turn on power.
3. Present finger for scanning.
4. Listen to music.
As a general rule, I would recommend that playback devices retain the
consumer’s last biometric scan on static memory. By following this general rule
the customer can continue to change from one legally registered media to another
without having to continually represent their biometric. Of course once playback
device deprived of power or restarted by the consumer then the biometric must be
The conception of “Biometric Embedded Copyright Token (BECT)” is currently
only conjecture on the part of the author. However, that author will continue to
explore the many facets of the BECT and will seek a patent for this invention in
the near future.
Copyright © 1998