Public Release: 

A code to keep your fingerprints secure

New Scientist

"This article is posted on this site to give advance access to other authorised media who may wish to quote extracts as part of fair dealing with this copyrighted material. Full attribution is required, and if publishing online a link to is also required. This story posted here is the EXACT text used in New Scientist, therefore advance permission is required before any and every reproduction of each article in full. Please contact Please note that all material is copyright of Reed Business Information Limited and we reserve the right to take such action as we consider appropriate to protect such copyright."


THIEVES could soon have a much tougher time stealing your digital identity, thanks to a new way of storing fingerprints, iris scans and facial images.

Unlike conventional biometric systems that store your raw details, the technique generates its own unique code from your fingerprint or scan that cannot be used to recreate the raw details. This code is then stored, but is useless unless the original body part is also present, meaning no one can steal your biometric details and use them elsewhere.

Biometric technologies are increasingly being used to control access to buildings, computers and even cellphones. Fingerprint scanners, for example, have been fitted to some laptops and memory sticks as an alternative to passwords.

There are inherent security risks. To verify your fingerprint each time you scan it, the device has to store either an original image of your print, or the digital code representing it. Every device, building or piece of software that uses your biometric information will have the same image or code. This has led to fears that by stealing your laptop, say, a thief could gain access to your biometric and use it to not only decrypt your computer files, but also to access bank or email accounts.

This situation will be all the more serious with the advent of government and company databases storing millions of people's biometric information.

Now Emin Martinian at the Mitsubishi Electric Research Laboratories (MERL) in Cambridge, Massachusetts, and colleagues have created an algorithm that ensures the raw biometric need never be stored. "The only person who should have your fingerprint is you, on the end of your finger," says MERL director Joe Marks.

The algorithm manipulates the ones and zeros of your biometric code to produce a second, shorter code known as a syndrome. If a hacker gains access to the syndrome, he cannot use it to recreate your biometric because billions of different strings of ones and zeros could give that same syndrome and he has no way of knowing which one it is. When the legitimate user logs on, he scans his finger. Specks of dirt and slight differences in geometry will mean the biometric code produced is slightly different to the original one used to create the syndrome, but by comparing it with the syndrome and applying an "errorcorrecting" algorithm, the original fingerprint can be reconstructed.

Other teams are also tackling biometric storage issues. Nalini Ratha and colleagues at IBM Research in Hawthorne, New York, have developed algorithms that warp a biometric. The warped version is then stored, while the original is deleted. If the laptop is stolen or a database breached, the owner of the warped biometric can cancel it and create a different warp. "I keep only the cancellable version," says Ratha. Martinian says this system would not be as secure as his, as a thief could still make use of the warped biometric to decrypt data on the laptop.


Author: Celeste Biever


UK CONTACT - Claire Bowles, New Scientist Press Office, London:
Tel: +44(0)20 7611 1210 or email

US CONTACT - New Scientist Boston office:
Tel: +1 617 386 2190 or email

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.