Traceless Biometrics Technology

Author: Michael Micha Shafir – Inventor

Innovya R&D

A traceless biometric system (TBS) is a method for identifying an individual through a

biometric identifier(s) that is designed to be non-unique. Instead of using unique
biometric information, an amorphous identifier(s) agent is replacing it. The amorphous
agent is an incomplete identifier(s) obtained from a fresh scanned biometric information
which is non-unique.
(Another alterable limit
indicator(s) form a
document(s) can be
added to overturn non-
unique combinations to
become unique). By
‘incomplete’ or 'alterable'
we mean that the
biometric information
itself or the document
cannot be reconstructed
from the identifier(s)
even with the device that
originally allocated the
agent or the 'Biometric
Identifier Token'. Using
this method, the
individual has to be present (with his document(s)) during the identification process since
the (secret) token identifier itself has no true value except in a particular biometric
identification transaction. This is important in order to avoid an association with recorded
values or any other unique characteristic.

Although many inventors have offered

myriad approaches attempting to
providing inexpensive, minimally
accumulated, and compact verification
systems in which digitized characters of
human users could be stored, retrieved
and compared at some later time to
verify that a human user is indeed a
properly authorized user, none have
succeeded in producing a system that is
practical and desirable for use in providing non-unique biometric security for appropriate
for use with real-time reaction biometric measurements (without need to store unique
information). Because of these and other significant limitations, no commercially viable
biometric-based non-unique security system has been successfully invented. It was first
proposed by Shafir[1] et al. Besides reliable accuracy performance and the replacement
policy Traceless Biometric has to be non-revisable in order to fulfill the aim.

Traceless biometrics guidelines:

• Able to authenticate innocent’s strangers, even if they’re not known to the system.
• Does not require infrastructure (can work offline)
• No need for proprietary scanners/readers (any mix fits)
• No need for central databases, no storage, no templates
• Privacy friendly – non unique nor clonable and must be traceless.
• Cancelable Biometrics[2] - Letting the subject cancel/change his own biometric or
key by himself anytime anywhere.
• Standard without secrets give-away - Easy integration with foreign applications
without changing their core procedures (transparent)
• Can be spread anywhere (no single key) without risk of breach
• Fast, reliable, anonymously, mobile, non-unique, irreversible, accurate,
unidirectional, high entropy.
• Able to authenticate anywhere across the globe! (Even in the desert or high seas)
without communication.

Adopting the above traceless guidelines, using real-time reactive authentication process
or method for the current biometrics authentication systems will present an efficient and
friendlier authentication solution. Obviously, privacy is an issue, which is potentially
solved, Biometric scan as is necessary for a function or activity to authenticate the subject
should be sufficient. The new traceless authentication systems should after the
authentication process, dismiss all the biometric information or traces from the scanning
devices and must not use any storage systems or leave unique information behind.

Traceless biometrics incentives

Traceable or stored biometric information is a computerized invasive method that able to
simulate human attendance by mimicking the adaptability of the living persons using
their enduring physical or behavioral characteristics, as a result of the fact that biometrics
offer irrefutable evidence of one’s identity. Biometric properties from the perspective of
traces or permanent storage can now lead to undesired identification via attendance
simulation or tracing of the activities of an individual, because of the power of
computers. The “pseudo state of a person being presence” made by the biometric
simulation system is able to mimic the living persons attendance even if the legitimate
owner of the enrolled biometrics information, is not aware of this process or not
physically present in front of the biometric system…

One of the main logical paradoxes, governments needed to address with the current
biometrics is, traceable biometrics are clonable...all our data – fingerprints, body parts,
personal characteristics and imaging can be exploited by businesses or criminals [3]. How
do you replace your finger if a hacker figures out how to duplicate it?[4] If your biometric
got exposed, theoretically you will never be able to prove you are who you say you are or
more unfavorable situation, prove you are not who you say you are not. The subject is
always carrying his biometrics with him, why then unique biometrics information, should
be collected and stored in databases [5] or smart cards, or other external devices, in order
to make it useful?
[6]
Many body parts, personal characteristics and imaging methods have been suggested
and used for biometric systems: fingers, hands, feet, faces, eyes, ears, teeth, veins, voices,
signatures, typing styles, gaits and odors. A fingerprint for example is a biometric, which
if compromised (i.e. obtained in an unauthorized manner) cannot easily be controlled by
the individual. An unretouched or altered photograph of a face and a physical signature
are biometrics, which can be checked using the eyes and experience of the verifier. These
biometrics have been in use routinely and efficiently throughout human history. The use
of automation to authenticate people is new and is being tested on consumers without
precautions regarding their privacy.

The privacy key element is governments' willingness

Biometrics solution should be completely noninvasive with regard to personal privacy.
Further, we hold that if these traceless biometric systems (TBS) are used in conjunction
with existing security mechanisms (such as public-key algorithms), they can provide
almost foolproof protection for electronic transactions and other operations in smart
environments. The key element however, is that government intervention, in the form of a
set of standards for how the new traceless biometric solution will be adopted, is an
absolute necessity for complete privacy protection.

Existing legal framework for privacy protection of

personal information
The U.S. Constitution does not explicitly guarantee a right to privacy. Privacy of personal
data has traditionally been protected in two ways: through self-regulatory codes and
through laws. If one biometrics system were widely adopted, say fingerprinting, the many
databases containing the digitized versions of the prints could be combined. While such a
system is most likely to be developed by the commercial sector for use in financial
transactions, government and law enforcement authorities would likely want to take
advantage of these massive databases for other purposes, especially if we were to enter a
time of social unrest. Indeed, government agencies and law enforcement are the top
subscribers to the many databases compiled by private sector ‘information brokers’.
Privacy laws and policy in the United States were derived from a code of fair information
practices[7] developed in 1973 by the U.S. Department of Health Education and Welfare.
This Code is ‘an organized set of values and standards about personal information
defining the rights of record subjects and the responsibilities of record keepers.’ The
Code highlights five principles of fair information practices:

• There must be no secret personal data record-keeping system.[8]

• There must be a way for individuals to discover what personal information is
recorded about them and how it is used.[9]
• There must be a way for individuals to prevent personal information obtained for
one purpose from being used or made available for other purposes without their
consent.[10]
• There must be a way for individuals to correct or amend information about
themselves.[11]

Privacy Protection Through Law

1. The Privacy Act of 1974[12] The first response by the U.S. federal government to the
many concerns about their power to use and misuse personal information was the Privacy
Act of 1974. This Act covers federal databases and is based on the Code of Fair
Information Practices defined above. In 1977, a Privacy Protection Study[13] Commission
rejected the idea of having a similar privacy law for the private sector. This means that
individuals' privacy with respect to databases of information stored and maintained by
private organizations is not protected. In the private sector, total reliance is on the fair
information practice codes. This is a serious problem.

2. Constitutional Provisions Though there is no clearly defined right to privacy in the

U.S. Constitution, privacy rights are implied[14] in several of the amendments. The right to
privacy is rooted in the 4th Amendment, which protects individuals from unreasonable
search and seizure; the 5th Amendment, which protects individuals from self
incrimination [15], and the 14th Amendment, which gives the individual control over his
personal information.

What remains to be determined is the following:

1. Can the biometric information be collected, stored, or retrieved?

 2. Can the biometric information collected be used both for criminal and
noncriminal searches and suspicionless searches?
3. Can the system give the individual full control over his abandoned personal
intrinsic information?

The following fact remains: there are no legal restrictions on biometrically identifying
information, or biometric authentication systems. However: there are severe restrictions
on collecting, creating, maintaining, using, or disseminating records of identifiable
personal data. One immediate conclusion that we should draw is that biometrics
authentication must be traceless.

There is no standard for storing Biometric data

Stored biometric information is useful only if a subject is already known to the system…
From the security point of view, biometrics authentication will not work if the subject is a
stranger to the cloned biometric system. Biometrics is not universally used because there
is no standard for storing the data. As long as biometric information is stored in
databases, practically there is no cancelable biometric. You cannot grant access to the
public to control owned entries, especially stored biometrics information. Biometric is
more private to you than a number that somebody assigned to you. Security requires
secrets, if someone tries to create a standard to collect “widespread known secrets”, it
cannot be called a “secret” any more since the best secrets are never shared. There is a
class of biometric information that can be perfect secrets and still be useful – traceless
biometrics are the only secrets that we know of that we can (a) avoid sharing, and, (b)
usefully deploy. The owner of the biometric can prove that he or she has it without
sharing it. No other types of authentication knowledge are useful if they are not kept as
perfect secrets.

The power of computers and privacy

Biometric properties from the perspective of traces or permanent storage can now lead to
undesired identification and tracing of the activities of an individual, because of the
power of computers. Even if the biometric data is stored in an altered form that requires a
complex algorithm to decipher, the speed and computational power available today
makes any such protection scheme irrelevant. For example, today anyone with a
computer and an electronic telephone book can trace a telephone number to a particular
address. Previously before computers, only a governmental entity or authorized
authorities such as the police had the right access or permission to trace back the
telephone number to a name or location.
Individuals should be unique, biometrics not
In order for a unique individual identifier to be effective for privacy, not every individual
should have an identifier that applies only to that individual and that identifier must
change over time, especially when the personal information has been exposed.

If unique biometric properties are stored somewhere, for example on a smart card or on a
computer system, either if it is stored in an encoded, scrambled or ciphered form, it is still
a unique biometric identifier[16]. Once a unique biometric identifier has being stored
anywhere, at any time, on any external[17] media (including media that is associated with
the boundaries of the individual, such as a smartcard held by the individual), the privacy
of that biometric property owner is violated or can easily be violated. As noted
previously, exposing or losing a biometric property is a permanent problem for the life of
the individual[18], as there is no way to cancel the physiological or behavioral
characteristics of the individual. Biometric technology is inherently individuating and
interfaces easily to database technology, making privacy violations easier and more
damaging.[19]

Privacy fears are justified not only in the context of identifiable fingerprints of the kind
commonly used by the police, where there is centralized retention. A fingerprint, and the
broader family of biometrics, offer irrefutable evidence of one’s identity since they are
unique biological characteristics that distinguish one person from another, and that
mistakenly can be linked to one individual which is NOT necessarily the original
biometric presenter or the rightful owner of the unique biological characteristics!!.

References
1. “System and method for traceless biometric identification”, A device, system and
method for identifying an individual with a biometric identifier that at least one
other individual in a given population has the identical biometric identifier. The
biometric identifier according to the present invention, also referred to herein as a
“BIdToken”, is implemented to be biometrically traceless, such that an exact
image or copy of the biometric information is preferably not maintained by the
present invention. Shafir (Micha) Michael et at, 2006.
2. Cancelable Biometrics - Wikipedia
(http://en.wikipedia.org/wiki/Biometrics#Cancelable_Biometrics)
3. ^ Proposed biometric ID cards won't prevent fraud or terrorism (IEEE Spectrum,
Jan 2006)
4. How to fake fingerprints? October 26, 2004 (starbug) Simple instructions how
copy and fake fingerprints
(http://www.ccc.de/biometrie/fingerabdruck_kopieren?language=en)
5. ACLU - The government and corporations are aggressively collecting information
about your personal life and your habits.(http://www.aclu.org/pizza)
6. (WO/2008/001373) SYSTEM AND METHOD FOR TRACELESS BIOMETRIC
IDENTIFICATION - BACKGROUND, Shafir et al, 2006
(http://www.wipo.int/pctdb/en/wo.jsp?IA=WO2008001373&WO=2008001373&
DISPLAY=DESC)
7. FAIR INFORMATION PRACTICES - Robert Gellman
(http://bobgellman.com/rg-docs/rg-FIPshistory.pdf)
8. Introduction to Fair Information Practices - Pam Dixon
9. Ethical and Legal Requirements Associated with Data Dissemination
10. Economic aspects of personal privacy
11. Information Technologies and the Shifting Balance between Privacy and Social
Control
12. THE PRIVACY ACT OF 1974, "Records maintained on individuals
" (http://www.usdoj.gov/oip/privstat.htm)
13. Personal Privacy in an Information Society: The Report of the Privacy Protection
Study Commission
14. Privacy and Accuracy of Personal Information
15. Technology and Privacy: The New Landscape By Philip E. Agre, Marc Rotenberg
16. Biometrics from a legal perspective (Dr. Ronald Leenes TILT - Tilburg Institute
for Law, Technology, and Society)
17. U.K. researchers devise smart-card hack - Tom Espiner ZDnet 2007
(http://news.zdnet.com/2100-1009_22-6156601.html)
18. Bank loses tapes with data on 4.5M clients - Brian Fonseca, Computerworld
(http://www.computerworld.com/action/article.do?command=viewArticleBasic&
articleId=9091318&source=NLT_PM&nlid=8)
19. Computers and new information technologies have greatly increased the power of
surveillance by government and large corporate entities, Douglas Kellner -
University of Texas at Austin