Biometric Verification with HSMs

Biometric recognition is a booming technology with many applications under development and beginning to reach the end user. Biometrics is, for instance, a promising alternative to current methods of authentication and access control, replacing the traditional username and password credentials for some unique user biometric information such as fingerprints or iris .

The biometric data of a person are therefore becoming extremely sensitive information.

Biometric technology can already be see on mobile devices to authenticate the user . This is a local setting in which biometric data remains under the control of the user, but there are many other scenarios where the user must authenticate to non-secure environments, like cloud.

In a scenario of biometric verification in the cloud, such as access to a web service by fingerprint scanning, data should be granted the highest level of privacy. Criptonube technology offers this possibility, performing the biometric verification algorithm inside the Secure Hardware Modules in the Cryptonodes installed in the cloud environment.

Biometric information is encrypted on the client side before being sent to the cloud and is compared with the encrypted biometric information stored in the database server. Only once in the Hardware Secure Module (HSM), decryption, and verification takes place. Criptonube guarantees that the verification has been performed in a secure environment, inaccessible to the cloud provider or any other attacker.

Use case Biometry


Credit card details from million users recently stolen


Credit card details (names, credit card and social security numbers) from almost half of all South Koreans have been stolen and sold to marketing firms. The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores.

Last december another crime was committed against Target US retail. The company says up to 70 million customers had payment card and personal data stolen from the company’s databases. These data includes card numbers, names, postal addresses, phone numbers and email addresses.

This kind of cyber-crime could be avoided or minimized applying strict security policies, saving millions of dollars in indemnifications to the companies. Solutions provided by SCAPE could be of help in guaranteeing the data management is made in a safe way, avoiding sensitive data leakages.