Biometric recognition is a booming technology with many applications under development and beginning to reach the end user. Biometrics is, for instance, a promising alternative to current methods of authentication and access control, replacing the traditional username and password credentials for some unique user biometric information such as fingerprints or iris .
The biometric data of a person are therefore becoming extremely sensitive information.
Biometric technology can already be see on mobile devices to authenticate the user . This is a local setting in which biometric data remains under the control of the user, but there are many other scenarios where the user must authenticate to non-secure environments, like cloud.
In a scenario of biometric verification in the cloud, such as access to a web service by fingerprint scanning, data should be granted the highest level of privacy. Criptonube technology offers this possibility, performing the biometric verification algorithm inside the Secure Hardware Modules in the Cryptonodes installed in the cloud environment.
Biometric information is encrypted on the client side before being sent to the cloud and is compared with the encrypted biometric information stored in the database server. Only once in the Hardware Secure Module (HSM), decryption, and verification takes place. Criptonube guarantees that the verification has been performed in a secure environment, inaccessible to the cloud provider or any other attacker.