Fujitsu Laboratories has announced the development of a technology that turns biometric data, such as palm veins, into a cryptographic key – Fujitsu has focused on palm vein as a biometric.The new technology uses randomised numbers, each different, to convert biometric data into a cryptographic key for use in encryption and decryption.The company says this makes it possible to simply and securely manage an individual's confidential data using biometric data, while preventing the unconverted biometric data from passing through the network.In a statement, the company added that it is examining this technology's applicability to a number of potential use cases – such as the newly launched Social Security and Tax Number system in Japan, “My number.”Fujitsu says its tech will make it easier and more convenient to carry out biometric authentication to verify the identity of a person accessing confidential data managed on the Internet.Some technologies that use biometric data to encrypt information require that the biometric data be used as-is when retrieving confidential data. This means that for confidential data managed in a cloud service, for example, it would be necessary to send the biometric data through the network, raising issues of the network's security.Fujitsu Laboratories' solution involves technology to decrypt confidential data that has been encrypted using biometric data converted using random numbers. As a result, confidential data can be encrypted and decrypted just with the user's biometric data, obviating the need for cryptographic key management.The firm's researchers applied widely used error-correcting codes for the encryption method as the technology to compensate for errors that are typically generated in the transmission route. The system randomly determines different random numbers for encryption and decryption, and using this protects the confidential data and biometric data.The features of the newly developed technology are as follows:Firstly, technology to protect biometric data using error-correcting codes and random numbers. In encryption, confidential data is converted with an error-correcting code, and a random number is added to the whole. That data is then further converted using an error-correcting code, the feature code(1) extracted from the biometric data is added to generate the encrypted data, and this encrypted data is then registered in the server.A decryption code is used as the key when decrypting encrypted data. For decryption, the decryption code, after being converted into secure data, is sent from the device to the server. The decryption code is generated by first converting a random number using an error-correcting code, and then adding the feature code extracted from the biometric data. As different random numbers are used for encryption and decryption, a different, secure decryption code can be generated.Secondly, confidential data recovery technology using two-stage error-correcting technology: Variations in one's motion or position when inputting biometric data can generate slight discrepancies. This leads to discrepancies when calculating the feature code for decryption from the feature code for encryption, but the discrepancy can be absorbed because it is converted using an error-correcting code in advance. Moreover, the discrepancy caused when calculating the random number used in decryption from the random number used in encryption will similarly be corrected when using error-correcting code 2, enabling recovery of the confidential data.In this way, as the biometric data input for encryption and decryption are similar sufficiently, so long as they are both from the same person, the confidential data can be retrieved from the encrypted data using error-correcting technology.Using this newly developed technology, the cryptographic key management that had been needed for existing encryption technologies becomes unnecessary. Furthermore, because the biometric data used for encryption and decryption are converted with random numbers, it is now possible to simply and securely manage an individual's confidential data using biometric data, while preventing the unconverted biometric data from leaking over the network. This means that the use of encryption technology using biometrics, which had previously been generally limited to use within a personal device, such as a PC, can now expand to cloud services across open networks.