Biometric Digital Signatures
Post-Quantum has deep experience in deploying and adapting a mixture of biometrics to securely authenticate end users of sensitive systems. In addition to the voice and facial recognition that we use, Post-Quantum has a patented digital signature technique that provides a verified action chain. When triggered it requires that the end user reads a series of numbers as they are displayed on the screen. There are three elements to this deceptively simple process:
- Biometric user authentication. Facial and voice recognition. The use of two biometric approaches reduces errors and increases security.
- The number read out by the user is a cryptographic hash of the transaction details – a small ‘fingerprint’ that uniquely identifies a certain package of data. The hash can be recreated at any time from the data, but the data cannot be recreated from the hash – it is a one-way process. This means that the recording of the user reading the hash is immutably bound to a specific transaction. If in the future the user disavows the transaction then the video of them reading the hash value is cryptographically secure evidence of their prior assent. This prevents repudiation of digital actions.
- If there were to be any changes to the transaction details, say through a computer error, then the hash value would change. This means that from the user’s perspective the integrity of the transaction is assured from start to finish. The user can prove that the erroneous transaction is not the one that they signed.
In addition to the added levels of biometric and cryptographic security, the presence of the process itself will deter fraud. Those with criminal intent are likely to opt to attack softer targets.