Politecnico di Torino - Corso Duca degli Abruzzi, 24 - 10129 Torino, ITALY

+39 011 090 6100 info@tech-share.it

ToothPic: Cryptographic key protection

Asymmetric CryptographyAuthenticationBlockchainCamera sensorDigital Signature

Introduction

The invention allows obfuscating a private cryptographic key – i.e., the secret identifying a user/device in a public-key cryptography-based system – avoiding its storage in the plain format on the non-volatile device memory. The information used to obfuscate and recover the key is the unique and unclonable camera sensor fingerprint.

Technical features

The invention allows the implementation of a secure and user-friendly multifactor authentication system for the verification of a possession factor, based on the user’s smartphone or other camera-equipped devices.

The technology relies on a unique and unclonable characteristic of camera sensors, an invisible pattern of imperfections left in the picture which uniquely identifies a specific camera device. Using this sort of sensor fingerprint, it is possible to tie a credential, a software secret consisting of a private cryptographic key used within an asymmetric cryptography-based authentication system, to a hardware characteristic of the device this key is stored on.

The technology provides a higher level of security, as the credential cannot be cloned on different devices and the key is never exposed, simple to use for users and simple to integrate into third-party systems.

Possible Applications

  • Multifactor authentication;
    • Possession factor verification;
    • Compliant with FIDO/WebAuthn standards;
    • Compliant with PSD2;
  • Digital Signature: sign with the same device used to read a document;
  • Exchange of encrypted documents and messages;
  • Blockchain: secure wallets for cryptocurrency.

Advantages

  • High security level;
  • Unclonable credential;
  • Private key never exposed;
  • Credential can be recovered on wiped devices;
  • Maximum user-friendly UX;
  • Application flexibility;
  • Simple to integrate into 3rd-party systems.