ToothPic: Cryptographic key protection
Introduction
The invention allows obfuscating a private cryptographic key – i.e., the secret identifying a user/device in a public-key cryptography-based system – avoiding its storage in the plain format on the non-volatile device memory. The information used to obfuscate and recover the key is the unique and unclonable camera sensor fingerprint.

Technical features
The invention allows the implementation of a secure and user-friendly multifactor authentication system for the verification of a possession factor, based on the user’s smartphone or other camera-equipped devices.
The technology relies on a unique and unclonable characteristic of camera sensors, an invisible pattern of imperfections left in the picture which uniquely identifies a specific camera device. Using this sort of sensor fingerprint, it is possible to tie a credential, a software secret consisting of a private cryptographic key used within an asymmetric cryptography-based authentication system, to a hardware characteristic of the device this key is stored on.
The technology provides a higher level of security, as the credential cannot be cloned on different devices and the key is never exposed, simple to use for users and simple to integrate into third-party systems.
Possible Applications
- Multifactor authentication;
- Possession factor verification;
- Compliant with FIDO/WebAuthn standards;
- Compliant with PSD2;
- Digital Signature: sign with the same device used to read a document;
- Exchange of encrypted documents and messages;
- Blockchain: secure wallets for cryptocurrency.
Advantages
- High security level;
- Unclonable credential;
- Private key never exposed;
- Credential can be recovered on wiped devices;
- Maximum user-friendly UX;
- Application flexibility;
- Simple to integrate into 3rd-party systems.