
| hkjhkjh |


| Biometrics is not a secret and crypto keys are difficult to manage. By binding crypto and biometrics we will be able to overcome those weaknesses. PKI uses asymmetric / symmetric key algorithms , whereas binding to specific users is performed by assigning digital certificates issued by Certificate Authority (CA) CryptoBiometrics™ (in use since 2000) uses the same asymmetric/symmetric key algorithms, whereas binding to specific users is performed by 3-factor based identity proofing , including user’s biometrics. CryptoBiometrics™ (US patent 7,689,832) has following important advantages: 1. Provides process capable of verifying online vs. Certificate Authority that the person appearing in the certificate is assigned with the key shown at the certificate. 2. Since protecting private key is virtually impossible in Open Internet – instead of using CA assigned private key bound to person’s identity we use biometrics attribute, that can be bound to the person’s identity as well as to the existing Crypto technology. 3. Verifying computer cannot accept forged SentryCom CryptoBiometrics™ certificates. If bank wants to verify transaction , signed with CryptoBiometrics™ certificate , then this verifying computer will be securely connected with SentryCom CA server. Forgery will need to go to rogue servers and thus will be prevented. 4.SentryCom CryptoBiometrics™ certificate adds email address to the person’s first name and last name , which makes this description unique. If person updates his email address with SentryCom CA (using self-serving administration , contingent on 3-factor strong authentication) then SentryCom CA will keep track of new as well as old email, as bound to the person. |
5. To enroll into SentryCom CryptoBiometrics™ one needs third-party Identity Assurance , provided by enterprise, requesting our service. For example by bank providing us with its customer’s credentials. In this fashion we can be assured that user identities are verified properly. 6. Additional FAQ: The CryptoBiometrics™ key is valid until it is revoked. Dating done by a secure time-stamp service We use 1024 bit RSA signing keys , as legally accepted standard. |
