To protect biometric information, IBM researchers have developed a fun-house mirror-like trick to alter images so that hackers who crack a biometric database would be able to steal only the distortion — not the true, original face or fingerprint.

Biometric readers would distort the image before it is scanned: a face might be made to appear lumpy, or squished up around the eyes. Then a template of the distorted image would be stored.

When someone returned to the scanner, the real-life image would be transformed according to the same patterns, creating a match with the tweaked image in the database. The original image isn’t stored anywhere. And even if hackers could obtain the altered biometric, it would be of limited use as long as individual organizations maintained their own formulas for transforming images before scanning.

With what IBM calls the “cancelable biometrics,” a bank or an office building that had its biometrics compromised could register new ones simply by changing the way it transforms images.

Security experts said the cancelable method is a smart way to add a layer of protection to the technology. But according to biometrics expert James Wayman, it doesn’t resolve all the issues. After all, biometrics are not secret — they’re based on physical characteristics that we carry around in plain sight. There’s no guarantee someone couldn’t lift your real-life fingerprint or take a picture of your face, then figure out a way to present those images to a biometric system.

Via USA Today.