Method for recovering a biometric key in a trusted execution environment and deriving a local session key for secure operations on a user’s client device

A method is proposed for locally recovering a reproducible biometric secret key within a trusted execution environment using an error-tolerant key-extraction construction, followed by deriving a local session key. The protocol architecture explicitly distinguishes: (I) a shared secure-channel key computed by both parties solely from the outcome of a hybrid authenticated shared-secret establishment procedure with a post-quantum component and the handshake transcript; and (II) a local session key computed only on the client device within the trusted execution environment based on the result of local biometric verification. The local session key is used to protect local artifacts and to perform critical on-device operations; it is neither transmitted to the server nor required for server-side verification. The method ensures reproducibility under intra-class variability of biometric measurements, minimizes server-side handling of biometric-derived key material within the organization’s information system, and provides cryptographically sound separation of key-material domains. The object of study is the external communication channel between the user terminal and the company’s remote server; inter-server links between the company server, the cryptobiometric system, and the remote database of the Unified Biometric System are assumed to be protected using certified cryptographic mechanisms compliant with national standards and are not analyzed.

1. Dodis Y., Ostrovsky R., Reyzin L., Smith A. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. SIAM Journal on Computing. 2008;38(1):97–139. https://doi.org/10.1137/060651380

2. Juels A., Wattenberg M. A fuzzy commitment scheme. In: CCS '99: Proceedings of the 6th ACM conference on Computer and communications security, 01–04 November 1999, Singapore. New York: ACM; 1999. P. 28–36. https://doi.org/10.1145/319709.319714

3. Katkar V.D., Mandal R., Biswas U., et al. Enhancing biometric authentication privacy and security: A synergistic approach using cancelable biometrics and federated learning. Alexandria Engineering Journal. 2026;135:36–63. https://doi.org/10.1016/j.aej.2025.12.017

4. Yoo J.S., Ahn T.M., Yoon J.W. Bidirectional Biometric Authentication Using Transciphering and (T)FHE. arXiv. URL: https://arxiv.org/abs/2506.12802 [Accessed 3rd February 2026].

5. Guo Ch., You L., Li X., et al. A novel biometric authentication scheme with privacy protection based on SVM and ZKP. Computers & Security. 2024;144. https://doi.org/10.1016/j.cose.2024.103995

6. Bringer J., Chabanne H., Le Metayer D., Lescuyer R. Biometric Systems Private by Design: Reasoning about privacy properties of biometric system architectures. arXiv. URL: https://arxiv.org/abs/1702.08301 [Accessed 28th September 2025].

7. Sun Q., Wu J., Yu W. BioShare: An Open Framework for Trusted Biometric Authentication under User Control. Applied Sciences. 2022;12(21). https://doi.org/10.3390/app122110782

8. Dodis Y., Katz J., Reyzin L., Smith A. Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets. In: Advances in Cryptology – CRYPTO 2006: 26th Annual International Cryptology Conference, 20–24 August 2006, Santa Barbara, CA, USA. Berlin, Heidelberg: Springer; 2006. P. 232–250. https://doi.org/10.1007/11818175_14

9. Rathgeb Ch., Uhl A. A survey on biometric cryptosystems and cancelable biometrics. EURASIP Journal on Information Security. 2011;2011(1). https://doi.org/10.1186/1687-417X-2011-3

10. Boyen X. Reusable cryptographic fuzzy extractors. In: CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, 25–29 October 2004, Washington, DC, USA. New York: ACM; 2004. P. 82–91. https://doi.org/10.1145/1030083.1030096

11. Bellare M., Rogaway P. Introduction to modern cryptography. Boca Raton: CRC Press; 2005. 283 p.