A security method and apparatus is provided in which a trusted authority is arranged to read in identity data from a memory device presented by an individual. This identity data comprises both biometric data of a specific individual ,and additional identity data concerning the same individual. The trusted authority uses the biometric data as a biometric reference for comparison with biometric characteristics of the individual presenting the memory card in order to determine whether the latter is the individual represented by the biometric data. The trusted authority uses the additional identity data or matching data, together with private data of the trusted authority, to generate a decryption key. This decryption key is apt to decrypt data encrypted using both an encryption key string comprising the additional identity data of the specific individual and public data of the trusted authority.