Biometric-based authentication can provide strong security guarantee about the identity of users. However, security/privacy of biometric data is particularly important as compromise of the data will be permanent. On the contrary, the security of a typical PKI-based user authentication solution is deteriorated by a simple password once the private key is protected by a simple password. In this paper, we present an implementation to improve the security of the typical PKI-based authentication by protecting the private key with a fingerprint. In addition to the functionality of the mutual authentication, our solution can alleviate the privacy issue of the fingerprint data by storing the fingerprint data not in a database, but in a user-carry device such as a smart card or a USB token. Furthermore, the fingerprint data stored in the user-carry device is conglomerated with the private key, and the private key is released only with the valid fingerprint
[1]
Madhu Sudan,et al.
A Fuzzy Vault Scheme
,
2006,
Des. Codes Cryptogr..
[2]
Haim J. Wolfson,et al.
Geometric hashing: an overview
,
1997
.
[3]
Sharath Pankanti,et al.
Fuzzy Vault for Fingerprints
,
2005,
AVBPA.
[4]
N. Kiyavash,et al.
Secure Smartcard-Based Fingerprint Authentication ∗
,
2003
.
[5]
William Stallings,et al.
Cryptography and Network Security: Principles and Practice
,
1998
.
[6]
T. Charles Clancy,et al.
Secure smartcardbased fingerprint authentication
,
2003,
WBMA '03.
[7]
Nalini K. Ratha,et al.
Biometric perils and patches
,
2002,
Pattern Recognit..
[8]
Daesung Moon,et al.
Automatic Alignment of Fingerprint Features for Fuzzy Fingerprint Vault
,
2005,
CISC.