Information Technology Reference
In-Depth Information
Encoding Private Key in Fingerprint
Ernő Jeges 1 , Zoltán Hornák 1 , and Csaba Körmöczi 2
1 BME Department of Measurement and Information Systems, SEARCH Lab
2 Guardware Systems Ltd
{jeges, hornak}@mit.bme.hu, kormoczi@guardware.com
Abstract. Electronic transactions require secure electronic signature techniques,
which can provide the authentication of the signing individual, non-repudiation
of the signature and protection of the integrity of the document using strong
cryptographic methods. The weakest link in the chain in current electronic sig-
nature systems is the correspondence between the person and the secret key.
The basic idea of our proposed method is to store the secret key encoded in a
fingerprint in a way that it can only be retrieved using the fingerprint of its
owner. This way it is much harder to steal the private key, since the creation of
the signature requires the presence of the owner's fingerprint instead of the use
of a PIN code in today's practice. Our scheme remains fully compatible with
the existing Public Key Infrastructures (PKI), so it can be easily used in current
applications that use asymmetric cryptography to verify digital signatures.
1 Introduction
The traditional hand-written signature is a simple but adequately effective method of
proving the authenticity of a document in situations open to dispute, as it is reasona-
bly hard to perfectly copy someone's handwriting.
Analogous to traditional signatures, digital signatures were introduced to ensure
the authenticity of electronic documents. The digital signatures used today are based
on a key pair, on a public and a private (secret) key. It is assumed that the secret key
remains hidden from others, so that only the authenticated person can possess it. This
assumption and the potential expropriation of the private key is the weakest link in
such systems, so realizing this, several works have been published recently that sug-
gest schemes to solve the convergence of the biometrics and cryptography [1][2].
In this paper we introduce a biometric method which fully relies on the public key
infrastructure, but the biometric identification is embedded so deeply in the process of
digital signing that the private key cannot be appropriated by stealing and cracking the
chip-card, which is used to store the secret key in current practice.
2 Applying Biometrics in the Process of Digital Signing
The most frequently used identification method in automated identification systems is
the minutia-based method . Minutia points are the endings, splits and various bifurca-
tions of the ridges on fingerprints. As their positions, types, angles and curvatures are
 
Search WWH ::




Custom Search