Information Technology Reference
In-Depth Information
characteristic and unique to a particular finger, minutia-based identification systems
decide the correspondence of two fingerprint samples by simply matching the posi-
tions of the minutia points.
There are several ways to involve biometric (e.g. fingerprint data) in document se-
curity. One can place biometric data in the document, and then digitally sign it to
ensure its integrity [3]. It is also possible to incorporate biometric data in a PKI cer-
tificate [4], but the majority of systems involve biometrics only for controlling access
to the private keys stored in the chip-card [5].
In our solution we also use an RSA private key to digitally sign documents, but in
the proposed method biometrics is not only involved in controlling access to the
stored private key, but the private key is encoded in the biometric features of the
user's fingerprint. As an addition we can still store a part of the encoded information
on a permanent storage medium (e.g. a chip-card), but - what is important - the secret
key cannot be reconstructed in lack of any of these parts. Later on, if the private key is
needed to sign a document, we can retrieve it by decoding the stored information,
which is only possible via the fingerprint of the holder of the key.
In the next section we introduce the method we used to encode binary data using
the minutia-point features of the user's fingerprint.
3 Storing Private Keys in Fingerprints
To digitally sign a document we need a key pair, the generation of which is based on
cryptographically strong random binary data . Usually randomness is taken from ran-
dom events like keystrokes and mouse movements, but if we are able to store this
random data, we can regenerate the same key pair later. Theoretically, we can derive
this sequence of bits from the fingerprint image itself, but as we need precisely the
same sequence to be restored bit-by-bit every time, this method appears to be barely
feasible. Also, we need the key pair to be revocable.
In light of this, the basic idea of our method is to generate a binary codeword by
adding error correction parity bits to the random binary data, and to store it in the
challenge minutia vector by means of data hiding. As for the data hiding scheme: on
the one hand we construct the challenge minutia vector both from real minutia points
from the registration sample and from generated fake minutia points, and on the other
hand we change the minutia angles, depending on the codeword bits' values. Finally,
the key pair is generated by feeding the binary codeword into the random pool used
for key generation. Instead of biometric features or the private key itself, we only
store the challenge minutia vector on a persistent store, for example a chip-card.
On the need for a private key, we can restore the binary codeword by matching the
challenge minutia vector with the minutia points extracted from a sample fingerprint:
we can determine whether a point is real or fake, and we can calculate the distortion
of the original angle, thus recalculating the bits of the codeword. After error correc-
tion, we regenerate the key pair by again feeding the key generation random pool with
the same random data, the binary codeword.
The method involves two main processes: registration and signing. During registra-
tion starting from a real random seed we generate a public/private RSA key pair, and
create a certificate using the public key and the personal data of the user. We destroy
Search WWH ::




Custom Search