Usage of biometric identification for creating authentic digital signatures

BME - Méréstechnika és Infromációs Rendszerek tsz.

BME - Méréstechnika és Információs Rendszerek tsz.

Selényi Endre Dr. <selenyi@mit.bme.hu>

BME - Méréstechnika és Információs Rendszerek tsz.

The discourse introduces the alternatives for combining biometric user authentication and digital signature technology, emphasising the problems and the possible solutions.

The aim of digital signatures is to ensure the integrity of the signed document and to authenticate the signing person himself. The present implementations identify the signing person via the used secret key, assuming that nobody else can use the secret key. The association between the secret key and its owner is the weakest link in the chain of the PKI architecture hence the enforcement of this link is inevitable for further increasing the level of security.

The aim is the development of a PKI dependant method that neither affects the set of available signing keys, nor the methods of their usage, nor the distribution of public keys, while it enforces the signers authentication. Accordingly only the storage of the secret key and the preparation of it before creating signatures should be modified, while the other operations remain the same as they are presently defined. A possible solution is, if some master secret is securely stored in an intelligent chip-card that must be combined with the results of a biometric sample of the owner in order to receive the appropriate signing key. This way a successfully verifiable signature directly proves that the owner of the key was physically present when the signature was created, and he actively contributed in this act.

For providing such characteristics a method must be developed that is able to eliminate the errors of biometric sampling, resulting the same binary vector for each different samples of the cards owner. This vector then used for the replication of the secret key. On the other hand it is important that the method must result different vectors if the input samples belong to another person.

Fingerprint based authentication is the most commonly used technique in information systems, also it has the most well grounded theoretical background. This is the reason why fingerprints were first analysed, thus the basic methods of fingerprint based authentication will be explained, with special respect on the parameters that can be assigned numerical data, and which must be considered analysing fingerprints.

In the second half of the discourse the available solution alternatives will be mentioned that can be found in the literature, examining their advantages, disadvantages, and the implementation problems.

Finally the problem of authentication and qualification of biometric readers will be explained. This issue is inevitable if the replaying of biometric data must be prohibited and the readers must provide non-repudiational evidence that the biometric sample was taken from a living individual.

Although the combination of digital signatures and biometric authentication arise many problems, these problems must be solved, since this is the only way to enforce the security provided by digital signatures.