Biometric cryptosystem using online signatures

Biometric cryptosystems combine cryptography and biometrics to benefit from the strengths of both fields. In such systems, while cryptography provides high and adjustable security levels, biometrics brings in non-repudiation and eliminates the need to remember passwords or to carry tokens etc. In this work we present a biometric cryptosystems which uses online signatures, based on the Fuzzy Vault scheme of Jules et al. The Fuzzy Vault scheme releases a previously stored key when the biometric data presented for verification matches the previously stored template hidden in a vault. The online signature of a person is a behavioral biometric which is widely accepted as the formal way of approving documents, bank transactions, etc. As such, biometric-based key release using online signatures may have many application areas. We extract minutiae points (trajectory crossings, endings and points of high curvature) from online signatures and use those during the locking & unlocking phases of the vault. We present our preliminary results and demonstrate that high security level (128 bit encryption key length) can be achieved using online signatures

Offline Handwritten Signature Verification - Literature Review

The area of Handwritten Signature Verification has been broadly researched in the last decades, but remains an open research problem. The objective of signature verification systems is to discriminate if a given signature is genuine (produced by the claimed individual), or a forgery (produced by an impostor). This has demonstrated to be a challenging task, in particular in the offline (static) scenario, that uses images of scanned signatures, where the dynamic information about the signing process is not available. Many advancements have been proposed in the literature in the last 5-10 years, most notably the application of Deep Learning methods to learn feature representations from signature images. In this paper, we present how the problem has been handled in the past few decades, analyze the recent advancements in the field, and the potential directions for future research.Comment: Accepted to the International Conference on Image Processing Theory, Tools and Applications (IPTA 2017

Biometric identity-based cryptography for e-Government environment

Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols

A schema for cryptographic keys generation using hybrid biometrics

Biometric identifiers refer to unique physical properties or behavioural attributes of individuals. Some of the well known biometric identifiers are voice, finger prints, retina or iris, facial structure etc. In our daily interaction with others directly or indirectly, we implicitly use biometrics to know, distinguish and trust people. Biometric identifiers represent the concept of "who a person is" by gathering vital characteristics that don't correspond to any other person. The human brain to some extent is able to ascertain disparities or variation in certain physical attributes and yet verify the authenticity of a person. But this is difficult to be implemented in electronic systems due to the intense requirements of artificial decision making and hard-coded logic. This paper examines the possibility of using a combination of biometric attributes to overcome common problems in having a single biometric scheme for authentication. It also investigates possible schemes and features to deal with variations in Biometric attributes. The material presented is related to ongoing research by the Computer Communications Research Group at Leeds Metropolitan University. We use this paper as a starting step and as a plan for advanced research. It offers ideas and proposition for implementing hybrid biometrics in conjunction with cryptography. This is work in progress and is in a very preliminary stage

Modelling and simulation of a biometric identity-based cryptography

Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols

A Blind Signature Scheme using Biometric Feature Value

Blind signature has been one of the most charming research fields of public key cryptography through which authenticity, data integrity and non-repudiation can be verified. Our research is based on the blind signature schemes which are based on two hard problems – Integer factorization and discrete logarithm problems. Here biological information like finger prints, iris, retina DNA, tissue and other features whatever its kind which are unique to an individual are embedded into private key and generate cryptographic key which consists of private and public key in the public key cryptosystem. Since biological information is personal identification data, it should be positioned as a personal secret key for a system. In this schemes an attacker intends to reveal the private key knowing the public key, has to solve both the hard problems i.e. for the private key which is a part of the cryptographic key and the biological information incorporated in it. We have to generate a cryptographic key using biometric data which is called biometric cryptographic key and also using that key to put signature on a document. Then using the signature we have to verify the authenticity and integrity of the original message. The verification of the message ensures the security involved in the scheme due to use of complex mathematical equations like modular arithmetic and quadratic residue as well

A Critique of Argentine E-Commerce Law and Recommendations for Improvement

Argentina has been experiencing rapid growth in internet accessibility and E-commerce, but its E-commerce laws need to be updated. The nation enacted a Digital Signature Law (“DSL”) in 2001. Digital signatures and documents are valid in Argentina if they meet stringent security requirements and can be used to comply with legal requirements for: a handwritten signature; a paper document; an original paper document; and retention of a paper document. A digital certificate must be issued by a licensed certification authority (“CA”) and must accurately identify the subscriber. The CA will issue a private key to the subscriber with the certificate, and the CA must revoke the certificate if security is compromised. CA’s are licensed and regulated by the federal government and may be audited and sanctioned for legal violations. CA’s may be responsible for damages incurred by third parties due to the CA’s acts or omissions. Exemplary attributes of this law include: (1) mandatory licensing of CA’s; (2) the rights and responsibilities of subscribers; (3) mandatory E-government with free CA service; and (4) the authorization of Registration Authorities to work for CA’s in the processing of applications for certificates. The DSL provides a satisfactory legal foundation for Argentine E-commerce, but it needs to be calibrated and supplemented. Recommended changes and additions to Argentine E-commerce law include: (1) enactment of a comprehensive Electronic Transactions Law which will incorporate all laws pertinent to E-commerce, including E-contract rules; (2) recognition of the validity of the electronic form in compliance with several additional requirements of other statutes, including notarization; (3) deletion of all exclusions from coverage, which will potentially allow E-signatures and E-documents to be used in all situations; (4) addition of rules for electronic automated contracts and electronic carriage contracts; (5) addition of consumer protections for E-buyers; (6) establishment of Information Technology Courts for resolution of E-commerce disputes; (7) creation of long-arm jurisdiction over foreign E-commerce parties; (8) licensing of the Argentine Post Office as a CA; (9) adoption of a National ID Card containing a digital signature which can be activated by a CA, including the Post Office; (10) enactment of computer crimes, including Intentional Injection of a Virus into a Computer System; and (11) enactment of a third-generation E-signature law to replace the first-generation DSL

Signing Your Next Deal With Your Twitter @Username: The Legal Uses of Identity-Based Cryptography

This article will look at the legal framework for electronic signatures under Canadian law and through the UNCITRAL Model Law on Electronic Signatures and evaluate the potential use of identity-based cryptography as a type of electronic signature. While most jurisdictions permit electronic signatures to replace their handwritten predecessors, the criteria of validity for an electronic signature range from liberal to restrictive. Public key infrastructure (PKI) cryptography schemes are considered to meet the juridical conditions of a legal signature under more rigorous legislation that requires an electronic signature to possess certain security attributes. In common law jurisdictions, digital signature schemes such as PKI have not been widely adopted in the private sector for use as secure electronic signatures. This may be due to the fact that they are difficult and awkward for the general public to use, rather than because of doubts surrounding certification authorities. This is not entirely the case in Europe and Latin America, where PKI digital signature schemes have been adopted by various governments programs. Case examples of PKI schemes include electronic identity cards issued by European governments such as Belgium’s eID. Though used by the government, the European private sector has widely neglected PKI electronic signature products. This is partly due to a lack of customer demand

Doctoring Prescriptions: Federal Barriers to Combating Prescription Drug Fraud Against On-Line Pharmacies in Washington

Prescription drug abuse represents a significant portion of drg abuse in the United States. Drug-seeking individuals alter, steal, or forge prescriptions to sustain their own dependence on prescription medications or to divert the drugs to sell to others at inflated rates. On-line pharmacies are a relatively new source for prescription medications and a potential target for prescription drug fraud. The federal government recently enacted the Electronic Signatures in Global and National Commerce Act (E-SIGN), which governs electronic signatures and preempts inconsistent provisions of state laws, such as the Washington Electronic Authentication Act (WEAA). WEAA is a legal framework that could be effectively amended to eliminate nearly all prescription drug fraud perpetrated against on-line pharmacies. However, E-SIGN preempts a crucial WEAA provision and prohibits enacting a key recommended amendment to WEAA, both of which are necessary to combat this problem. Options permissible after E-SIGN, such as voluntary self-regulation by the on-line pharmacy industry and amendment of WEAA, will not comprehensively and effectively prevent this type of fraud. Therefore, E-SIGN fundamentally alters Washington\u27s ability to protect the public\u27s health, safety, and welfare from prescription fraud perpetrated against online pharmacies