• Journal of the Korean Institute of Intelligent Systems
• /
• v.18 no.4
• /
• pp.437-444
• /
• 2008

This paper deals with the biometric template protection in the biometric system which has been widely used for personal authentication. First, we consider the structure of the biometric system and the function of its sub-systems and define the biometric template and identification(ID) information. And then, we describe the biometric template attack points of a biometric system and attack examples and provide their countermeasures. From this, we classify the vulnerability which can be protected by encryption and hashing techniques. For more detail investigation of these at real operating situations, we analyze them and suggest several protection methods for the typical application scheme of biometric systems such as local model, download model, attached model, and center model. Finally, we also handle the privacy problem which is most controversy issue related to the biometric systems and suggest some guidances of safeguarding procedures on establishing privacy sympathy biometric systems.

• Journal of Multimedia Information System
• /
• v.3 no.2
• /
• pp.13-20
• /
• 2016

Biometric authentication for account-based mobile payment continues to gain attention because of improvements on sensors that can collect biometric information. We propose an enhanced method for mobile payment security based on biometric authentication. In this mobile payment system, the communication between the user and the relying party is based on public key infrastructure. This method secures both the key and the biometric template in the user side using fuzzy vault biometric cryptosystems, which is based on non-random chaff point generator. In this paper, we consider an important process for the common fuzzy vault system, that is, the feature extraction method. We evaluate various feature extraction methods to enhance the accurate performance of the system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.81-87
• /
• 2014

Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.565-577
• /
• 2019

In recent years, biometric authentication has been used for various applications. Since biometric features are unchangeable and cannot be revoked unlike other personal information, there is increasing concern about leakage of biometric information. Recently, Jin et al. proposed a new cancelable biometric scheme, called "Index-of-Max" (IoM) to protect fingerprint template. The authors presented two realizations, namely, Gaussian random projection-based and uniformly random permutation-based hashing schemes. They also showed that their schemes can provide high accuracy, guarantee the security against recently presented privacy attacks, and satisfy some criteria of cancelable biometrics. However, the authors did not provide experimental results for other biometric features (e.g. finger-vein, iris). In this paper, we present the results of applying Jin et al.'s scheme to iris data. To do this, we propose a new method for processing iris data into a suitable form applicable to the Jin et al.'s scheme. Our experimental results show that it can guarantee favorable accuracy performance compared to the previous schemes. We also show that our scheme satisfies cancelable biometrics criteria and robustness to security and privacy attacks demonstrated in the Jin et al.'s work.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.9
• /
• pp.3548-3557
• /
• 2010

Security enhancement technologies are required to preventing phishing and pharming attacks on Internet banking. One-time password(OTP) should be used with certificate for enhancing user authentication and security performance. However, existing OTP technique is weak on MITM(Man-In-The-Middle) attack and synchnonization should be provided on OTP system. Therefore, more advanced mechanism such as combining biometic data with OTP can be suggested to enhancing security on authentication system. In this paper, we designed and implemented a multifactor authentication system using one-time biometric template to generate unique authentication data after adapting biometric transform on each user's biometric data.

• The Journal of Society for e-Business Studies
• /
• v.21 no.4
• /
• pp.41-53
• /
• 2016

Today, leading smartphone manufacturers offer biometric technologies such as fingerprints, voice recognition, and iris patterns in their flagship models. These biometric technologies are used for authentication. Biometric authentications are widely used in device security and even in financial transaction. This paper examines cases where a user uses biometric authentication during financial transaction (both online and smartphone banking), and explains biometric for non-repudiation by digital signature. Finally, the paper also explains technical and legal requirements for biometric authentication in the area of financial services.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.2
• /
• pp.494-498
• /
• 2004

In this paper, a system that implementation of Access Control System Using Biometric System. Biometries is science which deals with verifying or recognizing using physiological or behavioral characteristic Access Control System uses Bionietric system to make an access control system. Biometrics goes under the study of bio-recognition or bio-measurement. It is a technology or study that identifies individuals using one's Biometric character. Access control system is a system used to identify one's entrance and exit, personal management, and security. Access control system can be joined with Biometric system to produce easier use and more sufficient effects. Access control system using Weigand (Data format) signal output, can replace earlier RF Card systems and make an access control (security) system. It uses RS-232, Rs-422 or TCP/IP type communication with the computer so an embedded system can be controlled using the software.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.347-355
• /
• 2012

A biometric hardware security module is a physical device that comes in the form of smartcard or some other USB type security token is composed with biometric sensor and microcontroller unit (MCU). These modules are designed to process key generation and electronic signature generation inside of the device (so that the security token can safely save and store confidential information, like the electronic signature generation key and the biometric sensing information). However, the existing model is not consistent that can be caused by the disclosure of an ID and password, which is used by the existing personal authentication technique based on the security token, and provide a high level of security and personal authentication techniques that can prevent any intentional misuse of a digital certificate. So, this paper presents a model that can provide high level of security by utilizing the biometric security token and Public Key Infrastructure efficiently, presenting a model for privacy preserving personal authentication that links the biometric security token and the digital certificate.

• The Journal of the Korea Contents Association
• /
• v.21 no.10
• /
• pp.38-47
• /
• 2021

This study is about a blockchain-based collective quarantine management system and its commercialization model. The configuration of this system includes a biometric information transmission unit that generates biometric information based on measured values generated from wearable devices, a biometric information transmission unit that transmits biometric information generated here from a quarantine management platform, and action information transmitted from the community server. is a system including an action information receiving unit for receiving from the quarantine management platform. In addition, a biometric information receiving unit that collects biometric information from the terminal, an encryption unit that encodes biometric information generated through the biometric information receiving unit based on blockchain encryption technology, and a database of symptoms of infectious diseases to store symptom information and an infection diagnosis database. The generated database includes a location information check unit that receives from the terminal of the user identified as a symptomatic person and determines whether the user has arrived in the community based on the location information confirmation unit and the location of the user after the location is confirmed. It includes a community arrival judgment unit that judges. And, the community server helps the interaction between the generated information. Such a blockchain based collective quarantine management system can help to advance the existing quarantine management system and realize a safer and healthier society.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.41-43
• /
• 2022

In order to prevent and block infectious diseases caused by the recent COVID-19 pandemic, non-contact biometric information acquisition and analysis technology is attracting attention. The invasive and attached biometric information acquisition method accurately has the advantage of measuring biometric information, but has a risk of increasing contagious diseases due to the close contact. To solve these problems, the non-contact method of extracting biometric information such as human fingerprints, faces, iris, veins, voice, and signatures with automated devices is increasing in various industries as data processing speed increases and recognition accuracy increases. However, although the accuracy of the non-contact biometric data acquisition technology is improved, the non-contact method is greatly influenced by the surrounding environment of the object to be measured, which is resulting in distortion of measurement information and poor accuracy. In this paper, we propose a context-based bio-signal modeling technique for the interpretation of personalized information (image, signal, etc.) for bio-information analysis. Context-based biometric information modeling techniques present a model that considers contextual and user information in biometric information measurement in order to improve performance. The proposed model analyzes signal information based on the feature probability distribution through context-based signal analysis that can maximize the predicted value probability.