• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.437-454
• /
• 2020

According to the privacy regulations of the health insurance portability and accountability act (HIPAA), patients' control over electronic health data is one of the major concern issues. Currently, remote access authorization is considered as the best solution to guarantee the patients' control over their health data. In this paper, a new biometric-based key management scheme is proposed to facilitate remote access authorization anytime and anywhere. First, patients and doctors can use their biometric information to verify the authenticity of communication partners through real-time video communication technology. Second, a safety channel is provided in delivering their access authorization and secret data between patient and doctor. In the designed scheme, the user's public key is authenticated by the corresponding biometric information without the help of public key infrastructure (PKI). Therefore, our proposed scheme does not have the costs of certificate storage, certificate delivery, and certificate revocation. In addition, the implementation time of our proposed system can be significantly reduced.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.365-369
• /
• 2012

M2M has shown the advantages of better coverage and lower network deployment cost. Intelligent vehicle section shows severe changes in position between vehicles and has numerous large scales of networks in its components, therefore, it is required to provide safety by exchanging information between vehicles equipped with wireless communication function via biometric information in VANET(Vehicular Ad hoc Network). This thesis is to propose scheme that mutually authenticates between vehicles by composing vehicle movement as biometric information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.2
• /
• pp.374-388
• /
• 2011

Biometric discretization is a process of transforming continuous biometric features of an identity into a binary bit string. This paper mainly focuses on improving the global discretization method - a discretization method that does not base on information specific to each user in bitstring extraction, which appears to be important in applications that prioritize strong security provision and strong privacy protection. In particular, we demonstrate how the actual performance of a global discretization could further be improved by embedding a global discriminative feature selection method and a Linearly Separable Subcode-based encoding technique. In addition, we examine a number of discriminative feature selection measures that can reliably be used for such discretization. Lastly, encouraging empirical results vindicate the feasibility of our approach.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.47 no.5
• /
• pp.183-191
• /
• 2010

Unique and invariant biometric characteristics have been used for secure user authentication. Storing original biometric data is not acceptable due to privacy and security concerns of biometric technology. In order to enhance the security of the biometric data, the cancelable biometrics was introduced. Using revocable and non-invertible transformation, the cancelable biometrics can provide a way of more secure biometric authentication. In this paper, we present a new cancelable bits extraction method for the facial data. For the feature extraction, the Subpattern-based Principle Component Analysis (PCA) is adopted. The Subpattern-based PCA divides a whole image into a set of partitioned subpatterns and extracts principle components from each subpattern area. The feature extracted by using Subpattern-based PCA is discretized with a helper data based method. The elements of the obtained bits are evaluated and ordered according to a measure based on the fisher criterion. Finally, the most discriminative bits are chosen as the biometric bits string and used for authentication of each identity. Even if the generated bits string is compromised, new bits string can be generated simply by changing the helper data. Because, the helper data utilizes partial information of the feature, the proposed method does not reveal privacy sensitive biometric information of the user. For a security evaluation of the proposed method, a scenario in which the helper is compromised by an adversary is also considered.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.1
• /
• pp.221-237
• /
• 2016

The wireless body area networks (WBANs) consist of wearable computing devices and can support various healthcare-related applications. There exist two crucial issues when WBANs are utilized for healthcare applications. One is the protection of the sensitive biometric data transmitted over the insecure wireless channels. The other is the design of effective medical management mechanisms. In this paper, a secure medical information management system is proposed and implemented on a TinyOS-based WBAN test bed to simultaneously address these two issues. In this system, the electronic medical record (EMR) is bound to the biometric data with a novel fragile zero-watermarking scheme based on the modified visual secret sharing (MVSS). In this manner, the EMR can be utilized not only for medical management but also for data integrity checking. Additionally, both the biometric data and the EMR are encrypted, and the EMR is further protected by the MVSS. Our analysis and experimental results demonstrate that the proposed system not only protects the confidentialities of both the biometric data and the EMR but also offers reliable patient information authentication, explicit healthcare operation verification and undeniable doctor liability identification for WBANs.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.87-94
• /
• 2018

Privacy means the right not to interfere with the private life of an individual. Bio data is the most private personal information about the person itself, and according to advancement of technology, it is possible to analyze and judge individual as well as identify individual. The Personal Information Protection Act is based on global privacy principles, but the legislation for the protection of bio information has yet to be enacted. Therefore, it is time to protect biometric data as more sensitive information than general personal information. We will review the global privacy discussions for protecting biometric information and propose additional privacy principles and measures for utilization that should be defined in the biometric information protection guideline.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.3
• /
• pp.601-614
• /
• 2007

Lately, as importance of biometric is recognized, domestic and foreign biometric software market is soaring and the requests of high reliability and quality of biometric software are inclosed. Evaluation items and criteria must be established for the biometric software quality certification. In this paper, we development the evaluation module for biometric software test based on ISO/IEC 12119 that is the standard about package software quality requirement and test, and ISO/IEC 9126 that is the standard about evaluation of software product, and ISO/IEC 14598-6 that is the standard for construction of the evaluation module. We think that this study can be used in establishing the software quality evaluation method of bio information processing software and constructing the basis for quality improvement.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.2
• /
• pp.41-46
• /
• 2016

Fast growth of smartphone technology and advent of Fintech enabled smartphones to deal with more sensitive information. Although many devices applying biometric technology are released as a step for protecting sensitive information securely, there can be potential vulnerabilities if security is not considered at the design stage of a biometric system. By analyzing the potential vulnerabilities, we classify threats in biometric system design process on smartphones and we propose the design requirements for solving these problems. In addition, we propose a framework for secure biometric system design on smartphone by synthesizing the design requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.779-790
• /
• 2022

Fuzzy extractor is a biometric encryption that generates keys from biometric data where input values are not always the same due to the noisy data, and performs authentication securely without exposing biometric information. However, if a user registers biometric data on multiple servers, various attacks on helper data which is a public information used to extract keys during the authentication process of the fuzzy extractor can expose the keys. Therefore many studies have been conducted on reusable fuzzy extractors that are secure to register biometric data of the same person on multiple servers. But as the key length increases, the studies presented so far have gradually increased the number of key recovery processes, making it inefficient and difficult to utilize in security systems. In this paper, we design an efficient and reusable fuzzy extractor based on LWE with the same or similar number of times of the authentication process even if the key length is increased, and show that the proposed algorithm is reusably-secure defined by Apon et al.[5].

• Journal of the Institute of Convergence Signal Processing
• /
• v.3 no.2
• /
• pp.23-29
• /
• 2002

In this paper we proposed the user identification system using hybrid biometric information and non-contact IC card to improve the accuracy of the system. The hybrid biometric information consists of the face image, the iris image, and the 4-digit voice password of user. And the non-contact IC card provides the base information of user If the distance between the sample hybrid biometric Information corresponding to the base information of user and the measured biometric information is less than the given threshold value, the identification is accepted. Otherwise it is rejected. Through the result of experimentation, this paper shows that the proposed method has better identification rate than the conventional identification method.