Research On Biometric Authentication System Based On PKI And PMI

This dissertation makes researches on the issues of identityauthentication, PKI, PMI and biometric technology. And based oncombine PKI and PMI technology with biometric technology ideology,the author makes deep research on the problem of identity authenticationand privilege manage on the open network. Main achievements in thispaper are summarized as follows:1. Biometric authentication InfrastructureThis paper proposes the idea of construct biometric authenticationsystem which is based on components, and designs the communicationprotocols and methods between the components. Based on this idea andmethod, constituting a biometric authentication mechanism usingencrypt, digital signature, and digital certificate technology, and analysisthe mechanism's security performance.This paper proposes the concept of biometric certificate, biometricalgorithm certificate and biometric device certificate; and specifiesbiometric features template format and its protection method; andsummarizes current biometric authentication models, proposes ninebased authentication models; constitutes biometric authenticationsystem's basic framework model, and designs a basic biometricauthentication flow based on it, and analysis the system's securityperformance, proposed some advice to improve it.To safeguard the biometric authentication system, the author designs aauthentication mechanism combining PKI technology; and twoauthentication schemes based on TLS technology.To implement identity authentication and privilege management together, the author extends the privilege attribute certificate, and designs an identity authentication and privilege management scheme based on PKI, PMI and biometric authentication technology, which solve the security problem in tradition identity authentication and privilege management systems, and ensures the identity reality and privilege effective management.2. Identity authentication system based on biometric smart cardBased on the authentication system of biometric authentication infrastructure, the paper designs an identity authentication system using biometric smart card, which is a good candidate of traditional authentication system using smart card which's security depends on the smart card's PIN. The author proposes the idea that the whole data processing procedure and biometric authentication process are performed in smart card without any data leaking out, which can strengthen security. And depend on the biometric smart card, a prototype of biometric smart card authentication system is designed and realized.3. An fingerprint compression algorithm fit for Biometric Smart Card To save the smart card's limited memory, an optimize compression algorithm for fingerprint binary thin image is proposed in this paper, which is Freeman differential chain code Huffman hybrid coding (FDHHC). The fingerprint binary thin image is compressed using FDHHC, then stored in biometric smart card, which can save the limited memory of smart card. Comparing with traditional coding method, FDHHC has the advantage of high coding efficiency and easy-perform.4. Fuzzy Vault Based Biometric AlgorithmTo protect the biometric feature data in the biometric authentication system based on BAI, the paper proposed a new fuzzy vault based biometric cryptography, which construct is a biometric cryptosystem that secures both the secret key and the biometric template by binding them within a cryptographic framework, without leaking out any key biometric feature data. The experiment result shows that the scheme is high robust and low comptation complexity, is valuable in the usage. The paper systemic and in-depth analyses the research purpose, content, method, key problem of identity authentication and privilege over open networks, and propose an identity authentication and privilege management scheme based on PKI, PMI and biometric authentication technology, which can solve the identity authentication and privilege management problem in open network environment, such as electronic business, electronic government affair, etc. Based on biometric authentication infrastructure, also designs a biometric smart card identity authentication system, and realizes the prototype of biometric smart card and its application system. Then, researches and designs a compression code for fingerprint binary thin image stored in biometric card, to improve biometric smart card's performance. Finally, proposed a new fuzzy vault based biometric cryptography, which construct is a biometric cryptosystem that secures both the secret key and the biometric template by binding them within a cryptographic framework.