A novel approach for regenerating a private key using password, fingerprint and smart card
Information Management & Computer Security
ISSN: 0968-5227
Article publication date: 1 February 2005
Abstract
Purpose
To devise a biometric‐based mechanism for enhancing security of private keys used in cryptographic applications.
Design/methodology/approach
To enhance security of a private key, we propose a scheme that regenerates a user's private key by taking a genuine user's password, fingerprint and a valid smart card. Our scheme uses features extracted from fingerprint along with public key cryptography, cryptographic hash functions and Shamir secret sharing scheme in a novel way to achieve our desired objectives.
Findings
Despite changes in the fingerprint pattern each time it is presented, our scheme is sufficiently robust to regenerate a constant private key. As compared to conventional methods of storing a private key merely by password‐based encryption, our scheme offers more security as it requires a genuine user's password, fingerprint and a valid smart card. Key lengths up to 1024‐bit or even higher can be regenerated making the scheme compatible with the current security requirements of public key cryptosystems.
Research limitations/implications
Minutia points used for image alignment can be incorporated in the key regeneration algorithm for stronger user authentication. In this case, some alternative technique will be required for image alignment.
Practical implications
The robustness of our scheme depicts its use in practical systems where there are variations in fingerprint patterns because of sensor noise and alignment issues.
Originality/value
In this paper, we have demonstrated a novel idea of regenerating the private key of a user by using fingerprint, password and a smart card. The basic aim is to provide more security to key storage as compared to traditional methods that uses password‐based encryption for secure storage of private keys.
Keywords
Citation
Ahmed, F. and Siyal, M.Y. (2005), "A novel approach for regenerating a private key using password, fingerprint and smart card", Information Management & Computer Security, Vol. 13 No. 1, pp. 39-54. https://doi.org/10.1108/09685220510582665
Publisher
:Emerald Group Publishing Limited
Copyright © 2005, Emerald Group Publishing Limited