Software-hardware Cooperative Embedded Verification System Fusing Fingerprint Verification and Shared-key Authentication

Abstract: In order to protect the security of the commercial information, personnel information, military information, governmental information on the Internet, the claimed identity should be authenticated. Now there are three main security authentication methods: first: using user PIN, such as password; second: using physical key, such as USBKey; third: using biological authentication technology, such as fingerprint, iris, voice and palm prints, etc. Because of the uniqueness, invariance, and ubiquity properties of biometric authentication, biometric authentication is becoming popular, especially fingerprint recognition. However, when the fingerprint recognition information is transported on the public channel, it may be attacked, such as the fingerprint information is stolen. So a cryptology mechanism is needed to protect the fingerprint recognition information. In the field of embedded security authentication system, the traditional hardware implementation mechanism, such as ASIC, can satisfy requires of functions and performances, but it is not configurable, flexible, and easy to expand; the traditional software implementation mechanism, such as general purpose processor, is flexible, but the cost and the power consumption are higher than hardware implementation. In order to take the advantages of biometrics, cryptology, hardware implementation, and software implementation, a hardware-software cooperating embedded authentication system based on shared-key authentication and fingerprint verification is proposed. First, this system authenticates the identities of client and server by shared-key authentication, creates the current encrypt key and hash key, and then authenticates the identity of them via fingerprint recognition. During fingerprint recognition, the information of fingerprint is not needed to transmit over the public channel, so the security of fingerprint is increased. Theoretic analysis and experiments show that, this system reach very high authentication rate and security. This system can resist replay attack, server template attack, device template attack, effectively.