1

Multibiometric Cryptosystems Based on Feature-Level Fusion

INTRODUCTION

A biometric system is essentially a pattern recognition system that operates by acquiring biometric data from an individual, extracting a feature set from the acquired data, and comparing this feature set against the template set in the database. Depending on the application context, a biometric system may operate either in verification mode or identification mode. multibiometric systems require storage of multiple biometric templates (e.g., fingerprint, iris, and face) for each user, which results in increased risk to user privacy and system security. In the verification mode, the system validates a persons identity by comparing the captured biometric data with her own biometric template(s) stored in the system database. In such a system, an individual who desires to be recognized claims an identity, usually via a personal identification number (PIN), a user name, or RFID NO, Identity verification is typically used for positive recognition, where the aim is to prevent multiple people from using the same identity.

In the identification mode, the system recognizes an individual by searching the templates of all the users in the database for a match. Therefore, the system conducts a one-to-many comparison to establish an individuals identity (or fails if the subject is not enrolled in the system database) without the subject having to claim an identity. After matching the image, server will range a percentage value. If that percentage value is above 100 means it will allow transaction directly and below 100 means server will generate token number and send to the client.

1.1 Objective The main objective of my project is to provide secure banking for the client, by taking fingerprints as authorized identity at ATM banks.

1.2 Scope Biometric authentication systems are gaining wise-spread popularity in recent years due to the advances in matching algorithm that make the system both secure and cost-effective. They are ideally suited for both high security and remote authentication application due to user convenience. Most biometric system assume that the template in the system is secure due to

human supervision(e.g. criminal database search) or physical protection(e.g. mobile locks and door locks).However, a variety of applications of authentication need to work over partially secure or insecure networks such as ATM networks or the internet. Authentication over insecure public networks or with un-trusted servers raises more concerns in privacy and security. The primary concern is related to the security of the plain biometric templates, which cannot be replaced, once they compromised. Widespread use of biometric authentication also raises concerns of tracking a person, as every activity that requires authentication can be uniquely assigned to an individual. 3.1. SYSTEM ANALYSIS 3.1.1. Problem Definition The problem is to design biometric features for authentication. The finger print verification is to be performed by using Fuzzy concept and the secret token number is generated by SHA-256(secure hash algorithm) 3.1.2. Existing System Remote authentication is the most commonly used method to determine the identity of a remote client. In general, there are three authentication factors:

1. Something the client knows: password. 2. Something the client has: smart card. 3. Something the client is: biometric characteristics (e.g., fingerprint, voiceprint, and iris scan). Most early authentication mechanisms are solely based on password. While such protocols are relatively easy to implement, passwords have many vulnerabilities. detailed analysis of the trade-off between matching accuracy and security in the proposed multibiometric cryptosystems based on two different databases (one real and one virtual multimodal database), each containing the three most popular biometric modalities, namely, fingerprint, iris, and face.By exploiting these vulnerabilities, simple dictionary attacks can crack passwords in a short time Due to these concerns, hardware authentication tokens are introduced to strengthen the security in user authentication, and smart-card-based password authentication has become one of the most common authentication mechanisms. While it provides stronger security guarantees than password authentication, it could also fail if both authentication factors are compromised. Another authentication mechanism is biometric authentication, where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. Biometric characteristics are believed to be a reliable authentication factor since they provide a potential source of high-

entropy information and cannot be easily lost or forgotten. Some biometric characteristics (e.g., fingerprint) can be easily obtained without the awareness of the owner. This motivates the three-factor authentication, which incorporates the advantages of the authentication based on password, smart card, and biometrics.

3.1.3. Proposed System In Our Proposed System of Implementation, We consider Three Factor Authentication using the following, RFID PIN Number Biometrics (Finger Print). Every User is provided with RFID Card for the initial Authentication Scheme, then the user will be giving the PIN number is provided during the Registration Period itself. Then the user is permitted to give his / her Finger Print to the main server. If the Finger Print is exactly matched, the user is allowed for the transactions. If the Finger Print is doubtful and not exactly matched with the registered Finger Print image then Server sends One Time Password as SMS Alert to the Users Mobile Number. This One Time Password which is generated

as SMS is given by the User to the main server for authentication. In the normal three factor Authentication Scheme, we use following Authentication Procedures User PIN number along with Keypad ID RFID Tag Finger Print Image In the case of Fuzzy Concept, where the Finger Print is not matched but matched to the maximum extent, and the server has suspicion, then the following procedure is followed, User PIN number along with Keypad ID RFID reader Finger Print Image One Time Password (OTP) Generation to the users Mobile Number OTP given by the user to the server. All those are used together for authentication. For Finger print Fuzzy Logic is applied for Exact Mapping and Proper Authentication.