 |
|
|
|
|||||||||||||
|
||||||||||||||
 |
The WhoIsIt Biometric Security System WhoIsIt PKI Biometric Server for E-Commerce The WhoIsIt Standard Biometric Client / Server System Sampling of WhoIsIt Biometric Client/Server Customers
|
 |
The WhoIsIt biometric server for E-commerce Stein J. Ryan, Phd Qvoice Inc. Introduction E-commerce over the internet accentuates the need for fast, user friendly authentication methods that can be trusted for financial transactions. Most of the current methods are based on passwords. Biometrics have the obvious advantage that the user does not have to remember long passwords. However, it is very difficult to implement a biometric solution which is secure enough. This can mainly be attributed to the fact that biometric data can not be used as keys for the encryption algorithms that are used to secure communication over insecure communication channels like the Internet. The QVoice PKI biometric server solves this problem by acting as an authentication server that stores users digital certificates and private keys. WhoIsIt also converts biometrics into passwords or other secrets. Since it can be reached from anywhere on the internet, the PKI biometric server engine offers the ability to use biometrics and digital certificates safely for financial transactions, signing and encryption documents just like search engines offer the ability to find things on the net. Users will enroll their biometric templates, PKI private keys, and enter secrets like credit card numbers, PIN code, passwords etc in the WhoIsIt biometric engine. Once they have been enrolled, they can use client software in their browser to perform encryption, sign e-mail, company contracts and shop in a web store using their Voice or fingerprint as proof of identity. The PKI biometric server will automatically perform the complex mathematical computations required by PKI under the hood. No PKI knowledge required by the user. Overview The QVoice PKI biometric server extends password based systems by acting as a centralized biometric-to-password converter. In order to do this with a high degree of safety, the biometric server must be responsible for performing the biometric match. The client system uses a camera, fingerprint sensor or microphone to compute a biometric template for the user which is then sent to the server over the Internet. The server will match this template to those in its user database. If there is a match, it allows the client to retrieve any secret that is stored for that particular user (password, credit card number or other information required by a PKI system as proof of identity). The communication between the client and the server is encrypted using asymmetric crypto algorithms, just like the widely adapted SSH system (Secure SHell). This ensures that a biometric template can not be "sniffed" on the net by hackers and used for fraud. Safety The WhoIsIt PKI biometric server is unique in that the biometric matching is performed on the server, It stores private keys and digital certificates for each enrolled user, its scaleable and it can be used as a biometric-to-password converter. If the matching is not performed at the server, it means that the server is only used as a template and store store, and clients download authorized templates from the server in order to do the matching themselves. The server can not safely act as a biometric-to-password converter in this scenario because the server must trust the client’s claim that there is a biometric match. When the matching is performed at the server, the server does not have to trust the client anymore, and the system is safe for use even when the server and the client are interconnected by the Internet. |
