There are different authentication schemes in computer security that perform user authentication in client-server communication. A traditional scheme, which is usually used by a user to log in to the server, is based on security credentials provided by the user, e.g., a password or a fingerprint. Another scheme—active biometric authentication, which is the subject of the present invention, is used during a long session of client-server communication, which starts when a user logs in to the server and ends when he logs out. During a long session, a series of user authentications is done to make sure that the same user is in control of the client during the entire session. This scheme does not require any intended actions from a user; user authentications are performed seamlessly, without interruptions of user activity.
To perform a series of user authentications, the server generates authentication requests. On each request, the server creates and sends a request key to the client. Specific biometric information of a user is being collected in background on the client during an entire session. In reply to a request from the server, the client uses this biometric information to create a response key to the server. The server authorizes or denies further access of the user to the server based on the received response key.
The main problem of biometric authentication is how to determine whether two biometric data records are close or not, and if they are close, will they remain close after their encryption?
The theory of biometric encryption (Y. Dodis, R. Ostrovsky, L. Reyzin, A. Smith. “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data.” Proc. Eurocrypt, 2004, pp. 523-540, 2004) treats a biometric data record as a string and defines the distance between two equal length strings as the number of locations in which these strings differ. This definition of distance leads to the fact that two biometric data records having a small distance before encryption can have a large distance after that. As a result of encoding, two biometric data records that are close at the client can be very different at the server, and it can lead to errors in authentication process. The problem can be solved by using representation templates related to a user's biometric data.
This kind of biometric encryption implies a small but non-zero privacy leakage. Moreover, if a hacker gets access both to templates and to encryption algorithms, he can obtain biometric data of an authorized user and access the server (A. Cavoukian, A. Stoianov. 2007. Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy. Discussion paper of the Office of the Information and Privacy Commissioner of Ontario, 2007).
Besides protection of representation templates by means of cryptography, it is possible to protect templates by intentionally distorting biometric data (U.S. Pat. No. 6,836,554). Such feature transformation methods have difficulties in theoretical analysis related to closeness of biometric records and problems of irreversibility and unlinkability of transformations (Manabu Inuma, Akira Otsuka. 2013. Relations among Security Metrics for Template Protection Algorithms. arXiv:1212.4195 v2 [cs.CR]. Cornell University Library).
Another serious problem of biometric authentication is an imitation of an authorized user. Most of known authentication methods, for example, the method proposed in the U.S. Pat. No. 8,261,090 and the method proposed in the U.S. Pat. No. 8,326,001 can be tricked by using a latex mask or a high quality picture of an authorized user and a record of his voice simultaneously; this is an illustration of unsatisfactory security of client-server communication.
The main problems of the prior art are insufficient security of client-server communication and unsatisfactory privacy of a user.