As is well known, by virtue of the development of information technologies and the Internet, the size of the market related to online e-commerce and user identification increases and the demand for accurate authentication of users also grows. Consequently, existing methods for user authentication such as PIN (Personal Identification Number) or password has reached its maximum limit.
In contrast, user authentication using biometrics is not only convenient to use and but also commercially available because of its security and economics. The user authentication using biometrics is used mainly in embedded systems such as ATM (Automated Teller Machines) or personal computers. In recent years, thanks to the development of biometric technologies, the use of the user authentication is increasingly expanding to the field of mobile devices.
Biometric information such as fingerprints may have prominent features. Among other things, the biometric information has unique advantages that it allows individuals to be free from a fear of forgetting their passwords and that the authentication of the biometric information cannot be done without intervening a relevant person with the biometric information.
The biometric information may be converted into digital data and stored in personal computers, handheld devices, servers, or the like for future use. In this case, if the data for the biometric information is leaked and collected for malicious purpose, which may cause severe problems different from the outflow of the passwords.
A password of a user may be used by changing it another although it is leaked or stolen. In contrast, if biometric information of a user is leaked or stolen, the user may be faced with a situation that he/she may not use the relevant biometric information for a lifetime. As an example, if leaked or stolen biometric information is data for an index or middle finger of a right hand of the user, which has already been registered as the biometric information, biometric information for other fingers of the user may be used instead of that of the index finger or middle finger since then. However, there may be a possibility that even data of the other fingers may also be leaked or stolen. Furthermore, everyone has a limited number of fingers, which may leads to many constraints. Since different biometric information such as face, finger vein and the like also has a unique value for each individual, when it is leaked out once, it may result in fatal effects.
Furthermore, the crucial feature of the biometric information is the fact that data relevant to the biometric information may be varied little by little each time the data is acquired. Thus, in terms of the principle in which the biometric authentication uses the similarity to the biometric information registered in advance, biometric information that is newly acquired for the biometric authentication may not be 100% consistent with the biometric information registered in advance, which makes it difficult to apply an advanced encryption algorithm to the biometric authentication.
In order to avoid the above issues, a widely used method is to either encrypt data related to the biometric information and then send the encrypted data, or employ a permanent deformation from which an inverse conversion cannot be achieved by using a fuzzy vault.
However, even though the biometric information is encrypted or modified, if the data is leaked once, an attempt to authenticate falsely may be made at any time later with the leaked data. Therefore, the aforementioned method may not be a fundamental solution.
Meanwhile, in order to enhance a security in creation and authentication of the biometric information, there have been proposed techniques to prevent the biometric information from being faked or falsified by inserting watermarks into the biometric information.
Nevertheless, because devices employed in authenticating the biometric information may always be exposed to the risk of hacking, biometric certificates in the devices may almost be leaked or stolen along with the watermark inserted therein. In this case, it may result in losing even the security of the watermark.