A novel approach for regenerating a private key using password, fingerprint and smart card

Abstract

PurposeTo devise a biometric‐based mechanism for enhancing security of private keys used in cryptographic applications.Design/methodology/approachTo enhance security of a private key, we propose a scheme that regenerates a user's private key by taking a genuine user's password, fingerprint and a valid smart card. Our scheme uses features extracted from fingerprint along with public key cryptography, cryptographic hash functions and Shamir secret sharing scheme in a novel way to achieve our desired objectives.FindingsDespite changes in the fingerprint pattern each time it is presented, our scheme is sufficiently robust to regenerate a constant private key. As compared to conventional methods of storing a private key merely by password‐based encryption, our scheme offers more security as it requires a genuine user's password, fingerprint and a valid smart card. Key lengths up to 1024‐bit or even higher can be regenerated making the scheme compatible with the current security requirements of public key cryptosystems.Research limitations/implicationsMinutia points used for image alignment can be incorporated in the key regeneration algorithm for stronger user authentication. In this case, some alternative technique will be required for image alignment.Practical implicationsThe robustness of our scheme depicts its use in practical systems where there are variations in fingerprint patterns because of sensor noise and alignment issues.Originality/valueIn this paper, we have demonstrated a novel idea of regenerating the private key of a user by using fingerprint, password and a smart card. The basic aim is to provide more security to key storage as compared to traditional methods that uses password‐based encryption for secure storage of private keys.